Privacy Policy

Capital Personal Computer User Group, Inc

[Draft] PRIVACY POLICY & SECURITY NOTICE
Last updated: March 2013

By visiting our site—which includes cpcug.org, cpcug.info, and cpcug.net—you are accepting the practices described in this Privacy Statement. We collect some personal information on you when you register for one of our events, if you buy a product or pay for your membership or if you use a members-only feature of our site such as personal comments online or a survey reply.

What we do not do is store personal information about you online besides your member number, name and ZIP code unless you give it to us online. This data is necessary to limit access to members-only areas, and is used just for such validation. Even then, we do not keep it longer than we need to, usually just as long as needed to permit the transctions you authorize. We never sell or share the limited information we retain with anyone outside of CPCUG.

Our web servers are located with Acquia, an international provider of Drupal-as-a-Service. Acquia's main servers are hosted with Amazon Web Serivices in their distributed data centers. Our email services are with DreamHost, and our email server is in Los Angeles. Our data packets travel all over the Internet.

Ownership

Capital Personal Computer User Group, Inc. (CPCUG), a nonprofit computer user group incorporated in Maryland, with an international membership, operates a suite of Internet information servers, including Web servers, mail servers, servers for email list distribution and associated supporting services. Our address is on the Contact Us page, along with our administrative contact.

These servers were set up and created for the benefit of members of CPCUG, for prospective members, and for those individuals and groups that share interests in various aspects of personal computing. The content of the various servers, pages, and services is the property of CPCUG, and, in the case of any member pages, individual members of CPCUG. This information is not in the public domain.

Information Collection—Web Servers

All Web servers need to collect technical information in order to share their contents with visitors. The technical information identifies what part of a Web site a visiting computer wishes to reach, and where to send the requested information once it is found. For site management, this technical information is also used for statistical analysis. Summary statistics are used for such purposes as assessing what information is of most and least interest, identifying usage trends over time, determining technical design specifications, and identifying system performance or problem areas.

Product/Membership Order Forms

We plan to offer and maintain more online order forms at the request of many of our overseas and local members. Existing forms requiring payment, such as for Training registration, take the user to PayPal, a secure site, as its privacy policy describes. Any forms requiring payment but without a link to a secure payment site are provided for users wishing to avoid online transactions, who are then able to print out the forms, fill them in, and mail (or fax) them to the CPCUG office (or contact the CPCUG office via phone during business hours).

Web Cookies

The CPCUG Web site uses session cookies with our Webmail and when managing email lists to which you are subscribed and in some other situations where personalization needs to be retained during your online session with us. These cookies disappear from your machine as soon as you quit your browser, unless your browser is set otherwise.

Electronic Mailing Lists and Forums

CPCUG email lists and any future online forums are in one of two forms: public or members only. Messages posted to public lists could be read by anyone (member or nonmember) who knows the exact name of the list and uses it to access the archives of the list on the Web.. Messages posted to members-only lists may be read by list subscribers and by system administrators, who keep an eye on the applicable software and moderate the lists to make sure they remain civil. For a greater degree of privacy, contact each other via personal e-mail or non-Internet means.

Electronic Mail

You receive a free electronic mail account on our domain when you join CPCUG, and we use that email as the primary method for contacting you about membership benefits, events and CPGUG online service developments, unless you provide a substitute email address or tell us you do not want to receive such email ("opt out"). We also have more focused email announcement lists to which you must subscribe ("opt in") in order to receive notices.

Electronic mail sent to addresses @cpcug.org or (less often) @cpcug.net or @cpcugtoo.org, such as those on the Contact Us page, is treated no differently than any other electronic mail. All electronic mail transactions are handled by electronic mail servers, and do not pass through our Web site unless you use our web mail to send or receive it, nor are they monitored or recorded by our Web sites in any other way.

No Internet E-mail system is completely private. It is best not to ever write anything online that you wouldn't want read publicly in an embarrassing situation.

Mailing Lists

An exception to our rule about recording addresses obviously occurs when an individual specifically requests that their E-mail address be added to a CPCUG mailing list, CPCUG necessarily records that E-mail address. Note that CPCUG groups may maintain email lists on other service providers, like freelists.org and yahoogroups.com, which CPCUG cannot control. If you participate on such lists, you might wish to review those providers' privacy policy.

All CPCUG email announcement and discussion lists are self-service and opt in (that is, you alone elect to join and when to leave). We do not add the e-mail address of anyone to any of our e-mail distribution lists, with one exception: When someone joins CPCUG they are given a personal e-mail account @cpcug.org. That e-mail address is initially added just to one list -- cpcug-members-a -- the announcement list used by CPCUG officers and directors to communicate with the membership about twice a month. But here too, you can end that subscription whenever you wish, as with any other email list.

CPCUG e-mail lists are maintained for a variety of purposes, but generally speaking they are used to notify members and interested nonmembers of CPCUG events (usually suffixed "-A" for announcement) or to support discussion of topics of shared interest (often suffixed "-D" for discussion).

Passwords and Accounts

Certain CPCUG services are available to members only, and require a username and password. The username and password provides access to specific services; aside from the servers involved, nobody else sees (or cares) about such information, and the servers contain no other identifying information.

The free email account given to each CPCUG member is assigned an initial and temporary password by the CPCUG Office. Before using it, each member is urged to change that password using the CPCUG Webmail on our website. That new password is stored in encrypted form, and is not viewable by anyone. Note that the online servers that validate member-only access do not have use of or see the CPCUG master membership database. They merely hold a list of membership numbers, the member-name and ZIP code which are exported from the membership database. Thus in the event of a break-in, no personally identifying information will be found. This minimalist approach is used elsewhere so far as we can.

Monitoring

For site security purposes and to ensure that this service remains available to all users, the CPCUG information systems employ hardware and software to monitor network traffic aimed to identify unauthorized attempts to add or alter information, or otherwise cause damage or interfere with information delivery. Except for checking on ne'er-do-wells, no attempt is made to identify individual users or their usage habits. Raw data logs may be stored indefinitely for use in statistical analysis or to protect the security and integrity of the computer systems.

CPCUG does collect lots of uninteresting raw data on our Internet services. Some of this raw data is sliced and diced into aggregate statistics on how our services are used. We use these statistics internally to improve our services and to diagnose bottlenecks. We do not share this information with other organizations or groups, either through sale or barter. Even within CPCUG, only those members actively assisting in the management of our Internet services ever get to see these monumentally boring statistics, and we usually have to beg them review it.

Unauthorized attempts to add information or alter information on these information services are strictly prohibited and may be punishable under the Computer Fraud and Abuse Act of 1986 and subsequent laws protecting information systems. Our terms of service, and those of our host allow other actions in the event of misbehavior.

If you have any questions or comments about the information presented here, please send them to the CPCUG president