GITBOOK-36: Minor adjustments to GDPR docs

Author: Sofie Toft Kristensen

13/umbraco-engage/SUMMARY.md

@@ -126,7 +126,7 @@
 * [Security and privacy](security-and-privacy/README.md)
 * [Retention periods of data](security-and-privacy/retention-periods-of-data.md)
 * [Anonymization](security-and-privacy/anonymization.md)
-* [GDPR + EU regulation friendly](security-and-privacy/gdpr/README.md)
+* [GDPR & EU regulation](security-and-privacy/gdpr/README.md)
   * [How to become GDPR compliant using cookiebot](security-and-privacy/gdpr/how-to-become-gdpr-compliant-using-cookiebot.md)
 * [How it works](security-and-privacy/how-it-works.md)
 

13/umbraco-engage/security-and-privacy/gdpr/README.md

@@ -1,8 +1,4 @@
-# GDPR + EU regulation friendly
-
-{% hint style="info" %}
-This document is a work in progress and is subject to change without warning.
-{% endhint %}
+# GDPR & EU regulation
 
 **Disclaimer**: Always check you are GDPR compliant with your own privacy office or legal department
 
@@ -17,29 +13,36 @@ Umbraco Engage principles:
 * Umbraco Engage uses specific retention periods and personal data is not kept longer than necessary.
 * Umbraco Engage has set up its software according to the principles of privacy by design and by default.
 
-## GDPR compliance
+## GDPR Compliance
 
 Umbraco Engage has been designed with the principles of privacy by design and privacy by default in mind. For example, the following measures have been taken:
 
-* The retention period for **the Umbraco Engage cookie is 365 days by default**. The data is **anonymized after two years**, and **fully deleted after four years**;
-* The IP address is pseudonymized by default;
-* The use of view and click behaviour is optional;
+* The retention period for **the Umbraco Engage cookie is 365 days by default**.
+* The data is **anonymized after two years**, and **fully deleted after three years**.
+* The IP address is pseudonymized by default.
+* The use of view and click behavior is optional.
 * Neither Umbraco Engage nor any other third party has access to the data\
-  (except for, for example, your own hosting provider), as the cookie is first\
+  (except for, for example, custom hosting provider), as the cookie is first\
   party.
 
-You can change the default settings. However, we do not recommend doing so, as they are set in line with the General Data Protection Regulation (hereinafter: GDPR).
+You can change the default settings. However, we do not recommend doing so, as they are set in line with the General Data Protection Regulation (GDPR).
 
 ### Information obligation
 
-When using Umbraco Engage, this means that you, as a customer, have to inform about the use of Umbraco Engage, which personal data is processed, why it is processed and how. In order to comply with this information obligation set by the GDPR, **you can add the following text to your privacy (and cookie) statement**:
+When using Umbraco Engage, this means that you, as a customer, have to inform about the use of Umbraco Engage, which personal data is processed, why it is processed, and how. To comply with the information obligation set by the GDPR, **you can add the following template to your privacy (and cookie) statement**:
 
 > _On our website we use_ Umbraco Engage\_. This is add-on software from\_ Umbraco\_, which allows us, through the use of a cookie, to analyze the website behavior of the website visitor. Based on this information, we can improve the user experience and personalize content for each specific website visitor. In order to do so, we process, amongst other things, your pseudonymized IP address, cookie ID, website and clicking behavior (optional), how you got to visit our website and your browser data. Only we have access to this personal data. **The cookies will be deleted from your device after one year. The personal data collected through the use of the cookie will be retained for a maximum of two years. Hereafter, the data will be anonymized and retained for another two years**. This way, we can identify trends on the website and improve the website.\_
 
+{% hint style="info" %}
+Remember to adjust the template to match the configuration on your website.
+{% endhint %}
+
+
+
 ### Cookie consent 🍪
 
 [The cookie of Umbraco Engage can be categorized as an analytical and personalization cookie in one](../../developers/introduction/the-umbraco-engage-cookie/), as the cookie is used to analyze website visitor behavior and to personalize the content of the website based on this behavior. For analytical and personalization cookies consent is required, based on the GDPR and the ePrivacy Directive.
 
-As a customer and the controller of the personal data processed by the use of Umbraco Engage, **it is your responsibility to obtain consent from the website visitor for the use of the Umbraco Engage cookie**. Consent can be obtained by means of a cookie banner.
+As a customer and the controller of the personal data processed by the use of Umbraco Engage, **it is your responsibility to obtain consent from the website visitor for the use of the Umbraco Engage cookie**. Consent can be obtained using a cookie banner.
 
 You can [control the features of Umbraco Engage](../../developers/introduction/the-umbraco-engage-cookie/module-permissions.md) and give your visitors total control over which features they which to enable.

13/umbraco-engage/security-and-privacy/retention-periods-of-data.md

@@ -9,7 +9,9 @@ description: >-
 
 There is no reason to store your visitor data forever. As privacy is an important aspect of Umbraco Engage, you have tools to ensure you do not store the data forever.
 
-You can [configure](../developers/settings/configuration.md) Umbraco Engage to delete three data types after a certain period.
+You can [configure](../developers/settings/configuration.md) Umbraco Engage to delete three types of data after a certain period.
+
+<table><thead><tr><th width="282">Type of data</th><th width="217">Anonymized</th><th>Deleted</th></tr></thead><tbody><tr><td><strong>Raw Data</strong></td><td>-</td><td>5 days</td></tr><tr><td><strong>Control Group Data</strong></td><td>-</td><td>180 days</td></tr><tr><td><strong>Processed Data</strong></td><td> 2 years</td><td>3 years</td></tr></tbody></table>
 
 * **Raw data** is collected in [the first phase of the data flow](../developers/introduction/dataflow-pipeline/data-collection.md). This data is stored and parsed a few moments later. By default, this data gets deleted after 5 days. It is recommended that this data is stored for no longer than 30 days.
 * **Control group data** is used for [personalization](../developers/personalization/) purposes. When a visitor visits a personalized page, Umbraco Engage keeps track of whether that visitor is in a control group for user experience consistency. By default, this gets deleted after 180 days. The recommendation is to not increase this.