From time to time, the MGF management team will change; new members will take on roles from those currently holding them, new roles may be created or deleted. This page describes the actions to be taken in each of these cases to maintain the operation of the site in general and the Member App in particular.
IMPORTANT NOTE: Although other roles may come and go, deleting the role of Membership Secretary involves special actions as, with the exception of broadcast messages, all communications to the membership are sent by the Member App from the Membership Secretary. If the role of Membership Secretary is to be abolished, then another role must be selected to replace it as the sender of communications. See below for the actions to be taken.
Change of incumbent
When a person is replaced as the holder of an MGF role, do the following:
Change the profile of the departing holder to ‘Member’.
Change the profile of the new holder to reflect their new role.
Login to the host site and change the forwarding address for mail to the role in question to that of the new holder.
Adding a new role
If a new MGF role is established, do the following:
Add a new record to the privileges table.
Add a new record to the email addresses table.
Login to the host site and add a mailbox for the new role with mail forwarded to the holder of the new role.
Change the profile of the holder of the new role to reflect their new position.
Deleting a role
If an MGF role is to be deleted, reverse all the actions taken for adding a role.
Deleting the role of Membership Secretary
If the role of Membership Secretary is deleted, another role must be assigned to perform the function of sender of communications to the membership. Once the role of the new sender has been identified, changes must be made to three Member App scripts as follows:
email_texts.php: change the code which gets and stores the personal details of the Membership Secretary to get those of the person who holds the role of new sender;
email_texts.php: change all occurrences of ‘Membership Secretary’ and ‘Secrétaire des adhésions’ to the title of the new sender;
member_email.php: change all occurrences of ‘Membership Secretary’ and ‘Secrétaire des adhésions’ to the title of the new sender;
member_email.php: change all occurrences of ‘membership@mediterraneangardening.fr’ to the official email address of the new sender;
admin_email.php: change all occurrences of ‘Membership Secretary’ to the title of the new sender;
admin_email.php: change all occurrences of ‘membership@mediterraneangardening.fr’ to the official email address of the new sender;
admin_email.php: remove ‘membership@mediterraneangardening.fr’ from all lists of recipients of the emails.
Unless it is absolutely essential to have more than one, it is advisable to have only one sender of communications to members (apart from broadcast messages). Having more than one sender would involve multiple changes to the Member App.
The EU’s data protection regulation (GDPR) and other privacy legislation grant certain rights to individuals regarding their personal information. As a consequence, they place obligations on organisations which hold personal information in the way that their systems (electronic or manual) store and process it. As a formal organisation under French law, MGF must be compliant with this legislation, not only with regard to the Member App which handles the personal information of its members but also the public website. This page sets out those privacy provisions which impact the construction and operation of the website and how these provisions are met. It does not discuss the impact of privacy regulation on the non-website matters of MGF management.
Privacy requirements
Below are the principal privacy provisions which affect the way the MGF website is constructed and operated. There are two pieces of legislation involved:
The General Data Protection Regulation (full text here);
EU directive 2002/58/E as amended in 2009, Article 5.3 and translated into French law as the Loi n° 78-17 du 6 janvier 1978, article 82
GDPR Article 5 states that personal data shall be adequate, relevant, limited to what is necessary, kept up to date with mechanisms to ensure that personal data that are inaccurate are erased or rectified without delay. Further, that it is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss.
GDPR Article 13 is a list of the information that an association must provide to new members including, for example, the purposes for which the personal information will be used and how any inaccuracies may be corrected.
GDPR Articles 15, 16, 19 & 20 give members the right to access their personal information and to request rectification or erasure of it, together with the right to complain to a supervisory authority. An association is also obliged to tell the member about any rectification or erasure of personal data. Members have the right to request a copy of their personal data in a commonly used electronic form.
GDPR Articles 25 & 32 oblige an association to ensure that their systems for processing personal information have appropriate levels of confidentiality, integrity, availability, resilience and recovery.
GDPR Articles 44-46 set out the conditions under which personal information can be transferred out of the EU.
GDPR Article 89 sets out the conditions under which personal information may be retained for statistical purposes.
Article 82 of the Loi n° 78-17 du 6 janvier 1978 relates specifically to cookies and states that users must always give their consent to the use of cookies once they have been given clear information as to their purpose. However, consent is not required for cookies that are essential for the proper provision of services which the user has specifically asked for.
Meeting the requirements
Nature and quantity of personal information collected.
The amount of personal information collected by MGF is only that needed to identify members, where they live and to communicate with them. The only mandatory items are name, post code, town, country, email address and a language preference. This information is stored in the Member App by the membership form on the website or, if supplied manually, by a member of the MGF Member Management team using the ‘Add a new member‘ function in the Member App.
Meeting the Article 13 requirements
The ways in which MGF meets its Article 13 requirements is set out in its Privacy Policy. This is available on the public website and within the Member Area (‘View administrative documents‘). The Member App sends a copy of this to applicants after they have completed the membership form. It also sends a copy of the latest version of the Privacy Policy to existing members along with subscription renewal notices and reminders.
Inspection by members of personal information held and its rectification where necessary
All the personal information collected by MGF is available at all times to members via the ‘View and update your profile’ function of the Member App and can be modified them at will. Personal information can also be modified by a member of the Member Management team (‘View the list of members‘ function). In both cases, a record is added to a table (wp_mgf_member_change_log) which records the state of the member’s profile after the changes have been made, together with the date and time of the change and the name of the person making it. In addition, the Member App sends an email to the member. For changes made by members themselves, the email just states that someone has changed their profile and that they should ensure that, if they did not make the change themself, they should contact the Membership Secretary. For changes made by an MGF manager, the email shows the complete new profile so that the member can check that it is correct.
Members’ right to request a copy of their personal data in a commonly used electronic form.
The personal information that MGF holds is common place and of limited quantity. That information is also available directly to the member online at all times. Given this, it is unlikely that any member will wish to exercise this right. If some member does invoke it, the easiest option is to copy the information into an Excel spreadsheet and send it to them.
Confidentiality, integrity, availability, resilience and recovery
The entire MGF website is protected from unauthorised access by a firewall provided by the Wordfence plugin. The Member App requires a login to see personal information. Ordinary members can only see their own personal information. However, if they are signed up to the Member Directory, they can see a limited amount of personal information about the other members of the directory via the Member App function ‘View the member directory‘. Changes to personal information are made using Member App functions which are logged. Provided that the website is operational, personal information is available at all times. The website is automatically backed up daily by the BlogVault plugin. In the event of data loss, information can be recovered from the backup via the same plugin.
Transfer of personal information outside of the EU
In view of the complications surrounding the acceptability of countries to store EU citizens’ personal information, all MGF personal information is held with the EU. This applies to both the hosting of the site and the backups taken by the BlogVault plugin.
Requirements for archiving
When people cease to be members, MGF archives a limited set of their personal information for archive purposes. This retained information is only available to the members of the Former Members Management team. For more details, see here.
Cookies
The MGF site consists of two sections: a public section open to all and a private section only accessible to members. None of the pages of the public section use cookies. However, there are some cookies associated with the private section. For example, WordPress itself uses a cookie to keep users logged in. All of these cookies are used to ensure the correct operation of the site and the only personal information stored in these cookies is that which the member has freely provided when they joined. As a result, they are exempt for the need for consent.
Strictly speaking, the site should have a consent box explaining the above to visitors of the site. However, it has been decided not to do this. In the event that it does become necessary, then the plugin CookieYes | GDPR Cookie Consent should be activated, after having revised (if necessary) the texts that it displays.
All members can access the Member App but they can see and do depends on who they are. This is determined by the roles to which they have been assigned. The Member App uses two separate sets of roles: the standard WordPress roles and MGF-assigned ones. The WordPress roles are used to define member permissions for WordPress functions; the MGF-assigned ones for MGF functions.
WordPress roles
In WordPress, a user is defined as a person who can do things which a casual visitor to the site cannot. They must have a user name and a password. All members of MGF are WordPress users and they select their user name and password when they join. However, if a new member’s details are entered into the system by an MGF manager, it is the manager who selects the user name and password. These are then communicated to the user with instructions to change them to values of their own choice.
WordPress user roles (of which there are six) determine what users are allowed to do in terms of content creation and site management. As content management in MGF is confined to the Website Editor and Manager, these different roles are not relevant in the context of MGF. However, they are useful to control what functions different types of member can use in the Member App. Of the six WordPress roles, MGF uses three:
administrator;
contributor;
subscriber.
Administrators have total access to all administrative and content creation features of the site. If a member is given an official role in MGF – Event Coordinator, Newsletter Editor and so on – they become ‘contributors’ which gives them access to administrative functions in the Member App. All other members are ‘subscribers’, meaning that they can only use functions that relate to their own personal information. In addition, they have access to information available to all members, such as financial reports and minutes of meetings.
WordPress roles are stored automatically by the relevant Member App functions in the WordPress database (wp_mgf_options table under the serialized wp_user_roles option). There is no need for any other action by a member of the MGF management team.
For a complete description of WordPress roles, see here.
MGF roles
MGF has twelve roles for those involved with the administration of the association:
Event Coordinator Occitanie
Event Coordinator Vaucluse
Event Coordinator PACA
Secretary
Membership Secretary
Information Manager
Treasurer
Newsletter Editor
Horticultural Consultant
Social Media Manager
Website Editor
Website Manager
All other members have the role of ‘Member’. This role is assigned automatically to new members when joining MGF. Assignment of the other roles is performed in the Member App by displaying and then modifying the member’s profile. Assigning a role (or removing one) will automatically update that member’s WordPress role as defined in the previous section. MGF roles are stored in the database as entries in the wp_mgf_usermeta table using a meta key of ‘mgf_role’.
With the exception of the Membership Secretary, more than one person can hold a given role but no individual may have more than one role. Only one person can hold the role of Membership Secretary because the Membership Secretary is the signatory of all the automatically generated (transactional) emails that are sent by the Member App (e.g. acknowledgement of a subscription payment). The script that displays a member’s profile checks that someone (and only one person) has this role and issues a warning if this is not the case. The sending of a transactional email will fail if there is no one with the role of Membership Secretary (or more than one).
There are restrictions regarding which administrative functions are available to different members of the management team. Team members are grouped as follows:
A: administrators: full privileges across the site;
M: the Membership Management team: those able to modify member information (including subscriptions);
F: the Former Member Management team: those able to see and manage former member information – to comply with GDPR, membership of this team must be kept to the strict minimum;
G: generalists: those only able to see membership information and also to carry out non-critical functions (e.g. sending messages to members).
The relationship between MGF role and allowable functions is defined in the Privileges table (accessed from the wpDataTables dashboard menu item). Each script in the Member App has a statement defining which group may use it and uses the Privileges table to check that the person trying to use it has sufficient privilege to do so, thus:
$privilege_level = ‘G’; // This is a general management function available to all members of the MGF team
When people join MGF, the personal information that they provided on the membership form is stored in the WordPress database. In addition, the following items used to manage their membership are also stored:
the date they joined MGF (date of completing the membership form);
the expiry year of their subscription (all subscriptions expire on 31 December). Normally, the year will be the year in which they joined but if they join after 30 September the expiry year will automatically be set to the one following;
the length of their subscription in years (normally one but exceptionally can be more);
their subscription status (see next paragraph);
their MGF role (see above).
Modifying member information
Although members have the ability to amend all of their own personal information, members of the Membership Management team can also change this information when necessary. Whenever a member’s personal information is changed (by either themselves or by an MGF manager), they are sent an email notifying them of this.
Members of the Membership Management team can also change the management information described in the previous paragraph.
Subscription Status
When joining, new members are assigned a subscription status of ‘Applicant’. Once their subscription has been received, their status becomes ‘Good standing’. At the end of each calendar year, subscription renewal notices are sent by the Member App to those whose subscription has expired. Their subscription status is then set to ‘Subscription renewal notice sent’. If they renew their subscription, their status is returned to ‘Good standing’.
Subscription Renewal Process
At the beginning of January, the Member Secretary will initiate a Member App function that sends an email to those members whose subscriptions have expired, inviting them to renew. At the beginning of February and March, the same function will be used to send a reminder to those who have not yet renewed. At the beginning of April, the function is used to inform those who have still not renewed that they have ceased to be members of MGF and their personal information is removed from the active member file (see next paragraph).
Former Members
GDPR dictates that, when a person ceases to be a member of an association, all processing of their information must cease and, in principle, that information must be deleted. However, where the association has a legitimate interest to retain some personal information it may do so, provided that access to it is kept to the strict minimum. In accordance with GDPR, MGF policy is to remove former member information from the active member database and to retain a small amount of information for management and statistical purposes. This is stored in a separate file that is only accessible by the Former Member Management team (see MGF Roles above). The Member App provides two functions to carry out this process. First, the final stage of the subscription renewal process will remove all those who have not renewed their subscription by the end of March. Second, an option in the View Member Profile allows a member of the management team with sufficient privilege to remove an individual member.
A WordPress installation has two components: a MySQL (MariaDB) database and a collection of folders in the site’s public_html folder.
The Database
The database is the heart of the system. Other than images and items like PDF documents, the database includes all of the site’s content. WordPress installations have no permanent HTML files; they are all generated dynamically from the database when called. All changes to a page are stored in the database, meaning that the Gutenberg editor can be used to go back to earlier versions if necessary. In addition to the page content, the database contains all user information. There are also tables which are inserted and used by plugins, both commercial and those developed by MGF. For example, the tables used to generate list pages are a combination of tables generated by the wpdatatables plugin and MGF information imported from the spreadsheet system used on the old site. For more details on the database see the WordPress Database page.
The public_html folder
The public_html folder contains all the code needed for the installation and operation of the site: This includes:
the standard WordPress code (the ‘core’);
plugins (additional code provided by external suppliers or developed by MGF);
code for themes;
other MGF-developed code (principally for the Member App).
WordPress code is written in PHP. The standard code (the ‘core’) can be found in the root public_HTML folder as well as the subfolders wp-admin and wp-includes. Some core code and all site-specific code and content can be found in the wp-content subfolder.
The public_html folder also contains the Media Library where images and other self-standing files such as PDFs are stored.
When building a WordPress site, it has to be assigned a theme. This controls the site’s appearance: layout, typography, colour, and other design elements. As a bare minimum, a theme will consist of a stylesheet of standard CSS statements (‘style.css’) to control the appearance of the site and a functions file (‘functions.php’). The latter is a collection of PHP functions and code snippets to perform custom functions not provided by the basic WordPress installation. The theme can also have
additional CSS files;
a collection of special WordPress elements – templates, headers, sidebars and footers (see below);
JavaScript files.
WordPress installations come with a number of default themes and others can be downloaded from the official WordPress theme directory. Many are free; others have paid premium versions. It is also possible to create your own custom themes for a unique website design – which is the case with the MGF site.
Templates
When creating a WordPress page, the user assigns to it a template. This frames the content of the page and, together with the CSS files of the theme, determines its appearance. Templates, which belong to a theme, are executable files which WordPress runs when the page is selected for display. WordPress has a default set of templates but users can create their own and the MGF site makes extensive use of these. Some pages, particularly in the Member App, have a template to themselves; other pages use the same template. For example, all gardening article pages will use the Gardening Articles template thus ensuring that they all have the same general appearance.
Templates are written in PHP but may also contain HTML, CSS and JavaScript. The PHP code is usually a combination of standard PHP statements and special WordPress functions. For example, the WordPress function ‘get_the_title()’ will retrieve the page title*. The primary function of a template is to determine the appearance of the page but it may also contain code carrying out functions specific to the page content. This is particularly so with the Member App where the templates contain the code to carry out the tasks required by the page in question such as updating a member’s profile or sending a message to all members. The templates used in the MGF site fall into three categories:
WordPress generic templates;
templates formatting the pages of the public site (and also the site documentation);
templates used by the Member App.
For more information about how themes and templates are used in the MGF site, click here.
* For a description of all WordPress functions, see the Code Reference.
Pages
Pages, the part of the site that is visible to users, are created by using the WordPress editor (known as ‘Gutenberg’).
All web pages (including WordPress ones) consist of two sections: head and body (enclosed in <head> and <body> tag pairs, respectively) with the whole page enclosed in an <html> tag pair. However, unlike other websites, a WordPress site has no self-standing and permanent HTML files. When a user creates a WordPress page using the editor, WordPress stores the content in a database. Then, when the page is to be displayed, it is constructed dynamically by the WordPress code.
A WordPress page can have four elements:
a header;
the content area;
sidebars (optional);
a footer (also optional).
As their name suggests, headers and footers are blocks of content which precede and follow the principal content on the page. A header for each page is mandatory as it contains the <head> section of the page as well as the initial lines of the <body> section. How much of the body section is included in the header is optional; the MGF header includes the logo, title and the menu bars.
Sidebars are blocks of content within a page. Originally (again as their name suggests) sidebars had to be placed to either the left or right of the principal content but now they can be placed anywhere within the page by using CSS. It is possible to have different versions of the header, sidebar and footer elements for different pages. However, for presentation reasons it is likely that the header and footer elements are will be the same across the whole site (as is the case for MGF). Which of these elements (and which version thereof) is included on any given page is determined by the page template. For a full description of these special WordPress elements and how they are used in the MGF site, see the Headers, Footers, and Sidebars page. Headers, footers and sidebars are part of a theme.
Code
Driving the presentation of pages on the site is the underlying code. The basic code which operates any WordPress site and which is common to all WordPress installations is known as the ‘core’. It is regularly updated and administrators should ensure that the site uses the latest version. Customisation of the code is possible in a number of ways. For more on the code used in a WordPress system, see The System Code.
