cmharrison-astro / esoscienceambassadors

ESO Science Ambassador's Website
1 stars 0 forks source link

Confirm what the deal is with Cookies and put on any necessary messages #8

Closed minnypatel closed 6 years ago

minnypatel commented 6 years ago

https://www.godaddy.com/garage/practical-steps-for-website-gdpr-compliance/

At the moment I believe we don't acutally need to anything - we're not collecting data and we're not actually using cookies (yet).

However it might be good to stick a message on anyway, as we'll more than likely need it when we do any kind of analytics.

minnypatel commented 6 years ago

https://www.blastam.com/blog/5-actionable-steps-gdpr-compliance-google-analytics ^ GDPR compliance with google analytics

minnypatel commented 6 years ago

https://support.google.com/analytics/answer/1042508 ^ setting up google analytics.

I'll create a branch and get started on this as part of https://github.com/cmharrison-astro/esoscienceambassadors/issues/19

minnypatel commented 6 years ago

https://github.com/studio24/cookie-message

This looks useful, I'll start from here

minnypatel commented 6 years ago

I've generated a policy using https://www.shopify.co.uk/tools/policy-generator. When we are finished we can use this tool to check the compliance: https://www.cookiebot.com/en/google-analytics-gdpr/

I'll figure out where the notices should go next.

minnypatel commented 6 years ago
ESO Science Ambassadors Privacy Policy

This Privacy Policy describes how your personal information is collected, used, and shared when you visit or make a purchase from http://biggesteyeonthesky.org/ (the “Site”).

PERSONAL INFORMATION WE COLLECT

When you visit the Site, we automatically collect certain information about your device, including information about your web browser, IP address, time zone, and some of the cookies that are installed on your device. Additionally, as you browse the Site, we collect information about the individual web pages that you view, what websites or search terms referred you to the Site, and information about how you interact with the Site. We refer to this automatically-collected information as “Device Information.”

We collect Device Information using the following technologies:

    - “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.
    - “Log files” track actions occurring on the Site, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
    - “Web beacons,” “tags,” and “pixels” are electronic files used to record information about how you browse the Site.

When we talk about “Personal Information” in this Privacy Policy, we are talking both about Device Information.

HOW DO WE USE YOUR PERSONAL INFORMATION?

We use the Device Information that we collect to help us screen for potential risk and fraud (in particular, your IP address), and more generally to improve and optimize our Site (for example, by generating analytics about how our Users browse and interact with the Site, and to assess the success of our marketing and advertising campaigns).

SHARING YOUR PERSONAL INFORMATION

We share your Personal Information with third parties to help us use your Personal Information, as described above.  For example, we use Google Analytics to help us understand how our Users use the Site--you can read more about how Google uses your Personal Information here:  https://www.google.com/intl/en/policies/privacy/.  You can also opt-out of Google Analytics here:  https://tools.google.com/dlpage/gaoptout.

Finally, we may also share your Personal Information to comply with applicable laws and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our rights.

DO NOT TRACK
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.

YOUR RIGHTS
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.

CHANGES
We may update this privacy policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal or regulatory reasons.

CONTACT US
For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at [email address] or by mail using the details provided below:

[physical address]
cmharrison-astro commented 6 years ago

This looks good to me.

We will also need a separate Cookies policy?

Email address to use: contact@biggesteyeonthesky.org

minnypatel commented 6 years ago

I think the cookies policy is covered by this line:

- “Cookies” are data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

As we're only using google analytics stuff and nothing else I reckon that's covered by the links to the Google related stuff.

I'm working on a cookies banner at the moment.

minnypatel commented 6 years ago

Cookie banner added in https://github.com/cmharrison-astro/esoscienceambassadors/pull/23

Privacy policy still needs adding.

minnypatel commented 6 years ago

Note - you'll only see the cookie banner until you close it. When you close it, it (ironically) sets a cookie which tells the browser not to display it anymore.

For development purposes, you can delete and edit cookies with a browser plugin - I use editThisCookie for chrome: https://chrome.google.com/webstore/detail/editthiscookie/fngmhnnpilhplaeedifhccceomclgfbg?hl=en

i.e each time I want to see the banner, I use editThisCookie to trash all the cookies and then refresh the page. The banner is now visible again.