Closed minnypatel closed 6 years ago
https://www.blastam.com/blog/5-actionable-steps-gdpr-compliance-google-analytics ^ GDPR compliance with google analytics
https://support.google.com/analytics/answer/1042508 ^ setting up google analytics.
I'll create a branch and get started on this as part of https://github.com/cmharrison-astro/esoscienceambassadors/issues/19
https://github.com/studio24/cookie-message
This looks useful, I'll start from here
I've generated a policy using https://www.shopify.co.uk/tools/policy-generator. When we are finished we can use this tool to check the compliance: https://www.cookiebot.com/en/google-analytics-gdpr/
I'll figure out where the notices should go next.
ESO Science Ambassadors Privacy Policy
This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from http://biggesteyeonthesky.org/ (the “Site”).
PERSONAL INFORMATION WE COLLECT
When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”
We collect Device Information using the following technologies:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
- “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
- “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.
When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information.
HOW DO WE USE YOUR PERSONAL INFORMATION?
We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our Users browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).
SHARING YOUR PERSONAL INFORMATION
We share your Personal Information with third parties to help us use your Personal Information, as described above. For example, we use Google Analytics to help us understand how our Users use the Site--you can read more about how Google uses your Personal Information here: https://www.google.com/intl/en/policies/privacy/. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.
Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.
DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
YOUR RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.
CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email address] or by mail using the details provided below:
[physical address]
This looks good to me.
We will also need a separate Cookies policy?
Email address to use: contact@biggesteyeonthesky.org
I think the cookies policy is covered by this line:
- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
As we're only using google analytics stuff and nothing else I reckon that's covered by the links to the Google related stuff.
I'm working on a cookies banner at the moment.
Cookie banner added in https://github.com/cmharrison-astro/esoscienceambassadors/pull/23
Privacy policy still needs adding.
Note - you'll only see the cookie banner until you close it. When you close it, it (ironically) sets a cookie which tells the browser not to display it anymore.
For development purposes, you can delete and edit cookies with a browser plugin - I use editThisCookie for chrome: https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en
i.e each time I want to see the banner, I use editThisCookie to trash all the cookies and then refresh the page. The banner is now visible again.
https://www.godaddy.com/garage/practical-steps-for-website-gdpr-compliance/
At the moment I believe we don't acutally need to anything - we're not collecting data and we're not actually using cookies (yet).
However it might be good to stick a message on anyway, as we'll more than likely need it when we do any kind of analytics.