This is a Laravel package providing an open source privacy policy available in german and english.
An demo application using the sister-package webflorist/privacy-policy-vue with the same texts is avaliable at:
https://privacy-policy-vue-demo.netlify.app/
-
Languages
Currently the package includes texts in german and english language. -
Singular/Plural
You can choose between a singular or plural point of view.
(e.g.My website...vsOur website...) -
Included Texts
- A general intro text
- Listing of GDPR rights
- Introduction of data controller
- General data security text (SSL, etc.)
- Cookies information
- Information on data processing of third party data processors:
- Webhosting
- Web analytics
- Interactive maps
- Sending of emails (e.g. contact forms)
- Disclaimer regarding outgoing links
- Listing of all used processors
This package supports Laravel from version 5.5 up until 8.x.
- Require the package via composer:
composer require webflorist/privacy-policy-laravel - Publish config:
php artisan vendor:publish --provider="Webflorist\PrivacyPolicy\PrivacyPolicyServiceProvider" - Configure your privacy policy with the
privacy-policy.phpfile in Laravel'sconfigfolder. (see below for details). - Include the privacy policy component in your view:
@component('webflorist-privacy-policy::privacy-policy')
@endcomponentContact info for the data controller. The array can have the following elements:
[
'organisation' => 'Acme Corporation',
'name' => 'John Doe',
'address' => 'Acme Street 1, 123456 Acme City, USA',
'email' => 'privacy@example.com',
'phone' => '+1 555-0123',
];Set to true for singular viewpoint (e.g. "My website...").
Set to false for plural viewpoint (e.g. "Our website...").
The data processings used by your site. Each process must be stated as two-dimenstional array with the type of process as it's key and it's properties stated as a value-array.
Supported types of processes are:
webhostinganalyticsmapssend_emails
The properties of a process can be:
processor: String (mandatory)
The key of the processor providing this processing (either one of the included ones or one stated via the processors property)service: String (optional)
Name of the service providing this processing (e.g.Google AnalyticsorGoogle Maps)data_categories: Array (mandatory)
Array of data categories processed by this process. Supported values are:inventory_datausage_datageo_datausage_statisticscontract_datapayment_data
Here is an example for a full data_processing config:
[
'webhosting' => [
'processor' => ['netlify', 'storyblok'],
'data_categories' => ['usage_data'],
],
'analytics' => [
'processor' => 'google_eu',
'service' => 'Google Analytics',
'data_categories' => ['usage_data', 'usage_statistics'],
],
'maps' => [
'processor' => 'google_usa',
'service' => 'Google Maps',
'data_categories' => ['usage_data', 'geo_data'],
],
'send_emails' => [
'processor' => 'twilio_eu',
'service' => 'Twilio Sendgrid',
'data_categories' => ['usage_data', 'inventory_data'],
],
];This config describes the cookies used by your site.
If your site uses no cookies at all, simply set this to false.
If not, divide the used cookies into first party cookies and third party ones, and list them as sub-arrays of the first_party and third_party arrays of the cookies config.
Each cookie is described as an array with the following possible properties:
name: String (mandatory)
The name of the cookiepurpose: String (mandatory)
The key of the cookie purpose. Can be one of the following:session: Session cookiexsrf: Cookie to prevent "Cross-Site Request Forgery" attackshide_alert: Cookie to prevent displaying the cookie dialog again after hiding itall_choices: Cookie storing the choices regarding various cookies displayed in the cookie dialoganalytics_choice: Cookie storing the choice regarding the usage of web analytics in the cookie dialogmaps_choice: Cookie storing the choice regarding the usage of interactive mapsanalytics_third_party: Cookies written by the web analytics toolmaps_third_party: Cookies set on displaying interactive maps.
written_on: String (mandatory)
When the cookie is created. Can be one of the following:every_visit: Written on every visithide_alert: Written on hiding the cookie dialogmaps: Written on acknowledging the usage of interactive mapsaccept_cookies: Written on accepting the corresponding cookies
duration: String (mandatory)
The duration of the cookie. Can be one of the following:end_of_session1_year2_years24_hours1_minutevarious
processor: String (mandatory with third party cookies) The key of the processor providing this processing (either one of the included ones or one stated via the processors property)
Here is an example of the cookie config:
[
'first_party' => [
[
'name' => 'session',
'purpose' => 'session',
'written_on' => 'every_visit',
'duration' => 'end_of_session',
],
],
'third_party' => [
[
'name' => '_ga, _gat, _gid',
'purpose' => 'analytics_third_party',
'written_on' => 'accept_cookies',
'duration' => 'various',
'processor' => 'google_eu',
'service' => 'Google Analytics',
],
],
];Definition of processors stated with data processings or cookies.
Several processors are already included.
State your own ones in the processors config in an array with the shorthand-key of the processor as the key and it's info as an array with the following elements:
nameString (mandatory)
Company nameaddressString (mandatory)
Full address of the companyprivacy_policyString (mandatory) Link to the processors privacy policyprivacy_shieldString (optional)
Link to the privacy shield entry of the processor.
Here is and example:
[
'acme_corp' => [
'name' => 'Acme Corporation',
'address' => 'Acme Street 1, 123456 Acme City, USA',
'privacy_policy' => 'https://www.example.com/privacy',
'privacy_shield' =>
'https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4',
],
];The webflorist-privacy-policy::privacy-policy component provides the following named slots to insert custom text on various positions:
| Slot Name | Usage |
|---|---|
| after_intro | @slot('after_intro') Custom Text @endslot |
| gdpr_rights_start | @slot('gdpr_rights_start') Custom Text @endslot |
| gdpr_rights_end | @slot('gdpr_rights_end') Custom Text @endslot |
| data_controller_start | @slot('data_controller_start') Custom Text @endslot |
| data_controller_end | @slot('data_controller_end') Custom Text @endslot |
| security_start | @slot('security_start') Custom Text @endslot |
| security_end | @slot('security_end') Custom Text @endslot |
| cookies_start | @slot('cookies_start') Custom Text @endslot |
| cookies_end | @slot('cookies_end') Custom Text @endslot |
| data_processing_start | @slot('data_processing_start') Custom Text @endslot |
| data_processing_webhosting_start | @slot('data_processing_webhosting_start') Custom Text @endslot |
| data_processing_webhosting_end | @slot('data_processing_webhosting_end') Custom Text @endslot |
| data_processing_analytics_start | @slot('data_processing_analytics_start') Custom Text @endslot |
| data_processing_analytics_end | @slot('data_processing_analytics_end') Custom Text @endslot |
| data_processing_maps_start | @slot('data_processing_maps_start') Custom Text @endslot |
| data_processing_maps_end | @slot('data_processing_maps_end') Custom Text @endslot |
| data_processing_send_emails_start | @slot('data_processing_send_emails_start') Custom Text @endslot |
| data_processing_send_emails_end | @slot('data_processing_send_emails_end') Custom Text @endslot |
| data_processing_end | @slot('data_processing_end') Custom Text @endslot |
| outgoing_links_start | @slot('outgoing_links_start') Custom Text @endslot |
| outgoing_links_end | @slot('outgoing_links_end') Custom Text @endslot |
| processor_list_start | @slot('processor_list_start') Custom Text @endslot |
| processor_list_end | @slot('processor_list_end') Custom Text @endslot |
The included text should be suitable for a GDPR-compliant website.
I however do not take any responsibility whatsowever for that.
This package is open-sourced software licensed under the MIT license.