Commit d8dab241 authored by Kalinka's avatar Kalinka

adding gdpr conform privacy policy and imprint configureable via environment variables

parent 2ed20d62
......@@ -30,4 +30,15 @@ OGAME_CACHE_DATABASE_ID=1
OGAME_RATELIMIT_DATABASE_ID=2
OGAME_API_RATELIMIT_PERIOD=60
OGAME_API_RATELIMIT_LIMIT=5
USE_IMPRINT=0
USE_PRIVACY_POLICY=0
PP_NAME=NN
PP_STREET_NUMBER=Anystreet 1
PP_TOWN=Anytown
PP_COUNTRY=Anycountry
PP_EMAIL=any@any.com
PP_STORE_TIME='7 days'
###< APISERVER ###
......@@ -2,3 +2,12 @@ twig:
paths: ['%kernel.project_dir%/templates']
debug: '%kernel.debug%'
strict_variables: '%kernel.debug%'
globals:
use_imprint: '%env(USE_IMPRINT)%'
use_privacy_policy: '%env(USE_PRIVACY_POLICY)%'
pp_name: '%env(PP_NAME)%'
pp_street: '%env(PP_STREET_NUMBER)%'
pp_town: '%env(PP_TOWN)%'
pp_country: '%env(PP_COUNTRY)%'
pp_email: '%env(PP_EMAIL)%'
pp_store_time: '%env(PP_STORE_TIME)%'
......@@ -5,7 +5,6 @@ use App\API\Exception\InvalidApiIdException;
use App\Service\OgameResolver;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Annotation\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Swagger\Annotations as SWG;
use Nelmio\ApiDocBundle\Annotation\Operation;
use Noxlogic\RateLimitBundle\Annotation\RateLimit;
......@@ -29,9 +28,9 @@ class ApiV1Controller extends Controller
* },
* requirements={
* "full": "(1|0)"
* }
* },
* methods={"GET"}
* )
* @Method({"GET"})
* @Operation(
* tags={"ogame-api"},
* @SWG\Parameter(
......@@ -94,9 +93,9 @@ class ApiV1Controller extends Controller
* defaults={
* "full" = 1,
* "delta" = 1
* }
* },
* methods={"GET"}
* )
* @Method({"GET"})
* @Operation(
* tags={"ogame-api"},
* @SWG\Parameter(
......
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpFoundation\Response;
class LegalController extends Controller
{
/**
* @Route(
* "/imprint",
* name="imprint",
* methods={"GET"}
* )
*/
public function getImprint()
{
if (1 == getenv('USE_IMPRINT')) {
return $this->render('imprint.html.twig');
}
return new Response();
}
/**
* @Route(
* "/privacy",
* name="privacy",
* methods={"GET"}
* )
*/
public function getPrivacy()
{
if (1 == getenv('USE_PRIVACY_POLICY')) {
return $this->render('privacy.html.twig');
}
return new Response();
}
}
\ No newline at end of file
{# This file is part of the API Platform project.
(c) Kévin Dunglas <dunglas@gmail.com>
For the full copyright and license information, please view the LICENSE
file that was distributed with this source code. #}
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>{{ swagger_data.spec.info.title }} - API-Documentation</title>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:400,700|Source+Code+Pro:300,600|Titillium+Web:400,600,700">
<link rel="stylesheet" href="{{ asset('bundles/nelmioapidoc/swagger-ui/swagger-ui.css') }}">
<link rel="stylesheet" href="{{ asset('bundles/nelmioapidoc/style.css') }}">
{# json_encode(65) is for JSON_UNESCAPED_SLASHES|JSON_HEX_TAG to avoid JS XSS #}
<script id="swagger-data" type="application/json">{{ swagger_data|json_encode(65)|raw }}</script>
</head>
<body>
<svg xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" style="position:absolute;width:0;height:0">
<defs>
<symbol viewBox="0 0 20 20" id="unlocked">
<path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V6h2v-.801C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8z"></path>
</symbol>
<symbol viewBox="0 0 20 20" id="locked">
<path d="M15.8 8H14V5.6C14 2.703 12.665 1 10 1 7.334 1 6 2.703 6 5.6V8H4c-.553 0-1 .646-1 1.199V17c0 .549.428 1.139.951 1.307l1.197.387C5.672 18.861 6.55 19 7.1 19h5.8c.549 0 1.428-.139 1.951-.307l1.196-.387c.524-.167.953-.757.953-1.306V9.199C17 8.646 16.352 8 15.8 8zM12 8H8V5.199C8 3.754 8.797 3 10 3c1.203 0 2 .754 2 2.199V8z"></path>
</symbol>
<symbol viewBox="0 0 20 20" id="close">
<path d="M14.348 14.849c-.469.469-1.229.469-1.697 0L10 11.819l-2.651 3.029c-.469.469-1.229.469-1.697 0-.469-.469-.469-1.229 0-1.697l2.758-3.15-2.759-3.152c-.469-.469-.469-1.228 0-1.697.469-.469 1.228-.469 1.697 0L10 8.183l2.651-3.031c.469-.469 1.228-.469 1.697 0 .469.469.469 1.229 0 1.697l-2.758 3.152 2.758 3.15c.469.469.469 1.229 0 1.698z"></path>
</symbol>
<symbol viewBox="0 0 20 20" id="large-arrow">
<path d="M13.25 10L6.109 2.58c-.268-.27-.268-.707 0-.979.268-.27.701-.27.969 0l7.83 7.908c.268.271.268.709 0 .979l-7.83 7.908c-.268.271-.701.27-.969 0-.268-.269-.268-.707 0-.979L13.25 10z"></path>
</symbol>
<symbol viewBox="0 0 20 20" id="large-arrow-down">
<path d="M17.418 6.109c.272-.268.709-.268.979 0s.271.701 0 .969l-7.908 7.83c-.27.268-.707.268-.979 0l-7.908-7.83c-.27-.268-.27-.701 0-.969.271-.268.709-.268.979 0L10 13.25l7.418-7.141z"></path>
</symbol>
<symbol viewBox="0 0 24 24" id="jump-to">
<path d="M19 7v4H5.83l3.58-3.59L8 6l-6 6 6 6 1.41-1.41L5.83 13H21V7z"></path>
</symbol>
<symbol viewBox="0 0 24 24" id="expand">
<path d="M10 18h4v-2h-4v2zM3 6v2h18V6H3zm3 7h12v-2H6v2z"></path>
</symbol>
</defs>
</svg>
<header>
{% if use_imprint == 1 %}<span id="imprint" style="position: fixed; top: 25px; right:360px; z-index:102;"><a href="{{ path('imprint') }}">Imprint</a></span> {% endif %}
{% if use_privacy_policy == 1 %}<span id="privacy" style="position: fixed; top: 25px; right: 300px; z-index: 102;"><a href="{{ path('privacy') }}">Privacy</a></span> {% endif %}
<a id="logo" href="https://github.com/nelmio/NelmioApiDocBundle"><img src="{{ asset('bundles/nelmioapidoc/logo.png') }}" alt="NelmioApiDocBundle"></a>
</header>
<div id="swagger-ui" class="api-platform"></div>
<div class="swagger-ui-wrap" style="margin-top: 20px; margin-bottom: 20px;">
&copy; 2017 <a href="https://api-platform.com">Api-Platform</a>
</div>
<script src="{{ asset('bundles/nelmioapidoc/swagger-ui/swagger-ui-bundle.js') }}"></script>
<script src="{{ asset('bundles/nelmioapidoc/swagger-ui/swagger-ui-standalone-preset.js') }}"></script>
<script src="{{ asset('bundles/nelmioapidoc/init-swagger-ui.js') }}"></script>
</body>
</html>
<h1>Legal Disclosure</h1>
Information in accordance with Section 5 TMG
<br><br>
{{ pp_name }}<br>
{{ pp_street }}<br>
{{ pp_town }}<br>
<h2>Contact Information</h2>
<br>
E-Mail: {{ pp_email }}
<br><br>
<h2>Disclaimer</h2>
Accountability for content<br>
The contents of our pages have been created with the utmost care. However, we cannot guarantee the contents'
accuracy, completeness or topicality. According to statutory provisions, we are furthermore responsible for
our own content on these web pages. In this matter, please note that we are not obliged to monitor
the transmitted or saved information of third parties, or investigate circumstances pointing to illegal activity.
Our obligations to remove or block the use of information under generally applicable laws remain unaffected by this as per
§§ 8 to 10 of the Telemedia Act (TMG).
<br><br>Accountability for links<br>
Responsibility for the content of
external links (to web pages of third parties) lies solely with the operators of the linked pages. No violations were
evident to us at the time of linking. Should any legal infringement become known to us, we will remove the respective
link immediately.<br><br>Copyright<br> Our web pages and their contents are subject to German copyright law. Unless
expressly permitted by law, every form of utilizing, reproducing or processing
works subject to copyright protection on our web pages requires the prior consent of the respective owner of the rights.
Individual reproductions of a work are only allowed for private use.
The materials from these pages are copyrighted and any unauthorized use may violate copyright laws.
<br><br>
<i>Quelle: </i><a href="http://www.translate-24h.de" target="_blank">Übersetzungsdienst translate-24h.de</a> <br><br>
<h1>Privacy Policy</h1>
<p>Personal data (usually referred to just as "data" below) will only be processed by us to the extent necessary and for the purpose of providing a functional and user-friendly website, including its contents, and the services offered there.</p>
<p>Per Art. 4 No. 1 of Regulation (EU) 2016/679, i.e. the General Data Protection Regulation (hereinafter referred to as the "GDPR"), "processing" refers to any operation or set of operations such as collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment, or combination, restriction, erasure, or destruction performed on personal data, whether by automated means or not.</p>
<p>The following privacy policy is intended to inform you in particular about the type, scope, purpose, duration, and legal basis for the processing of such data either under our own control or in conjunction with others. We also inform you below about the third-party components we use to optimize our website and improve the user experience which may result in said third parties also processing data they collect and control.</p>
<p>Our privacy policy is structured as follows:</p>
<p>I. Information about us as controllers of your data<br>II. The rights of users and data subjects<br>III. Information about the data processing</p>
<h2>I. Information about us as controllers of your data</h2>
<p>The party responsible for this website (the "controller") for purposes of data protection law is:</p>
<p>
<span>{{ pp_name }}</span><br>
<span>{{ pp_street }}</span><br>
<span>{{ pp_town }}</span><br>
<span>{{ pp_country }}</span>
</p>
<p>
<span>Email: {{ pp_email }}</span></p>
<h2>II. The rights of users and data subjects</h2>
<p>With regard to the data processing to be described in more detail below, users and data subjects have the right</p>
<ul type="disc">
<li>to confirmation of whether data concerning them is being processed, information about the data being processed, further information about the nature of the data processing, and copies of the data (cf. also Art. 15 GDPR);</li>
<li>to correct or complete incorrect or incomplete data (cf. also Art. 16 GDPR);</li>
<li>to the immediate deletion of data concerning them (cf. also Art. 17 DSGVO), or, alternatively, if further processing is necessary as stipulated in Art. 17 Para. 3 GDPR, to restrict said processing per Art. 18 GDPR;</li>
<li>to receive copies of the data concerning them and/or provided by them and to have the same transmitted to other providers/controllers (cf. also Art. 20 GDPR);</li>
<li>to file complaints with the supervisory authority if they believe that data concerning them is being processed by the controller in breach of data protection provisions (see also Art. 77 GDPR).</li>
</ul>
<p>In addition, the controller is obliged to inform all recipients to whom it discloses data of any such corrections, deletions, or restrictions placed on processing the same per Art. 16, 17 Para. 1, 18 GDPR. However, this obligation does not apply if such notification is impossible or involves a disproportionate effort. Nevertheless, users have a right to information about these recipients.</p>
<p><strong>Likewise, under Art. 21 GDPR, users and data subjects have the right to object to the controller's future processing of their data pursuant to Art. 6 Para. 1 lit. f) GDPR. In particular, an objection to data processing for the purpose of direct advertising is permissible.</strong></p>
<h2>III. Information about the data processing</h2>
<p>Your data processed when using our website will be deleted or blocked as soon as the purpose for its storage ceases to apply, provided the deletion of the same is not in breach of any statutory storage obligations or unless otherwise stipulated below.</p>
<h3>Server data</h3>
<p>For technical reasons, the following data sent by your internet browser to us or to our server provider will be collected, especially to ensure a secure and stable website: These server log files record the type and version of your browser, operating system, the website from which you came (referrer URL), the webpages on our site visited, the date and time of your visit, as well as the IP address from which you visited our site.</p>
<p>The data thus collected will be temporarily stored, but not in association with any other of your data.</p>
<p>The basis for this storage is Art. 6 Para. 1 lit. f) GDPR. Our legitimate interest lies in the improvement, stability, functionality, and security of our website.</p>
<p>The data will be deleted within no more than {{ pp_store_time }}, unless continued storage is required for evidentiary purposes. In which case, all or part of the data will be excluded from deletion until the investigation of the relevant incident is finally resolved.</p>
<p><a href="https://www.ratgeberrecht.eu/leistungen/muster-datenschutzerklaerung.html" target="_blank" rel="noopener">Model Data Protection Statement</a> for <a href="https://www.ratgeberrecht.eu/" target="_blank">Anwaltskanzlei Weiß &amp; Partner</a></p>
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment