There is sensible content on the privacy policy page

[r-ferrier]

Issue

What should this be? We need to audit the trans dim site - this should be more or less in line with what we want here? Can we use the same stuff? Check the differences & similarities

see #182

[aaaaargZombies]

:partying_face: thirdpartys :partying_face:

mailerlite

• news letter sign up, their privacy policy

spotify for podcasts

• podcast iframe used to play the podcast on our site
• adds 4 cookies on page load
• privacy policy

youtube

• we embed youtube iframes in blog posts and projest
• it loads a single cookie about pending consent

https://developers.google.com/youtube/terms/api-services-terms-of-service

https://decareto.com/en/embed-youtube-in-a-dsgvo-compliant-way/

Strictly speaking, information about the storage period of the data would also have to be provided, but unfortunately there is no clear statement from Google on this.

adobe / typekit

• we pull in balboa and frieght-text-pro here is their privacy policy

[kimadactyl]

i vaguely remember there being a cookie-less youtube option but im damned if i can remember what it was or if its still a thing

[r-ferrier]

Have started this and have written a draft policy here, based on the one on the trans dimension: https://github.com/geeksforsocialchange/gfsc-v3/tree/feat/250-add-privacy-policy

HOWEVER have run into an unfortunate barrier: spotify embeds do not conform to this policy. Users must consent to the use of analytics cookies before we can show them. We also currently say that we collect anonymous data using plausible analytics (nbot sure if this is true) but if it is true, even if it is anonymous, AFAIK we still need to ask for visitors consent to collect this. I will raise a new issue about these things.

[r-ferrier]

New issue here: https://github.com/geeksforsocialchange/gfsc-v3/issues/287

[r-ferrier]

@aaaaargZombies @ivan-kocienski-gfsc @katjam any thoughts on the above?

[ivan-kocienski-gfsc]

Seems okay to me (but I am not a legal person so...)

Perhaps change the email address from Kim's ?

[r-ferrier]

alas, it's definitely not ok - have linked to the regulations in the issue I mentioned in the comment above.

https://ico.org.uk/for-organisations/direct-marketing-and-privacy-and-electronic-communications/guide-to-pecr/cookies-and-similar-technologies/

There's a lot of detail in there but the headline info for cookies is:

This means that if you use cookies you must:

say what cookies will be set; explain what the cookies will do; and obtain consent to store cookies on devices.

[r-ferrier]

Have made a proposal for dealing with cookies on the website and this will remain blocked until this is agreed on and https://github.com/geeksforsocialchange/gfsc-v3/issues/287 is sorted out.

[r-ferrier]

This page explains how we collect information via gfsc.studio and what we do with it.

What data do we collect?

GFSC collects anonymous analytics data.

We sometimes use third party services for example Plausable Analytics, to gather statistical data about the use of gfsc.studio. That data isn't linked to you in any way.

• We use Spotify to embed podcasts on our website. Spotify use cookies to gather analytics. Spotify privacy policy

• We embed youtube iframes in blog posts and projects using youtube's 'privacy enhanced mode'. These load functional cookies required to run videos but do not gather data that can be linked to any actions you take on our site. Youtube API ToS

• We use adobe typekit to serve our fonts. Adobe privacy policy

Information to help us get in touch with you

In connection with services offered through this site we may ask you to submit information such as your name and e-mail address. You are under no obligation to provide such information, however should you not provide such information we may not be able to offer you the following services:

• Sign-up to newsletter. We use mailerlite to manage our newsletter. mailerlite privacy policy

How is the information used?

GFSC may use the information you provide to

• Improve the content of our web page
• Send you any information you have requested, including our newsletter
• We may occasionally send you information about news and events we feel may be of interest to you. This will only come from us and only if you have requested this information.
• You can also tell us if you no longer wish to receive information from GFSC.

GFSC uses anonymous analytics data to

• Monitor the number of visitors to our website
• Monitor how users use our website, i.e. which pages they have accessed
• To help improve our website

Who is the information shared with?

GFSC may analyse and disclose statistics about the number of visitors to our website in order to describe our services to prospective partners, other reputable third parties and for other lawful purposes. These statistics do not include and personal or identifiable information about visitors.

GFSC may disclose personal information if required to do so by law or if it believes in good faith that such action is required by law.

GFSC contains links to other sites. GFSC is not responsible for the privacy policies or the content of such sites.

Your acceptance of these terms

By using this site, you consent to the collection and use of this information by GFSC and to the GFSC privacy policy.

If you have any questions or concerns about your privacy when using our website, please contact us: kim@gfsc.studio

[katjam]

That draft looks good and much better than ignoring it. I agree with ivan though, we should probably move towards using a privacy@gfsc.studio or info@gfsc.studio address so that Kim is not a single point of responsibility.