Conversation
✅ Deploy Preview for flowforge-website ready!
To edit notification comments on pull requests, go to your Netlify project configuration. |
UnicornGunnerz
left a comment
UnicornGunnerz
left a comment
There was a problem hiding this comment.
@Yndira-E Is there a reason we added the European Economic Area (EEA) section? Shouldn't we cover all regions in our privacy policy? Let me know if I'm missing anything.
|
That section covers a GDPR requirement. GDPR doesn't cover all regions, so it's only a requirement where listed there. It was a recommendation made by Gemini. The intention wasn’t to exclude other regions; the general privacy policy still applies globally, but to clarify the rights and legal framework that are specific to GDPR. Also worth noting that the website behaviour itself is the same globally: no cookies are installed without consent except for strictly necessary ones. That said, if you think the structure should be different or have more accurate legal guidance, happy for it to be adjusted. |
|
Makes sense. thank you! |
Yndira-E
force-pushed
the
yndira/privacy-policy-update
branch
from
3f34551 to
ae00dcd
Compare
Yndira-E
force-pushed
the
yndira/privacy-policy-update
branch
from
b7609d3 to
e97de97
Compare
| ## <span name="european-users">Additional Information for European Users</span> | ||
|
|
||
| If you are located in the European Economic Area (EEA), the United Kingdom (UK), or Switzerland, the following additional information applies to you. | ||
|
|
||
| **Legal Bases for Processing** | ||
| We process your personal information on the following legal bases: | ||
| * **Consent:** For marketing communications and the use of non-essential cookies (Analytics, Functional, and Advertising). | ||
| * **Contractual Necessity:** To provide the Service and support you have requested. | ||
| * **Legitimate Interests:** To protect our Service, prevent fraud (such as via reCAPTCHA), and improve our product offerings. | ||
|
|
||
| **Your Rights** | ||
| Under the GDPR, you have the following rights: | ||
| * **Right to Access/Portability:** Request a copy of your data in a structured format. | ||
| * **Right to Erasure:** Request that we delete your personal information. | ||
| * **Right to Object/Restrict:** Object to our processing of your data for legitimate interests or request we limit how we use it. | ||
| * **Right to Withdraw Consent:** Withdraw your consent for cookies or marketing at any time. | ||
| * **Right to Complain:** You have the right to lodge a complaint with your local Data Protection Authority. | ||
|
|
||
| To exercise any of these rights, please follow the instructions in the [How to contact us](#how-to-contact-us) section below. We will respond to your request within 30 days. | ||
|
|
||
| **International Transfers** | ||
| When we transfer data to the United States, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented: | ||
| * **Standard Contractual Clauses (SCCs):** We use specific contracts approved by the European Commission. | ||
| * **Data Center Selection:** We utilize EU-based data centers (e.g., HubSpot EU1 region) where available to minimize transfer risks. | ||
|
|
There was a problem hiding this comment.
@Yndira-E If you now misexplain rights, do users obtain new rights? Do we want to update this, or do you extend the liability for the company inadvertently?
There was a problem hiding this comment.
Definitely not looking to extend liability. This was an attempt to make GDPR-specific rights more explicit based on a recommendation, but I agree this goes into legal territory.
I’m not a legal expert, so we could either remove or simplify this section for now and handle it separately with proper legal review.
There was a problem hiding this comment.
As the previous one was legally reviewed, lets stick with it.
3 participants
Description
This PR updates the privacy policy to accurately reflect our current tracking implementation and to strengthen our compliance with GDPR
Key Changes
Related Issue(s)
Checklist