european-alternatives.eu privacy policy — score 45/100 (high risk)
Viimati analüüsitud
Aruande sisu (kokkuvõte, leitud asjaolud, tsitaadid) on genereeritud inglise keeles ja seda pole lokaliseeritud.
Constantin Graf (European Alternatives) · european-alternatives.eu
Aruande üksikasjad
high riskEuropean Alternatives collects minimal data and uses privacy-friendly tools, but its privacy policy is an unfinished template with placeholder text for critical sections like data storage, retention, and deletion — making it non-compliant as-is.
The policy reveals a small sole proprietorship with genuinely limited data collection and privacy-conscious tool choices (Plausible analytics, German-hosted chat). However, the policy contains unfilled template placeholders, omits detail on multiple third-party processors, mentions a potentially unlawful fee for data access requests, and is silent on international transfers and AI training. Last updated in February 2022.
Kategooriate kaupa hinnang
Poliitika jaotus peamistele vastavusaladele. Hea = tugev, keskmine = segane, nõrk = muret tekitav.
Collects only anonymized site activity, newsletter name/email, and chat data when actively used — no unnecessary profiling or tracking.
Contains unfilled template placeholders for storage location, retention periods, and deletion methods; multiple third-party processors (Plausible, Sendinblue, Bunny CDN) are named but not described.
Userlike chat processing is described in some detail, but Plausible, Sendinblue, and Bunny CDN are listed as headings with zero explanation of what data they receive or how they process it.
No information on transfers at all. The Userlike widget loads from AWS Cloudfront, which may route data outside the EEA, but no transfer mechanism or safeguard is mentioned.
Completely silent on whether user data is used for AI or model training purposes — no confirmation either way.
All GDPR rights are listed, but the policy states 'We may charge you a small fee' for access requests, which conflicts with GDPR's general prohibition on fees for first copies.
Peamised leitud asjaolud
Märkimisväärsed klauslid, probleemid või head tavad (kriitilised esimesena)
Unfilled template placeholders in critical sections
The policy contains literal template text: 'European Alternatives securely stores your data at [enter the location and describe security precautions taken]' and 'European Alternatives will keep your [enter type of data] for [enter time period]. Once this time period has expired, we will delete your data by [enter how you delete users' data].' These are mandatory disclosures under GDPR Article 13(2)(b), (c), and (e).
Fee charged for data access requests
The policy states 'We may charge you a small fee for this service' for the right to access. Under GDPR Article 12(5), the first copy of personal data must be provided free of charge. A fee is only permissible for further copies.
Multiple third-party processors listed without any detail
Sections for 'Newsletter - sendinblue', 'Analytics - plausible', and 'CDN - bunny' are just headings with no content. Users cannot understand what data these processors receive, for what purpose, or what their rights are regarding that data.
No information on international data transfers
The Userlike widget loads JavaScript from AWS Cloudfront, a global CDN that may serve content from non-EEA locations. No transfer mechanism (SCCs, adequacy decision, etc.) is described, violating GDPR Article 13(1)(f).
Affiliate links pass referral parameters to third parties
The policy acknowledges that affiliate links 'contain information (e.g. a parameter), which informs the external website that the user comes from us' and that 'It is possible that the external website sets a cookie to link this information to the behavior on the website.' This is a form of data sharing that lacks specificity about which partners receive this data.
Chat data retention based on legitimate interest with vague opt-out
Chat history is stored based on Art. 6(1)(f) GDPR (legitimate interest). The opt-out requires contacting the operator manually: 'If you do not wish your live chat history to be stored, please do not hesitate to contact us.' No retention period is specified for chat data.
Policy last updated February 2022 — over three years old
The policy states it was 'last updated on 5 February 2022.' Given changes in services, processors, and legal requirements since then, the policy may be outdated and inaccurate.
Kokkuvõte kasutajale
Your data footprint here is small, but the operator hasn't bothered to complete the privacy policy — so you can't actually know where your data is stored, how long it's kept, or how it's deleted.
Vastavusseisund
Non-compliant due to incomplete policy. Template placeholders for storage location, retention periods, and deletion methods violate GDPR Article 13 requirements for transparent, specific information. The fee for access requests conflicts with GDPR Article 12(5).
EL-i ülekanded
No information provided. The Userlike widget loads from AWS Cloudfront, which could involve transfers outside the EEA, but this is not addressed.
Tuvastatud signaalid
Tekstis tuvastatud konkreetsed andmed ja tavad
Tõendite väljavõtted
Otsesed tsitaadid poliitikast nende leidude toetuseks
European Alternatives securely stores your data at [enter the location and describe security precautions taken].
European Alternatives will keep your [enter type of data] for [enter time period]. Once this time period has expired, we will delete your data by [enter how you delete users' data].
We may charge you a small fee for this service.
By accessing the european-alternatives.eu web page, the chat widget is loaded as a JavaScript file from AWS Cloudfront.
If you do not wish your live chat history to be stored, please do not hesitate to contact us using the contact details listed below.
This privacy policy was last updated on 5 February 2022.
Puudub või ebaselge
- No data retention periods specified for any data type
- No description of security measures protecting stored data
- No detail on Plausible analytics processing
- No detail on Sendinblue newsletter processing
- No detail on Bunny CDN processing
- No information on international transfer safeguards
- No cookie consent mechanism described despite use of cookies
- No Data Protection Officer contact
- No supervisory authority identified for complaints
- No information on automated decision-making or profiling
- No detail on which affiliate partners receive referral data
Küsimused, mida küsida
- Why does the privacy policy still contain unfilled template placeholders like '[enter the location and describe security precautions taken]' — when will these be completed?
- Under what legal basis do you justify charging a fee for the right of access, given GDPR Article 15 requires the first copy to be provided free of charge?
- What data exactly does Plausible collect and process, and where are Plausible's servers located?
- What data does Sendinblue process for the newsletter, and what is its role (processor or controller)?
- What data flows through Bunny CDN, and where are its servers located?
- Does the Userlike widget loaded via AWS Cloudfront involve any data transfers outside the EEA, and if so, what transfer mechanism (SCCs, adequacy decision) is in place?
- What is the retention period for live chat histories, and is there an automated deletion mechanism?
- Is any user data used for AI model training, either by European Alternatives or any of its third-party processors?
- Which specific affiliate partners receive referral parameters, and do you have data processing agreements with them?
- How do you obtain valid cookie consent before placing functionality cookies on users' devices?
Jaga seda analüüsi
Igaüks, kellel on see link, saab ülalolevat tulemust vaadata.
DentroChati loodud
100% Euroopa tehisintellektivestlus kõigile
Vestle tehisintellektiga, tööta failidega, loo pilte ja otsi veebist. Andmed jäävad Euroopasse.