Help needed to review new documents needed for GDPR compliance AstroBin Beta Testers · Salvatore Iovene · ... · 11 · 206 · 0

Dear members of the AstroBin Beta Testers group,

in order to be fully compliant with the GDPR, I need to make some changes to AstroBin.

I apologize for being late to this party, I should've done this much earlier.

The changes that will happen soon are:

• New cookie banner with explicit opt-in, categorization of cookies that can be accepted or declined (functional, performance, analytics, advertising...) and explanation of each category, and, for first-party cookies, each cookie.
• New documents to explain exactly what AstroBin does with your data:
• Privacy Policy
• Cookie Policy


• New document to detail acceptable conduct on AstroBin

In practical terms, the benefits you will receive are two:

1. If you choose to not opt-in to analytics cookie, AstroBin will not use Google Analytics when you visit
2. If you choose to not opt-in to advertising cookies, AstroBin will instruct Google Ad Manager to not use cookie. Please note that AstroBin never used cookies to do personalized advertising: only to enable frequency caps (e.g. if a customer says "don't show my ad to one person more than twice a day")

For everything else, nothing really changes except that things are more transparent now, in accordance to the GDPR.

AstroBin has always been privacy-minded:

• It doesn't collect anything more than needed
• It doesn't show your email address or location, or even country, anywhere
• It only displays information that you voluntarily provide
• It does not track you or follow you around to learn patterns to personalize ads to you
• It doesn't share your contact information with advertisers
• It doesn't store any personally identifiable information other than what you provide
• It stores your IP address only in cases where it might be needed for moderation purposes

So, as a member of the Beta Testers group, I would really love to get some help in reviewing the new documents.

Please keep in mind that:

• I did not hire a layer for this
• I used a third-party service that's specialized in generating such policies (I had to fill a questionnaire with lots of questions, probably over 50, and the website generated the policies for me)
• I made slight customizations to the generated policies when needed

I would like to get feedback in terms of:

• Is there anything in the policies that is not GDPR compliant?
• Is there anything that needs more clarification, that you didn't understand?
• Is there anything missing?
• Is there anything that's incorrect, because I didn't notice?

These are the new policies to review:

https://welcome.astrobin.com/privacy-policy-test
https://welcome.astrobin.com/cookie-policy-test
https://welcome.astrobin.com/acceptable-use-policy-test

These are the other existing policies, which might be good to check too:

https://welcome.astrobin.com/terms-of-service
https://welcome.astrobin.com/community-guidelines
https://welcome.astrobin.com/ad-policy

Thank you very much in advance to anyone willing to read them and provide feedback!

I would like to thank Rüdiger who brought the issue of GDPR compliance to my attention and helped with the most pressing cookie opt-in issues!

Salvatore

Linwood Ferguson:
It's probably just not done yet but in case otherwise in the cookie policy this link fails with a 404  (in the paragraph "What are your cookie options"):

https://www.astrobin.com/cookies/

Yeah I know, the page is ready to be released, but I just wanted some feedback for the policy pages. It's a page where you can customize cookie options and change them at any time, as required for the GDPR.

Linwood Ferguson:
Its a shame that the legal disclaimers now probably take up as much text as the underlying programming code.

Luckily not nearly close :-D I obviously want to run AstroBin as lawfully as possible, and these GDPR laws are there for a reason. The engineer in me of course would rather work on astro related features, but I understand why stuff like this is necessary.

Linwood Ferguson:
I think some could be more concise (e.g. if you say unlawful is prohibited is it necessary to list unlawful things), but what actually sunk in was fairly clear.

Personally, I agree with this and everything else you've said. But, regarding being concise, it's much easier for me to stick with the generated content.

I used https://www.websitepolicies.com/ and I will be notified when some laws change and I need to amend something in my policies. The least I deviated from the generated content, the easiest it is for me when that happens.

Salvatore

I read all of the links and they seem straightforward to me.  I would not try to explain more in them as the wordier they get, the more people will either ignore them or get irritated and ask you more questions.  Also, remember that the US does not fall under GDPR, so most in the US will not even know what GDPR is unless they have been working for a EU company like I have for the past 30+ years.  The closest thing the US has is HIPPA.  So, you may want to spell out what GDPR is for all and that this is a mandated EU law.  Other than that, I think being concise, organized, and clear with regard to this requirement and how it pertains to AB and its members is the way to go..........which I think you have done here.

Bruce

Salvatore Iovene:
Hi @Bruce Donzanti,

the way the code is tentatively set up now, I will only show the cookie banner and use opt-in cookies to visitors in countries where the GDPR applies.

California has a privacy act too, so I might need to see if I can detect access for a specific state.

hmmm....ok, if you want to but I lived in California many years and I am not aware of anything special even though CA does some "odd" things.  I am pretty sure each state has privacy laws at a state level too.  CA might not be special in that regard.

yes- I agree about, " complying with everything at all time would be a nightmare", but I am still not sure what  https://en.wikipedia.org/wiki/California_Privacy_Rights_Act really adds.  However, up to you, just my 2 cents.