DSGVO compliance
Closed this issue · 1 comments
Throughout the entire development of the application, we need to be DSGVO compliant.
https://www.hubspot.de/data-privacy/gdpr-checklist
Which personal data do we store?
- User email
- User password
- Ordered products/menus (history)
- Payment methods (?)
Data collection process
We need to inform users about the data we collect, about the purpose of this process, ask them for their approval and educate them on their right to revoke this approval
Personal data must be effective
Data must not be stored longer than needed and stored data must always be the latest available
Where is our data stored?
- Data encryption?
- Secured environment?
- Who has access to the backend server?
- Anonymisation?
Sensible data?
Do we collect biometrical or genetic data?
No
Do we collect data of children?
What's the minimum age for signup?
Do we transfer data outside of the EU?
Generally, no. The (current) backend server is located in DE Saxony.
--> do we allow users outside of the EU to signup?
Deletion and Retrieval
Users must ALWAYS have the ability to request deletion of their data and request their personal data we have stored.