Add a Privacy Policy and Cookie Notice to comply with GDPR
For the purpose of complying with GDPR (DSGVO) we should write an add an appropriate privacy policy.
Alongside other things it should contain:
- what kind of PI/PII we receive
- what we do with this data
- how long we store it I am thinking concretly about the metadata Drupal stores about users as well as any potential server logs with IP Addresses. Since Drupal uses cookie-based session, we will also have to add a cookie notice.
As we will have users that speak only German and users that speak only English, we will have to have a version of the Privacy Policy in both languages. Furthermore, I am not familiar enough with the details of Drupal to be able to tell you what exact categories of data about users it keeps -- e.g. does it keep access times and modification times of content?