From 557031717c50b7cd6bb0596918c4022cc22cda3b Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Wed, 26 Jun 2024 15:24:48 +0000 Subject: [PATCH 01/14] Add script --- src/views/layouts/main.html | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/views/layouts/main.html b/src/views/layouts/main.html index 17acfa65b..171c6782d 100644 --- a/src/views/layouts/main.html +++ b/src/views/layouts/main.html @@ -15,6 +15,15 @@ {% block head %} + + {% endblock %} {% block header %} From 9135f4159823e78550fe6c3a3fda1983776c26ba Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Wed, 26 Jun 2024 15:26:02 +0000 Subject: [PATCH 02/14] Add cookies page --- src/views/cookies.html | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/views/cookies.html diff --git a/src/views/cookies.html b/src/views/cookies.html new file mode 100644 index 000000000..e69de29bb From 6bd625f4c469d97b7e2c2eeba22e40a3377d5d0c Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Wed, 26 Jun 2024 15:26:09 +0000 Subject: [PATCH 03/14] Add privacy page --- src/views/privacy-notice.html | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 src/views/privacy-notice.html diff --git a/src/views/privacy-notice.html b/src/views/privacy-notice.html new file mode 100644 index 000000000..e69de29bb From ed4af35927cfb81996437fcdc1b79402d535f81e Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Fri, 12 Jul 2024 08:42:09 +0000 Subject: [PATCH 04/14] Remove tracking code as per #119 --- src/views/layouts/main.html | 8 -------- 1 file changed, 8 deletions(-) diff --git a/src/views/layouts/main.html b/src/views/layouts/main.html index 171c6782d..40133d2a4 100644 --- a/src/views/layouts/main.html +++ b/src/views/layouts/main.html @@ -16,14 +16,6 @@ {% block head %} - {% endblock %} {% block header %} From d346d278e866cad82cce677bd5979254525a50a6 Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Fri, 12 Jul 2024 08:57:26 +0000 Subject: [PATCH 05/14] Add content for privacy notice --- src/views/privacy-notice.html | 149 ++++++++++++++++++++++++++++++++++ 1 file changed, 149 insertions(+) diff --git a/src/views/privacy-notice.html b/src/views/privacy-notice.html index e69de29bb..5e65c8af0 100644 --- a/src/views/privacy-notice.html +++ b/src/views/privacy-notice.html @@ -0,0 +1,149 @@ +{% extends "layouts/main.html" %} + +{% set pageName = 'Accessibility statement for check planning and housing data for England' %} + +{% set markdownContent %} + +# Check planning and housing data for England privacy notice + + +## Who we are + +Check planning and housing data for England ([check.planning.data.go.uk](check.planning.data.go.uk)) is provided by the Department for Levelling Up, Housing and Communities (DLUHC). + +DLUHC is the data controller for the service. + + +## What personal data we collect + +The personal data we collect from you includes: + + + +* your name and email address when you email a planning and housing dataset to us +* your name and email address if you send us feedback + + +## Other data we collect + +We also record how you use the service, including which pages you visit and what you click on. This helps us to improve the service experience and make sure it’s meeting your needs. No personal data is recorded. + + +## Why we need your personal data + +We collect your personal data to: + + + +* respond to any feedback you send us, if you have asked us to +* contact you with any feedback we have about a planning and housing dataset you have sent us + + +## Why our use of your personal data is lawful + +The legal basis for processing all personal data is that it’s necessary: + + + +* to perform a task in the public interest +* in the exercise of our functions as a government department + + +## How we use your personal data + +The personal data we collect may be shared with other government departments, agencies and public bodies. It may also be shared with our technology suppliers, for example our hosting provider. + +We will share your personal data if we are required to do so by law - for example, by court order, or to prevent fraud or other crime. + +We will not: + + + +* sell or rent your personal data to third parties +* share your personal data with third parties for marketing purposes + + +## How long we keep your personal data + +Personal data collected when you submit planning and housing data or a feedback form on the service is kept for as long as we need the personal data for the purposes of research, security or delivery of the service. + + +## Children’s privacy protection + +Our services are not designed for, or intentionally targeted at, children 13 years of age or younger. We do not intentionally collect or maintain personal data about anyone under the age of 13. + + +## Where your personal data is processed and stored + +We design, build and run our systems to make sure that your personal data is as safe as possible at all stages, both while it’s processed and when it’s stored. + +All personal data is stored in the [European Economic Area](https://www.gov.uk/eu-eea) (EEA). + +Where personal data processing happens in the US, suppliers need to meet the certification standards set out in the [UK-US data bridge](https://www.gov.uk/government/publications/uk-us-data-bridge-supporting-documents/uk-us-data-bridge-explainer) agreement. This facilitates flows of personal data to certified US companies that have opted in to the EU-US Data Privacy Framework. + + +## How we protect your personal data and keep it secure + +We are committed to doing all that we can to keep your personal data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your personal data - for example, we protect your personal data using varying levels of encryption. + +We also make sure that any third parties that we deal with keep all personal data they process on our behalf secure. + + +## Your data protection rights + +You have the right to request: + + + +* information about how your personal data is processed +* a copy of that personal data +* that anything inaccurate in your personal data is corrected immediately + +You can also: + + + +* raise an objection about how your personal data is processed +* request that your personal data is erased if there is no longer a justification for it +* ask that the processing of your personal data is restricted in certain circumstances + +If you have any of these requests, get in contact with our Knowledge and Information Access Team. + +[Read the DLUHC personal information charter](https://www.gov.uk/government/organisations/department-for-levelling-up-housing-and-communities/about/personal-information-charter). + + +## Contact us or make a complaint + +Contact the Knowledge and Information Access team if you: + + + +* have a question about anything in this privacy notice +* think that your personal data has been misused or mishandled + +Knowledge and Information Access Team \ +[dataprotection@levellingup.gov.uk](mailto:dataprotection@levellingup.gov.uk) \ +Department for Levelling Up, Housing and Communities \ +2nd floor NW, Fry Building \ +2 Marsham Street \ +London \ +SW1P 4DF \ +United Kingdom + +You can also make a complaint to the independent regulator the Information Commissioner's Office (ICO) at [https://ico.org.uk/make-a-complaint/](https://ico.org.uk/make-a-complaint/) + + +## Keeping our privacy notice up to date + +We may change this privacy notice. Any changes will apply to you and your personal data immediately. You should regularly review this notice. + +This notice was last updated on 21 June 2024. + + +{% endset %} + +{% block content %} + + {{markdownContent | govukMarkdown(headingsStartWith="xl") | safe}} + +{% endblock content %} From 8915e953b8e7782ebfb0efab582b01f8e3a7de53 Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Fri, 12 Jul 2024 09:23:10 +0000 Subject: [PATCH 06/14] Add links to footer --- src/views/layouts/main.html | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/views/layouts/main.html b/src/views/layouts/main.html index 40133d2a4..ce3da65c5 100644 --- a/src/views/layouts/main.html +++ b/src/views/layouts/main.html @@ -57,6 +57,16 @@

Get help

Accessibility +
  • + + Privacy + +
    • +
  • + + Cookies + +
    • {% endset %} From 910824c91ef55e714a6b253bf1458a54f57078fc Mon Sep 17 00:00:00 2001 From: Roland Sadowski Date: Thu, 11 Jul 2024 16:58:44 +0100 Subject: [PATCH 07/14] add smartlook integration --- config/index.js | 3 +-- config/production.yaml | 6 +++++- package.json | 5 ++--- src/serverSetup/nunjucks.js | 5 +++++ src/views/layouts/main.html | 7 +++++++ 5 files changed, 20 insertions(+), 6 deletions(-) diff --git a/config/index.js b/config/index.js index fd4442d7a..7afbc119e 100644 --- a/config/index.js +++ b/config/index.js @@ -1,7 +1,6 @@ import HmpoConfig from 'hmpo-config' import yaml from 'js-yaml' import fs from 'fs' -import _ from 'lodash' const readConfig = (config) => { return yaml.load(fs.readFileSync(`./config/${config}.yaml`, 'utf8')) @@ -16,7 +15,7 @@ const getConfig = () => { const customConfig = readConfig(environment) - const combinedConfig = _.merge({}, defaultConfig, customConfig) + const combinedConfig = Object.assign({}, defaultConfig, customConfig) const config = new HmpoConfig() config.addConfig(combinedConfig) diff --git a/config/production.yaml b/config/production.yaml index 43f1dd15f..231112b36 100644 --- a/config/production.yaml +++ b/config/production.yaml @@ -10,4 +10,8 @@ redis: { host: 'production-pub-async-redis-eihmmv.serverless.euw2.cache.amazonaws.com', port: '6379' } -url: 'https://publish.digital-land.info/' \ No newline at end of file +url: 'https://publish.digital-land.info/' +smartlook: { + key: '6383ab27d6f6a02f043a518bea629cd232dc0131', + region: 'eu' +} \ No newline at end of file diff --git a/package.json b/package.json index a7861dd7f..b1a49bdf2 100644 --- a/package.json +++ b/package.json @@ -27,8 +27,8 @@ "test:acceptance": "NODE_ENV=development playwright test --config ./test/acceptance/playwright.config.js", "test:acceptance:ci": "NODE_ENV=ci playwright test --config ./test/acceptance/playwright.config.js", "playwright-codegen": "playwright codegen http://localhost:5000", - "lint": "standard", - "lint:fix": "standard --fix" + "lint": "standard --ignore=src/views/common/smartlook.js", + "lint:fix": "standard --fix --ignore=src/views/common/smartlook.js" }, "engines": { "node": ">=18.0.0 <20.0.0" @@ -73,7 +73,6 @@ "hmpo-form-wizard": "^13.0.0", "hmpo-i18n": "^6.0.1", "js-yaml": "^4.1.0", - "lodash": "^4.17.21", "maplibre-gl": "^4.1.0", "multer": "^1.4.5-lts.1", "notifications-node-client": "^8.2.0", diff --git a/src/serverSetup/nunjucks.js b/src/serverSetup/nunjucks.js index 5a7a20e86..e273dbc84 100644 --- a/src/serverSetup/nunjucks.js +++ b/src/serverSetup/nunjucks.js @@ -25,6 +25,11 @@ export function setupNunjucks ({ app, dataSubjects }) { feedbackLink: config.feedbackLink } + if ('smartlook' in config) { + globalValues.smartlookKey = config.smartlook.key + globalValues.smartlookRegion = config.smartlook.region + } + Object.keys(globalValues).forEach((key) => { nunjucksEnv.addGlobal(key, globalValues[key]) }) diff --git a/src/views/layouts/main.html b/src/views/layouts/main.html index 291d84888..075576020 100644 --- a/src/views/layouts/main.html +++ b/src/views/layouts/main.html @@ -19,6 +19,13 @@ {% block head %} + {% if smartlookKey %} + {% block smartlook %} + + {% endblock %} + {% endif %} {% endblock %} {% block header %} From 07226e1f2c66f48999a1d83aef69e711ca01111e Mon Sep 17 00:00:00 2001 From: Roland Sadowski Date: Fri, 12 Jul 2024 09:30:19 +0100 Subject: [PATCH 08/14] fix tests - add missing config option --- config/test.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/config/test.yaml b/config/test.yaml index 12b980b1c..eaf5428de 100644 --- a/config/test.yaml +++ b/config/test.yaml @@ -1,6 +1,7 @@ asyncRequestApi: { url: http://localhost:8001, - port: 8001 + port: 8001, + requestsEndpoint: 'requests' } aws: { region: eu-west-2, From 52e1b491b54631ab5c9d97c36b02515d5e359830 Mon Sep 17 00:00:00 2001 From: Roland Sadowski Date: Fri, 12 Jul 2024 16:25:23 +0100 Subject: [PATCH 09/14] add smartlook JS code --- src/views/common/smartlook.js | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 src/views/common/smartlook.js diff --git a/src/views/common/smartlook.js b/src/views/common/smartlook.js new file mode 100644 index 000000000..d4cdf752e --- /dev/null +++ b/src/views/common/smartlook.js @@ -0,0 +1,6 @@ +window.smartlook || (function (d) { + var o = smartlook = function () { o.api.push(arguments) }; const h = d.getElementsByTagName('head')[0] + const c = d.createElement('script'); o.api = new Array(); c.async = true; c.type = 'text/javascript' + c.charset = 'utf-8'; c.src = 'https://web-sdk.smartlook.com/recorder.js'; h.appendChild(c) +})(document) +smartlook('init', '{{ smartlookKey }}', { region: '{{ smartlookRegion }}' }) From 836b535368d01bb0390c4f8fac052aac3dce9a0b Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Mon, 15 Jul 2024 08:59:05 +0000 Subject: [PATCH 10/14] Add privacy and cookie content --- src/views/cookies.html | 117 ++++++++++++++++++++++++++++++++++ src/views/privacy-notice.html | 8 +-- 2 files changed, 121 insertions(+), 4 deletions(-) diff --git a/src/views/cookies.html b/src/views/cookies.html index e69de29bb..f221b0fcc 100644 --- a/src/views/cookies.html +++ b/src/views/cookies.html @@ -0,0 +1,117 @@ +{% extends "layouts/main.html" %} + +{% set pageName = 'Accessibility statement for check planning and housing data for England' %} + +{% set markdownContent %} + +# Check planning and housing data for England cookies notice + +The Check planning and housing data for England service puts cookies onto your computer to collect information about how you use the service. This helps us to: + + + +* update and improve the service based on your needs +* remember the notifications you’ve seen so that we do not show them to you again + +We do not collect any personal information that could be used to identify you. Read our [privacy notice](/privacy-notice/) to see what personal information we do collect. + + +## Essential cookies + +Essential cookies are needed for the service to work. We do not need to ask for permission to use them. + + +## How cookies are used on the Check planning and housing data for England service + + +### Our cookie banner (essential) + +When you first visit the Check planning and housing data for England service, you will see a banner asking if you accept cookies. We’ll store a cookie to remember which option you selected. You can always change your mind and change your choice on this page. + +Next time you visit the site, we will remember your preference and not show the banner again. + +To do this, the Check planning and housing data for England service sets the following cookies: + + + + + + + + + + + + + + + + + + + + + +
    NamePurposeExpires
    cookies_preferences_setLets us know you've seen our cookie message1 year
    cookies_policySaves your cookie choices1 year
    + + +### Smartlook cookies (optional) + +We use Smartlook to measure how you use the Check planning and housing data for England service. This helps us to improve the service experience and make sure it’s meeting your needs. No personal data will be stored in the cookies. + +Smartlook sets cookies that store information about: + + + +* which parts of the service you visit +* how long you spend on each part +* what you click on the service + +The cookies do not store any information you add to the service. + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    NamePurposeExpires
    SL_C_23361dd035530_SIDLets us know you’re using the service13 months
    SL_L_23361dd035530_SIDLets us know you’re using the service13 months
    AWSELBMakes Smartlook quicker to load13 months
    SL_C_23361dd035530_DOMAINTemporary cookie to identify our service; it’s removed as soon as our service is detectedAlmost immediately
    SMARTLOOK_LS_QUEUED_CHUNKSSends data to Smartlook in small chunks13 months
    + + +{% endset %} + +{% block content %} + + {{markdownContent | govukMarkdown(headingsStartWith="xl") | safe}} + +{% endblock content %} diff --git a/src/views/privacy-notice.html b/src/views/privacy-notice.html index 5e65c8af0..4edca430a 100644 --- a/src/views/privacy-notice.html +++ b/src/views/privacy-notice.html @@ -9,9 +9,9 @@ ## Who we are -Check planning and housing data for England ([check.planning.data.go.uk](check.planning.data.go.uk)) is provided by the Department for Levelling Up, Housing and Communities (DLUHC). +Check planning and housing data for England ([check.planning.data.go.uk](check.planning.data.go.uk)) is provided by the Ministry of Housing, Communities and Local Government (MHCLG). -DLUHC is the data controller for the service. +MHCLG is the data controller for the service. ## What personal data we collect @@ -109,7 +109,7 @@ If you have any of these requests, get in contact with our Knowledge and Information Access Team. -[Read the DLUHC personal information charter](https://www.gov.uk/government/organisations/department-for-levelling-up-housing-and-communities/about/personal-information-charter). +[Read the MHCLG personal information charter](https://www.gov.uk/government/organisations/ministry-of-housing-communities-local-government/about/personal-information-charter). ## Contact us or make a complaint @@ -123,7 +123,7 @@ Knowledge and Information Access Team \ [dataprotection@levellingup.gov.uk](mailto:dataprotection@levellingup.gov.uk) \ -Department for Levelling Up, Housing and Communities \ +Ministry of Housing, Communities and Local Government \ 2nd floor NW, Fry Building \ 2 Marsham Street \ London \ From 42b9daaad1a2b4c2aa173d7354d11a47172a2cfd Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Mon, 15 Jul 2024 08:59:17 +0000 Subject: [PATCH 11/14] Add routes --- src/routes/cookies.js | 11 +++++++++++ src/routes/privacy.js | 11 +++++++++++ src/serverSetup/routes.js | 4 ++++ 3 files changed, 26 insertions(+) create mode 100644 src/routes/cookies.js create mode 100644 src/routes/privacy.js diff --git a/src/routes/cookies.js b/src/routes/cookies.js new file mode 100644 index 000000000..211399868 --- /dev/null +++ b/src/routes/cookies.js @@ -0,0 +1,11 @@ +import express from 'express' +import nunjucks from 'nunjucks' + +const router = express.Router() + +router.get('/', (req, res) => { + const cookiesPage = nunjucks.render('cookies.html', {}) + res.send(cookiesPage) +}) + +export default router diff --git a/src/routes/privacy.js b/src/routes/privacy.js new file mode 100644 index 000000000..e2f5a44a3 --- /dev/null +++ b/src/routes/privacy.js @@ -0,0 +1,11 @@ +import express from 'express' +import nunjucks from 'nunjucks' + +const router = express.Router() + +router.get('/', (req, res) => { + const privacyPage = nunjucks.render('privacy-notice.html', {}) + res.send(privacyPage) +}) + +export default router diff --git a/src/serverSetup/routes.js b/src/serverSetup/routes.js index b91b97de4..c6de6cd0a 100644 --- a/src/serverSetup/routes.js +++ b/src/serverSetup/routes.js @@ -2,10 +2,14 @@ import formWizard from '../routes/form-wizard/index.js' import accessibility from '../routes/accessibility.js' import polling from '../routes/api.js' import health from '../routes/health.js' +import privacy from '../routes/privacy.js' +import cookies from '../routes/cookies.js' export function setupRoutes (app) { app.use('/', formWizard) app.use('/accessibility', accessibility) app.use('/api', polling) app.use('/health', health) + app.use('/privacy-notice', privacy) + app.use('/cookies', cookies) } From bfc8e3c187d89a5cb1580ff8ebce9358b41aae58 Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Mon, 15 Jul 2024 08:59:29 +0000 Subject: [PATCH 12/14] Update department name and acronym --- src/views/accessibility.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/views/accessibility.html b/src/views/accessibility.html index a2c034a75..8265355eb 100644 --- a/src/views/accessibility.html +++ b/src/views/accessibility.html @@ -8,7 +8,7 @@ This accessibility statement applies to the check planning and housing data for England service (publish.development.digital-land.info). -This service is run by the Department for Levelling Up, Housing and Communities (DLUHC). We want as many people as possible to be able to use this service. For example, that means you should be able to: +This service is run by the Ministry of Housing, Communities and Local Government (MHCLG). We want as many people as possible to be able to use this service. For example, that means you should be able to: - change colours, contrast levels and fonts using browser or device settings - zoom in up to 400% without the text spilling off the screen @@ -40,7 +40,7 @@ ## Technical information about this service's accessibility -The Department for Levelling Up, Housing and Communities (DLUHC) is committed to making this service accessible, in accordance with the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018. +The Ministry of Housing, Communities and Local Government (MHCLG) is committed to making this service accessible, in accordance with the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018. ### Compliance status From 3b05fb68195d18c130a3367219100c65a306c351 Mon Sep 17 00:00:00 2001 From: stevenjmesser Date: Mon, 15 Jul 2024 09:27:26 +0000 Subject: [PATCH 13/14] Add opt out --- src/views/cookies.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/views/cookies.html b/src/views/cookies.html index f221b0fcc..fce09ec25 100644 --- a/src/views/cookies.html +++ b/src/views/cookies.html @@ -107,6 +107,8 @@ +You can [opt out](https://help.smartlook.com/docs/opt-out-of-smartlook) of Smartlook. + {% endset %} From 49855d1f5d3a0219dbbe45b13bb2e2ca5de65816 Mon Sep 17 00:00:00 2001 From: George Goodall Date: Mon, 15 Jul 2024 11:10:56 +0100 Subject: [PATCH 14/14] move ignore out of call and into config --- package.json | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index b1a49bdf2..6df70f73e 100644 --- a/package.json +++ b/package.json @@ -27,8 +27,8 @@ "test:acceptance": "NODE_ENV=development playwright test --config ./test/acceptance/playwright.config.js", "test:acceptance:ci": "NODE_ENV=ci playwright test --config ./test/acceptance/playwright.config.js", "playwright-codegen": "playwright codegen http://localhost:5000", - "lint": "standard --ignore=src/views/common/smartlook.js", - "lint:fix": "standard --fix --ignore=src/views/common/smartlook.js" + "lint": "standard", + "lint:fix": "standard --fix" }, "engines": { "node": ">=18.0.0 <20.0.0" @@ -93,7 +93,8 @@ }, "standard": { "ignore": [ - "performance-test/" + "performance-test/", + "src/views/common/smartlook.js" ] } }