Digital Privacy Policy · Transparency by Default · Consent Receipt Enabled

What happens first

You can verify who is accountable, what identifiers may be used, and how to exercise rights before any identification is demanded. This is a public standard implementation of a digital-consent-capable privacy policy, in which Global Privacy Rights holds a digital identity (provided instead of user-IDs) so you can see who controls your data before visiting, and object to being identified and tracked online prior to being digitally identified.

Standards note

A standard implementation

This is a standard digital privacy policy implementation using Part 1 of the Universal Notice Receipt Profile. For general internet transparency conformance, it uses Open-Digital Public Network (0PN) standards based on the ISO/IEC 27560:2023 Consent Record Information Structure profile, which is free and safe to use as standard digital privacy infrastructure.

Who is accountable

Controller identification

Controller name
Global Privacy Rights
Business Number (BN)
78344 5505
Controller address
18 King St East, Suite 1400, Toronto, Ontario M5C 1C4, Canada
Jurisdiction
Ontario, Canada
Representative
Digital Privacy Officer
Website
https://globalprivacyrights.org

Machine-readable transparency endpoints

These are the canonical, machine-readable endpoints for automated verification:

notice.txt (fallback)
/.well-known/notice.txt
Controller Identification Record (CIR)
/.well-known/transparency/cir.json

Rights access

Human-readable rights instructions and access point — including the right to object prior to processing, for meaningful digital consent:

What identifiers may be collected (PII-i) and why

Current service bundles

Below is the plain-language rendering of the current service bundles, after migration to controller-owned Cloudflare hosting.

Necessary runtime (site continuity)

Purpose
maintain site delivery and runtime continuity
PII-i
ip_address (transient, edge logs)
Legal basis
legitimate interest
Service
Cloudflare Pages (static hosting)

Analytics (site measurement)

Purpose
measure performance and improve content
PII-i
ip_address (aggregated); no analytics cookie
Legal basis
legitimate interest
Service
Cloudflare Web Analytics (cookieless, privacy-first)

Contact (inquiries)

Purpose
respond to inquiries and provide requested information
PII-i
name, email_address, message_content
Legal basis
consent
Service
direct email to info@globalprivacyrights.org

Petition signatures

Purpose
record a signature and optionally list signatories publicly (opt-in)
PII-i
name, email_address, message_content (optional)
Legal basis
consent
Service
direct email to rights@globalprivacyrights.org (interim; controller-owned form to follow)

Payments (sponsorship / donation checkout)

Purpose
process payments and administer sponsorship
PII-i
email_address, payment_token, billing_details (processor-side), ip_address, device_id (fraud signals)
Legal basis
contract
Services
Ghost + Stripe (planned; online checkout not yet live — sponsorship is currently by email, no payment data collected on this site)
Your control

Consent, withdrawal, and objection

If consent is used as the legal basis for a specific purpose, withdrawal must be as easy as giving consent. Where objection is available as a right, requests can be submitted through the rights access point above.

Default response SLA (operational)

Add your name

Sign the petition

Support a DPV-aligned profile that preserves digital consent: stop consent evidence laundering (DPV:27560). This form is controller-owned and same-origin — your submission goes directly to Global Privacy Rights, not a third party.

Notice — how your information is used

Controller: Global Privacy Rights, https://globalprivacyrights.org. Controller identity record: /.well-known/transparency/cir.json

Contact for access, correction, or deletion: rights@globalprivacyrights.org (acknowledged within 7 days, resolved within 30).

What is collected: your name, email, and location; optionally your organization and a short comment.

Purpose: to administer the petition (count and verify signatures), and only if you opt in, to send campaign updates.

Lawful basis: your consent. Retention: held until the petition concludes, then deleted; deleted sooner on your request or withdrawal.

Your rights: access, correction, deletion, and withdrawal at any time via the contact above. Full rights notice: globalprivacyrights.org/privacy/rights. The controller identity and this notice are inspectable at the transparency endpoint above.

Integrity / verification

Verify the served bytes

The canonical integrity values are published at, and reproducible from, the machine-readable transparency endpoints. To verify, fetch an endpoint and hash the served bytes:

curl -s https://globalprivacyrights.org/.well-known/transparency/cir.json | shasum -a 256

The resulting digest must match the integrity value published in the CIR / notice chain. The endpoints above are the source of truth; this human-readable page links to them rather than duplicating a digest that could drift.