Skip to content

Commit

Permalink
Self-serve account deletion, and updated Privacy Policy
Browse files Browse the repository at this point in the history 
- "My account" page showing user details and linking to deletion form.
- Link to "My account" page from user dropdown menu.
- Dark Matter Labs removed from Privacy Policy as we are no longer in
  the alpha testing period.
- Info about the postcode session storage added to Privacy Policy,
  along with various other small improvements.
  • Loading branch information
@zarino
zarino committed Oct 4, 2024
1 parent 34dce1f commit 2939b23
Show file tree
Hide file tree
Showing 5 changed files with 76 additions and 18 deletions.
39 changes: 39 additions & 0 deletions neighbourhood/templates/neighbourhood/accounts/my_account.html
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
{% extends "neighbourhood/base.html" %}

{% block content %}

<div class="py-4 py-lg-5">
<div class="container">
<div class="d-flex mb-4 mb-lg-5 align-items-center">
<h1 class="mb-0 me-auto">Your account</h1>
<a href="{% url 'logout' %}" class="btn btn-danger text-nowrap">Sign out</a>
</div>

<div class="mw-40rem mb-5 mb-lg-6">
<dl class="row">
<dt class="col-sm-3">Full name</dt>
<dd class="col-sm-9">{{ request.user.full_name }}</dd>
<dt class="col-sm-3">Email</dt>
<dd class="col-sm-9">{{ request.user.email }}</dd>
</dl>
<p>If you need to change these details, please <a href="https://www.mysociety.org/contact">contact us</a>.</p>
<p>You can also <a href="{% url 'password_reset' %}">change your password</a>.</p>
</div>

<div class="p-3 p-lg-4 rounded bg-red-100 mb-4">
<h2 class="h3 mb-3 mb-lg-4">Danger zone</h2>
<div class="d-md-flex align-items-center">
<div class="flex-grow-1 mb-3 mb-md-0 pe-sm-5">
<h3 class="h6">Delete your account</h3>
<p class="mb-0">If you no longer need your account, you can delete it. This <strong>cannot</strong> be undone.</p>
</div>
<form method="post">
{% csrf_token %}
<button type="submit" class="btn btn-danger text-nowrap">Delete account immediately</button>
</form>
</div>
</div>
</div>
</div>

{% endblock %}
3 changes: 1 addition & 2 deletions neighbourhood/templates/neighbourhood/includes/header.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,7 @@
</a>
<ul class="dropdown-menu dropdown-menu-end">
<li><h6 class="dropdown-header">Signed in as</h6></li>
<!-- TODO: Make this a link, once we have profile pages -->
<li><span class="dropdown-item-text">{{ request.user.full_name }}</span></li>
<li><a class="dropdown-item" href="{% url 'my_account' %}">{{ request.user.full_name }}</a></li>
{% if request.user.teams.all %}
<li><hr class="dropdown-divider"></li>
<li><h6 class="dropdown-header">Your team{{ request.user.teams.all|pluralize }}</h6></li>
Expand Down
39 changes: 23 additions & 16 deletions neighbourhood/templates/neighbourhood/privacy.html
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,48 +9,55 @@ <h1 class="mb-5">Privacy policy</h1>

<h2 class="mt-5" id="who">Who is responsible for this service</h2>

<p>Neighbourhood Warmth is run by <a href="https://www.mysociety.org">mySociety</a>.</p>

<p>mySociety (registered charity 1076346) is the data controller of all the information described in this privacy policy, and a joint data processor of the personal data described in this privacy policy.
<a href="https://darkmatterlabs.org/">Dark Matter Labs</a> (company number 13294211) is a strategic discovery, design and development lab with which mySociety has partnered on Neighbourhood Warmth, and is the other joint data processor of the personal data described in this privacy policy.</p>
<p>Neighbourhood Warmth is run by <a href="https://www.mysociety.org">mySociety</a> (registered charity 1076346).</p>

<p>mySociety’s registered office is 483 Green Lanes, London, N13 4BS United Kingdom.</p>

<p>Dark Matter Labs is a company registered at 217 Mare Street London, E8 3QE United Kingdom.</p>

<h2 class="mt-5" id="collecting">What personal data we collect and how we use it</h2>

<p>This privacy policy covers data collected on and by Neighbourhood Warmth, during its initial Alpha period, running over June–August 2023.</p>

<h3>Information about you</h3>
<p>This privacy policy covers data collected on and by the <a href="{{ request.scheme }}://{{ request.META.HTTP_HOST }}">Neighbourhood Warmth</a> website.</p>

<h3 class="mt-4">Information about you</h3>

<p><strong>If you use the site without logging in</strong>, we collect and log some information about your visit, in order to analyse and fix problems with the site. Our web server logs collect information about requests, including your IP address, data submitted (which might include your email address when you log on to the site), request date and time, page requested, browser version and referrer. We routinely keep this information for 28 days. Note that in normal circumstances, this data is infrequently accessed by a human, and when it is, they are likely to be assessing it in bulk, in order to understand an issue with the site, rather than at a granular level of individual users.</p>

<p><strong>If you log into a personal account on the site</strong>, we store your full name, email address and home address so that we can display nearby teams, and so that team members can recognise each other and see details of their teams’ progress. We may also use this email address to send you occasional important messages about the service, or your account on it. When you log in, your email address may also be stored in our webserver logs for up to 28 days, as mentioned above. We store a cookie on your device, to keep you logged in over subsequent page loads and visits.</p>
<p><strong>If you search for your postcode on the site</strong>, that postcode is stored on our web server for up to {{ session_cookie_age_string }} after your last visit, and associated with a cookie on your device, so that the site can find and remember that postcode for you, as you navigate between different pages on the site.</p>

<p><strong>If you create a personal account on the site</strong>, we store your full name and email address so that you can log in and contribute to your team’s progress. We may also use this email address to send you occasional important messages about the service, or your account on it. When you log in, your email address may also be stored in our webserver logs for up to 28 days, as mentioned above. We store a cookie on your device, to keep you logged in over subsequent page loads and visits.</p>

<h2 class="mt-5" id="legal-basis">Legal basis for processing</h2>

<p>When you use the site without logging in, the data in our webserver logs is collected under the legal basis GDPR 6(1)(f) Legitimate Interests. Collection of this data is necessary in order to ensure the smooth running and delivery of the website.</p>
<p><strong>When you use the site without logging in</strong>, the data in our webserver logs is collected under the legal basis GDPR 6(1)(f) Legitimate Interests. Collection of this data is necessary in order to ensure the smooth running and delivery of the website.</p>

<p>When you request a personal account on the site, you are consenting to the processes as described on this page. The legal basis is GDPR 6(1)(a) Consent of the data subject.</p>
<p><strong>When we store your postcode in your session</strong>, we do so under the legal basis GDPR 6(1)(f) Legitimate Interests, as it is necessary in order to display your location on different pages as you navigate around the site.</p>

<p><strong>When you request a personal account on the site</strong>, you are consenting to the processes as described on this page. The legal basis is GDPR 6(1)(a) Consent of the data subject. You can withdraw this consent at any time by <a href="#erasure">deleting your account</a>.</p>

<h2 class="mt-5" id="retention">How long we keep your data</h2>

<p>Data in the server logs will be retained for 28 days.</p>
<p><strong>When you use the site</strong>, the data in our server logs (see above) will be retained for 28 days.</p>

<p><strong>When you search for your postcode on the site</strong>, your postcode is saved in our database for {{ session_cookie_age_string }}, or until you tell the site to “Forget” it (see below).</p>

<p>Data submitted when creating an account on the site will be kept until the end of our current Alpha period, on 31st August 2023.</p>
<p><strong>When you create an account</strong>, that data is kept until you remove—or ask us to remove—your account (see below).</p>

<h2 class="mt-5" id="sharing">Who we share your data with</h2>

<p>The data we collect is accessible only by the two non-profit organisations running the site—mySociety and Dark Matter Labs—and will only be used for the specific purpose of running Neighbourhood Warmth during this initial Alpha period. We don’t share this personal data with any other charity, public body, or commercial organisation, unless you give us permission to do so, or we have to do so for legal or compliance reasons.</p>
<p><strong>When you join a team on the site</strong> we may share your name and email address with the team’s organiser, in order for them to contact you about the team’s progress. The team organiser might be a neighbour of yours, or a local organisation who are supporting home energy action in your area. They are not allowed to use your information to sell you any services, or pass your information on to any third parties, without seeking your consent.</p>

<p>Aside from that, we don’t share your personal data with any other charity, public body, or commercial organisation, unless you give us permission to do so, or we have to do so for legal or compliance reasons.</p>

<h2 class="mt-5" id="access">Your right to access</h2>

<p>You may contact us at any time to ask to see what personal data we hold about you. Please <a href="https://www.mysociety.org/contact">contact us</a> to request this.</p>

<h2 class="mt-5" id="erasure">Your right to erasure</h2>

<p>You may request that we destroy the personal data that we hold about you. Please <a href="https://www.mysociety.org/contact">contact us</a> to request this.</p>
<p><strong>If you have an account on the site</strong> you can <a href="{% url 'my_account' %}">delete it via your account page</a>.</p>

<p><strong>If you search for your postcode on the site</strong>, but no longer want it to remember that postcode, you can remove this data by pressing the “Forget” button next to your postcode, at the bottom of any page on the site.</p>

<p>You can also <a href="https://www.mysociety.org/contact">contact us</a> to request that we destroy any personal data that we hold about you.</p>

<h2 class="mt-5" id="complain">Your right to complain</h2>

Expand Down
12 changes: 12 additions & 0 deletions neighbourhood/views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@
from django.core.exceptions import PermissionDenied
from django.http import HttpResponseRedirect, JsonResponse
from django.shortcuts import redirect, render, reverse
from django.urls import reverse_lazy
from django.views.generic import (
DeleteView,
DetailView,
RedirectView,
TemplateView,
Expand Down Expand Up @@ -354,6 +356,16 @@ def get_redirect_url(self, *args, **kwargs):
return self.request.META.get("HTTP_REFERER", reverse("home"))


class MyAccountView(TitleMixin, DeleteView):
page_title = "Your account"
model = get_user_model()
template_name = "neighbourhood/accounts/my_account.html"
success_url = reverse_lazy("home")

def get_object(self, queryset=None):
return self.request.user


class AboutView(TitleMixin, TemplateView):
page_title = "About"
template_name = "neighbourhood/about.html"
Expand Down
1 change: 1 addition & 0 deletions neighbourhood_warmth/urls.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@
path(
"forget_postcode/", views.ForgetPostcodeView.as_view(), name="forget_postcode"
),
path("me/", views.MyAccountView.as_view(), name="my_account"),
path(
"confirmation_sent/",
views.ConfirmationSentView.as_view(),
Expand Down

0 comments on commit 2939b23

Please sign in to comment.