Page for data protection & security

[pr130]

Analogous to our values, we should have a page dedicated to data protection & security.

Content (to be provided by data protection team)

• introduce Data protection & security team
• summarize best practices & links to relevant pages in the docs
• Datenschutzerklärung

Location:

• either in footer or about us menu , footer preferred (i think that's where people look for it)

[pr130]

@mariotruss

[jstet]

Any updates regarding this @mariotruss ?

[jstet]

I discussed with @mariotruss on Slack and we don't need consent or to inform users for using plausible. However we will still draft a data privacy page first

[jstet]

We already have a data privacy statement in the imprint and thats sufficient for plausible.

info about the data privacy team and best practices still needs to be added

[mariotruss]

@jstet : Okay thanks for the update. I will write a draft until end of next week.

[mariotruss]

@jstet: I just checked the website (https://www.correlaid.org/en/about/values). If you say that we already have a "data privacy statement in the imprint and thats sufficient for plausible". Though, I was not able to find the bit about plausible in the data privacy statement in the imprint. Maybe it would be an idea to make it its own site to be accessible from here:

What I found is the "Our Values" page. It also includes the links to rules of ethics committee in both German and English.
It also includes best practices to get in contact with us. Info about the team is available in the value page as well.

Under this part in the imprint

I would as the following:
German: Datenschutz ist in essentieller Bestandteil unserer Arbeit. Die durchführten Maßnahmen wurde mit Zusammenarbeit mit unserer Ethik Kommision entwickelt. Mehr Infos dazu unter https://www.correlaid.org/ueber/werte/.
English: Data Privacy is at the core of our work. All measurements were defined in cooperation with Ethics Commitee. Find more information here: https://www.correlaid.org/en/about/values/

So my question is a bit what do you still need exactly?

[jstet]

Hey, regarding plausible, I thought your assessment in our slack conversation was that as plausible doesn't process personal info, we don't need any special information/agreement.

Thanks for checking the existing text, I will change it asap.

As Frie created this issue back int the day, maybe he can provide some more details again @friep

[mariotruss]

Hi @jstet,
What I was trying to say in our chat is that we don't need to ask for consent, as we don't use cookies. But I guess it could still be transparent & fair to say that we use plausible to analyze web usage in an anonymized way.

[mariotruss]

Thanks for the quick feedback!

[jstet]

I have added the following to the imprint:

The only tracking code used on this website is Plausible. Although only anonymised aggregated data is collected that cannot be attributed to any individual, we would like to inform you about this for reasons of transparency.

Do you think that's enough?