# Privacy Template The privacy template provides a complete LGPD/GDPR/CCPA-compliant Privacy Rights Center, enabling users to exercise their data protection rights through a conversational interface. ## Topic: Data Privacy & Compliance This template is perfect for: - LGPD compliance (Brazil) - GDPR compliance (EU) - CCPA compliance (California) - Data subject rights management - Consent management portals ## The Code ```basic ADD TOOL "request-data" ADD TOOL "export-data" ADD TOOL "delete-data" ADD TOOL "manage-consents" ADD TOOL "rectify-data" ADD TOOL "object-processing" USE KB "privacy.gbkb" CLEAR SUGGESTIONS ADD SUGGESTION "access" AS "View my data" ADD SUGGESTION "export" AS "Export my data" ADD SUGGESTION "delete" AS "Delete my data" ADD SUGGESTION "consents" AS "Manage consents" ADD SUGGESTION "correct" AS "Correct my data" ADD SUGGESTION "object" AS "Object to processing" SET CONTEXT "privacy rights" AS "You are a Privacy Rights Center assistant helping users exercise their data protection rights under LGPD, GDPR, and CCPA. Help with data access, rectification, erasure, portability, and consent management." BEGIN TALK **Privacy Rights Center** As a data subject, you have the following rights: 1. **Access** - View all data we hold about you 2. **Rectification** - Correct inaccurate data 3. **Erasure** - Request deletion of your data 4. **Portability** - Export your data 5. **Object** - Opt-out of certain processing 6. **Consent** - Review and update your consents Select an option or describe your request. END TALK BEGIN SYSTEM PROMPT You are a Privacy Rights Center assistant for LGPD/GDPR/CCPA compliance. Data subject rights: - Right of Access: View all personal data - Right to Rectification: Correct inaccurate data - Right to Erasure: Delete personal data (right to be forgotten) - Right to Portability: Export data in machine-readable format - Right to Object: Opt-out of marketing, profiling, etc. - Consent Management: Review and withdraw consents Always verify identity before processing sensitive requests. Log all privacy requests for compliance audit. Provide clear timelines for request fulfillment. Escalate complex requests to the Data Protection Officer. END SYSTEM PROMPT ``` ## Sample Dialogs These conversations show how the privacy template works in real-world scenarios. ### Dialog 1: Data Access Request
Today
### Dialog 2: Data Deletion Request
### Dialog 3: Consent Management
### Dialog 4: Data Export (Portability)
## Keywords Used | Keyword | Purpose | |---------|---------| | `ADD TOOL` | Register privacy rights tools | | `USE KB` | Load privacy policy knowledge base | | `ADD SUGGESTION` | Create quick action buttons for rights | | `SET CONTEXT` | Define privacy assistant behavior | | `BEGIN TALK` | Welcome message with rights summary | | `BEGIN SYSTEM PROMPT` | Compliance rules and procedures | ## Template Structure ``` privacy.gbai/ โ”œโ”€โ”€ privacy.gbdialog/ โ”‚ โ”œโ”€โ”€ start.bas # Main entry point โ”‚ โ”œโ”€โ”€ request-data.bas # Data access requests โ”‚ โ”œโ”€โ”€ export-data.bas # Data portability โ”‚ โ”œโ”€โ”€ delete-data.bas # Right to erasure โ”‚ โ”œโ”€โ”€ manage-consents.bas # Consent management โ”‚ โ””โ”€โ”€ rectify-data.bas # Data correction โ”œโ”€โ”€ privacy.gbot/ โ”‚ โ””โ”€โ”€ config.csv # Configuration โ”œโ”€โ”€ privacy.gbkb/ โ”‚ โ””โ”€โ”€ privacy-policy.md # Privacy documentation โ””โ”€โ”€ privacy.gbui/ โ””โ”€โ”€ index.html # Web portal UI ``` ## Data Subject Rights by Regulation | Right | LGPD (Brazil) | GDPR (EU) | CCPA (California) | |-------|---------------|-----------|-------------------| | Access | Art. 18 | Art. 15 | ยง1798.100 | | Rectification | Art. 18 III | Art. 16 | - | | Erasure | Art. 18 VI | Art. 17 | ยง1798.105 | | Portability | Art. 18 V | Art. 20 | ยง1798.100 | | Object | Art. 18 IV | Art. 21 | ยง1798.120 | | Consent | Art. 8 | Art. 7 | ยง1798.135 | ## Response Deadlines | Regulation | Standard | Extended | |------------|----------|----------| | LGPD | 15 days | - | | GDPR | 30 days | 90 days (complex) | | CCPA | 45 days | 90 days | ## Request Data Tool: request-data.bas ```basic PARAM request_type AS STRING LIKE "full" DESCRIPTION "Type of data request: full, summary, specific" DESCRIPTION "Process a data access request (Right of Access)" ' Verify identity first TALK "๐Ÿ” To protect your privacy, I need to verify your identity." TALK "I'll send a verification code to your registered email." code = FORMAT(RANDOM(100000, 999999)) SET BOT MEMORY "verification_code_" + user_id, code SET BOT MEMORY "verification_expiry_" + user_id, DATEADD(NOW(), 10, "minutes") SEND MAIL user_email, "Privacy Request Verification", "Your verification code is: " + code TALK "Please enter the 6-digit code sent to your email:" HEAR entered_code stored_code = GET BOT MEMORY("verification_code_" + user_id) expiry = GET BOT MEMORY("verification_expiry_" + user_id) IF entered_code <> stored_code OR NOW() > expiry THEN TALK "โŒ Invalid or expired code. Please try again." RETURN NULL END IF ' Log the request for compliance WITH request id = "ACC-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(100000, 999999)) user_id = user_id type = "access" status = "processing" created_at = NOW() deadline = DATEADD(NOW(), 15, "days") END WITH SAVE "privacy_requests.csv", request ' Retrieve user data userData = FIND "users.csv", "id = '" + user_id + "'" activityData = FIND "activity_log.csv", "user_id = '" + user_id + "'" consents = FIND "consents.csv", "user_id = '" + user_id + "'" TALK "โœ… Identity verified. Here's your data:" TALK "" TALK "**๐Ÿ“‹ Personal Information**" TALK "โ€ข Name: " + userData.name TALK "โ€ข Email: " + MASK_EMAIL(userData.email) TALK "โ€ข Account created: " + FORMAT(userData.created_at, "MMM DD, YYYY") TALK "" TALK "**๐Ÿ“Š Activity Summary**" TALK "โ€ข Total activities: " + UBOUND(activityData) TALK "โ€ข Last activity: " + FORMAT(activityData[1].timestamp, "MMM DD, YYYY") TALK "" TALK "**๐Ÿ”” Consent Status**" FOR EACH consent IN consents status_icon = IIF(consent.granted, "โœ…", "โŒ") TALK "โ€ข " + consent.purpose + ": " + status_icon NEXT TALK "" TALK "Request ID: **" + request.id + "**" TALK "Would you like a full export of your data?" RETURN request.id ``` ## Delete Data Tool: delete-data.bas ```basic PARAM confirm AS STRING LIKE "yes" DESCRIPTION "Confirmation to proceed with deletion" DESCRIPTION "Process a data erasure request (Right to be Forgotten)" ' Warn about consequences TALK "โš ๏ธ **Data Deletion Request**" TALK "" TALK "This will permanently delete:" TALK "โ€ข Your profile and personal information" TALK "โ€ข Activity history and preferences" TALK "โ€ข Communication history" TALK "" TALK "**Note:** Some data may be retained for legal compliance:" TALK "โ€ข Financial records (tax requirements)" TALK "โ€ข Fraud prevention data" TALK "โ€ข Legal dispute documentation" TALK "" TALK "Type **DELETE MY DATA** to confirm this irreversible action:" HEAR confirmation IF UPPER(confirmation) <> "DELETE MY DATA" THEN TALK "Deletion cancelled. Your data remains unchanged." RETURN NULL END IF ' Create deletion request WITH request id = "DEL-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(100000, 999999)) user_id = user_id type = "erasure" status = "pending_verification" created_at = NOW() deadline = DATEADD(NOW(), 15, "days") END WITH SAVE "privacy_requests.csv", request ' Send verification email verification_link = "https://privacy.company.com/verify/" + request.id SEND MAIL user_email, "Confirm Data Deletion Request", "Click to confirm your data deletion request:\n\n" + verification_link + "\n\nThis link expires in 24 hours.\n\nRequest ID: " + request.id TALK "๐Ÿ“ง A verification email has been sent." TALK "Please click the link to confirm your deletion request." TALK "" TALK "**Timeline:**" TALK "โ€ข Verification: 24 hours" TALK "โ€ข Processing: 15 business days (LGPD) / 30 days (GDPR)" TALK "" TALK "Request ID: **" + request.id + "**" RETURN request.id ``` ## Customization Ideas ### Add Identity Verification Options ```basic TALK "How would you like to verify your identity?" ADD SUGGESTION "email" AS "Email verification" ADD SUGGESTION "sms" AS "SMS verification" ADD SUGGESTION "id" AS "Upload ID document" HEAR method SWITCH method CASE "email" ' Send email code CASE "sms" ' Send SMS code CASE "id" TALK "Please upload a photo of your government-issued ID." HEAR id_upload AS FILE ' Process ID verification END SWITCH ``` ### Add DPO Escalation ```basic ' For complex requests IF request_complexity = "high" THEN TALK "This request requires review by our Data Protection Officer." TALK "You will be contacted within 5 business days." SEND MAIL "dpo@company.com", "Privacy Request Escalation", "Request ID: " + request.id + "\n" + "Type: " + request.type + "\n" + "User: " + user_email + "\n" + "Reason: Complex request requiring DPO review" END IF ``` ### Add Audit Logging ```basic ' Log all privacy operations WITH auditLog timestamp = NOW() request_id = request.id user_id = user_id action = "data_access" ip_address = GET_CLIENT_IP() user_agent = GET_USER_AGENT() result = "success" END WITH SAVE "privacy_audit_log.csv", auditLog ``` ## Best Practices 1. **Always Verify Identity**: Never provide data without verification 2. **Log Everything**: Maintain audit trails for compliance 3. **Clear Timelines**: Communicate response deadlines clearly 4. **Explain Retention**: Be transparent about what data is retained and why 5. **Easy Consent Management**: Make it simple to change preferences 6. **Secure Communications**: Use encrypted channels for sensitive data ## Related Templates - [auth.bas](./auth.md) - Authentication patterns - [bank.bas](./bank.md) - Secure financial data handling - [hipaa.bas](./hipaa.md) - Healthcare privacy compliance ---