---

Licensed to the Apache Software Foundation (ASF) under one

or more contributor license agreements. See the NOTICE file

distributed with this work for additional information

regarding copyright ownership. The ASF licenses this file

to you under the Apache License, Version 2.0 (the

“License”); you may not use this file except in compliance

with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing,

software distributed under the License is distributed on an

“AS IS” BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY

KIND, either express or implied. See the License for the

specific language governing permissions and limitations

under the License.

layout: default

---> DRAFT VERSION

This policy describes restrictions for websites managed by the ASF or hosted on ASF servers.

1) Analytics

All analytics software embedded on a website needs to be confirmed by V.P. Data Privacy. Analytics software need to support the GDPR and a DPA need to be signed before it can be used.

Note: Google Analytics cannot be used on any ASF website because of Schrems-II.

2) YouTube

YouTube content can be embedded only when the user gave consent before loading any file from YouTube.

3) Cookies

No cookies are allowed, except the user gave consent before setting the cookie.

If the cookie is not used for tracking, but used for managing a so called session, no user content is necessary.

4) Using Assets from other Domains

Assets (JS, Images, Fonts, CSS etc) from other domains cannot be loaded. Assets need to be hosted on ASF servers.

5) (Google) Maps

(Google) can usually be used, when the user gave consent before loading.

6) Social Media

Social Media buttons (Facebook Like, showing Instagram embeds, Twitter pixel) can only be used when the user gave consent before loading.

7) Facebook Pages

ASF Projects cannot run Facebook pages due to Art. 5 §2 and Art. 26 of the GDPR.