CodeDragon circular icon

CodeDragon might not work properly for you...

CodeDragon is designed to work with Google Chrome and Firefox, and a few features of CodeDragon have been found not to work properly with other web browsers. To make sure you get the best experience when using CodeDragon, please download the latest version of Google Chrome or Firefox and try again. You can install Google Chrome for free here, and Firefox here.

Or, you can continue anyway.

CodeDragon Privacy Policy

Dated and effective from: 9th September 2018.

Effective under the laws of: England, United Kingdom (UK).

1. Definitions

All references in this document to "the Site" or "the Services" should be taken as referring to "CodeDragon" (https://codedragon.org).

All references in this document to "us", "we" and "our" should be taken as referring to "The CodeDdraig Organisation", the non-profit body which owns and maintains CodeDragon, and its staff and volunteers.

All references in this document to "User(s)", "you" and "your" should be taken as referring to any user who visits CodeDragon, or signs up for an account, and acts as the "Data Subject" for the purposes of this Policy.

"Personally Identifiable Data" or "PID" is any data we hold which could be used to trace back to you, an individual user. This could be, but is not limited to your name or email address.

2. Introduction

2.a. What is this document?

CodeDragon, and The CodeDdraig Organisation, the non-profit which runs CodeDragon (read more here: https://codedragon.org/legal) take your data, and your privacy very seriously.

This document explains what data we collect, how and why we collect it, and how you can exercise your legal rights over this data. It also explains our use of cookies.

Please read the following document in its entirety when you visit CodeDragon, especially when creating an account.

2.b. Data protection laws

When you use CodeDragon, with an account or otherwise, we collect data about you and your computer. Generally, this data will be "private" - it can only be seen by you and us, but in other cases it will be "public" - anyone who visits CodeDragon can see it.

To protect you and your PID from unfair practice and "data breaches" (if we are hacked, and personal data you trust us with is made public), many jurisdictions have created data protection laws, which we, as a Data Controller (someone collecting data) must abide by.

Normally, an organisation collecting personal data based in the UK would have to register with the Information Commissioner's Office (ICO) (https://ico.org.uk) annually. However, as we are a non-profit organisation, and:

we are exempt from registering. However, if we suffer a data breach, we will still report it to the ICO (see Section 8), and if you wish to complain to the ICO about our conduct, you may do so (see Section 9).

This version of the Privacy Policy was drafted to comply with the EU General Data Protection Regulation (GDPR) http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32016R0679, which came into force across the EU (see list of current member states here: https://europa.eu/european-union/about-eu/countries_en#28members) on 25th May 2018.

Whilst we recognise that not all of our users are normally resident in one of these countries, we follow the rules set out in the GDPR for all of our users, regardless of their physical location, for the following reasons:

  1. We are normally located in the UK, currently an EU member state, and so are bound by these laws.
  2. Our server is physically located in London, UK, and thus any issues would be handled under UK and, therefore, EU law.
  3. We think that the GDPR, and data protection are very important for our users, and will therefore undertake commitments made in it for all our users, regardless of their jurisdiction.

We have endeavoured to be compliant with all aspects of the GDPR, and wish to protect your rights in the EU, however, we make no representations that CodeDragon is appropriate or available for use in other locations. Those who access or use CodeDragon in other jurisdictions do so in the knowledge that CodeDragon may not be compliant with that jurisdiction's data protection laws.

2.c. Collecting PID

We collect certain data from all users who visit the site, regardless of whether they create an account or not.

2.c.i. If you do not have an account

If you are using CodeDragon, but do not have an account, we do not collect PID about you.

If you are using CodeDragon, but have not created an account, the entirety of this Policy excluding Section 5 applies to you when using the Services.

By using CodeDragon without an account, it is deemed that you have read, understood, and accepted the terms of the entirety of this Policy excluding Section 5. This includes the fact that we may collect your data. If you do not agree with the entirety of this Policy excluding Section 5, do not use CodeDragon.

2.c.ii. If you do have an account, or are creating an account

If you are using CodeDragon, and do have an account, or are about to create an account, we do collect PID about you.

The lawful purpose for this, as mandated by the GDPR, is that we have your clear consent to collect, store and process your PID. You give us this consent by accepting this agreement when signing up. You do this by ticking the box with the caption:

I agree to the Terms of Use and the Privacy Policy

on our sign up page.

If you are under 16 years old, we gain your parent or guardian's consent to do this, when they tick the box with the caption:

Parent or guardian (aged over 16 years) approves this sign up, and agrees to the Terms of Use and Privacy Policy

on our sign up page.

If you are using CodeDragon, and have created an account (regardless of whether you are signed into it), or are about to create an account, the entirety of this Policy applies to you when using the Services.

By using CodeDragon with an account, or by creating an account, it is deemed that you have read, understood, accepted and agreed to abide by the terms of the entirety of this Policy. This includes the fact that we may collect your data. If you do not agree with the entirety of this Policy, do not use CodeDragon.

2.d. Changes to this Policy

If any changes are made to this Policy with which you disagree, you must stop using CodeDragon.

If you have an account, this means you must delete it.

For more information about changes to this Policy, please see Section 10.d.

2.e. Terms of Use

All users, regardless of whether they hold an account, should also read and must agree to our Terms of Use: https://codedragon.org/legal/terms.

3. Cookies

3.a. What are cookies?

Cookies are small text files placed on your device by a website. Their content is set by the website, and they allow the website to "pick up where it left off" if you leave the website and then return, by storing your preferences and some data in your device's memory.

Most cookies automatically expire - this means that they will delete themselves from your device after a set period of time has elapsed.

3.b. CodeDragon's use of cookies

CodeDragon uses cookies to enhance user experience, and to collect demographic and statistical data about our user base. Please read the rest of this Policy to learn about the different cookies we use.

3.c. Managing cookies

If you wish, you can manage all cookies set by CodeDragon manually by following the instructions here: http://www.allaboutcookies.org/manage-cookies.

4. For all users

Whether you create an account on the Site or not, we still collect some data about the device you use to access the Site. None of this is PID.

4.a. Cookie consent

For all users accessing the Site, we need to gain your consent to collect the non-PID and store cookies on your device. We do this by getting you to agree expressly to the Privacy Policy and Terms of Use.

We attain this agreement by showing you a "modal" (also known as a "dialog box") which contains the statement:

By continuing to use CodeDragon, you affirm that you agree with the relevant sections of the Privacy Policy and Terms of Use, including the use of cookies.

followed by a link to this Policy, on a modal (dialog box) which appears when you visit the site for the first time.

If you click "I agree" to this statement, we store a cookie called cookieconsent_status on your device to tell the code not to show this message again, until the cookie expires. This cookie expires after 1 year. You can manage this cookie by following the instructions in Section 3.c.

As no data is actually collected by us here, your GDPR rights are not applicable.

4.b. Google Analytics

CodeDragon uses a third party called Google Analytics to collect data about the devices of users, their geographical location (limited to cities and countries) and their demographics (gender and age, if signed into a Google Account), to give us a better picture of our user base.

None of the data collected by Google Analytics is personally identifiable (the data cannot be used to link back to you as a person), thus the GDPR rights to access, rectification and erasure are not applicable.

If you do not want data about your device collected in this way, please install the official Google Analytics opt-out extension from the following URL: https://tools.google.com/dlpage/gaoptout.

Google Analytics identifies your device by storing 3 cookies on it, which expire after the length of time given in brackets: _ga (2 years), _gid (24 hours), _gat_UA-112001019-1 (90 days). These times are reset every time you visit CodeDragon. You can manage these cookies by following the instructions in Section 3.c.

You can learn more about the cookies used by Google Analytics here (note: this page is technical documentation): https://developers.google.com/analytics/devguides/collection/analyticsjs/cookie-usage.

5. For account holders

When you have an account on CodeDragon, we collect and store Personally Identifiable Data (PID) from you.

5.a. Collecting and storing PID

We have access to all your PID at all times.

5.a.i. When you sign up

When you sign up for a CodeDragon account, we create an Account Database Entry (ADE) in our database for you.

Some of your PID is publicly available on your profile page. It is marked with {P} on the list below.

Some of your PID is hashed in your ADE. This means that no-one, not even us or you, can see the original entry. It is marked with {H} on the list below.

The following PID is entered into your ADE during the user creation process:

A username is automatically generated for you, which is also stored in your ADE, and is publicly available and not hashed. Please see Section 4.d. of our Terms of Use for more information about this. The username is not PID.

5.a.ii. When you create Content on the Site

When you create or edit a project on the Site, or post a comment on a project, we keep a log that you have done this in your ADE.

A project or comment in itself is not PID, but your PID may be displayed next to a comment or project you create.

We accept no responsibility for any PID you include in a project or comment.

5.a.ii.1. Projects

When you create a project, it can be set to Public, Private or Unlisted.

Public = anyone, regardless of whether they have an account, can see your project on the CodeDragon website.

Private = only you, when signed into your account, can see your project on the CodeDragon website.

Unlisted = anyone, regardless of whether they have an account, who has a link to your project can see your project on the CodeDragon website. However, the project is not listed in search results or "Trending Projects".

5.a.iii. When you are logged in, and are otherwise using the Site

5.a.iii.1. Feeds

Each user has a 'feed' of events and information, delivered automatically to their dashboard. This may include information about projects that you created or that users you follow have created. Other users that follow your profile will receive an automated feed 'item' when you:

You will also receive the same feed item. However, your followers will not receive feed items regarding your private or unlisted projects. Only information about public projects will be delivered to followers. Regardless, you will receive information about your own private and unlisted projects.

5.a.iii.2. CIUTS

We also collect the following non-PID about you, through the CodeDragon Internal User Tracking System (CIUTS).

Data collected by it is stored separately to your ADE, in a different database entry, alongside your user name. No PID is stored with your CIUTS database entry, however, if we suffered a cyber attack, and an attacker gained access to both your ADE and CIUTS database entry, PID could be traced back from your CIUTS database entry.

5.a.iii.3. session cookie

The session cookie is created automatically when you visit the CodeDragon website. It is used to identify your session on our website and to associate certain back-end variables with it. These include, but are not limited to, the username of the authenticated user (if any), your session duration, and other analytics data.

5.a.iii.4. token cookie

The token cookie is create automatically when you select the 'Remember me' option during sign in. It stores a token for an extended period of time which keeps you signed in while it exists.

5.a.iii.5. Flagging

If you find innapropriate content on the site, you can report it to us with the "Flag" button. All information entered on a Flag form will be kept private, unless under Section 6 of this Policy.

5.b. Third parties

N.B. Some of the third parties listed here are not based in the EU, but in the United States of America. Those which are in the USA may be protected under the EU-US Privacy Shield, which means that the third party in the USA voluntarily agrees to abide by EU data protection laws, i.e. the GDPR. You can read more about the EU-US Privacy Shield, and what it means for you here: https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/eu-us-privacy-shield_en.

We share your PID with the following third parties.

5.b.i. Algolia

Name of company: ALGOLIA SAS

Country of registration: France, an EU member state

Company registration number: 788 680 858 R.C.S. PARIS

Link to data processing addendum (latest version signed by us): Click here

What the third party does: Provides fast searching functionality on our website

What PID they get from us: The full name of users as well as extensive information about projects (only public projects)

Why do they need the PID: The PID is displayed to users in the search bar when a query term is deemed to match a user or project

Other notes: Full legal information is available at https://www.algolia.com/policies/legal

5.b.ii. Mailchimp

Name of company: The Rocket Science Group, LLC

Country of registration: United States of America (Georgia), not an EU member state

Company registration number: unknown

Link to GDPR data processing addendum (latest version signed by us): Click here

What the third party does: Provides newsletter subscriber management and campaign creation/sending

What PID they get from us: The email address and first and last name of users

Why they need the PID: The names are used to personalise messages and the email address to dispatch newsletters

Other notes: Certified under the EU-US Privacy Shield

5.b.iii. Sendgrid

Name of company: Sendgrid Inc.

Country of registration: United States of America (Colorado), not an EU member state

Company registration number: Unknown

Link to data processing addendum (latest version signed by us): Click here

What the third party does: Provides transactional emails, such as those you receive when you forget your password, or to verify a new account

What PID they get from us: The email address and first and last name of users

Why they need the PID: The names are used to personalise messages and the email address to dispatch the messages

Other notes: Certified under the EU-US Privacy Shield

5.b.iv. Stream

Name of company: Stream.io Inc.

Country of registration: United States of America (Colorado), not an EU member state

Company registration number: Unknown

Link to data processing addendum (latest version signed by us): Does not exist

What the third party does: Handles following, likes and comments of users and projects

What PID they get from us: All user data we hold, although only your username and full name are actually processed

Why they need the PID: To operate the following, likes and comments system

Other Notes: Not certified under the EU-US Privacy Shield

5.c. Exercising your GDPR rights over data we hold

The GDPR provides you with 8 rights over your personal data. These, and the ways in which you may exercise them, are listed below.

In any case, if you are not able to exercise the rights using your Account Settings page on the Site, you can contact us to make a request that an action is carried out on your behalf.

Where we suggest that you contact us, please see Section 9 for more information.

5.c.i. The right to be informed (GDPR Articles 12, 13 and 14)

You can exercise this right by reading this Policy, and contacting us if anything is unclear.

5.c.ii. The right to access (GDPR Articles 12 and 15)

You can exercise this right by reading this Policy and viewing your Account Settings page on the Site, where all PID we store about you is displayed.

5.c.iii. The right to rectification (correction) (GDPR Articles 12 and 16)

You can exercise this right by entering the correct PID on your Account Settings page on the Site.

You are unable to correct any data collected by the CIUTS (see Section 4.a.iii), as it is automatically generated, and is not PID.

When you rectify your PID on the Site, it may take up to 72 hours for the rectified data to be indexed by our third parties.

We reserve the right to retain the un-corrected PID for up to 30 days after you make the rectification, in case law enforcement authorities request to see the un-corrected PID.

5.c.iv. The right to erasure (GDPR Articles 12 and 17)

You can exercise this right by deleting your account on your Account Settings page on the Site.

When you delete your PID on the Site, it may take up to 72 hours for the deletion to take place in the indices of our third parties.

Note that this action is irreversible and permanent.

We reserve the right to retain your PID for up to 30 days after you delete your account, in case law enforcement authorities request to see the PID.

5.c.v. The right to restriction of processing (GDPR Articles 12 and 18)

You cannot exercise this right, as we store your data for a lawful purpose, as defined and agreed to in Section 2.c.ii..

5.c.vi. The right to data portability (GDPR Articles 12 and 20)

You can exercise this right be downloading a copy of all PID we store about you from your Account Settings page on the Site, in a machine-readable format.

This format is "JavaScript Object Notation", more commonly known as "JSON". A detailed guide to interpreting JSON can be found at the following URL: https://developers.squarespace.com/what-is-json.

If you wish to convert your PID to another commonly used machine-readable format, such as Extensible Markup Language (XML) or Comma Separated Values (CSV), you can do so with the following converter websites:

JSON to XML converter: http://convertjson.com/json-to-xml.htm

JSON to CSV converter: http://convertcsv.com/json-to-csv.htm

5.c.vii. The right to prevent processing

You cannot exercise this right, as we store your data for a lawful purpose, as defined and agreed to in Section 2.c.ii..

5.c.viii. The right to not be subject to automated decision making

You cannot exercise this right, as you are not subjected to automated decision making when using CodeDragon.

6. Sharing your data with law enforcement

We may disclose data we collect through the Site (including PID) to third parties not listed in Section 5.b. in the following circumstances, when required or requested to do so by law enforcement or other legal authorities:

7. Cross-border data transfer

CodeDragon is based in the UK, which is in the EU. Personally identifiable data which we collect may be transferred to, and stored at, any of our affiliates, partners, or service providers (including third parties) which may be inside or outside the EU, including the United States of America.

Please see Section 5.b. for more information about which of our third parties are based outside the EU, and which are covered under the EU-US Privacy Shield.

8. Cyber attacks and data breaches

We maintain a database of PID on our computer systems, from those users who sign up for an account with us. If we, or one of our third parties suffered from a cyber attack, the perpetrators could gain unlawful access to this database, and use the information in it to commit identity theft from users.

We carry out regular audits of security, and believe the likelihood to such an attack to be very low, but in the unlikely event that an attack does take place, the privacy of our users' PID is paramount.

For the purposes of reporting data breaches to authorities, our Data Protection Officer is the Director of the CodeDdraig Organisation.

8.a. If we are attacked

If our computer systems are attacked directly, and we believe that the privacy of PID could be at risk, the following protocol will be followed:

When we become aware of a cyber attack:

Within 72 hours of us becoming aware of the cyber attack:

Within 2 weeks of us becoming aware of the cyber attack, and when investigations by authorities have concluded:

8.b. If one of our third parties is attacked

If the computer systems of one of our third parties listed in Section 5.b. is attacked, and we believe that the privacy of PID could be at risk, we will take advice from that third party, and follow the protocol in Section 8.a., save that we are not under obligation to report to any authority - this is the obligation of the attacked third party.

9. If you have a problem

If you have a problem, question or would like to exercise your rights over your PID but cannot, you can contact us.

You can do this by emailing us at privacy [at] codedragon [dot] org. Please include your username and details of your query. You will normally receive a response from us within 30 days from the receipt of your message.

If you believe we have acted dishonestly, unlawfully or incorrectly, or have other concerns about our handling of PID, you can make a complaint to the ICO. Details of how to do this are given on the ICO website: https://ico.org.uk/make-a-complaint.

10. Contractual Information

10.a. Choice of law and venue

You agree that this Policy, for all purposes, will be governed and construed in accordance with the laws of the England, UK, applicable to contracts to be wholly performed therein, and any action based on, relating to, or alleging a breach of this Policy must be brought in a court of law in England, UK.

10.b. Choice of language

If we provide you with a translation of the English language version of this Policy, then you agree that the translation is provided for informational purposes only, and does not modify the English language version. In the event of a conflict between a translation and the English version, the English version will govern.

10.c. No waiver

No waiver of any term of this Policy will be deemed a further or continuing waiver of such term or any other term, and our failure to assert any right or provision under this Policy will not constitute a waiver of such right or provision.

10.d. Changes to this Policy

We may change this Policy from time to time. You can always find the latest version of the Privacy Policy at https://codedragon.org/legal/privacy. The date of the most recent revisions will appear on this page, and in this document.

We will give at least 14 days notice of any change to this Policy by placing a notice on the CodeDragon website (for those without accounts) and by emailing all users with accounts with messages to this effect.

Your continued use of CodeDragon constitutes your acceptance of any changes to or revisions of the Privacy Policy.

10.e. Entire agreement

This document, together with all and any appendices, constitutes the entire Privacy Policy and supersedes all previous privacy policies relating to the use of CodeDragon.

Revision date: 9th September 2018.