2025-11-13 21:28:53 +01:00
"""
Legal Documents Module for MyWebdav
This module provides a base class for legal documents and specific implementations
for various legal policies required for a European cloud storage provider .
"""
from abc import ABC , abstractmethod
from datetime import datetime
2025-11-13 23:22:05 +01:00
from typing import Dict
2025-11-13 21:28:53 +01:00
class LegalDocument ( ABC ) :
"""
Base class for all legal documents .
Provides common structure and methods for generating legal content .
"""
2025-11-13 23:22:05 +01:00
def __init__ (
self ,
company_name : str = " MyWebdav Technologies " ,
last_updated : str = None ,
contact_email : str = " legal@mywebdav.eu " ,
website : str = " https://mywebdav.eu " ,
) :
2025-11-13 21:28:53 +01:00
self . company_name = company_name
self . last_updated = last_updated or datetime . now ( ) . strftime ( " % B %d , % Y " )
self . contact_email = contact_email
self . website = website
@property
@abstractmethod
def title ( self ) - > str :
""" Return the document title. """
pass
@abstractmethod
def get_content ( self ) - > str :
""" Return the main content of the document as markdown. """
pass
def get_header ( self ) - > str :
""" Return the standard header for legal documents. """
return f " # { self . title } \n \n **Last Updated:** { self . last_updated } \n \n "
def get_footer ( self ) - > str :
""" Return the standard footer for legal documents. """
return f " \n ## Contact Information \n \n If you have any questions about this { self . title . lower ( ) } , please contact us: \n \n - **Email:** [ { self . contact_email } ](mailto: { self . contact_email } ) \n - **Website:** { self . website } \n - **Address:** MyWebdav Technologies, European Union \n \n { self . company_name } "
def to_markdown ( self ) - > str :
""" Generate the complete document in Markdown format. """
return self . get_header ( ) + self . get_content ( ) + self . get_footer ( )
def to_html ( self ) - > str :
""" Generate the complete document in HTML format. """
# Content is already HTML, just wrap in basic HTML structure
html_content = self . get_content ( )
html_content = f """ <html>
< head >
< title > { self . title } < / title >
< style >
body { {
font - family : ' Times New Roman ' , serif ;
line - height : 1.6 ;
max - width : 800 px ;
margin : 0 auto ;
padding : 20 px ;
color : #333;
} }
h1 , h2 , h3 { {
color : #2c3e50;
margin - top : 30 px ;
} }
h1 { { font - size : 2 em ; border - bottom : 2 px solid #3498db; padding-bottom: 10px; }}
h2 { { font - size : 1.5 em ; border - bottom : 1 px solid #bdc3c7; padding-bottom: 5px; }}
ul { { margin - left : 20 px ; } }
li { { margin - bottom : 8 px ; } }
strong { { color : #2c3e50; }}
< / style >
< / head >
< body >
< h1 > { self . title } < / h1 >
< p > < em > Last Updated : { self . last_updated } < / em > < / p >
{ html_content }
< hr >
< h3 > Contact Information < / h3 >
< p > If you have any questions about this { self . title . lower ( ) } , please contact us : < / p >
< ul >
< li > < strong > Email : < / strong > < a href = " mailto: {self.contact_email} " > { self . contact_email } < / a > < / li >
< li > < strong > Website : < / strong > < a href = " {self.website} " > { self . website } < / a > < / li >
< li > < strong > Address : < / strong > MyWebdav Technologies , European Union < / li >
< / ul >
< p > MyWebdav Technologies < / p >
< / body >
< / html > """
return html_content
class PrivacyPolicy ( LegalDocument ) :
""" Privacy Policy document. """
@property
def title ( self ) - > str :
return " Privacy Policy "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< p > MyWebdav Technologies ( " we, " " us, " or " our " ) is committed to protecting your privacy and ensuring the security of your personal data . This Privacy Policy explains how we collect , use , disclose , and safeguard your information when you use our MyWebdav cloud storage service ( the " Service " ) , in full compliance with the EU General Data Protection Regulation ( GDPR ) , and other applicable data protection laws . < / p >
< p > This policy applies to all users of our Service , including visitors to our website and registered users . By using our Service , you consent to the collection and use of information in accordance with this policy . < / p >
< h2 > 2. Data Controller and Contact Information < / h2 >
< p > < strong > Data Controller : < / strong > MyWebdav Technologies < br >
< strong > Registered Address : < / strong > European Union < br >
< strong > Data Protection Officer : < / strong > dpo @mywebdav.eu < br >
< strong > Contact Email : < / strong > privacy @mywebdav.eu < / p >
< h2 > 3. Information We Collect < / h2 >
< h3 > 3.1 Personal Data You Provide < / h3 >
< p > When you register for an account or use our Service , we collect : < / p >
< ul >
< li > Name and contact information ( email address , phone number if provided ) < / li >
< li > Account credentials and security information < / li >
< li > Billing and payment information ( processed securely through third - party providers ) < / li >
< li > Communications you send to us < / li >
< li > Files and data you upload to our Service < / li >
< li > Profile information and preferences < / li >
< / ul >
< h3 > 3.2 Information Collected Automatically < / h3 >
< p > We automatically collect certain information when you use our Service : < / p >
< ul >
< li > IP address and geolocation data < / li >
< li > Browser type , version , and language < / li >
< li > Operating system and device information < / li >
< li > Usage data ( pages visited , features used , timestamps ) < / li >
< li > Log data ( access times , errors , performance metrics ) < / li >
< li > Cookies and similar tracking technologies < / li >
< / ul >
< h3 > 3.3 Cookies and Tracking Technologies < / h3 >
< p > We use cookies and similar technologies to : < / p >
< ul >
< li > Authenticate users and maintain secure sessions < / li >
< li > Remember user preferences and settings < / li >
< li > Analyze service usage and performance < / li >
< li > Provide personalized features and recommendations < / li >
< li > Ensure security and prevent fraud < / li >
< / ul >
< p > You can control cookie settings through your browser preferences . However , disabling certain cookies may limit Service functionality . < / p >
< h2 > 4. Legal Basis for Processing < / h2 >
< p > We process your personal data based on the following legal grounds under GDPR : < / p >
< ul >
< li > < strong > Consent : < / strong > Where you have explicitly agreed to processing ( e . g . , marketing communications ) < / li >
< li > < strong > Contract : < / strong > To provide the Service and fulfill our contractual obligations < / li >
< li > < strong > Legitimate Interest : < / strong > To improve our Service , ensure security , and communicate with you < / li >
< li > < strong > Legal Obligation : < / strong > To comply with applicable laws and regulations < / li >
< / ul >
< h2 > 5. How We Use Your Information < / h2 >
< p > We use collected information for the following purposes : < / p >
< ul >
< li > Provide , maintain , and improve the Service < / li >
< li > Process transactions and manage billing < / li >
< li > Communicate with you about your account and the Service < / li >
< li > Ensure security and prevent unauthorized access < / li >
< li > Comply with legal obligations < / li >
< li > Analyze usage patterns to improve user experience < / li >
< li > Send service - related notifications and updates < / li >
< li > Provide customer support < / li >
< / ul >
< h2 > 6. Information Sharing and Disclosure < / h2 >
< p > We do not sell your personal data to third parties . We may share information in the following circumstances : < / p >
< ul >
< li > < strong > Service Providers : < / strong > With trusted third - party service providers under strict data processing agreements < / li >
< li > < strong > Legal Requirements : < / strong > When required by law or to protect rights and safety < / li >
< li > < strong > Business Transfers : < / strong > In connection with mergers , acquisitions , or asset sales ( with notice ) < / li >
< li > < strong > Consent : < / strong > With your explicit consent < / li >
< li > < strong > Aggregated Data : < / strong > Non - personally identifiable , aggregated data for analytical purposes < / li >
< / ul >
< h2 > 7. International Data Transfers < / h2 >
< p > Your data may be processed in countries outside the EU . We ensure adequate protection through : < / p >
< ul >
< li > EU adequacy decisions for certain countries < / li >
< li > Standard Contractual Clauses approved by the European Commission < / li >
< li > Binding Corporate Rules < / li >
< li > Your explicit consent where required < / li >
< / ul >
< p > All international transfers comply with Chapter V of the GDPR . < / p >
< h2 > 8. Data Security < / h2 >
< p > We implement comprehensive security measures to protect your data : < / p >
< ul >
< li > < strong > Encryption : < / strong > Data encrypted in transit ( TLS 1.3 ) and at rest ( AES - 256 ) < / li >
< li > < strong > Access Controls : < / strong > Role - based access control and multi - factor authentication < / li >
< li > < strong > Network Security : < / strong > Firewalls , intrusion detection , and regular monitoring < / li >
< li > < strong > Physical Security : < / strong > Secure data centers with controlled access < / li >
< li > < strong > Incident Response : < / strong > 24 / 7 monitoring and rapid response procedures < / li >
< li > < strong > Regular Audits : < / strong > Independent security audits and penetration testing < / li >
< / ul >
< h2 > 9. Data Retention < / h2 >
< p > We retain personal data only as long as necessary for the purposes outlined in this policy : < / p >
< ul >
< li > < strong > Account Data : < / strong > Until account deletion or as required for legal compliance < / li >
< li > < strong > Usage Logs : < / strong > Maximum 12 months for security and compliance purposes < / li >
< li > < strong > Billing Data : < / strong > 7 years for tax and accounting compliance < / li >
< li > < strong > Marketing Data : < / strong > Until you withdraw consent or request deletion < / li >
< / ul >
< h2 > 10. Your Rights Under GDPR < / h2 >
< p > You have the following rights regarding your personal data : < / p >
< ul >
< li > < strong > Right to Access : < / strong > Request a copy of your personal data < / li >
< li > < strong > Right to Rectification : < / strong > Correct inaccurate or incomplete data < / li >
< li > < strong > Right to Erasure : < / strong > Delete your personal data ( " right to be forgotten " ) < / li >
< li > < strong > Right to Restriction : < / strong > Limit processing of your data < / li >
< li > < strong > Right to Portability : < / strong > Receive your data in a structured format < / li >
< li > < strong > Right to Object : < / strong > Object to processing based on legitimate interests < / li >
< li > < strong > Right to Withdraw Consent : < / strong > Revoke consent for processing < / li >
< li > < strong > Right Not to be Subject to Automated Decision - Making : < / strong > Including profiling < / li >
< / ul >
< p > To exercise these rights , contact our Data Protection Officer at dpo @mywebdav.eu. We will respond within 30 days . < / p >
< h2 > 11. Children ' s Privacy</h2>
< p > Our Service is not intended for individuals under 16 years of age . We do not knowingly collect personal data from children under 16. If we become aware of such collection , we will delete the data immediately and terminate the account . < / p >
< p > If you are a parent or guardian and believe your child has provided us with personal data , please contact us immediately . < / p >
< h2 > 12. Changes to This Privacy Policy < / h2 >
< p > We may update this Privacy Policy to reflect changes in our practices or legal requirements . We will : < / p >
< ul >
< li > Notify you via email at least 30 days before material changes take effect < / li >
< li > Post the updated policy on our website < / li >
< li > Highlight significant changes in the notification < / li >
< / ul >
< p > Continued use of the Service after changes take effect constitutes acceptance of the updated policy . < / p >
< h2 > 13. Complaints and Supervisory Authority < / h2 >
< p > If you believe we have not complied with applicable data protection laws , you have the right to lodge a complaint with a supervisory authority . In the Netherlands , this is the Autoriteit Persoonsgegevens ( AP ) . < / p >
< p > We encourage you to contact us first to resolve any concerns . < / p >
< h2 > 14. Contact Us < / h2 >
< p > For any questions about this Privacy Policy or our data practices : < / p >
< ul >
< li > < strong > Email : < / strong > privacy @mywebdav.eu < / li >
< li > < strong > Data Protection Officer : < / strong > dpo @mywebdav.eu < / li >
< li > < strong > Phone : < / strong > + 31 XX XXX XXXX < / li >
< li > < strong > Address : < / strong > MyWebdav Technologies , European Union < / li >
< / ul >
"""
class TermsOfService ( LegalDocument ) :
""" Terms of Service document. """
@property
def title ( self ) - > str :
return " Terms of Service "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< p > These Terms of Service ( " Terms " ) constitute a legally binding agreement between you ( " User, " " you, " or " your " ) and MyWebdav Technologies ( " Company, " " we, " " us, " or " our " ) governing your use of the MyWebdav cloud storage service ( the " Service " ) . < / p >
< p > By accessing or using the Service , you acknowledge that you have read , understood , and agree to be bound by these Terms . If you do not agree , you must not use the Service . < / p >
< h2 > 2. Service Description < / h2 >
< p > MyWebdav provides cloud - based file storage , sharing , and collaboration tools . The Service includes : < / p >
< ul >
< li > Secure file storage and backup < / li >
< li > File sharing and collaboration features < / li >
< li > WebDAV protocol support < / li >
< li > API access for integrations < / li >
< li > Administrative and management tools < / li >
< / ul >
< h2 > 3. User Eligibility and Account Registration < / h2 >
< h3 > 3.1 Eligibility < / h3 >
< p > You must be at least 16 years old and have the legal capacity to enter into these Terms . < / p >
< h3 > 3.2 Account Registration < / h3 >
< p > To use the Service , you must create an account with accurate information . You are responsible for maintaining the confidentiality of your account credentials and all activities under your account . < / p >
< h3 > 3.3 Account Suspension / Termination < / h3 >
< p > We may suspend or terminate your account for violations of these Terms , illegal activity , or at our discretion with reasonable notice . < / p >
< h2 > 4. Acceptable Use Policy < / h2 >
< p > You agree not to : < / p >
< ul >
< li > Violate applicable laws or regulations < / li >
< li > Infringe intellectual property rights < / li >
< li > Upload malicious , illegal , or harmful content < / li >
< li > Attempt unauthorized access to systems < / li >
< li > Use the Service for spam or harassment < / li >
< li > Circumvent security measures < / li >
< li > Exceed fair usage limits < / li >
< / ul >
< h2 > 5. Content Ownership and Rights < / h2 >
< h3 > 5.1 Your Content < / h3 >
< p > You retain ownership of content you upload ( " Your Content " ) . You grant us a limited license to store , process , and transmit Your Content solely to provide the Service . < / p >
< h3 > 5.2 Prohibited Content < / h3 >
< p > You may not upload content that is : < / p >
< ul >
< li > Illegal , defamatory , or obscene < / li >
< li > Infringing on third - party rights < / li >
< li > Containing malware or viruses < / li >
< li > Excessive in volume without prior agreement < / li >
< / ul >
< h3 > 5.3 Content Removal < / h3 >
< p > We may remove content that violates these Terms , with or without notice . < / p >
< h2 > 6. Service Availability and Limitations < / h2 >
< h3 > 6.1 Availability < / h3 >
< p > We strive for high availability but do not guarantee uninterrupted service . Scheduled maintenance may cause temporary outages . < / p >
< h3 > 6.2 Storage Limits < / h3 >
< p > Storage limits vary by plan . Exceeding limits may result in additional charges or service restrictions . < / p >
< h3 > 6.3 Fair Usage < / h3 >
< p > Excessive usage that impacts other users may result in throttling or additional charges . < / p >
< h2 > 7. Billing and Payment < / h2 >
< h3 > 7.1 Fees < / h3 >
< p > Service fees are as published on our website . Prices may change with 30 days ' notice.</p>
< h3 > 7.2 Payment < / h3 >
< p > You agree to pay all charges associated with your account . Failed payments may result in service suspension . < / p >
< h3 > 7.3 Refunds < / h3 >
< p > Fees are generally non - refundable except as required by law or at our discretion . < / p >
< h2 > 8. Data Protection and Privacy < / h2 >
< p > Your use of the Service is subject to our Privacy Policy , which is incorporated by reference . We comply with GDPR and other data protection regulations . < / p >
< h2 > 9. Security and Data Protection < / h2 >
< p > We implement industry - standard security measures , but you acknowledge that no system is completely secure . You are responsible for your data security . < / p >
< h2 > 10. Intellectual Property < / h2 >
< p > The Service and its original content are protected by intellectual property laws . You may not copy , modify , or distribute our proprietary materials . < / p >
< h2 > 11. Disclaimers < / h2 >
< p > < strong > THE SERVICE IS PROVIDED " AS IS " WITHOUT WARRANTIES OF ANY KIND . WE DISCLAIM ALL WARRANTIES , EXPRESS OR IMPLIED , INCLUDING MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE . < / strong > < / p >
< h2 > 12. Limitation of Liability < / h2 >
< p > < strong > TO THE MAXIMUM EXTENT PERMITTED BY LAW , OUR TOTAL LIABILITY SHALL NOT EXCEED THE AMOUNT PAID BY YOU IN THE 12 MONTHS PRECEDING THE CLAIM . < / strong > < / p >
< h2 > 13. Indemnification < / h2 >
< p > You agree to indemnify and hold us harmless from claims arising from your use of the Service or violation of these Terms . < / p >
< h2 > 14. Governing Law and Dispute Resolution < / h2 >
< p > These Terms are governed by the laws of the Netherlands . Disputes shall be resolved through binding arbitration in Amsterdam , Netherlands . < / p >
< h2 > 15. Modifications to Terms < / h2 >
< p > We may modify these Terms with reasonable notice . Continued use after changes constitutes acceptance . < / p >
< h2 > 16. Severability < / h2 >
< p > If any provision is found invalid , the remaining provisions remain in effect . < / p >
< h2 > 17. Entire Agreement < / h2 >
< p > These Terms constitute the entire agreement between you and us regarding the Service . < / p >
"""
class SecurityPolicy ( LegalDocument ) :
""" Security Policy document. """
@property
def title ( self ) - > str :
return " Security Policy "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< h3 > 1.1 Purpose < / h3 >
< p > This policy establishes the framework for securing our cloud storage platform and ensures all personnel understand their security responsibilities . < / p >
< h3 > 1.2 Scope < / h3 >
< p > Applies to all employees , contractors , systems , and data managed by MyWebdav Technologies . < / p >
< h2 > 2. Governance and Management < / h2 >
< h3 > 2.1 Information Security Management System ( ISMS ) < / h3 >
< p > We maintain an ISO / IEC 27001 - certified ISMS with regular risk assessments , audits , and continuous improvement . < / p >
< h3 > 2.2 Roles and Responsibilities < / h3 >
< ul >
< li > < strong > CISO : < / strong > Oversees security program < / li >
< li > < strong > Security Team : < / strong > Implements controls and responds to incidents < / li >
< li > < strong > Employees : < / strong > Follow policies and report incidents < / li >
< li > < strong > Management : < / strong > Provides resources and enforces compliance < / li >
< / ul >
< h2 > 3. Access Control < / h2 >
< h3 > 3.1 Access Management < / h3 >
< p > Access follows the principle of least privilege with multi - factor authentication required for administrative access . < / p >
< h3 > 3.2 User Authentication < / h3 >
< p > Strong passwords , regular rotation , and account lockout policies are enforced . < / p >
< h3 > 3.3 Remote Access < / h3 >
< p > Secured via VPN with full logging and monitoring . < / p >
< h2 > 4. Data Protection and Encryption < / h2 >
< h3 > 4.1 Data Classification < / h3 >
< p > Data classified as Public , Internal , Confidential , or Highly Sensitive with appropriate controls . < / p >
< h3 > 4.2 Encryption Standards < / h3 >
< ul >
< li > TLS 1.3 for data in transit < / li >
< li > AES - 256 for data at rest < / li >
< li > Secure key management and rotation < / li >
< / ul >
< h3 > 4.3 Data Retention and Disposal < / h3 >
< p > Data retained only as necessary with secure deletion methods . < / p >
< h2 > 5. Network Security < / h2 >
< h3 > 5.1 Network Segmentation < / h3 >
< p > Isolated networks with firewalls , IDS , and regular monitoring . < / p >
< h3 > 5.2 Secure Configuration < / h3 >
< p > Hardened systems following CIS Benchmarks . < / p >
< h2 > 6. Physical Security < / h2 >
< h3 > 6.1 Facility Access < / h3 >
< p > Controlled access to data centers with biometric authentication . < / p >
< h3 > 6.2 Equipment Security < / h3 >
< p > Secure storage in climate - controlled environments . < / p >
< h2 > 7. Incident Response < / h2 >
< h3 > 7.1 Incident Response Plan < / h3 >
< p > Comprehensive plan for identification , containment , eradication , recovery , and notification . < / p >
< h3 > 7.2 Breach Notification < / h3 >
< p > Incidents reported within 72 hours ( GDPR ) or 24 hours ( NIS2 ) as applicable . < / p >
< h2 > 8. Secure Development < / h2 >
< h3 > 8.1 Secure Coding Practices < / h3 >
< p > Code reviews , static / dynamic analysis , and vulnerability management . < / p >
< h3 > 8.2 Change Management < / h3 >
< p > Formal approval processes for production changes . < / p >
< h2 > 9. Third - Party Risk Management < / h2 >
< h3 > 9.1 Vendor Assessment < / h3 >
< p > Security assessments and contractual requirements for all vendors . < / p >
< h2 > 10. Compliance and Auditing < / h2 >
< h3 > 10.1 Regulatory Compliance < / h3 >
< p > Compliance with GDPR , NIS2 , and ISO / IEC 27001. < / p >
< h3 > 10.2 Audits and Assessments < / h3 >
< p > Annual audits , quarterly penetration testing , and continuous monitoring . < / p >
< h3 > 10.3 Training < / h3 >
< p > Mandatory annual security training for all personnel . < / p >
< h2 > 11. Enforcement < / h2 >
< p > Compliance is mandatory . Violations may result in disciplinary action up to termination . < / p >
"""
class CookiePolicy ( LegalDocument ) :
""" Cookie Policy document. """
@property
def title ( self ) - > str :
return " Cookie Policy "
def get_content ( self ) - > str :
return """
< h2 > 1. What Are Cookies < / h2 >
< p > Cookies are small text files stored on your device when you visit our Service . They help us provide a better user experience . < / p >
< h2 > 2. Types of Cookies We Use < / h2 >
< h3 > 2.1 Essential Cookies < / h3 >
< p > Required for basic Service functionality : < / p >
< ul >
< li > Authentication and session management < / li >
< li > Security features < / li >
< / ul >
< h3 > 2.2 Functional Cookies < / h3 >
< p > Enhance your experience : < / p >
< ul >
< li > Language preferences < / li >
< li > Theme settings < / li >
< / ul >
< h3 > 2.3 Analytics Cookies < / h3 >
< p > Help us understand usage : < / p >
< ul >
< li > Page views and user journeys < / li >
< li > Performance metrics < / li >
< / ul >
< h3 > 2.4 Marketing Cookies < / h3 >
< p > Used for targeted advertising ( with consent ) : < / p >
< ul >
< li > Personalized recommendations < / li >
< / ul >
< h2 > 3. Cookie Management < / h2 >
< p > You can control cookies through : < / p >
< ul >
< li > Browser settings < / li >
< li > Our cookie preference center < / li >
< li > Opt - out links in marketing emails < / li >
< / ul >
< h2 > 4. Third - Party Cookies < / h2 >
< p > We may use third - party services that set cookies : < / p >
< ul >
< li > Analytics providers < / li >
< li > Payment processors < / li >
< li > Social media integrations < / li >
< / ul >
< h2 > 5. Your Rights < / h2 >
< p > Under GDPR , you have rights regarding cookie - based processing : < / p >
< ul >
< li > Right to information < / li >
< li > Right to withdraw consent < / li >
< li > Right to object < / li >
< / ul >
< h2 > 6. Updates < / h2 >
< p > We may update this policy . Material changes will be communicated via the Service . < / p >
"""
class DataProcessingAgreement ( LegalDocument ) :
""" Data Processing Agreement document. """
@property
def title ( self ) - > str :
return " Data Processing Agreement "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< p > This Data Processing Agreement ( " DPA " ) supplements the Terms of Service between MyWebdav Technologies ( the " Processor " ) and the Customer ( the " Controller " ) regarding the processing of personal data . < / p >
< h2 > 2. Definitions < / h2 >
< ul >
< li > < strong > Personal Data : < / strong > Any information relating to an identified or identifiable natural person < / li >
< li > < strong > Processing : < / strong > Any operation performed on personal data < / li >
< li > < strong > Data Subject : < / strong > The individual whose personal data is processed < / li >
< / ul >
< h2 > 3. Scope and Applicability < / h2 >
< p > This DPA applies to all processing of personal data by the Processor on behalf of the Controller . < / p >
< h2 > 4. Processing Purposes < / h2 >
< p > The Processor shall process personal data solely for the purpose of providing the Service as described in the Terms of Service . < / p >
< h2 > 5. Data Protection Obligations < / h2 >
< h3 > 5.1 Lawfulness < / h3 >
< p > Processing shall comply with GDPR and other applicable data protection laws . < / p >
< h3 > 5.2 Security Measures < / h3 >
< p > The Processor shall implement appropriate technical and organizational measures to ensure data security . < / p >
< h3 > 5.3 Confidentiality < / h3 >
< p > All personnel with access to personal data shall maintain confidentiality . < / p >
< h2 > 6. Data Subject Rights < / h2 >
< p > The Processor shall assist the Controller in fulfilling data subject rights requests . < / p >
< h2 > 7. Subprocessing < / h2 >
< p > The Processor may engage subprocessors with prior notice to the Controller . < / p >
< h2 > 8. Data Breach Notification < / h2 >
< p > The Processor shall notify the Controller of any personal data breaches without undue delay . < / p >
< h2 > 9. Data Protection Impact Assessment < / h2 >
< p > The Processor shall assist with DPIAs when required . < / p >
< h2 > 10. International Data Transfers < / h2 >
< p > Data transfers outside the EU shall comply with GDPR Chapter V . < / p >
< h2 > 11. Audit Rights < / h2 >
< p > The Controller may audit the Processor ' s compliance, subject to confidentiality obligations.</p>
< h2 > 12. Termination < / h2 >
< p > Upon termination , the Processor shall delete or return all personal data . < / p >
< h2 > 13. Governing Law < / h2 >
< p > This DPA is governed by the laws of the Netherlands . < / p >
"""
class ComplianceStatement ( LegalDocument ) :
""" Compliance Statement document. """
@property
def title ( self ) - > str :
return " Compliance Statement "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< p > MyWebdav Technologies is committed to maintaining the highest standards of compliance with applicable laws and regulations . This Compliance Statement outlines our commitments and achievements . < / p >
< h2 > 2. Regulatory Compliance < / h2 >
< p > We comply with : < / p >
< ul >
< li > < strong > GDPR : < / strong > EU General Data Protection Regulation < / li >
< li > < strong > NIS2 Directive : < / strong > Network and Information Systems Directive < / li >
< li > < strong > Digital Services Act : < / strong > Online intermediary liability framework < / li >
< li > < strong > ePrivacy Directive : < / strong > Electronic communications privacy < / li >
< / ul >
< h2 > 3. Certifications and Standards < / h2 >
< ul >
< li > ISO / IEC 27001 : Information Security Management < / li >
< li > ISO / IEC 27017 : Cloud Security Controls < / li >
< li > SOC 2 Type II : Security , Availability , and Confidentiality < / li >
< / ul >
< h2 > 4. Data Protection < / h2 >
< h3 > 4.1 Data Residency < / h3 >
< p > Customer data is stored within the EU by default , with options for specific country storage . < / p >
< h3 > 4.2 Encryption < / h3 >
< p > All data encrypted in transit and at rest using industry - standard algorithms . < / p >
< h3 > 4.3 Access Controls < / h3 >
< p > Role - based access control with multi - factor authentication . < / p >
< h2 > 5. Security Measures < / h2 >
< ul >
< li > Regular security audits and penetration testing < / li >
< li > Incident response planning and testing < / li >
< li > Continuous monitoring and threat detection < / li >
< li > Employee security training and awareness < / li >
< / ul >
< h2 > 6. Transparency Reporting < / h2 >
< p > We publish annual transparency reports detailing : < / p >
< ul >
< li > Government data requests < / li >
< li > Security incidents < / li >
< li > Law enforcement cooperation < / li >
< / ul >
< h2 > 7. Independent Audits < / h2 >
< p > Annual third - party audits verify compliance with all applicable standards . < / p >
< h2 > 8. Continuous Improvement < / h2 >
< p > We regularly review and update our compliance program to address emerging threats and regulatory changes . < / p >
"""
class DataPortabilityDeletionPolicy ( LegalDocument ) :
""" Data Portability and Deletion Policy document. """
@property
def title ( self ) - > str :
return " Data Portability and Deletion Policy "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< p > This policy outlines your rights under GDPR regarding data portability and deletion , and how MyWebdav Technologies facilitates these rights . < / p >
< h2 > 2. Right to Data Portability < / h2 >
< p > You have the right to receive your personal data in a structured , commonly used , and machine - readable format . < / p >
< h3 > 2.1 Scope < / h3 >
< p > Applies to personal data you have provided that is processed based on consent or contract . < / p >
< h3 > 2.2 How to Request < / h3 >
< p > Contact us at dpo @mywebdav.eu with " Data Portability Request " in the subject line . < / p >
< h3 > 2.3 Format < / h3 >
< p > Data will be provided in JSON or CSV format , depending on the data type . < / p >
< h3 > 2.4 Timeline < / h3 >
< p > Requests fulfilled within 30 days , extendable to 60 days for complex requests . < / p >
< h2 > 3. Right to Erasure ( " Right to be Forgotten " ) < / h2 >
< p > You have the right to have your personal data erased under certain circumstances . < / p >
< h3 > 3.1 Conditions for Erasure < / h3 >
< ul >
< li > Data no longer necessary for original purpose < / li >
< li > Withdrawal of consent < / li >
< li > Objection to processing ( and no overriding interests ) < / li >
< li > Unlawful processing < / li >
< li > Legal obligation to erase < / li >
< li > Data collected from child < / li >
< / ul >
< h3 > 3.2 Exceptions < / h3 >
< p > Erasure not required if processing is necessary for : < / p >
< ul >
< li > Exercising freedom of expression < / li >
< li > Compliance with legal obligation < / li >
< li > Public interest < / li >
< li > Legal claims < / li >
< li > Scientific research < / li >
< / ul >
< h3 > 3.3 How to Request Deletion < / h3 >
< p > Submit a deletion request via your account settings or contact dpo @mywebdav.eu . < / p >
< h3 > 3.4 Account Deletion Process < / h3 >
< ul >
< li > All personal data permanently deleted < / li >
< li > Shared content may remain if owned by others < / li >
< li > Backup copies deleted within 90 days < / li >
< / ul >
< h2 > 4. Data Retention < / h2 >
< p > We retain data only as long as necessary : < / p >
< ul >
< li > < strong > Account data : < / strong > Until deletion request < / li >
< li > < strong > Billing data : < / strong > 7 years for tax compliance < / li >
< li > < strong > Logs : < / strong > 12 months for security < / li >
< / ul >
< h2 > 5. Automated Decision Making < / h2 >
< p > We do not use automated decision making with legal or significant effects on individuals . < / p >
< h2 > 6. Contact Information < / h2 >
< p > For data rights requests : < / p >
< ul >
< li > < strong > Email : < / strong > dpo @mywebdav.eu < / li >
< li > < strong > Phone : < / strong > + 31 XX XXX XXXX < / li >
< li > < strong > Response Time : < / strong > Within 30 days < / li >
< / ul >
"""
class ContactComplaintMechanism ( LegalDocument ) :
""" Contact and Complaint Mechanism document. """
@property
def title ( self ) - > str :
return " Contact and Complaint Mechanism "
def get_content ( self ) - > str :
return """
< h2 > 1. Introduction < / h2 >
< p > MyWebdav Technologies provides multiple channels for you to contact us and raise concerns . We are committed to addressing your inquiries promptly and fairly . < / p >
< h2 > 2. Contact Information < / h2 >
< h3 > 2.1 General Inquiries < / h3 >
< ul >
< li > < strong > Email : < / strong > support @mywebdav.eu < / li >
< li > < strong > Phone : < / strong > + 31 XX XXX XXXX ( Mon - Fri , 9 : 00 - 17 : 00 CET ) < / li >
< li > < strong > Address : < / strong > MyWebdav Technologies , Amsterdam , Netherlands < / li >
< / ul >
< h3 > 2.2 Technical Support < / h3 >
< ul >
< li > < strong > Email : < / strong > tech - support @mywebdav.eu < / li >
< li > < strong > Help Center : < / strong > < a href = " https://help.mywebdav.eu " > https : / / help . mywebdav . eu < / a > < / li >
< / ul >
< h3 > 2.3 Billing Inquiries < / h3 >
< ul >
< li > < strong > Email : < / strong > billing @mywebdav.eu < / li >
< / ul >
< h3 > 2.4 Data Protection < / h3 >
< ul >
< li > < strong > Data Protection Officer : < / strong > dpo @mywebdav.eu < / li >
< / ul >
< h3 > 2.5 Legal Matters < / h3 >
< ul >
< li > < strong > Email : < / strong > legal @mywebdav.eu < / li >
< / ul >
< h2 > 3. Complaint Procedure < / h2 >
< h3 > 3.1 How to Submit a Complaint < / h3 >
< ol >
< li > Contact our support team with details of your complaint < / li >
< li > Include relevant account information and timestamps < / li >
< li > Provide specific details about the issue < / li >
< / ol >
< h3 > 3.2 Complaint Handling Process < / h3 >
< ol >
< li > < strong > Acknowledgment : < / strong > Within 24 hours < / li >
< li > < strong > Investigation : < / strong > Within 5 business days < / li >
< li > < strong > Resolution : < / strong > Within 15 business days < / li >
< li > < strong > Escalation : < / strong > If unresolved , escalate to management < / li >
< / ol >
< h3 > 3.3 Complaint Categories < / h3 >
< ul >
< li > Service quality issues < / li >
< li > Billing disputes < / li >
< li > Data protection concerns < / li >
< li > Security incidents < / li >
< li > Terms of Service violations < / li >
< / ul >
< h2 > 4. Dispute Resolution < / h2 >
< h3 > 4.1 Internal Resolution < / h3 >
< p > Most complaints resolved through direct communication with our team . < / p >
< h3 > 4.2 Mediation < / h3 >
< p > For unresolved disputes , we offer mediation through a neutral third party . < / p >
< h3 > 4.3 Legal Action < / h3 >
< p > If internal resolution fails , disputes may be brought before competent courts in the Netherlands . < / p >
< h2 > 5. Response Times < / h2 >
< ul >
< li > < strong > General inquiries : < / strong > 24 - 48 hours < / li >
< li > < strong > Technical issues : < / strong > 4 - 24 hours < / li >
< li > < strong > Complaints : < / strong > 5 business days for initial response < / li >
< li > < strong > Data subject rights : < / strong > 30 days ( GDPR ) < / li >
< / ul >
< h2 > 6. Feedback and Suggestions < / h2 >
< p > We welcome your feedback to improve our services . Contact us at feedback @mywebdav.eu . < / p >
< h2 > 7. Transparency < / h2 >
< p > We publish annual reports on complaint handling and resolution rates . < / p >
"""
# Utility functions
def get_all_legal_documents ( ) - > Dict [ str , LegalDocument ] :
""" Return a dictionary of all legal document instances. """
return {
2025-11-13 23:22:05 +01:00
" privacy_policy " : PrivacyPolicy ( ) ,
" terms_of_service " : TermsOfService ( ) ,
" security_policy " : SecurityPolicy ( ) ,
" cookie_policy " : CookiePolicy ( ) ,
" data_processing_agreement " : DataProcessingAgreement ( ) ,
" compliance_statement " : ComplianceStatement ( ) ,
" data_portability_deletion_policy " : DataPortabilityDeletionPolicy ( ) ,
" contact_complaint_mechanism " : ContactComplaintMechanism ( ) ,
2025-11-13 21:28:53 +01:00
}
def generate_legal_documents ( output_dir : str = " static/legal " ) :
""" Generate all legal documents as Markdown and HTML files. """
import os
2025-11-13 23:22:05 +01:00
2025-11-13 21:28:53 +01:00
os . makedirs ( output_dir , exist_ok = True )
documents = get_all_legal_documents ( )
for doc_name , doc in documents . items ( ) :
# Generate Markdown
md_filename = f " { doc_name } .md "
md_path = os . path . join ( output_dir , md_filename )
2025-11-13 23:22:05 +01:00
with open ( md_path , " w " ) as f :
2025-11-13 21:28:53 +01:00
f . write ( doc . to_markdown ( ) )
# Generate HTML
html_filename = f " { doc_name } .html "
html_path = os . path . join ( output_dir , html_filename )
2025-11-13 23:22:05 +01:00
with open ( html_path , " w " ) as f :
2025-11-13 21:28:53 +01:00
f . write ( doc . to_html ( ) )
print ( f " Generated { md_filename } and { html_filename } " )
if __name__ == " __main__ " :
2025-11-13 23:22:05 +01:00
generate_legal_documents ( )
