UNPKG

@webflorist/privacy-policy-vue

Version:

A GDPR compliant privacy policy component for Vue applications in german and english

365 lines (292 loc) 13 kB
# A Privacy Policy Component for Vue Applications<!-- omit in toc --> [![npm version](https://img.shields.io/npm/v/@webflorist/privacy-policy-vue.svg)](https://www.npmjs.com/package/@webflorist/privacy-policy-vue) [![license](https://img.shields.io/github/license/webflorist/privacy-policy-vue)](https://github.com/webflorist/privacy-policy-vue/blob/main/LICENSE.md) This package contains a **Vue (v2/v3)** component providing an **open source** privacy policy available in **german** and **english**. ## Table of Contents<!-- omit in toc --> - [Demo](#demo) - [Features](#features) - [Requirements](#requirements) - [Installation](#installation) - [Usage](#usage) - [Example](#example) - [Properties](#properties) - [`locale`: String (mandatory)](#locale-string-mandatory) - [`data-controller`: Object (mandatory)](#data-controller-object-mandatory) - [`singular`: Boolean (optional)](#singular-boolean-optional) - [`data-processing`: Object (optional)](#data-processing-object-optional) - [`cookies`: Object|false (required)](#cookies-objectfalse-required) - [`processors`: Object (optional)](#processors-object-optional) - [Named Slots](#named-slots) - [Disclaimer](#disclaimer) - [License](#license) ## Demo An demo application using this package is avaliable at: <https://privacy-policy-vue-demo.netlify.app/> ## Features - **Languages** Currently the package includes texts in **german** and **english** language. - **Singular/Plural** You can choose between a singular or plural point of view. (e.g. `My website...` vs `Our website...`) - **Included Texts** - A general **intro text** - Listing of **GDPR rights** - Introduction of **data controller** - General **data security** text (SSL, etc.) - **Cookies** information - Information on **data processing** of third party data processors: - Webhosting - Web analytics - Interactive maps - Sending of emails (e.g. contact forms) - Disclaimer regarding **outgoing links** - Listing of all used **processors** ## Requirements This package has [`vue`](https://vuejs.org/) configured as a peer dependency with version `^2.0.0 || ^3.0.0`. ## Installation Using npm: ```shell npm install --save @webflorist/privacy-policy-vue ``` Using yarn: ```shell yarn add @webflorist/privacy-policy-vue ``` ## Usage ### Example An example of the usage of this package (in Vue SFC `<script setup>` syntax) for a website hosted on Netlify, using Google Maps and Google Analytics and Twilio Sendgrid as the provider for sending emails would be: ```js <script setup> import PrivacyPolicy from '@webflorist/privacy-policy-vue' const dataController = { organisation: 'Acme Corporation', name: 'John Doe', address: 'Acme Street 1, 123456 Acme City, USA', email: 'privacy@example.com', phone: '+1 555-0123' } let cookies = { first_party: [ { name: 'session', purpose: 'session', written_on: 'every_visit', duration: 'end_of_session', }, ], third_party: [ { name: '_ga, _gat, _gid', purpose: 'analytics_third_party', written_on: 'accept_cookies', duration: 'various', processor: 'google_eu', service: 'Google Analytics', }, ], } const dataProcessing = { webhosting: { processor: 'netlify', data_categories: ['usage_data'], }, analytics: { processor: 'google_eu', service: 'Google Analytics', data_categories: ['usage_data', 'usage_statistics'], }, maps: { processor: 'google_usa', service: 'Google Maps', data_categories: ['usage_data', 'geo_data'], }, send_emails: { processor: 'twilio_eu', service: 'Twilio Sendgrid', data_categories: ['usage_data', 'inventory_data'], } } </script> <template> <h1>Privacy Policy</h1> <PrivacyPolicy locale="en" :data-controller="dataController" :cookies="cookies" :data-processing="dataProcessing" /> </template> ``` ### Properties The `PrivacyPolicy` component takes the following properties: #### `locale`: String (mandatory) One of the supported languages (either `de` or `en`). This property can be reactive to achieve language switching. #### `data-controller`: Object (mandatory) Contact info for the data controller. The object can have the following properties: ```js { organisation: 'Acme Corporation', name: 'John Doe', address: 'Acme Street 1, 123456 Acme City, USA', email: 'privacy@example.com', phone: '+1 555-0123' } ``` #### `singular`: Boolean (optional) Displays the text from a singular viewpoint instead of a plural. (e.g. `My website...` vs `Our website...`) #### `data-processing`: Object (optional) The data processings used by your site. Each process must be stated as a property with a the type of process as it's name and it's properties stated as a value-object. Supported types of processes are: - `webhosting` - `analytics` - `maps` - `send_emails` The properties of a process can be: - `processor`: String (mandatory) The key of the processor providing this processing (either one of the [included ones](https://github.com/webflorist/privacy-policy-text/blob/main/dist/json/processors.json) or one stated via the [processors property](#processors-object-optional)) - `service`: String (optional) Name of the service providing this processing (e.g. `Google Analytics` or `Google Maps`) - `data_categories`: Array (mandatory) Array of data categories processed by this process. Supported values are: - `inventory_data` - `usage_data` - `geo_data` - `usage_statistics` - `contract_data` - `payment_data` Here is an example for a full `data-processing` object: ```js { webhosting: { processor: 'netlify', data_categories: ['usage_data'], }, analytics: { processor: 'google_eu', service: 'Google Analytics', data_categories: ['usage_data', 'usage_statistics'], }, maps: { processor: 'google_usa', service: 'Google Maps', data_categories: ['usage_data', 'geo_data'], }, send_emails: { processor: 'twilio_eu', service: 'Twilio Sendgrid', data_categories: ['usage_data', 'inventory_data'], } } ``` #### `cookies`: Object|false (required) This property describes the cookies used by your site. If your site uses no cookies at all, simply set this to `false`. If not, divide the used cookies into first party cookies and third party ones, and list them as arrays of the `first_party` and `third_party` properties of the `cookies` object. Each cookie is described as an object with the following possible properties: - `name`: String (mandatory) The name of the cookie - `purpose`: String (mandatory) The key of the cookie purpose. Can be one of the following: - `session`: Session cookie - `xsrf`: Cookie to prevent "Cross-Site Request Forgery" attacks - `hide_alert`: Cookie to prevent displaying the cookie dialog again after hiding it - `all_choices`: Cookie storing the choices regarding various cookies displayed in the cookie dialog - `analytics_choice`: Cookie storing the choice regarding the usage of web analytics in the cookie dialog - `maps_choice`: Cookie storing the choice regarding the usage of interactive maps - `analytics_third_party`: Cookies written by the web analytics tool - `maps_third_party`: Cookies set on displaying interactive maps. - `written_on`: String (mandatory) When the cookie is created. Can be one of the following: - `every_visit`: Written on every visit - `hide_alert`: Written on hiding the cookie dialog - `maps`: Written on acknowledging the usage of interactive maps - `accept_cookies`: Written on accepting the corresponding cookies - `duration`: String (mandatory) The duration of the cookie. Can be one of the following: - `end_of_session` - `1_year` - `2_years` - `24_hours` - `1_minute` - `various` - `processor`: String (mandatory with third party cookies) The key of the processor providing this processing (either one of the [included ones](https://github.com/webflorist/privacy-policy-text/blob/main/dist/json/processors.json) or one stated via the [processors property](#processors-object-optional)) Here is an example of the cookie property: ```js { first_party: [ { name: 'session', purpose: 'session', written_on: 'every_visit', duration: 'end_of_session', }, ], third_party: [ { name: '_ga, _gat, _gid', purpose: 'analytics_third_party', written_on: 'accept_cookies', duration: 'various', processor: 'google_eu', service: 'Google Analytics', }, ], } ``` #### `processors`: Object (optional) Definition of processors stated with [data processings](#data-processing-object-optional) or [cookies](#cookies-object-optional). Several processors are [already included](https://github.com/webflorist/privacy-policy-text/blob/main/dist/json/processors.json). State your own ones in the processors property in an object with the shorthand-key of the processor as the property name and it's info as a value-object with the following properties: - `name` String (mandatory) Company name - `address` String (mandatory) Full address of the company - `privacy_policy` String (mandatory) Link to the processors privacy policy - `privacy_shield` String (optional) Link to the [privacy shield](https://www.privacyshield.gov) entry of the processor. Here is and example: ```js { acme_corp: { name: 'Acme Corporation', address: 'Acme Street 1, 123456 Acme City, USA', privacy_policy: 'https://www.example.com/privacy', privacy_shield: 'https://www.privacyshield.gov/participant?id=a2zt0000000TOWQAA4' } } ``` ### Named Slots The `PrivacyPolicy` component provides the following named slots to insert custom text on various positions: | Slot Name | Usage | | --------------------------------- | ----------------------------------------------------------------------- | | after_intro | `<template #after_intro> Custom Text </template>` | | gdpr_rights_start | `<template #gdpr_rights_start> Custom Text </template>` | | gdpr_rights_end | `<template #gdpr_rights_end> Custom Text </template>` | | data_controller_start | `<template #data_controller_start> Custom Text </template>` | | data_controller_end | `<template #data_controller_end> Custom Text </template>` | | security_start | `<template #security_start> Custom Text </template>` | | security_end | `<template #security_end> Custom Text </template>` | | cookies_start | `<template #cookies_start> Custom Text </template>` | | cookies_end | `<template #cookies_end> Custom Text </template>` | | data_processing_start | `<template #data_processing_start> Custom Text </template>` | | data_processing_webhosting_start | `<template #data_processing_webhosting_start> Custom Text </template>` | | data_processing_webhosting_end | `<template #data_processing_webhosting_end> Custom Text </template>` | | data_processing_analytics_start | `<template #data_processing_analytics_start> Custom Text </template>` | | data_processing_analytics_end | `<template #data_processing_analytics_end> Custom Text </template>` | | data_processing_maps_start | `<template #data_processing_maps_start> Custom Text </template>` | | data_processing_maps_end | `<template #data_processing_maps_end> Custom Text </template>` | | data_processing_send_emails_start | `<template #data_processing_send_emails_start> Custom Text </template>` | | data_processing_send_emails_end | `<template #data_processing_send_emails_end> Custom Text </template>` | | data_processing_end | `<template #data_processing_end> Custom Text </template>` | | outgoing_links_start | `<template #outgoing_links_start> Custom Text </template>` | | outgoing_links_end | `<template #outgoing_links_end> Custom Text </template>` | | processor_list_start | `<template #processor_list_start> Custom Text </template>` | | processor_list_end | `<template #processor_list_end> Custom Text </template>` | ## Disclaimer The included text _should_ be suitable for a GDPR-compliant website. **I however do not take any responsibility whatsowever for that.** ## License This package is open-sourced software licensed under the [MIT license](https://github.com/webflorist/privacy-policy-vue/blob/main/LICENSE.md).