Privacy Policy

CAS Website Privacy Policy

Website operator

This website is operated by the Canberra Astronomical Society Inc. (CAS), a not-for-profit organisation dedicated to the promotion of amateur astronomy in and around the Australian Capital Territory, ACT.

Use of this website

Most content is user-created by CAS members, who receive no payment or commercial consideration for their contributions. The content on this website is provided ‘as is’, without any explicit or implied warranty or statement of fitness for purpose.

In particular, we advise you that you should not rely solely on any information provided on this website when making decisions about purchasing equipment for astronomy observing, nor for planning travel to observe astronomical phenomena.

Information Collected

From All Visitors

The platform on which we host this website logs information about site visitors, including

  • the IP address from which you are accessing the website, and
  • the web browser, browser window size, and operating system of the device from which you are accessing the website.

We may analyse this data in aggregate periodically to assist us to optimise the website for our visitors.

In addition, this website sets cookies on your device if your web browser settings permit. Cookies are small data files that help us to provide a more personalised experience when you access the website. You are not required to allow this website to set cookies on your device in order to use it, however if you do not allow cookies to be set some areas of the website may not work as intended (or at all).

From Logged-in Users

While much of this website is made freely available to the public, some sections are restricted only to current financial CAS members. In addition to the information collected from all website visitors, members-only areas of the site require CAS members to log in to verify their eligibility to access members-only content. CAS members create a profile on the website that includes a username, name, email address, and password—no other information is required. Optionally, members may choose to fill in additional information in their website profile. We encourage members not to include any sensitive or personally identifying information in their profile.

We do not offer any goods or services for sale, nor process any payments via the website. We do not collect or store members’ credit card or other payment information via this website.

Sharing of Login Details

CAS members are not permitted to share login details with any other person, and accessing members-only areas of this website with login details that belong to another person is expressly forbidden.

  • Any CAS member who shares their login details with any other person may, at the discretion of the CAS committee, have their website access revoked without notice.
  • Any CAS member who accesses the members-only content on this website with another person’s login details may, at the discretion of the CAS committee, have their website access revoked without notice.
  • Any non-member who accesses the members-only content on this website with a CAS member’s login details may, at the discretion of the CAS committee, be denied membership should they subsequently apply to join CAS.

Website security

CAS takes website security seriously, and strong efforts have been made to ensure that user data are transmitted and stored securely when accessing this website.

Encryption

The website uses strong encryption across all areas of this website to ensure that the connection between a visitor’s web browser and the web server is secure. An SSL certificate is installed to enable users to verify the identity of the website.

Passwords

The hosting platform this website uses stores passwords as salted hashes in the database—at no time is your password stored as plain text. As a result of this, should you forget your password we cannot send you your password in an email. This is a good thing! Instead, should you forget your password you can request a password reset by clicking the ‘Lost Password’ link. You will be emailed a unique password reset link to the email associated with your account, and you can select a new password from there.

The way we store passwords also means that if an attacker manages to access the database, any attempt to crack user passwords is made much more difficult and would require significant time and computing power. Despite these protections, we strongly encourage members to choose a long, complex password that is not used on any other website to secure their CAS website account.

No Security is Perfect

No computer system is perfectly secure however, and CAS does not make any explicit or implied guarantee that this website is invulnerable to hacking attacks, software vulnerabilities, hosting platform vulnerabilities, or website misconfiguration. It is possible that user data could be made public at some point in time.

To minimise the risk associated with a potential security breach, CAS only requires minimal information from users: a username, name, email address, and password. This information is only required from registered users (CAS members) who access the members-only areas of this website. Site visitors who access publicly-accessible areas of this website are not required to submit any details in order to use it.

We strongly encourage members to choose a long, complex password that is not used on any other website to secure their CAS website account.

If you have any questions about this Privacy Policy, please contact a committee member to discuss it.