Privacy Policy Template


(Lukas Winkler) #1

Hi everyone,

diese Vorlage gibt es auch auf Deutsch

I guess many of you are currently rewriting their Privacy Policy to fit GDPR. So I thought, why not do it together as a community?

This privacy policy should fit a small website that does not process any personal data except for a contact form and therefore applies for legitimate interests.

If you haven’t already, please read through the great Blog series on Matomo and GDPR: Official Matomo Blog - Analytics Platform - Matomo

Disclaimer: While I tried to follow all official sources and blog posts I could find, there is no guarantee that this privacy policy is correct and legally sound. I also can’t guarantee that your country implemented GDPR the same way France, Great Britain and Austria did.

Also check afterwards if your privacy policy fulfills all points on this (or a similar) checklist: Privacy notices under the EU General Data Protection Regulation | ICO

This post is a wiki, so if you have ideas for improvement that would benefit everyone, please do so. If you have other feedback or want to discuss details, you can do so on the discussion page.


Responsible for the content

[Name and Address]

Privacy Policy

Purpose of the processing

This website is using Matomo, an Open Source, self-hosted software for collecting anonymous usage statistics for this website.

The data is used to analyse the behaviour of the website visitors to identify potential pitfalls like not found pages, search engine indexing issues and to find out which contents are the most appreciated. Once the data (number of visitors reaching a not found pages, viewing only one page…) is processed, Matomo is generating reports for website owners to take action, for example changing the layout of the pages, publishing some fresh content… etc.

If you have a contact form

Additionally this website provides a contact form which allows you to send us an direct request and allows us to answer it directly to your E-Mail-Address.

Matomo

Matomo is processing the following data:

  • Cookies

  • Anonymized IP-address by removing the last 2 bytes (so 198.51.0.0 instead of 198.51.100.54)

  • Pseudo-anonymized Location of the user (generated from the anonymized IP-address)

  • Date and time

  • Title of the page being viewed

  • URL of the page being viewed

  • URL of the page that was viewed prior to the current page (if the page allows it)

  • Screen resolution

  • Time in local timezone

  • Files that were clicked and downloaded

  • Link clicks to an outside domain

  • Pages generation time

  • Country, region, city (low resolution based on IP-address

  • Main Language of the browser

  • User Agent of the browser

  • Interactions with forms (but not the content) [If you are using Form Analytics]

[mention other plugins you are using]

If you have a contact form

Contact Form

In addition the contact form processes the E-Mail-Address and optionally phone number of the user on sending a request. The data won’t be shared with anyone and only be used to send you one response. (No other marketing E-Mails)

Indirect data collection

Server Logs

If you are using this site, the visit is logged by the host of this website ([hosting company]). This log contains your IP-Address which allows you to be identified indirectly via your internet servrive provider. The collection of this data is a legal obligation and required for security. You cannot oppose it and the data is at no time used for other purposes.

When using JavaScript from CDNs, Google Fonts or similar

Webfonts

This website is using Fonts from Google Fonts which get fetched from Google Servers when loading this website. You can find more information about the privacy implications in the FAQs.

The legitimate interests

The processing of personal data is based on legitimate interests.

Processing your personal data such as cookies is helping us identify what is working and what is not on our website. For example, it helps us identify if the way we are communicating is engaging or not and how we can organize the structure of the website better. Our team is benefiting from the processing of your personal data, and they are directly acting on the website. By processing your personal data, you can profit from a website which is getting better and better.

Without the data, we would not be able to provide you the service we are currently offering to you. Your data will be used only to improve the user experience on our website and help you find the information you are looking for.

If you have a contact form

The contact form helps us to directly contact you once for sending an offer.

Recipient of the data

The personal data received through Matomo are sent to:

  • us (the owners of website.example)

  • [your name] (host and maintainer of this website)

  • [your server host] (host of the server; Privacy Policy

  • [your mail host] (Mailbox for contact form; Privacy Policy)

Details of transfers to third country and safeguards

Matomo and this website data is hosted in [Country]. No data leaves the EU.

Data subject’s rights

As Matomo is processing personal data on legitimate interests, you can exercise the following rights:

  • Right of access and data portability: you can ask us at any time to access your data.
  • Right to erasure and rectification: you can ask us at any time to delete all the data we are processing about you.
  • Right to object and restrict processing: you can object to the tracking of your data by using the following opt-out feature or by enabling DoNotTrack in your browser:

[Opt-Out iFrame]

The right to lodge a complaint with a supervisory authority

If you think that the way we process your personal data with Matomo analytics is infringing the law, you have the right to lodge a complaint with a supervisory authority.

License

This privacy policy is based on the privacy policy of the Matomo project and licensed under Creative Commons, so you can modify it and use it yourself.


(Lukas Winkler) #2

(Lukas Winkler) #4