jeffemmett
/
gdpr-compliance-kit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
gdpr-compliance-kit/PRIVACY_POLICY_TEMPLATE.md

7.6 KiB
Raw Blame History

Privacy Policy

Last Updated: [DATE]

1. Introduction

Welcome to [WEBSITE_NAME] ("we," "our," or "us"). We are committed to protecting your personal data and respecting your privacy in accordance with the General Data Protection Regulation (GDPR) and other applicable data protection laws.

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [WEBSITE_URL] (the "Site").

2. Data Controller

The data controller responsible for your personal data is:

Jeff Emmett 23 Birchpark Dr L3M 4M9 Grimsby, Canada

Email: [CONTACT_EMAIL]

3. What Data We Collect

3.1 Data You Provide to Us

We may collect the following categories of personal data that you voluntarily provide:

  • Contact Information: Name, email address when you contact us or subscribe to our newsletter
  • Communication Data: Content of messages you send us through contact forms or email

3.2 Data Collected Automatically

When you visit our Site, we may automatically collect:

  • Technical Data: IP address (anonymized), browser type, operating system, device type
  • Usage Data: Pages visited, time spent on pages, referring website, click patterns
  • Cookie Data: See our Cookie Policy section below

3.3 Data We Do NOT Collect

We do not collect:

  • Special category data (health, religion, political opinions, etc.)
  • Financial/payment data (unless you make a purchase, handled by third-party processors)
  • Data from children under 16 years of age

4. How We Use Your Data

We process your personal data for the following purposes and legal bases:

Purpose Legal Basis (GDPR Art. 6)
Responding to your inquiries Legitimate interest / Contract performance
Sending newsletters (if subscribed) Consent
Website analytics and improvement Legitimate interest / Consent
Security and fraud prevention Legitimate interest
Legal compliance Legal obligation

5. Newsletter & Email Communications

If you subscribe to our newsletter:

  • We use Listmonk (self-hosted) to manage subscriptions
  • You can unsubscribe at any time using the link in every email
  • We will never share your email with third parties for marketing
  • Legal basis: Your explicit consent (GDPR Art. 6(1)(a))

6. Cookies and Tracking

6.1 What Are Cookies?

Cookies are small text files stored on your device when you visit websites. We use cookies to:

  • Remember your preferences (e.g., cookie consent choice)
  • Understand how you use our website (analytics)

6.2 Types of Cookies We Use

Cookie Type Purpose Duration Consent Required?
Strictly Necessary Essential for site functionality Session No
Analytics Understand site usage patterns 1 year Yes
Preferences Remember your settings 1 year Yes

6.3 Analytics

We use [Vercel Analytics / Plausible / other] to understand how visitors interact with our Site. This service:

  • [Collects anonymized usage data / Collects IP addresses]
  • [Does not use cookies / Uses first-party cookies]
  • Data is processed in [location]

6.4 Managing Cookies

You can manage cookies through:

  • Our cookie consent banner (appears on first visit)
  • Your browser settings
  • Links at the bottom of our pages

To opt-out of analytics, you can:

  • Click "Reject" on our cookie consent banner
  • Use browser extensions like uBlock Origin or Privacy Badger

7. Data Sharing and Third Parties

We may share your data with:

7.1 Infrastructure Providers (Data Processors)

Provider Service Location DPA
netcup GmbH Web hosting infrastructure Germany (EU) Yes
Cloudflare, Inc. CDN, security, DNS Global (US company, EU processing) Yes
Vercel Inc. Analytics US Yes

7.2 We Never:

  • Sell your personal data
  • Share data with advertisers
  • Transfer data without appropriate safeguards

7.3 International Transfers

Some of our service providers are based outside the EU/EEA. When we transfer data internationally, we ensure appropriate safeguards such as:

  • EU Standard Contractual Clauses (SCCs)
  • Data Processing Agreements
  • Adequacy decisions where applicable

8. Data Retention

We retain your personal data only for as long as necessary:

Data Type Retention Period
Contact form submissions 2 years
Newsletter subscriptions Until you unsubscribe + 30 days
Analytics data 14 months
Server logs 14 days

9. Your Rights Under GDPR

You have the following rights regarding your personal data:

9.1 Right of Access (Art. 15)

Request a copy of your personal data we hold.

9.2 Right to Rectification (Art. 16)

Request correction of inaccurate or incomplete data.

9.3 Right to Erasure (Art. 17)

Request deletion of your data ("right to be forgotten").

9.4 Right to Restrict Processing (Art. 18)

Request limitation of how we process your data.

9.5 Right to Data Portability (Art. 20)

Receive your data in a structured, commonly used format.

9.6 Right to Object (Art. 21)

Object to processing based on legitimate interests, including profiling.

9.7 Right to Withdraw Consent (Art. 7)

Withdraw consent at any time (does not affect prior lawful processing).

9.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: [CONTACT_EMAIL]
  • Subject line: "GDPR Data Request - [Your Right]"

We will respond within 30 days of receiving your request. We may ask for identification to verify your identity.

9.9 Right to Lodge a Complaint

If you believe we have violated your data protection rights, you have the right to lodge a complaint with a supervisory authority. Since our hosting is in Germany, you may contact:

Landesbeauftragte für den Datenschutz und die Informationsfreiheit Baden-Württemberg Website: https://www.baden-wuerttemberg.datenschutz.de/

Or your local data protection authority.

10. Security Measures

We implement appropriate technical and organizational measures to protect your data:

  • Encryption: All data transmitted via HTTPS/TLS
  • Access Controls: Limited access to personal data
  • Infrastructure Security: ISO 27001 certified data centers (netcup/Anexia)
  • Regular Updates: Security patches and updates applied promptly

11. Children's Privacy

Our Site is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by:

  • Posting the new policy on this page
  • Updating the "Last Updated" date
  • [Sending an email notification for significant changes]

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us:

Jeff Emmett Email: [CONTACT_EMAIL] Website: [WEBSITE_URL]

Appendix A: Specific Processing Activities for [WEBSITE_NAME]

Data Processing Summary

Categories of Data Subjects:

  • Website visitors
  • Newsletter subscribers
  • Contact form users
  • Customers/clients
  • Other: _______________

Categories of Personal Data:

  • Name
  • Email address
  • IP address (anonymized)
  • Usage/analytics data
  • Other: _______________

Special Categories of Data (Art. 9):

  • No special categories processed

This privacy policy template is provided for informational purposes. Consider consulting with a legal professional to ensure full compliance with applicable laws.