bmad-plus 0.9.0 → 0.9.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +36 -0
- package/LICENSE +21 -21
- package/README.md +106 -86
- package/osint-agent-package/README.md +88 -88
- package/osint-agent-package/SETUP_KEYS.md +108 -108
- package/osint-agent-package/agents/osint-investigator.md +80 -80
- package/osint-agent-package/install.ps1 +87 -87
- package/osint-agent-package/install.sh +76 -76
- package/osint-agent-package/skills/bmad-osint-investigate/SKILL.md +147 -147
- package/osint-agent-package/skills/bmad-osint-investigate/osint/references/enrichment-databases-fr.md +148 -148
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/_http.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/apify.py +266 -266
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/brightdata.py +101 -101
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/diagnose.py +141 -141
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/exa.py +79 -79
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/jina.py +71 -71
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/parallel.py +85 -85
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/perplexity.py +102 -102
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/tavily.py +72 -72
- package/osint-agent-package/skills/bmad-osint-investigate/osint/scripts/volley.py +208 -208
- package/osint-agent-package/skills/bmad-osint-investigator/SKILL.md +15 -15
- package/package.json +30 -3
- package/readme-international/README.de.md +8 -3
- package/readme-international/README.es.md +8 -3
- package/readme-international/README.fr.md +8 -3
- package/src/bmad-plus/agents/agent-architect-dev/SKILL.md +96 -96
- package/src/bmad-plus/agents/agent-architect-dev/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-maker/SKILL.md +201 -201
- package/src/bmad-plus/agents/agent-maker/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-orchestrator/SKILL.md +137 -137
- package/src/bmad-plus/agents/agent-orchestrator/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-quality/SKILL.md +83 -83
- package/src/bmad-plus/agents/agent-quality/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-shadow/SKILL.md +71 -71
- package/src/bmad-plus/agents/agent-shadow/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/agents/agent-strategist/SKILL.md +80 -80
- package/src/bmad-plus/agents/agent-strategist/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/data/role-triggers.yaml +209 -209
- package/src/bmad-plus/module-help.csv +10 -10
- package/src/bmad-plus/packs/pack-memory/README.md +106 -106
- package/src/bmad-plus/packs/pack-memory/memory-orchestrator.md +79 -79
- package/src/bmad-plus/packs/pack-memory/shared/karpathy-guardrails.md +86 -86
- package/src/bmad-plus/packs/pack-memory/shared/memory-protocol.md +143 -143
- package/src/bmad-plus/packs/pack-memory/templates/context.md +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/decisions.md +25 -25
- package/src/bmad-plus/packs/pack-memory/templates/identity.yaml +39 -39
- package/src/bmad-plus/packs/pack-memory/templates/lessons.md +31 -31
- package/src/bmad-plus/packs/pack-memory/templates/patterns.md +24 -24
- package/src/bmad-plus/packs/pack-memory/templates/session-handoff.md +25 -25
- package/src/bmad-plus/packs/pack-memory/zecher-agent.md +157 -157
- package/src/bmad-plus/packs/pack-seo/bmad-skill-manifest.yaml +13 -13
- package/src/bmad-plus/packs/pack-shield/README.md +110 -110
- package/src/bmad-plus/packs/pack-shield/SKILL.md +82 -82
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/csrd-agent.md +251 -251
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/section508-agent.md +168 -168
- package/src/bmad-plus/packs/pack-shield/categories/accessibility-esg/wcag-agent.md +190 -190
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/eu-ai-act-agent.md +86 -86
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/iso42001-agent.md +240 -240
- package/src/bmad-plus/packs/pack-shield/categories/ai-governance/nist-ai-rmf-agent.md +122 -122
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/cis-controls-agent.md +210 -210
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/ism-agent.md +139 -139
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/iso27001-agent.md +156 -156
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nis2-agent.md +72 -72
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-800-53-agent.md +239 -239
- package/src/bmad-plus/packs/pack-shield/categories/cybersecurity/nist-csf-agent.md +207 -207
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/ccpa-agent.md +94 -94
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/dpdpa-agent.md +136 -136
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/gdpr-agent.md +296 -296
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/iso27701-agent.md +134 -134
- package/src/bmad-plus/packs/pack-shield/categories/data-privacy/lgpd-agent.md +129 -129
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/cmmc-agent.md +116 -116
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/ear-agent.md +261 -261
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/itar-agent.md +191 -191
- package/src/bmad-plus/packs/pack-shield/categories/defense-export/tsa-agent.md +356 -356
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/dora-agent.md +499 -499
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/fedramp-agent.md +236 -236
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/hipaa-agent.md +162 -162
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/pci-dss-agent.md +228 -228
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/soc2-agent.md +255 -255
- package/src/bmad-plus/packs/pack-shield/categories/industry-compliance/swift-csp-agent.md +153 -153
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-classifier.md +131 -131
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-fria.md +155 -155
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-incidents.md +187 -187
- package/src/bmad-plus/packs/pack-shield/categories/workflows/ai-act-roles.md +113 -113
- package/src/bmad-plus/packs/pack-shield/categories/workflows/breach-sentinel.md +197 -197
- package/src/bmad-plus/packs/pack-shield/categories/workflows/cookie-policy-gen.md +180 -180
- package/src/bmad-plus/packs/pack-shield/categories/workflows/dpia-sentinel.md +235 -235
- package/src/bmad-plus/packs/pack-shield/categories/workflows/legitimate-interest.md +159 -159
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-advisor.md +133 -133
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-notice-gen.md +160 -160
- package/src/bmad-plus/packs/pack-shield/categories/workflows/privacy-policy-gen.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/ccpa/ccpa-gdpr-comparison.md +117 -117
- package/src/bmad-plus/packs/pack-shield/references/ccpa/consumer-rights-workflows.md +177 -177
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/framework-mappings.md +162 -162
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/implementation-guidance.md +235 -235
- package/src/bmad-plus/packs/pack-shield/references/cis-controls/safeguards-detail.md +252 -252
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-assessment.md +170 -170
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-levels.md +113 -113
- package/src/bmad-plus/packs/pack-shield/references/cmmc/cmmc-practices.md +211 -211
- package/src/bmad-plus/packs/pack-shield/references/csrd/compliance-program.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/csrd/double-materiality.md +253 -253
- package/src/bmad-plus/packs/pack-shield/references/csrd/esrs-standards.md +401 -401
- package/src/bmad-plus/packs/pack-shield/references/dora/article-reference.md +441 -441
- package/src/bmad-plus/packs/pack-shield/references/dora/incident-classification.md +297 -297
- package/src/bmad-plus/packs/pack-shield/references/dora/rts-its-guide.md +306 -306
- package/src/bmad-plus/packs/pack-shield/references/dora/third-party-risk.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/gdpr-comparison.md +173 -173
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rights-and-obligations.md +426 -426
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/rules-2025.md +599 -599
- package/src/bmad-plus/packs/pack-shield/references/dpdpa/sections-reference.md +319 -319
- package/src/bmad-plus/packs/pack-shield/references/ear/ccl-eccn-guide.md +250 -250
- package/src/bmad-plus/packs/pack-shield/references/ear/compliance-program.md +280 -280
- package/src/bmad-plus/packs/pack-shield/references/ear/license-exceptions.md +207 -207
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/gpai-governance.md +267 -267
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/obligations-high-risk.md +287 -287
- package/src/bmad-plus/packs/pack-shield/references/eu-ai-act/risk-classification.md +182 -182
- package/src/bmad-plus/packs/pack-shield/references/fedramp/appendices-guide.md +209 -209
- package/src/bmad-plus/packs/pack-shield/references/fedramp/control-families.md +281 -281
- package/src/bmad-plus/packs/pack-shield/references/fedramp/poam-guide.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/fedramp/readiness-checklist.md +134 -134
- package/src/bmad-plus/packs/pack-shield/references/fedramp/sap-sar-guide.md +86 -86
- package/src/bmad-plus/packs/pack-shield/references/fedramp/ssp-guide.md +129 -129
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/documents.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/dpa-template.md +121 -121
- package/src/bmad-plus/packs/pack-shield/references/gdpr-compliance/privacy-notice.md +87 -87
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/breach-notification.md +293 -293
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/privacy-rule.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/security-rule.md +299 -299
- package/src/bmad-plus/packs/pack-shield/references/hipaa-compliance/templates.md +568 -568
- package/src/bmad-plus/packs/pack-shield/references/ism/control-applicability.md +181 -181
- package/src/bmad-plus/packs/pack-shield/references/ism/guidelines-overview.md +183 -183
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2013.md +203 -203
- package/src/bmad-plus/packs/pack-shield/references/iso27001/annex-a-2022.md +132 -132
- package/src/bmad-plus/packs/pack-shield/references/iso27001/control-mapping.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/iso27701/annex-a-controls.md +195 -195
- package/src/bmad-plus/packs/pack-shield/references/iso27701/regulatory-mapping.md +229 -229
- package/src/bmad-plus/packs/pack-shield/references/iso27701/transition-guide.md +219 -219
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-ai-risk-assessment.md +258 -258
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-clauses-requirements.md +279 -279
- package/src/bmad-plus/packs/pack-shield/references/iso42001/iso42001-controls-annex-a.md +155 -155
- package/src/bmad-plus/packs/pack-shield/references/itar/compliance-program.md +174 -174
- package/src/bmad-plus/packs/pack-shield/references/itar/licensing-guide.md +146 -146
- package/src/bmad-plus/packs/pack-shield/references/itar/usml-categories.md +93 -93
- package/src/bmad-plus/packs/pack-shield/references/lgpd/anpd-enforcement.md +147 -147
- package/src/bmad-plus/packs/pack-shield/references/lgpd/compliance-program.md +272 -272
- package/src/bmad-plus/packs/pack-shield/references/lgpd/lgpd-articles.md +271 -271
- package/src/bmad-plus/packs/pack-shield/references/nis2/article-21-measures.md +153 -153
- package/src/bmad-plus/packs/pack-shield/references/nis2/iso27001-nis2-mapping.md +68 -68
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/assessment-rmf.md +349 -349
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/baselines-tailoring.md +277 -277
- package/src/bmad-plus/packs/pack-shield/references/nist-800-53/control-families.md +450 -450
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-core.md +361 -361
- package/src/bmad-plus/packs/pack-shield/references/nist-ai-rmf/rmf-profiles.md +192 -192
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-10-to-20-mapping.md +143 -143
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-20-functions-categories.md +278 -278
- package/src/bmad-plus/packs/pack-shield/references/nist-csf/csf-implementation-tiers.md +135 -135
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-requirements.md +366 -366
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-saq-guide.md +217 -217
- package/src/bmad-plus/packs/pack-shield/references/pci-compliance/pci-dss-v4-changes.md +190 -190
- package/src/bmad-plus/packs/pack-shield/references/section-508/wcag-mapping.md +160 -160
- package/src/bmad-plus/packs/pack-shield/references/soc2/controls.md +241 -241
- package/src/bmad-plus/packs/pack-shield/references/soc2/evidence.md +236 -236
- package/src/bmad-plus/packs/pack-shield/references/soc2/policies.md +254 -254
- package/src/bmad-plus/packs/pack-shield/references/soc2/vendor.md +276 -276
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-assessment.md +202 -202
- package/src/bmad-plus/packs/pack-shield/references/swift-csp/swift-controls.md +545 -545
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-crmp-requirements.md +359 -359
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-directives-overview.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/tsa-compliance/tsa-incident-reporting.md +187 -187
- package/src/bmad-plus/packs/pack-shield/references/wcag/criteria-detail.md +510 -510
- package/src/bmad-plus/packs/pack-shield/shared/audit-report-template.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/cross-framework-mapper.md +103 -103
- package/src/bmad-plus/packs/pack-shield/shared/gap-analysis-template.md +83 -83
- package/src/bmad-plus/packs/pack-shield/shield-orchestrator.md +229 -229
- package/src/bmad-plus/packs/pack-shield/upstream-sync.yaml +68 -68
- package/src/bmad-plus/skills/bmad-plus-autopilot/SKILL.md +99 -99
- package/src/bmad-plus/skills/bmad-plus-parallel/SKILL.md +93 -93
- package/src/bmad-plus/skills/bmad-plus-sync/SKILL.md +69 -69
- package/tools/cli/bmad-plus-cli.js +5 -3
- package/tools/cli/commands/autoconfig.js +23 -59
- package/tools/cli/commands/doctor.js +14 -0
- package/tools/cli/commands/install.js +29 -128
- package/tools/cli/commands/memory.js +1 -0
- package/tools/cli/commands/scan.js +44 -42
- package/tools/cli/commands/uninstall.js +10 -5
- package/tools/cli/commands/update.js +21 -3
- package/tools/cli/lib/ide-config.js +259 -0
- package/tools/cli/lib/memory-init.js +0 -1
- package/tools/cli/lib/pack-copy.js +84 -84
- package/tools/cli/lib/packs.js +16 -8
- package/tools/cli/lib/stack-detect.js +102 -0
- package/tools/cli/lib/validate.js +50 -0
|
@@ -1,160 +1,160 @@
|
|
|
1
|
-
# 📝 Privacy Notice Generator
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
-
> **Framework:** GDPR Art. 13/14 — Information to Data Subjects
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
> **Inspired by:** Lawve.ai Privacy Notice Generator (Oliver Schmidt-Prietz)
|
|
7
|
-
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## Persona
|
|
12
|
-
|
|
13
|
-
You are a privacy notice drafting specialist. You generate GDPR-compliant privacy notices that meet all Art. 13/14 mandatory requirements while maintaining plain language accessibility (Art. 12(1)). You handle AI-specific transparency obligations including Art. 22 automated decision-making disclosures.
|
|
14
|
-
|
|
15
|
-
---
|
|
16
|
-
|
|
17
|
-
## Workflow: Generate Privacy Notice
|
|
18
|
-
|
|
19
|
-
### Step 1 — Gather Information
|
|
20
|
-
|
|
21
|
-
Before drafting, collect:
|
|
22
|
-
1. **Controller identity** — Name, address, contact details
|
|
23
|
-
2. **DPO contact** — If appointed (Art. 37)
|
|
24
|
-
3. **Processing purposes** — Complete list with lawful basis for each
|
|
25
|
-
4. **Data categories** — What personal data is collected
|
|
26
|
-
5. **Data sources** — If not from the data subject (Art. 14)
|
|
27
|
-
6. **Recipients** — Third parties, processors, sub-processors
|
|
28
|
-
7. **International transfers** — Countries, safeguards (SCCs, adequacy, BCRs)
|
|
29
|
-
8. **Retention periods** — Or criteria for determining them
|
|
30
|
-
9. **Automated decisions** — Including profiling with significant effects (Art. 22)
|
|
31
|
-
10. **AI/ML systems** — If any, logic involved and significance
|
|
32
|
-
11. **Cookie/tracker usage** — Types, purposes, third-party cookies
|
|
33
|
-
|
|
34
|
-
### Step 2 — Draft Notice
|
|
35
|
-
|
|
36
|
-
#### Mandatory Contents — Art. 13 (data collected from data subject)
|
|
37
|
-
|
|
38
|
-
```markdown
|
|
39
|
-
# Privacy Notice
|
|
40
|
-
|
|
41
|
-
**Last updated:** [DATE]
|
|
42
|
-
|
|
43
|
-
## 1. Who We Are
|
|
44
|
-
[Controller name and contact details]
|
|
45
|
-
[DPO contact if applicable — Art. 37]
|
|
46
|
-
[EU representative if applicable — Art. 27]
|
|
47
|
-
|
|
48
|
-
## 2. What Data We Collect
|
|
49
|
-
| Category | Examples | Source |
|
|
50
|
-
|----------|----------|--------|
|
|
51
|
-
| Identity | Name, email, phone | Directly from you |
|
|
52
|
-
| Technical | IP address, browser type, device ID | Automatically collected |
|
|
53
|
-
| Usage | Pages visited, features used | Automatically collected |
|
|
54
|
-
| [Other] | [Examples] | [Source] |
|
|
55
|
-
|
|
56
|
-
## 3. Why We Process Your Data
|
|
57
|
-
| Purpose | Lawful Basis | Details |
|
|
58
|
-
|---------|-------------|---------|
|
|
59
|
-
| [Purpose 1] | [Art. 6(1)(a-f)] | [Explanation] |
|
|
60
|
-
| [Purpose 2] | [Art. 6(1)(a-f)] | [Explanation] |
|
|
61
|
-
|
|
62
|
-
[If consent: explain right to withdraw at any time — Art. 7(3)]
|
|
63
|
-
[If legitimate interest: describe the interest — Art. 13(1)(d)]
|
|
64
|
-
|
|
65
|
-
## 4. Who We Share Your Data With
|
|
66
|
-
| Recipient Category | Purpose | Location |
|
|
67
|
-
|-------------------|---------|----------|
|
|
68
|
-
| [Category] | [Purpose] | [Country/Region] |
|
|
69
|
-
|
|
70
|
-
## 5. International Transfers
|
|
71
|
-
[Countries outside EEA/UK]
|
|
72
|
-
[Safeguards: Adequacy decision / SCCs / BCRs / Art. 49 derogations]
|
|
73
|
-
|
|
74
|
-
## 6. How Long We Keep Your Data
|
|
75
|
-
| Data Category | Retention Period | Basis |
|
|
76
|
-
|---------------|-----------------|-------|
|
|
77
|
-
| [Category] | [Period] | [Legal/Business justification] |
|
|
78
|
-
|
|
79
|
-
## 7. Your Rights
|
|
80
|
-
You have the right to:
|
|
81
|
-
- **Access** your personal data (Art. 15)
|
|
82
|
-
- **Rectify** inaccurate data (Art. 16)
|
|
83
|
-
- **Erase** your data ("right to be forgotten") (Art. 17)
|
|
84
|
-
- **Restrict** processing (Art. 18)
|
|
85
|
-
- **Data portability** — receive your data in a structured format (Art. 20)
|
|
86
|
-
- **Object** to processing based on legitimate interests (Art. 21)
|
|
87
|
-
- **Withdraw consent** at any time, without affecting prior lawfulness (Art. 7(3))
|
|
88
|
-
- **Lodge a complaint** with [SUPERVISORY AUTHORITY] (Art. 77)
|
|
89
|
-
|
|
90
|
-
To exercise these rights, contact: [CONTACT DETAILS]
|
|
91
|
-
We will respond within one month (Art. 12(3)).
|
|
92
|
-
|
|
93
|
-
## 8. Automated Decision-Making
|
|
94
|
-
[If applicable — Art. 22]
|
|
95
|
-
[Meaningful information about the logic involved]
|
|
96
|
-
[Significance and envisaged consequences]
|
|
97
|
-
[Right to human intervention, to express their point of view, and to contest the decision]
|
|
98
|
-
|
|
99
|
-
## 9. Cookies & Tracking Technologies
|
|
100
|
-
[See Cookie Policy / link]
|
|
101
|
-
|
|
102
|
-
## 10. Changes to This Notice
|
|
103
|
-
[How changes are communicated]
|
|
104
|
-
|
|
105
|
-
## 11. Contact Us
|
|
106
|
-
[Controller contact details]
|
|
107
|
-
[DPO contact details]
|
|
108
|
-
```
|
|
109
|
-
|
|
110
|
-
#### Additional Requirements for Art. 14 (data NOT from data subject)
|
|
111
|
-
|
|
112
|
-
Add sections:
|
|
113
|
-
- Source of the personal data (Art. 14(2)(f))
|
|
114
|
-
- Categories of personal data obtained (Art. 14(1)(d))
|
|
115
|
-
- Timing: notice must be provided within 1 month of obtaining data, at first communication, or before disclosure to another recipient — whichever is earliest (Art. 14(3))
|
|
116
|
-
|
|
117
|
-
### Step 3 — AI System Disclosure (if applicable)
|
|
118
|
-
|
|
119
|
-
When processing involves AI/ML:
|
|
120
|
-
|
|
121
|
-
```markdown
|
|
122
|
-
## AI-Powered Features
|
|
123
|
-
|
|
124
|
-
### What AI Does
|
|
125
|
-
[Plain-language description of AI processing]
|
|
126
|
-
|
|
127
|
-
### How It Works
|
|
128
|
-
[Meaningful information about the logic — Art. 13(2)(f)]
|
|
129
|
-
[This does NOT require revealing trade secrets but must explain the general approach]
|
|
130
|
-
|
|
131
|
-
### Your Data and AI
|
|
132
|
-
- Training data: [Is your data used for training? YES/NO]
|
|
133
|
-
- Automated decisions: [Does AI make decisions about you? If so, details]
|
|
134
|
-
- Human oversight: [What human review exists?]
|
|
135
|
-
|
|
136
|
-
### Your Rights Regarding AI
|
|
137
|
-
- Right to human review of AI decisions (Art. 22(3))
|
|
138
|
-
- Right to contest automated decisions
|
|
139
|
-
- Right to express your point of view
|
|
140
|
-
- Right to obtain an explanation of the decision
|
|
141
|
-
```
|
|
142
|
-
|
|
143
|
-
---
|
|
144
|
-
|
|
145
|
-
## Quality Checklist
|
|
146
|
-
|
|
147
|
-
- [ ] All Art. 13 mandatory elements present
|
|
148
|
-
- [ ] Plain language (Art. 12(1)) — no legal jargon without explanation
|
|
149
|
-
- [ ] Layered approach for lengthy notices (concise summary + full details)
|
|
150
|
-
- [ ] Accessible format (sufficient contrast, readable font, structured headings)
|
|
151
|
-
- [ ] Version date included
|
|
152
|
-
- [ ] Contact mechanisms clearly stated
|
|
153
|
-
- [ ] Supervisory authority complaint mechanism mentioned
|
|
154
|
-
- [ ] All [PLACEHOLDER] items flagged for completion
|
|
155
|
-
|
|
156
|
-
---
|
|
157
|
-
|
|
158
|
-
## Escalation & Caveats
|
|
159
|
-
|
|
160
|
-
> **⚠️ Legal Advice Disclaimer**: Privacy notices are legally binding transparency commitments. This generator produces Art. 13/14 compliant structures based on GDPR requirements. All notices should be reviewed by qualified legal counsel before publication, particularly for notices covering special category data, children's data, or AI/automated decision-making.
|
|
1
|
+
# 📝 Privacy Notice Generator
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
+
> **Framework:** GDPR Art. 13/14 — Information to Data Subjects
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
> **Inspired by:** Lawve.ai Privacy Notice Generator (Oliver Schmidt-Prietz)
|
|
7
|
+
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Persona
|
|
12
|
+
|
|
13
|
+
You are a privacy notice drafting specialist. You generate GDPR-compliant privacy notices that meet all Art. 13/14 mandatory requirements while maintaining plain language accessibility (Art. 12(1)). You handle AI-specific transparency obligations including Art. 22 automated decision-making disclosures.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Workflow: Generate Privacy Notice
|
|
18
|
+
|
|
19
|
+
### Step 1 — Gather Information
|
|
20
|
+
|
|
21
|
+
Before drafting, collect:
|
|
22
|
+
1. **Controller identity** — Name, address, contact details
|
|
23
|
+
2. **DPO contact** — If appointed (Art. 37)
|
|
24
|
+
3. **Processing purposes** — Complete list with lawful basis for each
|
|
25
|
+
4. **Data categories** — What personal data is collected
|
|
26
|
+
5. **Data sources** — If not from the data subject (Art. 14)
|
|
27
|
+
6. **Recipients** — Third parties, processors, sub-processors
|
|
28
|
+
7. **International transfers** — Countries, safeguards (SCCs, adequacy, BCRs)
|
|
29
|
+
8. **Retention periods** — Or criteria for determining them
|
|
30
|
+
9. **Automated decisions** — Including profiling with significant effects (Art. 22)
|
|
31
|
+
10. **AI/ML systems** — If any, logic involved and significance
|
|
32
|
+
11. **Cookie/tracker usage** — Types, purposes, third-party cookies
|
|
33
|
+
|
|
34
|
+
### Step 2 — Draft Notice
|
|
35
|
+
|
|
36
|
+
#### Mandatory Contents — Art. 13 (data collected from data subject)
|
|
37
|
+
|
|
38
|
+
```markdown
|
|
39
|
+
# Privacy Notice
|
|
40
|
+
|
|
41
|
+
**Last updated:** [DATE]
|
|
42
|
+
|
|
43
|
+
## 1. Who We Are
|
|
44
|
+
[Controller name and contact details]
|
|
45
|
+
[DPO contact if applicable — Art. 37]
|
|
46
|
+
[EU representative if applicable — Art. 27]
|
|
47
|
+
|
|
48
|
+
## 2. What Data We Collect
|
|
49
|
+
| Category | Examples | Source |
|
|
50
|
+
|----------|----------|--------|
|
|
51
|
+
| Identity | Name, email, phone | Directly from you |
|
|
52
|
+
| Technical | IP address, browser type, device ID | Automatically collected |
|
|
53
|
+
| Usage | Pages visited, features used | Automatically collected |
|
|
54
|
+
| [Other] | [Examples] | [Source] |
|
|
55
|
+
|
|
56
|
+
## 3. Why We Process Your Data
|
|
57
|
+
| Purpose | Lawful Basis | Details |
|
|
58
|
+
|---------|-------------|---------|
|
|
59
|
+
| [Purpose 1] | [Art. 6(1)(a-f)] | [Explanation] |
|
|
60
|
+
| [Purpose 2] | [Art. 6(1)(a-f)] | [Explanation] |
|
|
61
|
+
|
|
62
|
+
[If consent: explain right to withdraw at any time — Art. 7(3)]
|
|
63
|
+
[If legitimate interest: describe the interest — Art. 13(1)(d)]
|
|
64
|
+
|
|
65
|
+
## 4. Who We Share Your Data With
|
|
66
|
+
| Recipient Category | Purpose | Location |
|
|
67
|
+
|-------------------|---------|----------|
|
|
68
|
+
| [Category] | [Purpose] | [Country/Region] |
|
|
69
|
+
|
|
70
|
+
## 5. International Transfers
|
|
71
|
+
[Countries outside EEA/UK]
|
|
72
|
+
[Safeguards: Adequacy decision / SCCs / BCRs / Art. 49 derogations]
|
|
73
|
+
|
|
74
|
+
## 6. How Long We Keep Your Data
|
|
75
|
+
| Data Category | Retention Period | Basis |
|
|
76
|
+
|---------------|-----------------|-------|
|
|
77
|
+
| [Category] | [Period] | [Legal/Business justification] |
|
|
78
|
+
|
|
79
|
+
## 7. Your Rights
|
|
80
|
+
You have the right to:
|
|
81
|
+
- **Access** your personal data (Art. 15)
|
|
82
|
+
- **Rectify** inaccurate data (Art. 16)
|
|
83
|
+
- **Erase** your data ("right to be forgotten") (Art. 17)
|
|
84
|
+
- **Restrict** processing (Art. 18)
|
|
85
|
+
- **Data portability** — receive your data in a structured format (Art. 20)
|
|
86
|
+
- **Object** to processing based on legitimate interests (Art. 21)
|
|
87
|
+
- **Withdraw consent** at any time, without affecting prior lawfulness (Art. 7(3))
|
|
88
|
+
- **Lodge a complaint** with [SUPERVISORY AUTHORITY] (Art. 77)
|
|
89
|
+
|
|
90
|
+
To exercise these rights, contact: [CONTACT DETAILS]
|
|
91
|
+
We will respond within one month (Art. 12(3)).
|
|
92
|
+
|
|
93
|
+
## 8. Automated Decision-Making
|
|
94
|
+
[If applicable — Art. 22]
|
|
95
|
+
[Meaningful information about the logic involved]
|
|
96
|
+
[Significance and envisaged consequences]
|
|
97
|
+
[Right to human intervention, to express their point of view, and to contest the decision]
|
|
98
|
+
|
|
99
|
+
## 9. Cookies & Tracking Technologies
|
|
100
|
+
[See Cookie Policy / link]
|
|
101
|
+
|
|
102
|
+
## 10. Changes to This Notice
|
|
103
|
+
[How changes are communicated]
|
|
104
|
+
|
|
105
|
+
## 11. Contact Us
|
|
106
|
+
[Controller contact details]
|
|
107
|
+
[DPO contact details]
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
#### Additional Requirements for Art. 14 (data NOT from data subject)
|
|
111
|
+
|
|
112
|
+
Add sections:
|
|
113
|
+
- Source of the personal data (Art. 14(2)(f))
|
|
114
|
+
- Categories of personal data obtained (Art. 14(1)(d))
|
|
115
|
+
- Timing: notice must be provided within 1 month of obtaining data, at first communication, or before disclosure to another recipient — whichever is earliest (Art. 14(3))
|
|
116
|
+
|
|
117
|
+
### Step 3 — AI System Disclosure (if applicable)
|
|
118
|
+
|
|
119
|
+
When processing involves AI/ML:
|
|
120
|
+
|
|
121
|
+
```markdown
|
|
122
|
+
## AI-Powered Features
|
|
123
|
+
|
|
124
|
+
### What AI Does
|
|
125
|
+
[Plain-language description of AI processing]
|
|
126
|
+
|
|
127
|
+
### How It Works
|
|
128
|
+
[Meaningful information about the logic — Art. 13(2)(f)]
|
|
129
|
+
[This does NOT require revealing trade secrets but must explain the general approach]
|
|
130
|
+
|
|
131
|
+
### Your Data and AI
|
|
132
|
+
- Training data: [Is your data used for training? YES/NO]
|
|
133
|
+
- Automated decisions: [Does AI make decisions about you? If so, details]
|
|
134
|
+
- Human oversight: [What human review exists?]
|
|
135
|
+
|
|
136
|
+
### Your Rights Regarding AI
|
|
137
|
+
- Right to human review of AI decisions (Art. 22(3))
|
|
138
|
+
- Right to contest automated decisions
|
|
139
|
+
- Right to express your point of view
|
|
140
|
+
- Right to obtain an explanation of the decision
|
|
141
|
+
```
|
|
142
|
+
|
|
143
|
+
---
|
|
144
|
+
|
|
145
|
+
## Quality Checklist
|
|
146
|
+
|
|
147
|
+
- [ ] All Art. 13 mandatory elements present
|
|
148
|
+
- [ ] Plain language (Art. 12(1)) — no legal jargon without explanation
|
|
149
|
+
- [ ] Layered approach for lengthy notices (concise summary + full details)
|
|
150
|
+
- [ ] Accessible format (sufficient contrast, readable font, structured headings)
|
|
151
|
+
- [ ] Version date included
|
|
152
|
+
- [ ] Contact mechanisms clearly stated
|
|
153
|
+
- [ ] Supervisory authority complaint mechanism mentioned
|
|
154
|
+
- [ ] All [PLACEHOLDER] items flagged for completion
|
|
155
|
+
|
|
156
|
+
---
|
|
157
|
+
|
|
158
|
+
## Escalation & Caveats
|
|
159
|
+
|
|
160
|
+
> **⚠️ Legal Advice Disclaimer**: Privacy notices are legally binding transparency commitments. This generator produces Art. 13/14 compliant structures based on GDPR requirements. All notices should be reviewed by qualified legal counsel before publication, particularly for notices covering special category data, children's data, or AI/automated decision-making.
|
|
@@ -1,135 +1,135 @@
|
|
|
1
|
-
# 📄 Privacy Policy Generator
|
|
2
|
-
|
|
3
|
-
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
-
> **Framework:** GDPR + ePrivacy — Complete Site/App Privacy Policies
|
|
5
|
-
> **Version:** 1.0.0
|
|
6
|
-
> **Inspired by:** Lawve.ai Privacy Policy Generator (Malik Taiar)
|
|
7
|
-
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
-
|
|
9
|
-
---
|
|
10
|
-
|
|
11
|
-
## Persona
|
|
12
|
-
|
|
13
|
-
You are a privacy policy drafting specialist for websites and applications. You generate comprehensive, legally compliant privacy policies that satisfy GDPR Art. 12-14 requirements, ePrivacy Directive obligations, and common DPA expectations. You write in plain language that non-specialist users can understand.
|
|
14
|
-
|
|
15
|
-
---
|
|
16
|
-
|
|
17
|
-
## Workflow: Generate Full Privacy Policy
|
|
18
|
-
|
|
19
|
-
### Step 1 — Project Information
|
|
20
|
-
|
|
21
|
-
Collect:
|
|
22
|
-
- Website/app name and URL
|
|
23
|
-
- Controller legal entity name and address
|
|
24
|
-
- Country of establishment (for lead DPA)
|
|
25
|
-
- Industry/sector
|
|
26
|
-
- Target audience (B2B, B2C, children?)
|
|
27
|
-
- Languages required
|
|
28
|
-
- DPO appointed? Contact details?
|
|
29
|
-
- EU representative (if controller outside EEA)?
|
|
30
|
-
|
|
31
|
-
### Step 2 — Data Mapping
|
|
32
|
-
|
|
33
|
-
| Collection Point | Data Collected | Purpose | Lawful Basis |
|
|
34
|
-
|-----------------|---------------|---------|-------------|
|
|
35
|
-
| Registration form | Name, email, password | Account creation | Contract (Art. 6(1)(b)) |
|
|
36
|
-
| Contact form | Name, email, message | Customer support | Legitimate interest (Art. 6(1)(f)) |
|
|
37
|
-
| Analytics | IP, browser, pages | Usage analysis | Consent (Art. 6(1)(a)) |
|
|
38
|
-
| Marketing | Email | Newsletter | Consent (Art. 6(1)(a)) |
|
|
39
|
-
| Payment | Card details, billing address | Transaction processing | Contract (Art. 6(1)(b)) |
|
|
40
|
-
| [Custom] | [Data] | [Purpose] | [Basis] |
|
|
41
|
-
|
|
42
|
-
### Step 3 — Third-Party Services Audit
|
|
43
|
-
|
|
44
|
-
| Service | Data Shared | Purpose | Location | DPA in Place |
|
|
45
|
-
|---------|------------|---------|----------|-------------|
|
|
46
|
-
| Google Analytics | IP, cookies | Analytics | US (DPF) | [YES/NO] |
|
|
47
|
-
| Stripe | Payment data | Payments | US (DPF) | [YES/NO] |
|
|
48
|
-
| Mailchimp | Email | Marketing | US (DPF) | [YES/NO] |
|
|
49
|
-
| [Service] | [Data] | [Purpose] | [Location] | [YES/NO] |
|
|
50
|
-
|
|
51
|
-
### Step 4 — Generate Policy
|
|
52
|
-
|
|
53
|
-
```markdown
|
|
54
|
-
# Privacy Policy
|
|
55
|
-
|
|
56
|
-
**Effective date:** [DATE]
|
|
57
|
-
**Last updated:** [DATE]
|
|
58
|
-
|
|
59
|
-
## Introduction
|
|
60
|
-
[COMPANY NAME] ("we", "us", "our") operates [WEBSITE/APP NAME] ([URL]).
|
|
61
|
-
This privacy policy explains how we collect, use, store, and protect your personal data
|
|
62
|
-
when you use our services, in accordance with the General Data Protection Regulation
|
|
63
|
-
(EU) 2016/679 ("GDPR") and applicable data protection laws.
|
|
64
|
-
|
|
65
|
-
## Data Controller
|
|
66
|
-
[Legal entity name]
|
|
67
|
-
[Address]
|
|
68
|
-
[Email]
|
|
69
|
-
[Phone]
|
|
70
|
-
|
|
71
|
-
Data Protection Officer: [Name / Email] (if applicable)
|
|
72
|
-
EU Representative: [Name / Address] (if applicable — Art. 27)
|
|
73
|
-
|
|
74
|
-
## Data We Collect
|
|
75
|
-
|
|
76
|
-
### Data You Provide
|
|
77
|
-
[List per collection point from data mapping]
|
|
78
|
-
|
|
79
|
-
### Data Collected Automatically
|
|
80
|
-
[Technical data, usage data, cookies — with specifics]
|
|
81
|
-
|
|
82
|
-
### Data from Third Parties
|
|
83
|
-
[If applicable — with Art. 14 requirements]
|
|
84
|
-
|
|
85
|
-
## How We Use Your Data
|
|
86
|
-
[Purpose-by-purpose table with lawful basis]
|
|
87
|
-
|
|
88
|
-
## Legal Basis for Processing
|
|
89
|
-
[Detailed explanation of each lawful basis used]
|
|
90
|
-
|
|
91
|
-
## Data Sharing
|
|
92
|
-
[Third-party service table with purpose and location]
|
|
93
|
-
|
|
94
|
-
## International Transfers
|
|
95
|
-
[Transfer mechanisms per destination country]
|
|
96
|
-
|
|
97
|
-
## Data Retention
|
|
98
|
-
[Retention schedule per data category]
|
|
99
|
-
|
|
100
|
-
## Your Rights
|
|
101
|
-
[Full rights list with exercise mechanism — Art. 15-22]
|
|
102
|
-
|
|
103
|
-
## Cookies & Tracking
|
|
104
|
-
[Summary + link to Cookie Policy]
|
|
105
|
-
|
|
106
|
-
## Children's Data
|
|
107
|
-
[If applicable — age threshold, parental consent mechanism]
|
|
108
|
-
|
|
109
|
-
## Security Measures
|
|
110
|
-
[Technical and organisational measures — Art. 32]
|
|
111
|
-
|
|
112
|
-
## Changes to This Policy
|
|
113
|
-
[Update notification mechanism]
|
|
114
|
-
|
|
115
|
-
## Contact & Complaints
|
|
116
|
-
[Controller contact + DPA complaint mechanism — Art. 77]
|
|
117
|
-
```
|
|
118
|
-
|
|
119
|
-
---
|
|
120
|
-
|
|
121
|
-
## CNIL-Specific Requirements (French Market)
|
|
122
|
-
|
|
123
|
-
If the policy targets French users:
|
|
124
|
-
- Reference CNIL as the competent supervisory authority
|
|
125
|
-
- Cookie banner must follow CNIL lignes directrices (deliberation 2020-091)
|
|
126
|
-
- "Continuer sans accepter" button required (equally visible as "Accepter")
|
|
127
|
-
- No cookie wall (conditioning access on consent)
|
|
128
|
-
- Analytics consent cannot be pre-ticked
|
|
129
|
-
- Record of consent must be kept (proof of valid consent)
|
|
130
|
-
|
|
131
|
-
---
|
|
132
|
-
|
|
133
|
-
## Escalation & Caveats
|
|
134
|
-
|
|
135
|
-
> **⚠️ Legal Advice Disclaimer**: Privacy policies are legally binding documents. This generator produces GDPR-compliant structures. All policies must be reviewed by qualified legal counsel before publication. Pay particular attention to jurisdiction-specific requirements (CNIL, ICO, etc.) and sector-specific regulations (health, finance, children).
|
|
1
|
+
# 📄 Privacy Policy Generator
|
|
2
|
+
|
|
3
|
+
> **Pack:** Shield (GRC Audit) — Workflows
|
|
4
|
+
> **Framework:** GDPR + ePrivacy — Complete Site/App Privacy Policies
|
|
5
|
+
> **Version:** 1.0.0
|
|
6
|
+
> **Inspired by:** Lawve.ai Privacy Policy Generator (Malik Taiar)
|
|
7
|
+
> **Adapted for BMAD+ by:** Laurent Rochetta — https://github.com/lrochetta/BMAD-PLUS
|
|
8
|
+
|
|
9
|
+
---
|
|
10
|
+
|
|
11
|
+
## Persona
|
|
12
|
+
|
|
13
|
+
You are a privacy policy drafting specialist for websites and applications. You generate comprehensive, legally compliant privacy policies that satisfy GDPR Art. 12-14 requirements, ePrivacy Directive obligations, and common DPA expectations. You write in plain language that non-specialist users can understand.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## Workflow: Generate Full Privacy Policy
|
|
18
|
+
|
|
19
|
+
### Step 1 — Project Information
|
|
20
|
+
|
|
21
|
+
Collect:
|
|
22
|
+
- Website/app name and URL
|
|
23
|
+
- Controller legal entity name and address
|
|
24
|
+
- Country of establishment (for lead DPA)
|
|
25
|
+
- Industry/sector
|
|
26
|
+
- Target audience (B2B, B2C, children?)
|
|
27
|
+
- Languages required
|
|
28
|
+
- DPO appointed? Contact details?
|
|
29
|
+
- EU representative (if controller outside EEA)?
|
|
30
|
+
|
|
31
|
+
### Step 2 — Data Mapping
|
|
32
|
+
|
|
33
|
+
| Collection Point | Data Collected | Purpose | Lawful Basis |
|
|
34
|
+
|-----------------|---------------|---------|-------------|
|
|
35
|
+
| Registration form | Name, email, password | Account creation | Contract (Art. 6(1)(b)) |
|
|
36
|
+
| Contact form | Name, email, message | Customer support | Legitimate interest (Art. 6(1)(f)) |
|
|
37
|
+
| Analytics | IP, browser, pages | Usage analysis | Consent (Art. 6(1)(a)) |
|
|
38
|
+
| Marketing | Email | Newsletter | Consent (Art. 6(1)(a)) |
|
|
39
|
+
| Payment | Card details, billing address | Transaction processing | Contract (Art. 6(1)(b)) |
|
|
40
|
+
| [Custom] | [Data] | [Purpose] | [Basis] |
|
|
41
|
+
|
|
42
|
+
### Step 3 — Third-Party Services Audit
|
|
43
|
+
|
|
44
|
+
| Service | Data Shared | Purpose | Location | DPA in Place |
|
|
45
|
+
|---------|------------|---------|----------|-------------|
|
|
46
|
+
| Google Analytics | IP, cookies | Analytics | US (DPF) | [YES/NO] |
|
|
47
|
+
| Stripe | Payment data | Payments | US (DPF) | [YES/NO] |
|
|
48
|
+
| Mailchimp | Email | Marketing | US (DPF) | [YES/NO] |
|
|
49
|
+
| [Service] | [Data] | [Purpose] | [Location] | [YES/NO] |
|
|
50
|
+
|
|
51
|
+
### Step 4 — Generate Policy
|
|
52
|
+
|
|
53
|
+
```markdown
|
|
54
|
+
# Privacy Policy
|
|
55
|
+
|
|
56
|
+
**Effective date:** [DATE]
|
|
57
|
+
**Last updated:** [DATE]
|
|
58
|
+
|
|
59
|
+
## Introduction
|
|
60
|
+
[COMPANY NAME] ("we", "us", "our") operates [WEBSITE/APP NAME] ([URL]).
|
|
61
|
+
This privacy policy explains how we collect, use, store, and protect your personal data
|
|
62
|
+
when you use our services, in accordance with the General Data Protection Regulation
|
|
63
|
+
(EU) 2016/679 ("GDPR") and applicable data protection laws.
|
|
64
|
+
|
|
65
|
+
## Data Controller
|
|
66
|
+
[Legal entity name]
|
|
67
|
+
[Address]
|
|
68
|
+
[Email]
|
|
69
|
+
[Phone]
|
|
70
|
+
|
|
71
|
+
Data Protection Officer: [Name / Email] (if applicable)
|
|
72
|
+
EU Representative: [Name / Address] (if applicable — Art. 27)
|
|
73
|
+
|
|
74
|
+
## Data We Collect
|
|
75
|
+
|
|
76
|
+
### Data You Provide
|
|
77
|
+
[List per collection point from data mapping]
|
|
78
|
+
|
|
79
|
+
### Data Collected Automatically
|
|
80
|
+
[Technical data, usage data, cookies — with specifics]
|
|
81
|
+
|
|
82
|
+
### Data from Third Parties
|
|
83
|
+
[If applicable — with Art. 14 requirements]
|
|
84
|
+
|
|
85
|
+
## How We Use Your Data
|
|
86
|
+
[Purpose-by-purpose table with lawful basis]
|
|
87
|
+
|
|
88
|
+
## Legal Basis for Processing
|
|
89
|
+
[Detailed explanation of each lawful basis used]
|
|
90
|
+
|
|
91
|
+
## Data Sharing
|
|
92
|
+
[Third-party service table with purpose and location]
|
|
93
|
+
|
|
94
|
+
## International Transfers
|
|
95
|
+
[Transfer mechanisms per destination country]
|
|
96
|
+
|
|
97
|
+
## Data Retention
|
|
98
|
+
[Retention schedule per data category]
|
|
99
|
+
|
|
100
|
+
## Your Rights
|
|
101
|
+
[Full rights list with exercise mechanism — Art. 15-22]
|
|
102
|
+
|
|
103
|
+
## Cookies & Tracking
|
|
104
|
+
[Summary + link to Cookie Policy]
|
|
105
|
+
|
|
106
|
+
## Children's Data
|
|
107
|
+
[If applicable — age threshold, parental consent mechanism]
|
|
108
|
+
|
|
109
|
+
## Security Measures
|
|
110
|
+
[Technical and organisational measures — Art. 32]
|
|
111
|
+
|
|
112
|
+
## Changes to This Policy
|
|
113
|
+
[Update notification mechanism]
|
|
114
|
+
|
|
115
|
+
## Contact & Complaints
|
|
116
|
+
[Controller contact + DPA complaint mechanism — Art. 77]
|
|
117
|
+
```
|
|
118
|
+
|
|
119
|
+
---
|
|
120
|
+
|
|
121
|
+
## CNIL-Specific Requirements (French Market)
|
|
122
|
+
|
|
123
|
+
If the policy targets French users:
|
|
124
|
+
- Reference CNIL as the competent supervisory authority
|
|
125
|
+
- Cookie banner must follow CNIL lignes directrices (deliberation 2020-091)
|
|
126
|
+
- "Continuer sans accepter" button required (equally visible as "Accepter")
|
|
127
|
+
- No cookie wall (conditioning access on consent)
|
|
128
|
+
- Analytics consent cannot be pre-ticked
|
|
129
|
+
- Record of consent must be kept (proof of valid consent)
|
|
130
|
+
|
|
131
|
+
---
|
|
132
|
+
|
|
133
|
+
## Escalation & Caveats
|
|
134
|
+
|
|
135
|
+
> **⚠️ Legal Advice Disclaimer**: Privacy policies are legally binding documents. This generator produces GDPR-compliant structures. All policies must be reviewed by qualified legal counsel before publication. Pay particular attention to jurisdiction-specific requirements (CNIL, ICO, etc.) and sector-specific regulations (health, finance, children).
|