The European Union implemented the General Data Protection Regulation on May 25, 2018. As a moral thing, it is warm-hearted idea towards privacy rights (but it has many flaws discussed here, here and here). So much for clear guidelines, definate playbook and concise easy-to-read lanuage. Its actual eventuality is of course money.
Our primary focus as a web development and IT company is towards US-based customers. However, a multitude of GFIST.com visitors are geographically located in Europe and many open source software projects we discuss, test and use on a daily basis have international communities. We've created this policy based on the GDPR guidelines with further recommendations to help our visitors and clients alike enhance their own privacy and that of their customers.
Duh. Most of the web uses a form of temporary cookies. We don't use any of the nasty types that would actually require us to notify a visitor in the EU (ours don't live beyond the browser session). The United States has no such requirement.
Information you provide to us:
GFIST.com will collect information about you when you input it into our website forms or otherwise provide it directly so that we can provide services and/or products to you. We provide encrypted communication methods free of charge and encourage their use (Signal and PGP/GPG keys for email).
You might also provide payment information, such as payment card details we collect via secure payment processing services like Paypal or LibrePay (donations or billing). A more private way to provide your payment information is by using anonymous cash-bought Visa/MasterCard gift cards or alternatively use providers like Privacy or SudoPay to actually pay us for stuff.
We retain account information only as long as is legally required for tax purposes for clients. Aforementioned payment services are billed automatically and we will not retain specific payment information longer than is absolutely necessary to complete transactions for services.
Website Analytic Information:
We use Piwik/Matomo for our website analytic data which helps us determine what technology our visitors use and what topics are popular on our blog. There are several privacy-aware rules we recommend to clients and we ourselves practice:
We do not track fully qualified IP addresses.
We purge/delete any and all identifiable analytic data automatically every 180 days. We don't share this data with others, ever, period.
Our policy towards children:
Our professional services are not directed to individuals under 18 years old. If we become aware that a child has provided us with personal information we will take steps to delete such information.
We hope children are encouraged to read our blog, use (libre) free and open source software and are taught by parents and guardians that personal liberty is a divine right. Children should question the status quo and be wary of online dangers. We encourage parents and teachers to help get kids off proprietary operating systems as early as possible with GNU/Linux such as Ubuntu MATE.
The following lists are beginners' suggested toolkit to stay safer online and retain a basic minimum level of privacy and security.