-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Privacy Notice #3054
Comments
👋 Thank you for opening your first issue. I'm just an automated bot that's here to help you get the information you need quicker, so please ignore this message if it doesn't apply to your issue. |
Take a look at my website Carolinas Cloud this website uses this script found on CookieConsent. I will include my sample usage of the script below.
Once you get your code wrote you can deploy it from Dashboard -> Settings -> Customization and put it in the Footer HTML box. Hope this helps! |
Cachet isn’t storing any personally identifiable information, so shouldn’t fall under GDPR. |
Please correct me if I’m wrong. |
@jbrooksuk If a User "subscribes" to a Cachet Instance (Email Notification) then Cachet stores the Mail Adresse in the Databases - Right? So if im not completely wrong then Cachet needs to Display a Textbox (or something) with a Privacy Notice of some kind (some1 correct me if im wrong) |
@SnowBlinderP true, I must've been talking stupid that day 😂 That said, I wonder if because Cachet is self-hosted, the privacy policy should be handled by the data controller (the people running the instance) as their use of the email may extend beyond what Cachet itself does? |
@jbrooksuk I think the Privacy Policy needs to be handled by 2 Instances
For Everything else (in example => i copy your Mail Address out of the Database and send u a Email via Gmail or Stuff) there needs to be a Section in the Privacy Policy of the Company (Please Correct me if i misunderstood something) |
I'm unsure in this case, sorry. I guess, if people are subscribing to updates, they need to agree to a privacy policy of some sort under GDPR. The issue here is that what the policy says, is not guaranteed to be how the person running the installation will use the data. I'll see if I can find out more. |
@jbrooksuk You could implement a "Default" Policy for default Usage (If People only use it with Cachet) and also add a Textbox in the Administration Part so Users can adjust it for their needs and purpose |
@SnowBlinderP that could work, yeah. This would be one part of the system which I would not want to be translated because it'd be hard to keep them updated with any changes that come in. Also, how would we go about versioning it? I've asked on a Facebook group for GDPR Planning & Compliance Group to see what they think. |
@jbrooksuk Yep Translation would be bad |
My understanding is that any revised policies must be versioned so that you can see how they were at the time you subscribed? |
I think thats Correct | So you need to store any Version of the Privacy Policy in the Database so the User can go back to his Version when he Subscribed Another Idea would be to send 2 Mails
|
I think you need to agree at the time of signup. |
The Agreement could be done via the "Confirmation" Email with a Sentence like "With Confirming your Subscription you Agree to our Privacy Policy which u can find here [link]" or something like that |
With GDPR there are many ways to skin a cat. Basically, user has to give clear consent for subscribing and text for subscription can't be "Subscribe to newsletter", but has to clearly say eg "Subscribe to be informed about service changes, every time the service changes. Your mail will only be used for informing about service changes, More information in our privacy policy". WIth cachet not doing anything shady with user data and with clear subscription forms, cachet itself is in the clear with GDPR. Person hosting cachet is in the clear if subscription text is clear enough and person can honestly consent to receiving mails from that cachet instance. It's cachet instance owner's responsibility to disclose any additional thingies + you can't gather any more data than necessary to provide service the client consented to. And you can't use gathered data for any other purpose than user consented to. Shady things that can be done:
Anyhow - All this can be handled by instance owner main site with clear links to appropriate legal documents with very little cachet having to do except for providing way to inform subscribers about legal stuff. Another thing are staff members/admins that use cachet - they do too fall under GDPR, so instance owner has to inform them on how their data is being used/stored but this time it's easier - you have to have login credentials in order to be able to log in, so no need to say that out loud, because thats "by default". Generally it's best to read the whole GDPR and see for yourself, it's not cookie consent v2, but it's more for people than agains service owners. |
Thanks for the very insightful post @johnny-bit. If we're confident that this is the case, then we introduce the consent check as part of #3102. Once #3102 is completed, we'll only be collecting emails that have been verified. We should introduce a scheduled task that cleanses any emails that have not been verified within |
@ALL do you have any examples of what the policy would need to look like? |
You can use my business' site as a template. It's been written by a team of lawyers in the US and in the UK to keep is legal in multiple countries. We paid for it but that's fine... I don't mind sharing it with others. They can just substitute our information for theirs. |
Hi, when will this be added? Companies can be punished to penalties of several thousands of € if a user can't apply to the GDPR !!!!! This is highly important!!! |
Thank you for your input on Cachet 2.x. We are shifting our attention and resources to Cachet 3.x and will no longer be supporting the 2.x version. If your feedback or issue is relevant to the 3.x series, we encourage you to engage with the new branch. For more information on the Cachet rebuild and our plans for 3.x, you can read the announcement here. We appreciate your understanding and look forward to your contributions to the new version. |
Is it possible to include a text box to the manage subscriptions page so that we can add a privacy notice on how any data we collect will be used.
Basically want to post something like We will only collect email addresses and they will only be used for communicating with you about the services you are subscribed to or security related issues.
I believe this notice is required by GDPR.
The text was updated successfully, but these errors were encountered: