19 KiB
Privacy Template
The privacy template provides a complete LGPD/GDPR/CCPA-compliant Privacy Rights Center, enabling users to exercise their data protection rights through a conversational interface.
Topic: Data Privacy & Compliance
This template is perfect for:
- LGPD compliance (Brazil)
- GDPR compliance (EU)
- CCPA compliance (California)
- Data subject rights management
- Consent management portals
The Code
ADD TOOL "request-data"
ADD TOOL "export-data"
ADD TOOL "delete-data"
ADD TOOL "manage-consents"
ADD TOOL "rectify-data"
ADD TOOL "object-processing"
USE KB "privacy.gbkb"
CLEAR SUGGESTIONS
ADD SUGGESTION "access" AS "View my data"
ADD SUGGESTION "export" AS "Export my data"
ADD SUGGESTION "delete" AS "Delete my data"
ADD SUGGESTION "consents" AS "Manage consents"
ADD SUGGESTION "correct" AS "Correct my data"
ADD SUGGESTION "object" AS "Object to processing"
SET CONTEXT "privacy rights" AS "You are a Privacy Rights Center assistant helping users exercise their data protection rights under LGPD, GDPR, and CCPA. Help with data access, rectification, erasure, portability, and consent management."
BEGIN TALK
**Privacy Rights Center**
As a data subject, you have the following rights:
1. **Access** - View all data we hold about you
2. **Rectification** - Correct inaccurate data
3. **Erasure** - Request deletion of your data
4. **Portability** - Export your data
5. **Object** - Opt-out of certain processing
6. **Consent** - Review and update your consents
Select an option or describe your request.
END TALK
BEGIN SYSTEM PROMPT
You are a Privacy Rights Center assistant for LGPD/GDPR/CCPA compliance.
Data subject rights:
- Right of Access: View all personal data
- Right to Rectification: Correct inaccurate data
- Right to Erasure: Delete personal data (right to be forgotten)
- Right to Portability: Export data in machine-readable format
- Right to Object: Opt-out of marketing, profiling, etc.
- Consent Management: Review and withdraw consents
Always verify identity before processing sensitive requests.
Log all privacy requests for compliance audit.
Provide clear timelines for request fulfillment.
Escalate complex requests to the Data Protection Officer.
END SYSTEM PROMPT
Sample Dialogs
These conversations show how the privacy template works in real-world scenarios.
Dialog 1: Data Access Request
Privacy Rights Center
As a data subject, you have the following rights:
1. Access - View all data we hold about you
2. Rectification - Correct inaccurate data
3. Erasure - Request deletion of your data
I want to see all the data you have about me
🔐 Identity Verification Required
To protect your privacy, I need to verify your identity before providing access to your personal data.
I've sent a verification code to your registered email (j***@email.com).
Please enter the 6-digit code:
482917
✅ Identity verified. Here's a summary of your data:
📋 Personal Information
• Name: John Smith
• Email: j***@email.com
• Phone: ***-***-4567
• Account created: Jan 15, 2023
📊 Activity Data
• Orders: 12
• Support tickets: 3
• Last login: Today
🔔 Marketing Preferences
• Email marketing: Opted in
• SMS notifications: Opted out
Would you like a full export of your data?
Dialog 2: Data Deletion Request
I want to delete all my data
⚠️ Data Deletion Request
You're requesting to exercise your Right to Erasure (Right to be Forgotten).
Please note:
• This action is irreversible
• Your account will be permanently closed
• Some data may be retained for legal compliance
Before proceeding, I need to verify your identity. Please confirm your registered email address:
📧 A verification link has been sent to john.smith@email.com
Please click the link to confirm your deletion request.
What will be deleted:
• Personal profile information
• Activity history and preferences
• Marketing and communication history
What will be retained (legal requirement):
• Transaction records (7 years)
• Tax-related documents (5 years)
Your request will be processed within 15 business days (LGPD) / 30 days (GDPR).
Request ID: DEL-2025-001234
Dialog 3: Consent Management
I want to manage my consents
⚙️ Your Consent Settings
Essential Services (Required)
✅ Account management - Required for service
✅ Security features - Required for protection
Optional Consents
✅ Email marketing - Receive promotions
❌ SMS notifications - Text messages
✅ Personalization - Customized experience
❌ Third-party sharing - Partner offers
✅ Analytics - Help us improve
Which consent would you like to change?
Turn off email marketing
✅ Consent Updated
Email marketing has been disabled.
You will no longer receive promotional emails from us.
This change takes effect immediately. You can re-enable this at any time.
📋 Audit log updated for compliance.
Dialog 4: Data Export (Portability)
Export my data
📦 Data Export Request
Choose your preferred export format:
1️⃣ JSON - Machine-readable, for transferring to other services
2️⃣ CSV - Spreadsheet format, easy to view
3️⃣ PDF - Human-readable report
JSON
⏳ Preparing Your Data Export
Your data export is being prepared in JSON format.
📧 A secure download link will be sent to your email within 24 hours.
The link will expire in 7 days for security.
Request ID: EXP-2025-005678
Keywords Used
| Keyword | Purpose |
|---|---|
ADD TOOL |
Register privacy rights tools |
USE KB |
Load privacy policy knowledge base |
ADD SUGGESTION |
Create quick action buttons for rights |
SET CONTEXT |
Define privacy assistant behavior |
BEGIN TALK |
Welcome message with rights summary |
BEGIN SYSTEM PROMPT |
Compliance rules and procedures |
Template Structure
privacy.gbai/
├── privacy.gbdialog/
│ ├── start.bas # Main entry point
│ ├── request-data.bas # Data access requests
│ ├── export-data.bas # Data portability
│ ├── delete-data.bas # Right to erasure
│ ├── manage-consents.bas # Consent management
│ └── rectify-data.bas # Data correction
├── privacy.gbot/
│ └── config.csv # Configuration
├── privacy.gbkb/
│ └── privacy-policy.md # Privacy documentation
└── privacy.gbui/
└── index.html # Web portal UI
Data Subject Rights by Regulation
| Right | LGPD (Brazil) | GDPR (EU) | CCPA (California) |
|---|---|---|---|
| Access | Art. 18 | Art. 15 | §1798.100 |
| Rectification | Art. 18 III | Art. 16 | - |
| Erasure | Art. 18 VI | Art. 17 | §1798.105 |
| Portability | Art. 18 V | Art. 20 | §1798.100 |
| Object | Art. 18 IV | Art. 21 | §1798.120 |
| Consent | Art. 8 | Art. 7 | §1798.135 |
Response Deadlines
| Regulation | Standard | Extended |
|---|---|---|
| LGPD | 15 days | - |
| GDPR | 30 days | 90 days (complex) |
| CCPA | 45 days | 90 days |
Request Data Tool: request-data.bas
PARAM request_type AS STRING LIKE "full" DESCRIPTION "Type of data request: full, summary, specific"
DESCRIPTION "Process a data access request (Right of Access)"
' Verify identity first
TALK "🔐 To protect your privacy, I need to verify your identity."
TALK "I'll send a verification code to your registered email."
code = FORMAT(RANDOM(100000, 999999))
SET BOT MEMORY "verification_code_" + user_id, code
SET BOT MEMORY "verification_expiry_" + user_id, DATEADD(NOW(), 10, "minutes")
SEND MAIL user_email, "Privacy Request Verification", "Your verification code is: " + code
TALK "Please enter the 6-digit code sent to your email:"
HEAR entered_code
stored_code = GET BOT MEMORY("verification_code_" + user_id)
expiry = GET BOT MEMORY("verification_expiry_" + user_id)
IF entered_code <> stored_code OR NOW() > expiry THEN
TALK "❌ Invalid or expired code. Please try again."
RETURN NULL
END IF
' Log the request for compliance
WITH request
id = "ACC-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(100000, 999999))
user_id = user_id
type = "access"
status = "processing"
created_at = NOW()
deadline = DATEADD(NOW(), 15, "days")
END WITH
SAVE "privacy_requests.csv", request
' Retrieve user data
userData = FIND "users.csv", "id = '" + user_id + "'"
activityData = FIND "activity_log.csv", "user_id = '" + user_id + "'"
consents = FIND "consents.csv", "user_id = '" + user_id + "'"
TALK "✅ Identity verified. Here's your data:"
TALK ""
TALK "**📋 Personal Information**"
TALK "• Name: " + userData.name
TALK "• Email: " + MASK_EMAIL(userData.email)
TALK "• Account created: " + FORMAT(userData.created_at, "MMM DD, YYYY")
TALK ""
TALK "**📊 Activity Summary**"
TALK "• Total activities: " + UBOUND(activityData)
TALK "• Last activity: " + FORMAT(activityData[1].timestamp, "MMM DD, YYYY")
TALK ""
TALK "**🔔 Consent Status**"
FOR EACH consent IN consents
status_icon = IIF(consent.granted, "✅", "❌")
TALK "• " + consent.purpose + ": " + status_icon
NEXT
TALK ""
TALK "Request ID: **" + request.id + "**"
TALK "Would you like a full export of your data?"
RETURN request.id
Delete Data Tool: delete-data.bas
PARAM confirm AS STRING LIKE "yes" DESCRIPTION "Confirmation to proceed with deletion"
DESCRIPTION "Process a data erasure request (Right to be Forgotten)"
' Warn about consequences
TALK "⚠️ **Data Deletion Request**"
TALK ""
TALK "This will permanently delete:"
TALK "• Your profile and personal information"
TALK "• Activity history and preferences"
TALK "• Communication history"
TALK ""
TALK "**Note:** Some data may be retained for legal compliance:"
TALK "• Financial records (tax requirements)"
TALK "• Fraud prevention data"
TALK "• Legal dispute documentation"
TALK ""
TALK "Type **DELETE MY DATA** to confirm this irreversible action:"
HEAR confirmation
IF UPPER(confirmation) <> "DELETE MY DATA" THEN
TALK "Deletion cancelled. Your data remains unchanged."
RETURN NULL
END IF
' Create deletion request
WITH request
id = "DEL-" + FORMAT(NOW(), "YYYY") + "-" + FORMAT(RANDOM(100000, 999999))
user_id = user_id
type = "erasure"
status = "pending_verification"
created_at = NOW()
deadline = DATEADD(NOW(), 15, "days")
END WITH
SAVE "privacy_requests.csv", request
' Send verification email
verification_link = "https://privacy.company.com/verify/" + request.id
SEND MAIL user_email, "Confirm Data Deletion Request",
"Click to confirm your data deletion request:\n\n" + verification_link +
"\n\nThis link expires in 24 hours.\n\nRequest ID: " + request.id
TALK "📧 A verification email has been sent."
TALK "Please click the link to confirm your deletion request."
TALK ""
TALK "**Timeline:**"
TALK "• Verification: 24 hours"
TALK "• Processing: 15 business days (LGPD) / 30 days (GDPR)"
TALK ""
TALK "Request ID: **" + request.id + "**"
RETURN request.id
Customization Ideas
Add Identity Verification Options
TALK "How would you like to verify your identity?"
ADD SUGGESTION "email" AS "Email verification"
ADD SUGGESTION "sms" AS "SMS verification"
ADD SUGGESTION "id" AS "Upload ID document"
HEAR method
SWITCH method
CASE "email"
' Send email code
CASE "sms"
' Send SMS code
CASE "id"
TALK "Please upload a photo of your government-issued ID."
HEAR id_upload AS FILE
' Process ID verification
END SWITCH
Add DPO Escalation
' For complex requests
IF request_complexity = "high" THEN
TALK "This request requires review by our Data Protection Officer."
TALK "You will be contacted within 5 business days."
SEND MAIL "dpo@company.com", "Privacy Request Escalation",
"Request ID: " + request.id + "\n" +
"Type: " + request.type + "\n" +
"User: " + user_email + "\n" +
"Reason: Complex request requiring DPO review"
END IF
Add Audit Logging
' Log all privacy operations
WITH auditLog
timestamp = NOW()
request_id = request.id
user_id = user_id
action = "data_access"
ip_address = GET_CLIENT_IP()
user_agent = GET_USER_AGENT()
result = "success"
END WITH
SAVE "privacy_audit_log.csv", auditLog
Best Practices
- Always Verify Identity: Never provide data without verification
- Log Everything: Maintain audit trails for compliance
- Clear Timelines: Communicate response deadlines clearly
- Explain Retention: Be transparent about what data is retained and why
- Easy Consent Management: Make it simple to change preferences
- Secure Communications: Use encrypted channels for sensitive data
Related Templates
- auth.bas - Authentication patterns
- bank.bas - Secure financial data handling
- hipaa.bas - Healthcare privacy compliance