The text in this article may include ControlShift's interpretation of the GDPR and/or interpretations we've heard from other organizations. This article should not be considered legal advice. Please seek independent legal counsel to ensure your compliance with the regulations.
Cookies are small data files that are generated by a website and stored on your computer or mobile device as you browse the site. Cookies can contain information about your browsing activity, user identity, or other information. When you return to the website that set the cookie, the cookie will send information back to the website allowing the site to recognize you as a returning user and potentially customize your browsing experience.
Cookies consent banner
To make it easy for organizations to inform site visitors about cookies, ControlShift supports showing a cookies consent banner at the top of platform pages.
- Essential cookies are the cookies that are required for the ControlShift platform to function properly.
- Accepting all cookies allows ControlShift to set the essential cookies plus additional cookies that provide enhanced features and allow tracking user actions.
To enable the cookie banner, go the the organization admin home page > Settings > Options and then expand the Disclaimers section. From that section, you can enable the cookies consent header and customize the notice text that's displayed on the left side of the banner for all of the locales your organization is using.
As detailed above, essential cookies are required to provide minimum functionality on the ControlShift platform. These include:
|Used for keeping track of a user's session in the site. This is required even for users who haven't signed in.
|Stores the ID of the member's most recently taken action. This is used to allow one-click signing of petitions using the information the user just entered without asking them to enter their data again.
|Keeps track of whether the cookies consent has been granted or not, and whether it was for all cookies or only essential cookies.
|Used for storing the preferred way to display forums on events and local groups.
|Stores recently liked comments on petitions. There's a separate cookie for each liked comment.
|This cookie expires after 30 minutes of continuous inactivity by the end user. The cookie contains information related to the calculation of Cloudflare's proprietary bot score. The information in the cookie (other than time-related information) is encrypted and can only be decrypted by Cloudflare.
A separate cookie is generated for each site that an end user visits, as Cloudflare does not track users from site to site or from session to session.
|30 minutes of inactivity
|cf_cc_XXX; cf_chl_cc_XXX; cf_chl_seq_XXX; cf_chl_prog
|Stores the proof of challenge passed. It is used to no longer issue a captcha or jschallenge challenge if present.
|This cookie is used to check whether the supports cookies. It can be deleted if seen.
|These cookies are for internal use which allows Cloudflare to identify production issues on clients.
1 Session cookies expire when you close/quit your browser.
Most of the non-essential cookies depend on the integrations you have set up for your organization. As an example, you may find cookies from any of the following vendors:
- Google Tag Manager
- Google Analytics
Additionally we set the following cookie when session tracking is enabled:
- analytics_session_id: a random ID set for tracking users who haven't signed in, which we send as a session identifier to analytic tools.
Other Cookies From Third-Party Services
Content embedded from third-party services may also introduce their own set of cookies that are beyond the control of ControlShift and not subject to users granting cookies consent.
Third-party services that the ControlShift platform integrates with are:
- Embed.ly content from supported services, including things like Youtube (see their full list of providers for more information)
- Mapbox embedded maps
- Google Maps autocomplete component
Revoking Cookie Consent
User who have previously given cookies consent can revoke their consent by going to [Your ControlShift Site]
The GDPR has numerous requirements and hefty fines for non-compliance. The information included here is not legal advice, and we strongly recommend that all organizations using ControlShift seek legal counsel to ensure that they comply with the GDPR and all relevant laws.