GDPR

- privacy statement
- GDPR Research
- general privacy info/references

.well-known/security.txt

@@ -1,4 +1,5 @@
 Contact: https://govfresh.com/contact
+Contact: [email protected]
 Contact: https://github.com/govfresh/govfresh.github.io/issues/new?assignees=&labels=security&projects=&template=security.md&title=
 Canonical: https://www.govfresh.com/.well-known/security.txt
 Expires: 2030-01-01T20:00:00.000Z

README.md

@@ -4,11 +4,11 @@ Design / Technology / Democracy
 
 * [Website](https://govfresh.com)
 * [Subscribe](https://govfresh.com/subscribe/)
+* [Collaborate](https://govfresh.com/collaborate/)
 * [Connect](https://govfresh.com/connect/)
 * [Project board](https://github.com/orgs/govfresh/projects/2/views/1)
 * [Code of conduct](https://govfresh.com/conduct/)
 * [License](https://govfresh.com/license/)
-8 [Submit an issue](https://github.com/govfresh/govfresh.github.io/issues/new/choose)
 
 ## Maintainers
 

_data/nav-footer.yml

@@ -86,5 +86,8 @@ docs:
  - title: Site index
    url: /site-index/
 
+ - title: Releases
+   url: https://github.com/govfresh/govfresh.github.io/releases
+
  - title: Status
    url: https://stats.uptimerobot.com/4210Ytzl2q

_includes/footer.html

@@ -71,6 +71,46 @@ <h4>Topics</h4>
       </div>
     </div>
   </div>
+  <div class="cookie-banner border-top" id="cookieBanner">
+    This website uses cookies to improve your experience.
+    <button onclick="acceptCookies()">Accept</button>
+    <button class="reject" onclick="rejectCookies()">Reject</button>
+  </div>
+  <script>
+    function setCookie(name, value, days) {
+        const d = new Date();
+        d.setTime(d.getTime() + (days * 24 * 60 * 60 * 1000));
+        let expires = "expires=" + d.toUTCString();
+        document.cookie = name + "=" + value + ";" + expires + ";path=/";
+    }
+
+    function getCookie(name) {
+        let nameEQ = name + "=";
+        let ca = document.cookie.split(';');
+        for(let i = 0; i < ca.length; i++) {
+            let c = ca[i];
+            while (c.charAt(0) == ' ') c = c.substring(1, c.length);
+            if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length, c.length);
+        }
+        return null;
+    }
+
+    function acceptCookies() {
+        setCookie("cookieConsent", "accepted", 30);
+        document.getElementById("cookieBanner").style.display = "none";
+    }
+
+    function rejectCookies() {
+        setCookie("cookieConsent", "rejected", 30);
+        document.getElementById("cookieBanner").style.display = "none";
+    }
+
+    window.onload = function() {
+        if (!getCookie("cookieConsent")) {
+            document.getElementById("cookieBanner").style.display = "block";
+        }
+    }
+  </script>
 </footer>
 {% if jekyll.environment == 'production' %}
   {% include analytics.html %}

_includes/nav.html

@@ -91,5 +91,4 @@
       </nav>
     </div>
   </div>
-</div>
-{% include newsletter.html %}
+</div>

_pages/contact.md

@@ -5,4 +5,5 @@ description: Get in touch with GovFresh.
 permalink: /contact/
 ---
 
-[Contact us.](https://forms.gle/gm8REnxgwXUjsWWq7)
+- [Contact us](https://forms.gle/gm8REnxgwXUjsWWq7)
+- Encrypted email: <[email protected]>

_pages/privacy-policy.md

@@ -0,0 +1,164 @@
+---
+layout: page
+title: Privacy policy
+description: GovFresh privacy policy.
+permalink: /privacy-policy/
+---
+
+
+This privacy policy will explain how GovFresh uses the personal data we collect from you when you use our website.
+
+Topics:
+
+
+
+* What data do we collect?
+* How do we collect your data?
+* How will we use your data?
+* How do we store your data?
+* Marketing
+* What are your data protection rights?
+* What are cookies?
+* How do we use cookies?
+* What types of cookies do we use?
+* How to manage your cookies
+* Privacy policies of other websites
+* Changes to our privacy policy
+* How to contact us
+* How to contact the appropriate authorities
+
+
+## What data do we collect?
+
+GovFresh collects the following data:
+
+
+
+* Email
+
+
+## How do we collect your data?
+
+You directly provide GovFresh with most of the data we collect. We collect data and process data when you:
+
+
+
+* Subscribe to our newsletter
+* Use or view our website via your browser’s cookies.
+
+GovFresh may also receive your data indirectly from the following sources:
+
+
+
+* None
+
+
+## How will we use your data?
+
+GovFresh collects your data so that we can:
+
+
+
+* Send you the GovFresh newsletter
+* Review website analytics
+
+If you agree, GovFresh will share your data with our partner companies so that they may offer you their products and services.
+
+
+
+* None
+
+
+## How do we store your data?
+
+GovFresh securely stores your data at:
+
+
+
+* Substack (newsletter provider)
+
+GovFresh will keep your email until you unsubscribe to the newsletter.
+
+
+## Marketing
+
+GovFresh would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies.
+
+
+
+* None
+
+If you have agreed to receive marketing, you may always opt out at a later date.
+
+You have the right at any time to stop GovFresh from contacting you for marketing purposes or giving your data to other members of GovFresh.
+
+If you no longer wish to be contacted for marketing purposes, please [contact us](https://govfresh.com/contact).
+
+
+## What are your data protection rights?
+
+GovFresh would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:
+
+The right to access – You have the right to request GovFresh for copies of your personal data. We may charge you a small fee for this service.
+
+The right to rectification – You have the right to request that GovFresh correct any information you believe is inaccurate. You also have the right to request GovFresh to complete the information you believe is incomplete.
+
+The right to erasure – You have the right to request that GovFresh erase your personal data, under certain conditions.
+
+The right to restrict processing – You have the right to request that GovFresh restrict the processing of your personal data, under certain conditions.
+
+The right to object to processing – You have the right to object to GovFresh’s processing of your personal data, under certain conditions.
+
+The right to data portability – You have the right to request that GovFresh transfer the data that we have collected to another organization, or directly to you, under certain conditions.
+
+If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please [contact us](https://govfresh.com/contact).
+
+
+## Cookies
+
+Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology
+
+For further information, visit allaboutcookies.org.
+
+
+## How do we use cookies?
+
+GovFresh uses cookies in a range of ways to improve your experience on our website, including:
+
+
+
+* Understanding how you use our website
+
+
+## What types of cookies do we use?
+
+There are a number of different types of cookies, however, our website uses:
+
+
+
+* Functionality – GovFresh uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.
+
+
+## How to manage cookies
+
+You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
+
+
+## Privacy policies of other websites
+
+The GovFresh website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.
+
+
+## Changes to our privacy policy
+
+GovFresh keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 3 November 2024.
+
+
+## How to contact us
+
+If you have any questions about GovFresh’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to [contact us](https://govfresh.com/contact).
+
+
+## How to contact the appropriate authority
+
+Should you wish to report a complaint or if you feel that GovFresh has not addressed your concern in a satisfactory manner, you may [contact us](https://govfresh.com/contact).

_pages/privacy.md

@@ -7,8 +7,11 @@ permalink: /privacy/
 
 ## Encryption
 
-The pages on this website are served using [HTTPS](https://en.wikipedia.org/wiki/HTTPS).
+All pages on this website are served using [HTTPS](https://en.wikipedia.org/wiki/HTTPS).
 
+## Policy
+
+[GovFresh privacy policy](/privacy-policy/)
 
 ## Disclosures
 

_research/gdpr.md

@@ -0,0 +1,107 @@
+---
+title: "GDPR"
+date: 2024-11-03
+description: "GovFresh research notes on General Data Protection Regulation."
+author: GovFresh
+img-feat: research-user-shield-feat.png
+img-og: research-user-shield-feat.png
+img-twitter: research-user-shield-feat.png
+img-alt: "User shield icon"
+img-caption: "User shield via Font Awesome"
+img-link: https://fontawesome.com/
+audio: gdpr.mp3
+category:
+  - Cybersecurity
+  - Data
+  - Digital
+feature: "true"
+feedback: #true
+feedback-link: 
+launched: #true
+contributors:
+  - 
+---
+
+## Summary
+
+The General Data Protection Regulation (GDPR) is a European Union regulation concerning the protection of individuals' personal data. The regulation outlines the rights of individuals concerning their personal information, the duties of organizations that collect and process data, and the consequences of violating these rules. The GDPR's purpose is to provide individuals with more control over their information while streamlining regulations for businesses that operate internationally. The text explores various aspects of the GDPR, including its principles, the rights of data subjects, the duties of data controllers and processors, its impact on data transfer outside the EU, and its enforcement. The GDPR has been influential in shaping data protection laws in other countries and has become a model for similar regulations globally.
+
+## FAQs
+
+**What is the GDPR?**
+
+The General Data Protection Regulation (GDPR) is a comprehensive data privacy law passed by the European Union (EU) that came into effect on May 25, 2018. It sets out a standardized framework for data protection and grants individuals in the EU enhanced control over their personal information. The GDPR applies to any organization that handles the personal data of EU residents, regardless of the organization's location.
+
+**Does the GDPR apply to companies outside of the EU?**
+
+Yes, the GDPR can apply to companies located outside of the EU. If a company offers goods or services to individuals in the EU, or monitors the behavior of individuals in the EU, it falls under the scope of the GDPR, even if the company is not physically located in the EU.
+
+**What is considered personal data under the GDPR?**
+
+Personal data under the GDPR is defined as any information that relates to an identified or identifiable individual. This includes a wide range of data points, such as:
+
+* Direct Identifiers: Name, identification number, location data.
+* Online Identifiers: IP addresses, cookie identifiers, RFID tags.
+* Indirect Identifiers: Factors specific to an individual's physical, physiological, genetic, mental, economic, cultural, or social identity.
+
+Any information that can be used to directly or indirectly identify an individual, or to make decisions about them, is considered personal data.
+
+**What is data portability under GDPR?**
+
+Data portability is a right granted by the GDPR that allows individuals to obtain and reuse their personal data for their own purposes across different services. This means individuals can request their data from one organization and easily transfer it to another. Data must be provided in a commonly used and machine-readable format.
+
+**What is the “Right to be Forgotten” under GDPR?**
+
+The “Right to be Forgotten” is more accurately a "right to erasure" under the GDPR. It gives individuals the right to request the deletion of their personal data under certain conditions, such as:
+
+* The data is no longer necessary for the purpose it was originally collected.
+* The individual withdraws their consent.
+* The data was unlawfully processed.
+
+However, this right is not absolute and may be overridden by other legal obligations or the public interest.
+
+**What are cookies and how does the GDPR regulate them?**
+
+Cookies are small text files that websites place on a user’s device to store information about their browsing activity. The GDPR considers some cookies to be personal data because they can be used to identify individuals. This means that websites must obtain consent from users before placing non-essential cookies on their devices.
+
+**What are the penalties for GDPR non-compliance?**
+
+Organizations that fail to comply with the GDPR can face substantial penalties, including:
+
+* Fines: Up to €20 million or 4% of global annual revenue, whichever is higher.
+* Reputational Damage: Loss of customer trust and negative media coverage.
+* Legal Action: Individuals can take legal action for damages resulting from GDPR infringements.
+
+The severity of the penalty will depend on the nature and gravity of the infringement.
+
+**How can my company become GDPR compliant?**
+
+Achieving GDPR compliance requires a comprehensive approach, including:
+
+* Appointing a Data Protection Officer: If required.
+* Conducting Data Protection Impact Assessments: For high-risk processing activities.
+* Obtaining Consent for Data Processing: Where necessary.
+* Implementing Data Security Measures: To protect personal data.
+* Providing a Privacy Notice: To inform individuals about data processing practices.
+* Responding to Data Subject Requests: In a timely and efficient manner.
+
+It is crucial to consult with legal professionals to ensure that your company’s specific practices align with the GDPR’s requirements.
+
+## Sources
+- [General Data Protection Regulation](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation)
+- [General Data Protection Regulation (GDPR)](https://gdpr.eu/tag/gdpr/)
+- [Complete guide to GDPR compliance](https://gdpr.eu/)
+- [What is GDPR, the EU’s new data protection law?](https://gdpr.eu/what-is-gdpr/)
+- [FAQ](https://gdpr.eu/faq/)
+- [Everything you need to know about GDPR compliance](https://gdpr.eu/compliance/)
+- [Cookies, the GDPR, and the ePrivacy Directive](https://gdpr.eu/cookies/)
+- [GDPR checklist for data controllers](https://gdpr.eu/checklist/)
+- [Does the GDPR apply to companies outside of the EU?](https://gdpr.eu/companies-outside-of-europe/)
+- [Everything you need to know about the “Right to be forgotten”](https://gdpr.eu/right-to-be-forgotten/)
+- [A guide to GDPR data privacy requirements](https://gdpr.eu/data-privacy/)
+- [What are the GDPR consent requirements?](https://gdpr.eu/gdpr-consent-requirements/)
+- [What is considered personal data under the EU GDPR?](https://gdpr.eu/eu-gdpr-personal-data/)
+- [GDPR checklist for data controllers](https://gdpr.eu/checklist/)
+- [Data protection and working remotely](https://gdpr.eu/working-remotely-data-security/)
+- [What are the GDPR Fines?](https://gdpr.eu/fines/)
+- [Writing a GDPR-compliant privacy notice](https://gdpr.eu/privacy-notice/)