john/tractatus
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
tractatus/public/gdpr.html
TheFlow 07fcaa2e8f feat(compliance): add GDPR compliance page with trilingual support 
Implements comprehensive GDPR compliance documentation explaining how the
Tractatus Framework enforces data protection through architectural constraints
rather than policy documents.

Key features:
- 8 sections covering GDPR Articles 5, 6, 15-22, 25, 32, 33
- Framework positioning: BoundaryEnforcer, CrossReferenceValidator, PluralisticDeliberationOrchestrator
- Full trilingual support (EN/DE/FR) via DeepL API (322 translations)
- Footer links and i18n integration across all languages
- Professional translations for legal accuracy

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-28 10:26:57 +13:00

364 lines
30 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html lang="en" data-page="gdpr">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title data-i18n="meta.title">GDPR Compliance | Tractatus AI Safety Framework</title>
<meta name="description" content="How the Tractatus Framework approaches GDPR compliance through architectural constraints and boundary enforcement." data-i18n="meta.description">
<link rel="stylesheet" href="/css/tailwind.css?v=0.1.2.1761597667036">
<link rel="stylesheet" href="/css/tractatus-theme.min.css?v=0.1.2.1761597667036">
<style>
.skip-link { position: absolute; left: -9999px; }
.skip-link:focus { left: 0; z-index: 100; background: white; padding: 1rem; }
/* Accessibility: Focus indicators (WCAG 2.4.7) */
a:focus, button:focus {
outline: 3px solid #3b82f6;
outline-offset: 2px;
}
a:focus:not(:focus-visible) { outline: none; }
a:focus-visible { outline: 3px solid #3b82f6; outline-offset: 2px; }
</style>
</head>
<body class="bg-gray-50">
<!-- Skip Link for Keyboard Navigation -->
<a href="#main-content" class="skip-link">Skip to main content</a>
<!-- Navigation (injected by navbar.js) -->
<script src="/js/components/navbar.js?v=0.1.2.1761597667036"></script>
<!-- i18n Support -->
<script src="/js/i18n-simple.js?v=0.1.2.1761597667036"></script>
<script src="/js/components/language-selector.js?v=0.1.2.1761597667036"></script>
<!-- Main Content -->
<main id="main-content" class="max-w-4xl mx-auto px-4 sm:px-6 lg:px-8 py-12">
<!-- Header -->
<div class="mb-12">
<h1 class="text-4xl md:text-5xl font-bold text-gray-900 mb-4" data-i18n="header.title">GDPR Compliance</h1>
<p class="text-lg text-gray-600" data-i18n="header.subtitle">How Tractatus approaches data protection through architectural constraints</p>
<p class="text-sm text-gray-500 mt-2" data-i18n="header.last_updated">Last updated: October 28, 2025</p>
</div>
<!-- Introduction -->
<div class="bg-blue-50 border-l-4 border-blue-500 p-6 mb-8 rounded">
<p class="text-blue-900">
<strong data-i18n="intro.badge">Architectural Enforcement:</strong> <span data-i18n="intro.text">The Tractatus Framework enforces GDPR compliance through structural constraints, not policy documents. Privacy boundaries are built into our architecture, not aspirational guidelines.</span>
</p>
</div>
<!-- Content -->
<div class="prose prose-lg max-w-none space-y-8">
<!-- 1. Our GDPR Commitment -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_1.title">1. Our GDPR Commitment</h2>
<p class="text-gray-700 mb-4" data-i18n="section_1.intro">
The General Data Protection Regulation (GDPR) protects the privacy rights of individuals in the European Union and European Economic Area. While Tractatus is based in Aotearoa New Zealand, we extend GDPR protections to all users globally—not as compliance theatre, but because these protections align with our core values of human agency and data sovereignty.
</p>
<div class="bg-amber-50 border-l-4 border-amber-500 p-4 my-4">
<p class="text-amber-900">
<strong data-i18n="section_1.approach_badge">One architectural approach:</strong> <span data-i18n="section_1.approach_text">We recognize GDPR as one important framework among many for data protection. Organizations may face different regulatory requirements (CCPA, Privacy Act 2020, etc.). Our approach is to build structural constraints that can adapt to plural regulatory contexts, not impose a single compliance model.</span>
</p>
</div>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_1.principles_heading">Core Principles</h3>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_1.principles.0"><strong>Privacy by Design:</strong> Data protection built into system architecture from the start</li>
<li data-i18n-html="section_1.principles.1"><strong>Minimal Data Collection:</strong> We collect only what's necessary for specific, stated purposes</li>
<li data-i18n-html="section_1.principles.2"><strong>Transparent Processing:</strong> Clear information about what data we collect and why</li>
<li data-i18n-html="section_1.principles.3"><strong>User Control:</strong> Mechanisms for access, correction, deletion, and portability</li>
<li data-i18n-html="section_1.principles.4"><strong>Accountability:</strong> Documented decisions, auditable processes, measurable compliance</li>
</ul>
</section>
<!-- 2. How the Framework Enforces GDPR -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_2.title">2. How the Framework Enforces GDPR</h2>
<p class="text-gray-700 mb-4" data-i18n-html="section_2.intro">
The Tractatus Framework doesn't rely on hoping developers "remember GDPR." Instead, we use <strong>architectural constraints</strong> that make non-compliant data handling difficult or impossible.
</p>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_2.boundary_heading">2.1 Boundary Enforcement Service</h3>
<p class="text-gray-700 mb-2" data-i18n="section_2.boundary_intro">
Our BoundaryEnforcer service blocks operations that would violate privacy boundaries:
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_2.boundary_items.0"><strong>Hard Boundaries:</strong> Prevents writing user data to public files, logging sensitive information, or exposing credentials</li>
<li data-i18n-html="section_2.boundary_items.1"><strong>Pre-Action Checks:</strong> All data operations validated before execution, not after</li>
<li data-i18n-html="section_2.boundary_items.2"><strong>Audit Logging:</strong> Every boundary decision recorded for compliance auditing</li>
<li data-i18n-html="section_2.boundary_items.3"><strong>Framework Instructions:</strong> inst_009 (User Data Protection) and inst_010 (PII Confidentiality) enforce GDPR Article 5 principles architecturally</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_2.validation_heading">2.2 Cross-Reference Validation</h3>
<p class="text-gray-700 mb-2" data-i18n="section_2.validation_intro">
When data operations conflict with privacy rules:
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n="section_2.validation_items.0">CrossReferenceValidator flags conflicts between data collection and privacy instructions</li>
<li data-i18n="section_2.validation_items.1">Operations that violate GDPR principles (data minimization, purpose limitation) are blocked</li>
<li data-i18n="section_2.validation_items.2">System provides alternative approaches that satisfy both functional and privacy requirements</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_2.deliberation_heading">2.3 Pluralistic Deliberation for Values Conflicts</h3>
<p class="text-gray-700 mb-2" data-i18n="section_2.deliberation_intro">
When legitimate interests conflict (e.g., fraud prevention vs. privacy):
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n="section_2.deliberation_items.0">PluralisticDeliberationOrchestrator surfaces the conflict for human judgment</li>
<li data-i18n="section_2.deliberation_items.1">System doesn't flatten "privacy vs security" to a metric—preserves incommensurability</li>
<li data-i18n="section_2.deliberation_items.2">Decisions are documented with justification, creating an auditable compliance trail</li>
<li data-i18n="section_2.deliberation_items.3">No amoral AI making privacy trade-offs autonomously—human values guide decisions</li>
</ul>
</section>
<!-- 3. Your GDPR Rights -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_3.title">3. Your GDPR Rights</h2>
<p class="text-gray-700 mb-4" data-i18n="section_3.intro">
Under GDPR Articles 15-22, you have the following rights. We honor these rights for all users, regardless of location.
</p>
<div class="space-y-4">
<!-- Right to Access -->
<div class="border-l-4 border-blue-500 pl-4">
<h3 class="text-lg font-semibold text-gray-900 mb-2" data-i18n="section_3.right_access_title">Right to Access (Article 15)</h3>
<p class="text-gray-700" data-i18n="section_3.right_access_desc">Request a copy of all personal data we hold about you, including processing purposes and data recipients.</p>
<p class="text-sm text-gray-600 mt-1"><strong data-i18n="section_3.how_to_exercise">How to exercise:</strong> <span data-i18n="section_3.right_access_exercise">Email</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_3.right_access_email">privacy@agenticgovernance.digital</a> <span data-i18n="section_3.with_subject">with subject</span> "<span data-i18n="section_3.right_access_subject">GDPR Access Request</span>"</p>
<p class="text-sm text-gray-600"><strong data-i18n="section_3.response_time">Response time:</strong> <span data-i18n="section_3.right_access_time">Within 30 days (extendable to 90 days for complex requests)</span></p>
</div>
<!-- Right to Rectification -->
<div class="border-l-4 border-green-500 pl-4">
<h3 class="text-lg font-semibold text-gray-900 mb-2" data-i18n="section_3.right_rectification_title">Right to Rectification (Article 16)</h3>
<p class="text-gray-700" data-i18n="section_3.right_rectification_desc">Request correction of inaccurate or incomplete personal data.</p>
<p class="text-sm text-gray-600 mt-1"><strong data-i18n="section_3.how_to_exercise">How to exercise:</strong> <span data-i18n="section_3.right_rectification_exercise">Email</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_3.right_rectification_email">privacy@agenticgovernance.digital</a> <span data-i18n="section_3.with_corrected_info">with corrected information</span></p>
</div>
<!-- Right to Erasure -->
<div class="border-l-4 border-red-500 pl-4">
<h3 class="text-lg font-semibold text-gray-900 mb-2" data-i18n="section_3.right_erasure_title">Right to Erasure / "Right to be Forgotten" (Article 17)</h3>
<p class="text-gray-700" data-i18n="section_3.right_erasure_desc">Request deletion of your personal data when no legitimate grounds exist for processing.</p>
<p class="text-sm text-gray-600 mt-1"><strong data-i18n="section_3.how_to_exercise">How to exercise:</strong> <span data-i18n="section_3.right_erasure_exercise">Email</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_3.right_erasure_email">privacy@agenticgovernance.digital</a> <span data-i18n="section_3.with_subject">with subject</span> "<span data-i18n="section_3.right_erasure_subject">GDPR Erasure Request</span>"</p>
<p class="text-sm text-gray-600"><strong data-i18n="section_3.limitations">Limitations:</strong> <span data-i18n="section_3.right_erasure_limitations">We may retain data if required for legal obligations, public interest, or legitimate claims</span></p>
</div>
<!-- Right to Restriction -->
<div class="border-l-4 border-yellow-500 pl-4">
<h3 class="text-lg font-semibold text-gray-900 mb-2" data-i18n="section_3.right_restriction_title">Right to Restriction of Processing (Article 18)</h3>
<p class="text-gray-700" data-i18n="section_3.right_restriction_desc">Request temporary suspension of data processing in specific circumstances (e.g., accuracy disputes).</p>
<p class="text-sm text-gray-600 mt-1"><strong data-i18n="section_3.how_to_exercise">How to exercise:</strong> <span data-i18n="section_3.right_restriction_exercise">Email</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_3.right_restriction_email">privacy@agenticgovernance.digital</a> <span data-i18n="section_3.with_justification">with justification</span></p>
</div>
<!-- Right to Portability -->
<div class="border-l-4 border-purple-500 pl-4">
<h3 class="text-lg font-semibold text-gray-900 mb-2" data-i18n="section_3.right_portability_title">Right to Data Portability (Article 20)</h3>
<p class="text-gray-700" data-i18n="section_3.right_portability_desc">Receive your personal data in a structured, machine-readable format (JSON, CSV).</p>
<p class="text-sm text-gray-600 mt-1"><strong data-i18n="section_3.how_to_exercise">How to exercise:</strong> <span data-i18n="section_3.right_portability_exercise">Email</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_3.right_portability_email">privacy@agenticgovernance.digital</a> <span data-i18n="section_3.with_subject">with subject</span> "<span data-i18n="section_3.right_portability_subject">GDPR Portability Request</span>"</p>
<p class="text-sm text-gray-600"><strong>Format:</strong> <span data-i18n="section_3.right_portability_format">We provide data in JSON format by default</span></p>
</div>
<!-- Right to Object -->
<div class="border-l-4 border-orange-500 pl-4">
<h3 class="text-lg font-semibold text-gray-900 mb-2" data-i18n="section_3.right_object_title">Right to Object (Article 21)</h3>
<p class="text-gray-700" data-i18n="section_3.right_object_desc">Object to processing based on legitimate interests or for direct marketing purposes.</p>
<p class="text-sm text-gray-600 mt-1"><strong data-i18n="section_3.how_to_exercise">How to exercise:</strong> <span data-i18n="section_3.right_object_exercise">Email</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_3.right_object_email">privacy@agenticgovernance.digital</a> <span data-i18n="section_3.with_objection_reason">with objection reason</span></p>
<p class="text-sm text-gray-600"><strong>Note:</strong> <span data-i18n="section_3.right_object_note">We never send marketing emails without explicit opt-in</span></p>
</div>
</div>
</section>
<!-- 4. Data Processing Details -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_4.title">4. Data Processing Details</h2>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_4.legal_basis_heading">4.1 Legal Basis for Processing</h3>
<p class="text-gray-700 mb-2" data-i18n="section_4.legal_basis_intro">We process personal data under these GDPR-compliant legal bases:</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_4.legal_basis_items.0"><strong>Consent (Article 6(1)(a)):</strong> Newsletter subscriptions, optional donation publicity</li>
<li data-i18n-html="section_4.legal_basis_items.1"><strong>Contract (Article 6(1)(b)):</strong> Processing donations, delivering services</li>
<li data-i18n-html="section_4.legal_basis_items.2"><strong>Legal Obligation (Article 6(1)(c)):</strong> Tax reporting, anti-money laundering compliance</li>
<li data-i18n-html="section_4.legal_basis_items.3"><strong>Legitimate Interests (Article 6(1)(f)):</strong> Security, fraud prevention, service improvement</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_4.retention_heading">4.2 Data Retention</h3>
<p class="text-gray-700 mb-2" data-i18n="section_4.retention_intro">We retain personal data only as long as necessary:</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_4.retention_items.0"><strong>Server Logs:</strong> 90 days (security monitoring)</li>
<li data-i18n-html="section_4.retention_items.1"><strong>Donation Records:</strong> 7 years (tax/legal requirements)</li>
<li data-i18n-html="section_4.retention_items.2"><strong>Contact Form Submissions:</strong> 2 years or until resolved</li>
<li data-i18n-html="section_4.retention_items.3"><strong>Account Data:</strong> Until account deletion requested + 30 days</li>
<li data-i18n-html="section_4.retention_items.4"><strong>Analytics:</strong> 26 months (aggregated, non-identifiable after 14 months)</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_4.transfers_heading">4.3 International Transfers</h3>
<p class="text-gray-700 mb-2" data-i18n="section_4.transfers_intro">
Our infrastructure is hosted with OVH (France, EU) to keep data within GDPR jurisdiction. For third-party services:
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_4.transfers_items.0"><strong>Stripe (Payment Processing):</strong> Uses Standard Contractual Clauses for EU-US transfers</li>
<li data-i18n-html="section_4.transfers_items.1"><strong>MongoDB Atlas (Database):</strong> Hosted in EU-West region (Frankfurt, Germany)</li>
<li data-i18n="section_4.transfers_items.2">We do not transfer data to countries without adequate protection unless required by law and with your explicit consent</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_4.automated_heading">4.4 Automated Decision-Making</h3>
<p class="text-gray-700" data-i18n="section_4.automated_text">
We do not use automated decision-making or profiling that produces legal effects or similarly significant impacts (GDPR Article 22). All consequential decisions involve human judgment.
</p>
</section>
<!-- 5. Security Measures -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_5.title">5. Security Measures (Article 32)</h2>
<p class="text-gray-700 mb-4" data-i18n="section_5.intro">
We implement appropriate technical and organizational measures to ensure data security:
</p>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_5.technical_heading">Technical Measures</h3>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_5.technical_items.0"><strong>Encryption:</strong> TLS 1.3 in transit, AES-256 at rest for sensitive data</li>
<li data-i18n-html="section_5.technical_items.1"><strong>Access Controls:</strong> Role-based access, principle of least privilege</li>
<li data-i18n-html="section_5.technical_items.2"><strong>Credential Management:</strong> Defense-in-depth architecture (5 protection layers, inst_072)</li>
<li data-i18n-html="section_5.technical_items.3"><strong>Security Monitoring:</strong> Intrusion detection, log analysis, vulnerability scanning</li>
<li data-i18n-html="section_5.technical_items.4"><strong>Regular Audits:</strong> Monthly security reviews, quarterly penetration testing</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_5.organizational_heading">Organizational Measures</h3>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_5.organizational_items.0"><strong>Data Protection by Design:</strong> Privacy requirements integrated from system conception</li>
<li data-i18n-html="section_5.organizational_items.1"><strong>Staff Training:</strong> Regular privacy and security awareness training</li>
<li data-i18n-html="section_5.organizational_items.2"><strong>Incident Response:</strong> Documented procedures for breach notification (within 72 hours per Article 33)</li>
<li data-i18n-html="section_5.organizational_items.3"><strong>Vendor Management:</strong> Data Processing Agreements with all third-party processors</li>
</ul>
</section>
<!-- 6. Framework Benefits for GDPR Compliance -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_6.title">6. Framework Benefits for GDPR Compliance</h2>
<p class="text-gray-700 mb-4" data-i18n="section_6.intro">
The Tractatus Framework's architectural approach provides structural support for GDPR compliance that goes beyond policy documentation:
</p>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_6.privacy_by_design_heading">6.1 Built-in Privacy by Design (Article 25)</h3>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n="section_6.privacy_by_design_items.0">Privacy boundaries enforced architecturally—can't accidentally log PII or write user data to public files</li>
<li data-i18n="section_6.privacy_by_design_items.1">Pre-action checks validate GDPR compliance before operations execute</li>
<li data-i18n="section_6.privacy_by_design_items.2">Default configuration is privacy-protective (data minimization, purpose limitation)</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_6.accountability_heading">6.2 Accountability and Demonstrable Compliance (Article 5(2))</h3>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_6.accountability_items.0"><strong>Audit Logs:</strong> Every data operation logged with justification, creating Records of Processing Activities (ROPA)</li>
<li data-i18n-html="section_6.accountability_items.1"><strong>Decision Trail:</strong> PluralisticDeliberationOrchestrator documents values conflicts and resolutions</li>
<li data-i18n-html="section_6.accountability_items.2"><strong>Framework Statistics:</strong> Real-time compliance metrics via analytics dashboard</li>
<li data-i18n-html="section_6.accountability_items.3">Audit logs show <em>why</em> decisions were made, not just <em>what</em> happened—critical for demonstrating compliance to supervisory authorities</li>
</ul>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_6.conflicts_heading">6.3 Handling Conflicts Between Legitimate Interests</h3>
<p class="text-gray-700 mb-2" data-i18n="section_6.conflicts_intro">
GDPR recognizes that legitimate interests can conflict (security vs. privacy, fraud prevention vs. data minimization). The framework handles these conflicts architecturally:
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n="section_6.conflicts_items.0">When a conflict arises, PluralisticDeliberationOrchestrator surfaces it for human judgment</li>
<li data-i18n="section_6.conflicts_items.1">System doesn't flatten incommensurable values to optimization metrics</li>
<li data-i18n="section_6.conflicts_items.2">Documented deliberation satisfies GDPR Article 6(1)(f) Legitimate Interests Assessment requirements</li>
<li data-i18n="section_6.conflicts_items.3">Creates auditable evidence of balancing test between interests and fundamental rights</li>
</ul>
<div class="bg-green-50 border-l-4 border-green-500 p-4 mt-4">
<p class="text-green-900">
<strong data-i18n="section_6.example_badge">Example:</strong> <span data-i18n="section_6.example_text">When analytics suggests collecting additional user data for fraud detection, the framework doesn't auto-approve. It triggers deliberation: "Fraud prevention (legitimate interest) vs. Data minimization (Article 5(1)(c))." Human judgment determines if collection is proportionate, documented in audit logs for supervisory authority review.</span>
</p>
</div>
</section>
<!-- 7. Data Protection Officer -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_7.title">7. Contact & Data Protection Officer</h2>
<p class="text-gray-700 mb-4" data-i18n="section_7.intro">
For privacy concerns, GDPR requests, or data protection questions:
</p>
<div class="bg-gray-50 rounded p-4">
<p class="text-gray-900"><strong data-i18n="section_7.contact_heading">Privacy Contact:</strong></p>
<p class="text-gray-700"><span data-i18n="section_7.contact_email_label">Email:</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_7.contact_email">privacy@agenticgovernance.digital</a></p>
<p class="text-gray-700 mt-2" data-i18n="section_7.contact_response_time">Response time: Within 5 business days for initial response, 30 days for full resolution</p>
</div>
<h3 class="text-xl font-semibold text-gray-900 mt-6 mb-3" data-i18n="section_7.complaint_heading">Right to Lodge a Complaint</h3>
<p class="text-gray-700 mb-2" data-i18n="section_7.complaint_intro">
If you believe we've violated GDPR, you have the right to lodge a complaint with a supervisory authority:
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n-html="section_7.complaint_eu"><strong>EU Residents:</strong> Contact your national Data Protection Authority (<a href="https://edpb.europa.eu/about-edpb/board/members_en" class="text-blue-600 hover:underline" target="_blank" rel="noopener" data-i18n="section_7.complaint_eu_link_text">find yours here</a>)</li>
<li data-i18n-html="section_7.complaint_nz"><strong>NZ Residents:</strong> Contact the Office of the Privacy Commissioner (<a href="https://www.privacy.org.nz/your-rights/making-a-complaint/" class="text-blue-600 hover:underline" target="_blank" rel="noopener" data-i18n="section_7.complaint_nz_link_text">privacy.org.nz</a>)</li>
</ul>
<p class="text-gray-700 mt-2" data-i18n="section_7.complaint_encourage">
We encourage you to contact us first—we're committed to resolving concerns directly and transparently.
</p>
</section>
<!-- 8. Updates to This Policy -->
<section class="bg-white shadow rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="section_8.title">8. Updates to This Policy</h2>
<p class="text-gray-700 mb-4" data-i18n="section_8.intro">
We may update this GDPR compliance page to reflect changes in:
</p>
<ul class="list-disc pl-6 text-gray-700 space-y-2">
<li data-i18n="section_8.update_reasons.0">Our data processing activities</li>
<li data-i18n="section_8.update_reasons.1">Legal or regulatory requirements</li>
<li data-i18n="section_8.update_reasons.2">Framework capabilities that enhance GDPR compliance</li>
</ul>
<p class="text-gray-700 mt-4">
<strong data-i18n="section_8.notification_heading">Change Notification:</strong> <span data-i18n="section_8.notification_text">Material changes will be communicated via email (if you've provided one) and prominently displayed on our website for 30 days. Continued use after notification constitutes acceptance of changes.</span>
</p>
<p class="text-gray-700 mt-4">
<strong data-i18n="section_8.version_heading">Version History:</strong> <span data-i18n="section_8.version_text">Previous versions of this policy are available upon request to</span> <a href="mailto:privacy@agenticgovernance.digital" class="text-blue-600 hover:underline" data-i18n="section_8.version_email">privacy@agenticgovernance.digital</a>
</p>
</section>
<!-- Related Resources -->
<section class="bg-gray-50 border border-gray-200 rounded-lg p-8">
<h2 class="text-2xl font-bold text-gray-900 mb-4" data-i18n="related.title">Related Resources</h2>
<ul class="space-y-3">
<li>
<a href="/privacy.html" class="text-blue-600 hover:underline font-medium" data-i18n="related.privacy_title">Privacy Policy</a>
<p class="text-gray-600 text-sm" data-i18n="related.privacy_desc">Comprehensive privacy practices and data handling</p>
</li>
<li>
<a href="/about/values.html" class="text-blue-600 hover:underline font-medium" data-i18n="related.values_title">Core Values</a>
<p class="text-gray-600 text-sm" data-i18n="related.values_desc">Our commitment to human agency and transparency</p>
</li>
<li>
<a href="/docs.html?category=framework-architecture" class="text-blue-600 hover:underline font-medium" data-i18n="related.framework_title">Framework Architecture</a>
<p class="text-gray-600 text-sm" data-i18n="related.framework_desc">Technical details on boundary enforcement and audit logging</p>
</li>
<li>
<a href="https://gdpr.eu/" class="text-blue-600 hover:underline font-medium" target="_blank" rel="noopener" data-i18n="related.gdpr_official_title">Official GDPR Text</a>
<p class="text-gray-600 text-sm" data-i18n="related.gdpr_official_desc">Full text of the General Data Protection Regulation</p>
</li>
</ul>
</section>
</div>
</main>
<!-- Footer Component -->
<script src="/js/components/footer.js?v=0.1.2.1761597667036"></script>
</body>
</html>
Reference in a new issue View git blame Copy permalink