The text in this article may include ControlShift's interpretation of the GDPR and/or interpretations we've heard from other organizations. This article should not be considered legal advice. Please seek independent legal counsel to ensure your compliance with the regulations.
Introduction
Cookies are small data files that are generated by a website and stored on your computer or mobile device as you browse the site. Cookies can contain information about your browsing activity, user identity, or other information. When you return to the website that set the cookie, the cookie will send information back to the website allowing the site to recognize you as a returning user and potentially customize your browsing experience.
Many websites use cookies, including ControlShift. Depending on local laws, you may be required or encouraged to inform site visitors about the use of cookies and allow them to opt-out of non-essential cookies.
Cookies consent banner
To make it easy for organizations to inform site visitors about cookies, ControlShift supports showing a cookies consent banner at the top of platform pages.
When the Display cookies notice option is enabled for the organization, the cookies consent banner will be displayed for all site visitors. The banner includes a customizable notice about the use of cookies and allows site visitors to choose between accepting all cookies or only essential cookies.
- Essential cookies are the cookies that are required for the ControlShift platform to function properly.
- Accepting all cookies allows ControlShift to set the essential cookies plus additional cookies that provide enhanced features and allow tracking user actions.
To enable the cookie banner, go the the organization admin home page > Settings > Options and then expand the Disclaimers section. From that section, you can enable the cookies consent header and customize the notice text that's displayed on the left side of the banner for all of the locales your organization is using.
Essential Cookies
As detailed above, essential cookies are required to provide minimum functionality on the ControlShift platform. These include:
| Name | Purpose | Expiration |
| _agra_session | Used for keeping track of a user's session in the site. This is required even for users who haven't signed in. | Session cookie1 |
| agra-recent-action | Stores the ID of the member's most recently taken action. This is used to allow one-click signing of petitions using the information the user just entered without asking them to enter their data again. | 1 hour |
| agreed_cookies | Keeps track of whether the cookies consent has been granted or not, and whether it was for all cookies or only essential cookies. | 180 days |
| preferredForumViewType | Used for storing the preferred way to display forums on events and local groups. | Session cookie1 |
| agra-comment-<comment ID> | Stores recently liked comments on petitions. There's a separate cookie for each liked comment. | 3 days |
| __cf_bm | This cookie expires after 30 minutes of continuous inactivity by the end user. The cookie contains information related to the calculation of Cloudflare's proprietary bot score. The information in the cookie (other than time-related information) is encrypted and can only be decrypted by Cloudflare. A separate cookie is generated for each site that an end user visits, as Cloudflare does not track users from site to site or from session to session. |
30 minutes of inactivity |
| cf_cc_XXX; cf_chl_cc_XXX; cf_chl_seq_XXX; cf_chl_prog | Cookies used for the execution of Javascript or Captcha challenges. They are not used for tracking or beyond the scope of the challenge. They can be deleted if seen. | Session |
| cf_clearance | Stores the proof of challenge passed. It is used to no longer issue a captcha or jschallenge challenge if present. | Session |
| cf_chl_XXXX | This cookie is used to check whether the Cloudflare Edge server supports cookies. It can be deleted if seen. | Session |
| cf_chl_rc_i; cf_chl_rc_ni | These cookies are for internal use which allows Cloudflare to identify production issues on clients. | Session |
1 Session cookies expire when you close/quit your browser.
All Cookies
Most of the non-essential cookies depend on the integrations you have set up for your organization. As an example, you may find cookies from any of the following vendors:
- Segment
- Freshchat
- Google Tag Manager
- Google Analytics
- Matomo
- Optimizely
Additionally we set the following cookie when session tracking is enabled:
- analytics_session_id: a random ID set for tracking users who haven't signed in, which we send as a session identifier to analytic tools.
Other Cookies From Third-Party Services
Content embedded from third-party services may also introduce their own set of cookies that are beyond the control of ControlShift and not subject to users granting cookies consent.
Third-party services that the ControlShift platform integrates with are:
- Embed.ly content from supported services, including things like Youtube (see their full list of providers for more information)
- Mapbox embedded maps
- Google Maps autocomplete component
Revoking Cookie Consent
User who have previously given cookies consent can revoke their consent by going to [Your ControlShift Site]/member/revoke_cookies_consent. After revoking their consent, non-essential cookies will be revoked. Users who have revoked their cookies consent will see the cookies consent banner again. Organizations may wish to include a link to the revocation URL in their privacy policy or other documentation.
The GDPR has numerous requirements and hefty fines for non-compliance. The information included here is not legal advice, and we strongly recommend that all organizations using ControlShift seek legal counsel to ensure that they comply with the GDPR and all relevant laws.
Comments
0 comments
Please sign in to leave a comment.