Looks not valid in terms of GDPR. What are my rights and in which paragraph are those rights stated? How long is data stored? Which log files of my visit arise (just my IP and date of visit? Who hosts that site, if it's not a machine you physically own? Do they store that data? More data, like browser or OS version?)
You are usually allowed to use that data for debugging and intrusion detection etc. but you still need to mention it, if that data is collected, even by a third party you hired.
You could add a clause: "If your email address contains the string "a3w" it will be immediately forgotten." :)
I think if[1] I ever had a website, and if[2] I had advertising I would choose one advertiser per month, display a static image at the top of each page, and clicking on it would take you to a static page on an advertiser's website. and it would have a privacy policy like your good example
There's not much to change there to actually make it "more GDPR-like". It already does what GDPR wants to cause, i.e. you don't gather Personal Data, with the only exception being the email, and given that it's not operating as an organisation it's probably in the clear.
Maaaaaybeee you might want to strip last octet in IP number from logs, but that's pretty much it.
Complex GDPR policies are only necessary when you want to store and process Personal Data.
I agree, except for the part where they immediately contradict themselves:
> If you choose to give me your email address, I will treat it with the utmost respect. I’ll never spam you, or give it to anyone else.
> In 2019 I moved from Mailchimp, whose business model started to make me uncomfortable, to Buttondown. It’s run by one guy who I trust to do the right thing.
Are you arguing that using a service provider to send email is "giving email adresses away"? If so, how do you send your email? (I guess you could host your own mail server on-premises, but is that the bar?)
Looks not valid in terms of GDPR. What are my rights and in which paragraph are those rights stated? How long is data stored? Which log files of my visit arise (just my IP and date of visit? Who hosts that site, if it's not a machine you physically own? Do they store that data? More data, like browser or OS version?) You are usually allowed to use that data for debugging and intrusion detection etc. but you still need to mention it, if that data is collected, even by a third party you hired.
Mate, it’s a website. You come, you read it, you leave. Next you’ll want a GDPR policy for your library book.
If that privacy policy doesn’t make it screamingly obvious that I’m not tracking you in any way then holy moly I don’t know what to do.
You could add a clause: "If your email address contains the string "a3w" it will be immediately forgotten." :)
I think if[1] I ever had a website, and if[2] I had advertising I would choose one advertiser per month, display a static image at the top of each page, and clicking on it would take you to a static page on an advertiser's website. and it would have a privacy policy like your good example
[1] big if
[2] bigger if
There's not much to change there to actually make it "more GDPR-like". It already does what GDPR wants to cause, i.e. you don't gather Personal Data, with the only exception being the email, and given that it's not operating as an organisation it's probably in the clear.
Maaaaaybeee you might want to strip last octet in IP number from logs, but that's pretty much it.
Complex GDPR policies are only necessary when you want to store and process Personal Data.
2 replies →
I agree, except for the part where they immediately contradict themselves:
> If you choose to give me your email address, I will treat it with the utmost respect. I’ll never spam you, or give it to anyone else.
> In 2019 I moved from Mailchimp, whose business model started to make me uncomfortable, to Buttondown. It’s run by one guy who I trust to do the right thing.
Are you arguing that using a service provider to send email is "giving email adresses away"? If so, how do you send your email? (I guess you could host your own mail server on-premises, but is that the bar?)
I'm not arguing that, it is literally factually true. He says he won't give it to anyone else, then goes on to list the person he's giving it to.