{"id":"1954bdb4-47b2-43cb-89c4-8482541d9f44","shortId":"9ct6CV","kind":"skill","title":"gdpr-privacy-notice-eu-oliver-schmidt-prietz","tagline":"Draft GDPR/DSGVO-compliant privacy notices as .docx for any EU/EEA jurisdiction and audience. Use when user asks to create a privacy policy/notice, mentions \"Datenschutzerklärung\", \"politique de confidentialité\", \"privacy notice\", needs Art. 13/14 disclosures, AI Act transparency","description":"# Pan-EU GDPR Privacy Notice Generator\n\nGenerate jurisdiction-aware, GDPR-compliant privacy notices as professional .docx documents.\n\n## Workflow Overview\n\n```\n1. SCOPE    → Notice type, jurisdiction(s), template choice\n2. INTAKE   → Type-driven collection: controller info, data inventory, legal bases\n3. DRAFT    → Generate notice from template + type profile + collected info\n4. VERIFY   → Art. 13/14 compliance check + type-specific checks + AI Act check\n5. DELIVER  → .docx output via docx skill\n```\n\n## Step 1: Scope, Notice Type & Template Selection\n\n### Determine Notice Type (FIRST QUESTION)\n\nBefore anything else, determine what type of privacy notice is needed. Load `references/NOTICE_TYPES.md` and ask:\n\n> \"What type of privacy notice do you need?\"\n\n| Type | Description |\n|---|---|\n| **Website / App** | For visitors, users, subscribers of a website, web app, or mobile app |\n| **Applicant / Recruiting** | For job applicants and candidates (Bewerber, candidats) |\n| **Employee** | For employees, contractors, interns (Beschäftigte, salariés) |\n| **Business Partner (B2B)** | For contact persons at vendors, suppliers, clients, partners |\n| **B2C Customer** | For end consumers in a customer/purchase relationship |\n| **Combined** | Multiple audiences in one or several linked notices |\n\nThe selected type determines:\n- Which sections to include/skip in the final document\n- Which data categories to probe during intake\n- Which legal bases are most likely\n- Which type-specific intake questions to ask\n- Which retention defaults apply\n\nRefer to `references/NOTICE_TYPES.md` for the full **section map**, **data profile**, **legal bases**, **intake questions**, and **retention defaults** for each type.\n\n### Determine Jurisdiction\n\nAsk which countries/markets the service targets. Load the appropriate reference:\n\n| Target Market | Reference File |\n|---|---|\n| Germany / DACH | `references/DE.md` |\n| France | `references/FR.md` |\n| Other EU (AT, IT, ES, NL, BE, IE, UK) | `references/OTHER_EU.md` |\n| Always load | `references/EU_COMMON.md` |\n\nFor multi-jurisdiction services, load all relevant files and note where requirements differ (e.g., children's age thresholds, DPO thresholds, retention rules).\n\n### Template Selection\n\nAsk the user:\n\n> \"I will draft the privacy notice as a professional .docx document. Do you have an existing template or privacy notice I should use as a base? If not, I will use one of our pre-built templates.\"\n\n| Option | Action |\n|---|---|\n| User provides template | Use their .docx as base — preserve structure, wording, and formatting; only fill/adapt |\n| No user template | Generate from `references/templates.md` using the docx skill |\n\n`references/templates.md` includes: 13-section structure, Art. 21 objection box (visually highlighted), purposes/retention table, cookie table, AI/automated decision-making section, children's data section, proper header/footer with page numbers, A4 formatting, TOC, and full translations for DE, FR, and EN. Select the language matching the target jurisdiction.\n\n**If user provides a template**: faithfully preserve its structure and validated wording. Only replace placeholders and adapt to the specific case. Do NOT rewrite validated legal language.\n\n### Multi-Language Decision Tree\n\nIf the service targets multiple jurisdictions or language groups, determine the language approach:\n\n| Scenario | Approach |\n|---|---|\n| **Single market, single language** | One notice in the market's language (e.g., DE only → German) |\n| **Single market, international workforce/users** | Primary language + English version. State which version governs in case of conflict. |\n| **Two markets, two languages** | Option A: Two separate notices (one per language), each self-contained. Option B: Bilingual notice with clear visual separation (e.g., side-by-side columns or sequential sections). |\n| **Pan-EU / many markets** | English as primary + translations for key markets. Each translation should be a standalone notice, not a partial translation. |\n| **Swiss company (nDSG + GDPR)** | Address both the Swiss nFADP (new Federal Act on Data Protection) and GDPR. Typical approach: single notice referencing both regimes, in at least German + French (+ Italian if applicable). Note: nFADP has no consent requirement for general processing but requires information duties similar to Art. 13/14 GDPR. |\n\n**Template handling for bilingual documents**:\n- Use the primary-language template as the structural base\n- Ensure both language versions contain all mandatory disclosures (a translation gap = a compliance gap)\n- Mark the governing language version explicitly (e.g., \"In case of discrepancies, the [German/French] version shall prevail.\")\n\n**Multi-language verification checklist** (add to Step 4 if applicable):\n- [ ] All mandatory Art. 13/14 disclosures present in each language version\n- [ ] Governing version clearly identified\n- [ ] Legal terminology correctly translated (not machine-translated without review)\n- [ ] Supervisory authority information correct for each jurisdiction\n- [ ] Jurisdiction-specific requirements addressed in the relevant language version\n\n### Platform Sub-Type (Website/App type only)\n\nIf the notice type is **Website / App**, further classify the platform to anticipate data categories. See `references/NOTICE_TYPES.md` → \"Website / App\" → \"Sub-Types & Data Profiles\" for details.\n\n| Sub-Type | Typical Additional Data |\n|---|---|\n| Brochure/corporate site | Contact forms, analytics, cookies only |\n| E-commerce | Account, payment, order history, shipping, returns |\n| SaaS / Web app | Account, usage data, feature logs, API keys, collaboration data |\n| Mobile app | Device ID, push tokens, permissions (camera, location, contacts), app usage |\n| Marketplace | Dual roles (buyers/sellers), ratings, messaging, payment escrow |\n| Platform with AI features | Training data, AI inputs/outputs, model decisions, profiling |\n\n## Step 2: Information Intake\n\nCollect ALL information before drafting. Use the **type profile** from `references/NOTICE_TYPES.md` to guide the intake — each type pre-defines likely data categories, legal bases, and type-specific questions.\n\nAsk in logical groups, not all at once. Start with Group A (always), then use the type profile to determine which categories to probe and which type-specific questions to ask.\n\n### Group A — Controller Identity\n- Company name, legal form, registration number\n- Registered address\n- Legal representative (name + title)\n- Contact email + phone\n- DPO appointed? → Contact details (use functional email)\n\n### Group B — Data Inventory\nFor each collection point (forms, account creation, purchase, cookies, app usage):\n- What data is collected?\n- Is it mandatory or optional?\n- What is the source (direct from user, third party, automated)?\n\nCategories to probe:\n- **Identity**: name, email, phone, address, date of birth, photo\n- **Account**: credentials, preferences, settings, activity history\n- **Technical**: IP, device ID, browser fingerprint, logs\n- **Browsing**: pages visited, clicks, session duration, referrer\n- **Transaction**: orders, payment method (via provider), invoices\n- **Communication**: messages, support tickets, comments\n- **Special categories** (Art. 9): health, biometric, political, religious, sexual orientation, ethnic origin, trade union, genetic — **If any Art. 9 data is identified**: consult `EU_COMMON.md` → \"Special Category Data (Art. 9)\" for the full intake protocol. Determine the Art. 9(2) exception for each category, confirm the dual legal basis (Art. 6 + Art. 9(2)), and document additional safeguards. Common triggers by notice type: Employee (church tax, disability, sick leave, union dues), Applicant (disability, health, religion), B2C (health data for pharmacy/insurance/fitness).\n- **AI-related**: inputs to AI systems, AI-generated outputs, automated scores/decisions\n\n### Group C — Purposes & Legal Bases\nFor each processing activity, determine the legal basis. Reference `EU_COMMON.md` for guidance.\n\nPresent as a table for the user to confirm:\n\n| Purpose | Legal Basis | Data Categories |\n|---|---|---|\n| Service provision / contract execution | Art. 6(1)(b) | [to fill] |\n| Account management | Art. 6(1)(b) | [to fill] |\n| Legal/tax compliance | Art. 6(1)(c) — [specific law] | [to fill] |\n| Analytics | Art. 6(1)(f) or consent | [to fill] |\n| Marketing / newsletter | Art. 6(1)(a) consent | [to fill] |\n| AI-based processing | [determine per use case] | [to fill] |\n\n### Group D — Recipients & Transfers\n- Hosting provider + location\n- Payment processor\n- Analytics tools\n- Email/marketing tools\n- CRM / support tools\n- AI/ML service providers (e.g., OpenAI, Google AI, Anthropic)\n- Any other processors\n- Transfers outside EU/EEA → which countries, which mechanism (adequacy, SCCs, DPF, BCRs)\n\n**DPA / Art. 28 Cross-Reference** — For each processor identified:\n- Verify a Data Processing Agreement (Art. 28 GDPR) is in place. If not, flag as a **compliance gap** requiring remediation before the notice is finalized.\n- **What to disclose in the notice**: processor name (or category), purpose, location, transfer mechanism. Do NOT include DPA terms, sub-processor lists, or TOMs in the privacy notice — these belong in the Art. 28 agreement.\n- **What NOT to disclose**: specific technical/organizational measures (Art. 32), sub-processor chains, pricing, SLA details.\n- If the user confirms no DPA exists for a processor: note this in the summary and recommend immediate remediation. The privacy notice should still name the processor/category but add a note that the controller is in the process of formalizing the agreement.\n- Joint controllership (Art. 26): if applicable, the arrangement's essence must be disclosed in the notice, including respective responsibilities and the contact point for data subjects.\n\n### Group E — Cookies & Tracking\n- Cookie categories used (essential, analytics, marketing, social)\n- Specific tools (Google Analytics, Meta Pixel, Matomo, HubSpot, etc.)\n- CMP solution (Usercentrics, Cookiebot, Axeptio, Didomi, Borlabs, etc.)\n- Server-side tracking? Fingerprinting?\n- Cookie lifespans\n\n### Group F — AI & Automated Processing\nIf the service uses AI/ML:\n- What AI systems are used and for what purpose?\n- Are decisions solely automated or human-in-the-loop?\n- Do decisions produce legal or similarly significant effects (Art. 22)?\n- Is user data used for model training?\n- AI Act classification: prohibited / high-risk / limited-risk / minimal-risk?\n\n### Group G — DPIA Indicators (Art. 35 GDPR)\n\nCheck whether a Data Protection Impact Assessment may be required. If **2 or more** of the following indicators apply, inform the user and recommend a DPIA as a separate deliverable:\n\n1. **Systematic evaluation/scoring** of individuals (profiling, credit scoring, performance reviews)\n2. **Automated decision-making** with legal or similarly significant effects (Art. 22)\n3. **Systematic monitoring** of a publicly accessible area (CCTV, Wi-Fi tracking)\n4. **Special category data** or criminal offence data processed at scale (Art. 9/10)\n5. **Large-scale processing** of personal data (high volume, broad geographic scope, many data subjects)\n6. **Matching or combining datasets** from different sources in ways data subjects would not reasonably expect\n7. **Vulnerable data subjects** (employees, children, patients, elderly)\n8. **Innovative use of technology** (biometrics, AI/ML, IoT, blockchain for personal data)\n\n**If 2+ indicators are flagged**:\n- Inform the user: \"Based on the processing activities described, a Data Protection Impact Assessment (DPIA) under Art. 35 GDPR appears to be required.\"\n- Explain the notice implications: the privacy notice should reference that a DPIA has been conducted (without disclosing the DPIA content itself)\n- Recommend: \"A DPIA is a separate compliance exercise and should be conducted before the processing begins. This privacy notice skill can draft the notice, but the DPIA should be prepared as a standalone document.\"\n- Check national mandatory DPIA lists (DE: DSK-Liste; FR: CNIL list of processing operations requiring DPIA)\n\n### Summary Before Drafting\n\nAfter collection, produce a structured summary for user confirmation:\n\n```\nNOTICE TYPE: [Website / Applicant / Employee / B2B / B2C / Combined]\nCONTROLLER: [Name, form, address]\nJURISDICTION(S): [Countries]\nPLATFORM: [Type / Sub-type if website]\nDPO: [Yes/No + contact]\nDATA CATEGORIES: [List by collection point]\nPURPOSES + BASES: [Table]\nPROCESSORS: [List with locations]\nTRANSFERS: [Countries + mechanisms]\nCOOKIES: [Categories + tools + CMP — if applicable per type]\nAI PROCESSING: [Yes/No + details]\nRETENTION: [Key periods — cross-check with type defaults]\nSPECIFICS: [Anything unusual]\nSECTIONS TO INCLUDE: [Based on type section map]\nSECTIONS TO SKIP: [Based on type section map]\n```\n\nConfirm with user before proceeding to draft.\n\n## Step 3: Draft the Notice\n\n### Section Selection by Type\n\nUse the **section map** from `references/NOTICE_TYPES.md` for the selected notice type. Only include sections marked ✅ or ⚠️ (if applicable). Skip sections marked ❌. This avoids irrelevant content (e.g., cookie tables in an applicant notice).\n\nFor **combined notices** covering multiple audiences, see `references/NOTICE_TYPES.md` → \"Combined Notices\" for structural options (single comprehensive, separate, or layered).\n\n### Standard Structure (full — adapt per type)\n\n```\nPRIVACY NOTICE / DATENSCHUTZERKLÄRUNG / POLITIQUE DE CONFIDENTIALITÉ\n[Company Name]\nLast updated: [DATE]\n\n1. WHO WE ARE (Controller identity + DPO)\n2. WHAT DATA WE COLLECT (by category, with source + mandatory/optional)\n3. WHY WE PROCESS YOUR DATA (purposes + legal bases table, incl. retention per purpose)\n4. WHO RECEIVES YOUR DATA (recipients + processors)\n5. INTERNATIONAL TRANSFERS (countries + safeguards)\n6. HOW LONG WE KEEP YOUR DATA (retention table — can be merged with section 3)\n7. YOUR RIGHTS (all applicable rights + exercise procedure)\n8. COOKIES & TRACKING (categories + management + CMP reference)\n9. AI & AUTOMATED DECISIONS (if applicable — Art. 22 + AI Act)\n10. DATA SECURITY (general measures, no sensitive technical details)\n11. CHILDREN'S DATA (if applicable — age threshold + mechanism)\n12. CHANGES TO THIS NOTICE (notification method)\n13. CONTACT (email + postal + form link)\n```\n\n### Drafting Rules\n\n- **Language**: Write in the jurisdiction's language. For multi-jurisdiction, primary language first with clear indication of governing version.\n- **Tone**: Address the reader as \"you\"/\"Sie\"/\"vous\". Clear, accessible language — understandable by non-lawyers.\n- **Art. 21 Right to Object**: Must be presented **prominently and separately** from other rights (GDPR Art. 21(4)). In German notices, a separate \"WIDERSPRUCHSRECHT\" section is standard practice.\n- **Legal bases**: Cite article numbers precisely (e.g., \"Art. 6(1)(f) DSGVO\" not just \"legitimate interest\").\n- **Retention periods**: Use specific durations with legal justification, not vague language.\n- **AI disclosure**: If AI is used, include a dedicated section even if Art. 22 doesn't strictly apply — the AI Act requires transparency.\n- **Tables**: Use tables for purposes/bases/retention and for cookie categories. They improve readability.\n- **No internal references**: The final document must not contain references to this skill, CNIL guides, or other drafting aids.\n\n## Step 4: Compliance Verification\n\nBefore delivery, perform a structured final check in this order:\n\n**1. Re-read the jurisdiction reference(s)** loaded in Step 1 (DE.md, FR.md, OTHER_EU.md). Cross-check:\n- Supervisory authority name, address, and URL are correct for the controller's registered seat\n- Retention periods match jurisdiction-specific legal citations (not just generic defaults)\n- Standard wording blocks (Art. 21 objection, complaint right, controller intro) use the jurisdiction's validated language from the reference file\n- Any jurisdiction-specific requirements not yet addressed (e.g., § 26 BDSG for DE employee/applicant, Art. L.34-5 CPCE for FR marketing)\n\n**2. Verify Art. 13/14 mandatory disclosures** against `EU_COMMON.md` → \"Mandatory Disclosures Checklist\". Every item must be present or explicitly not applicable with reason.\n\n**3. Additional checks:**\n\n- [ ] Art. 21 right to object presented separately and prominently\n- [ ] Correct supervisory authority named (check jurisdiction reference)\n- [ ] DPO contact included if DPO appointed\n- [ ] Cookie section matches actual cookie usage (if included per type)\n- [ ] Retention periods are specific (not \"as long as necessary\" without criteria)\n- [ ] Transfer mechanisms match actual processor locations\n- [ ] AI/automated decision-making addressed if applicable\n- [ ] Children's data addressed if service accessible to minors\n- [ ] Special category data (Art. 9): dual legal basis disclosed (Art. 6 + Art. 9(2)), specific exception identified, additional safeguards mentioned\n- [ ] Language matches target jurisdiction\n- [ ] No placeholder text remaining ([...], ___, TODO)\n- [ ] Update date present\n- [ ] Sections match the type's section map (no irrelevant sections, no missing required sections)\n\n**4. Type-specific checks** (from `references/NOTICE_TYPES.md`):\n\n**Applicant**: § 26 BDSG referenced (DE)? Talent pool consent separate? Retention ≤ 6 months post-rejection unless consent? Art. 14 used if data from recruiters?\n\n**Employee**: § 26 BDSG as primary basis (DE)? Works council mentioned if relevant? IT monitoring disclosed? Complex retention chain complete?\n\n**B2B**: Art. 14 disclosure if data not from data subject directly? Source of data disclosed? Contact person vs. contracting entity distinction clear?\n\n**B2C Customer**: Soft opt-in conditions met (DE: § 7(3) UWG)? Payment processor disclosed? Loyalty program terms clear? Profiling disclosed if applicable?\n\n**5. AI Act compliance** (if AI features present):\n- [ ] Users informed they interact with AI (Art. 50 AI Act)\n- [ ] AI-generated content disclosed where applicable\n- [ ] High-risk AI: transparency obligations met\n- [ ] Link between Art. 22 GDPR rights and AI system disclosed\n\n## Step 5: Deliver as .docx\n\nGenerate the final document using the docx generation skill (`/mnt/skills/public/docx/SKILL.md` in Claude.ai Projects, or the `docx-processing-anthropic` skill in Claude Code). If no docx skill is available, generate well-formatted Markdown as fallback.\n\n### Document Formatting Standards\n\n- **Page size**: A4 (standard for EU documents)\n- **Font**: Arial or Calibri, 11pt body, headings proportionally larger\n- **Margins**: 2.5 cm all sides (EU standard) = 1417 DXA\n- **Structure**: Numbered headings (1., 2., 3...), table of contents for documents > 3 pages\n- **Tables**: Light borders, header row shaded, readable cell padding\n- **Header**: Company name or \"Privacy Notice\"\n- **Footer**: Page numbers, \"Last updated: [DATE]\"\n\nRead the docx skill instructions before generating the file. Use `docx-js` for new documents. Follow all critical rules from the docx skill (DXA widths, LevelFormat.BULLET for lists, ShadingType.CLEAR for tables, etc.).\n\n### Delivery\n\nPresent the .docx file with:\n1. Brief confirmation of what was included\n2. Any open questions or assumptions made\n3. Recommendation for legal review before publication\n\n> **IMPORTANT**: Always recommend that the user has the notice reviewed by qualified legal counsel before publication. This tool assists in drafting — it does not replace legal advice.\n\n### Post-Generation Checklist & Approval Workflow\n\nPresent the following checklist to the user to guide their internal review and publication process:\n\n**Legal Review**:\n- [ ] Privacy notice reviewed by qualified data protection counsel / DPO\n- [ ] All legal bases confirmed as appropriate for the specific processing activities\n- [ ] Retention periods verified against current legal requirements\n- [ ] Transfer mechanisms confirmed as valid and up-to-date (especially DPF certifications, SCC versions)\n- [ ] Art. 9 special category processing: dual legal basis and safeguards reviewed\n\n**Technical Review**:\n- [ ] All processors and tools listed are actually in use (no outdated entries)\n- [ ] Cookie table matches actual cookies set by the website (audit with browser dev tools)\n- [ ] Data flows match the technical architecture (verify with IT/engineering)\n- [ ] Contact details (email, postal, DPO) are correct and monitored\n\n**Translation QA** (if multi-language):\n- [ ] Each language version reviewed by a native speaker with legal expertise\n- [ ] Legal terminology verified (not raw machine translation)\n- [ ] All versions contain identical substantive content\n- [ ] Governing version clearly marked\n\n**Publication Requirements**:\n- [ ] Notice accessible within 2 clicks from any page (DE: BGH requirement)\n- [ ] Linked in website footer / app settings / onboarding flow as appropriate\n- [ ] Previous version archived with effective date (for audit trail)\n- [ ] Cookie banner / CMP updated to reference the current privacy notice\n- [ ] Employees / applicants notified of updated notice (if applicable)\n\n**Ongoing Review Triggers** — Recommend the user reviews the notice when:\n- New processors or tools are introduced\n- New processing purposes are added\n- Legal framework changes (new adequacy decisions, court rulings, regulatory guidance)\n- Company undergoes a merger, acquisition, or restructuring\n- A data breach occurs that reveals undisclosed processing\n- At minimum: annual review\n\n## Cross-References\n\n- **Breach response**: If the user also needs breach notification procedures, reference the `breach-sentinel` skill\n- **DPIA**: If processing is likely high-risk, recommend a Data Protection Impact Assessment (Art. 35 GDPR) as a separate exercise\n- **Cookie policy**: Can be integrated in the privacy notice or a separate document — ask the user's preference\n\n## Writing Style Guide\n\n| Do | Avoid |\n|---|---|\n| \"you\" / \"your data\" / \"Sie\" / \"Ihre Daten\" | \"the user\" / \"the data subject\" / \"der Betroffene\" |\n| Short, clear sentences | Dense legal paragraphs |\n| Specific examples for complex processing | Vague language (\"various data\", \"diverse Daten\") |\n| Tables for structured information | Walls of text for purposes/retention |\n| Precise article references | Generic \"in accordance with applicable law\" |\n| Active voice | Passive constructions where avoidable |\n| Plain language with legal precision | Either pure legalese or oversimplified language |","tags":["gdpr","privacy","notice","oliver","schmidt","prietz","awesome","legal","skills","lawvable","agent-skills","automation"],"capabilities":["skill","source-lawvable","skill-gdpr-privacy-notice-eu-oliver-schmidt-prietz","topic-agent-skills","topic-automation","topic-law","topic-legal-work","topic-workflows"],"categories":["awesome-legal-skills"],"synonyms":[],"warnings":[],"endpointUrl":"https://skills.sh/lawvable/awesome-legal-skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz","protocol":"skill","transport":"skills-sh","auth":{"type":"none","details":{"cli":"npx skills add lawvable/awesome-legal-skills","source_repo":"https://github.com/lawvable/awesome-legal-skills","install_from":"skills.sh"}},"qualityScore":"0.605","qualityRationale":"deterministic score 0.60 from registry signals: · indexed on github topic:agent-skills · 310 github stars · SKILL.md body (22,461 chars)","verified":false,"liveness":"unknown","lastLivenessCheck":null,"agentReviews":{"count":0,"score_avg":null,"cost_usd_avg":null,"success_rate":null,"latency_p50_ms":null,"narrative_summary":null,"summary_updated_at":null},"enrichmentModel":"deterministic:skill-github:v1","enrichmentVersion":1,"enrichedAt":"2026-05-02T18:53:55.078Z","embedding":null,"createdAt":"2026-04-18T22:04:25.429Z","updatedAt":"2026-05-02T18:53:55.078Z","lastSeenAt":"2026-05-02T18:53:55.078Z","tsv":"'/mnt/skills/public/docx/skill.md':2518 '1':66,117,1121,1129,1137,1146,1156,1495,1872,2061,2147,2158,2576,2646 '10':1955 '11':1964 '11pt':2559 '12':1973 '13':398,1980 '13/14':39,99,625,686,2234 '14':2392,2419 '1417':2571 '2':74,823,1030,1044,1476,1505,1597,1879,2231,2334,2577,2653,2855 '2.5':2565 '21':402,2025,2040,2195,2257 '22':1437,1517,1952,2092,2497 '26':1341,2220,2375,2399 '28':1211,1225,1278 '3':86,1518,1797,1889,1929,2253,2449,2578,2584,2660 '32':1288 '35':1463,1618,2984 '4':96,680,1531,1903,2041,2134,2367 '5':109,1544,1910,2462,2505 '50':2477 '6':1041,1120,1128,1136,1145,1155,1560,1915,2060,2331,2384 '7':1576,1930,2448 '8':1584,1938 '9':995,1010,1020,1029,1043,1945,2325,2333,2760 '9/10':1543 'a4':425,2550 'access':1524,2017,2318,2853 'accord':3057 'account':773,782,923,960,1125 'acquisit':2935 'act':42,107,588,1446,1954,2099,2464,2479 'action':370 'activ':964,1092,1608,2736,3061 'actual':2281,2302,2778,2787 'ad':2920 'adapt':459,1858 'add':677,1324 'addit':761,1047,2254,2338 'address':581,718,899,955,1719,2009,2168,2218,2309,2315 'adequaci':1205,2925 'advic':2693 'age':320,1970 'agreement':1223,1279,1337 'ai':41,106,813,817,1072,1076,1079,1162,1193,1401,1410,1445,1757,1946,1953,2079,2082,2098,2463,2467,2475,2478,2481,2490,2501 'ai-bas':1161 'ai-gener':1078,2480 'ai-rel':1071 'ai/automated':411,2305 'ai/ml':1187,1408,1590 'aid':2132 'also':2958 'alway':300,868,2668 'analyt':767,1143,1180,1372,1378 'annual':2948 'anthrop':1194,2527 'anticip':743 'anyth':129,1771 'api':787 'app':154,163,166,737,749,781,792,801,927,2867 'appear':1620 'appli':248,1483,2096 'applic':167,171,608,682,1062,1343,1711,1754,1822,1835,1934,1950,1969,2250,2311,2374,2461,2486,2893,2899,3059 'appoint':908,2277 'approach':487,489,595 'appropri':279,2731,2872 'approv':2698 'architectur':2803 'archiv':2875 'area':1525 'arial':2556 'arrang':1345 'art':38,98,401,624,685,994,1009,1019,1028,1040,1042,1119,1127,1135,1144,1154,1210,1224,1277,1287,1340,1436,1462,1516,1542,1617,1951,2024,2039,2059,2091,2194,2225,2233,2256,2324,2330,2332,2391,2418,2476,2496,2759,2983 'articl':2055,3053 'ask':24,142,244,271,328,856,887,3003 'assess':1471,1614,2982 'assist':2685 'assumpt':2658 'audienc':20,205,1842 'audit':2793,2880 'author':708,2166,2267 'autom':947,1082,1402,1421,1506,1947 'avail':2537 'avoid':1827,3012,3066 'awar':54 'axeptio':1388 'b':538,915,1122,1130 'b2b':185,1713,2417 'b2c':194,1066,1714,2439 'banner':2883 'base':85,233,260,356,378,641,850,1088,1163,1604,1740,1776,1784,1897,2053,2728 'basi':1039,1096,1112,2328,2403,2766 'bcrs':1208 'bdsg':2221,2376,2400 'begin':1660 'belong':1274 'beschäftigt':181 'betroffen':3025 'bewerb':174 'bgh':2861 'bilingu':539,630 'biometr':997,1589 'birth':958 'block':2193 'blockchain':1592 'bodi':2560 'border':2588 'borlab':1390 'box':404 'breach':2940,2953,2960,2966 'breach-sentinel':2965 'brief':2647 'broad':1554 'brochure/corporate':763 'brows':973 'browser':970,2795 'built':367 'busi':183 'buyers/sellers':806 'c':1085,1138 'calibri':2558 'camera':798 'candid':173 'candidat':175 'case':463,518,664,1168 'categori':226,745,848,877,948,993,1017,1034,1114,1253,1369,1533,1734,1750,1885,1941,2110,2322,2762 'cctv':1526 'cell':2593 'certif':2756 'chain':1292,2415 'chang':1974,2923 'check':101,105,108,1465,1679,1766,2143,2164,2255,2269,2371 'checklist':676,2241,2697,2703 'children':318,416,1581,1965,2312 'choic':73 'church':1055 'citat':2186 'cite':2054 'classif':1447 'classifi':739 'claud':2530 'claude.ai':2520 'clear':542,695,2003,2016,2438,2457,2848,3027 'click':976,2856 'client':192 'cm':2566 'cmp':1384,1752,1943,2884 'cnil':1689,2127 'code':2531 'collabor':789 'collect':79,94,826,920,932,1700,1737,1883 'column':550 'combin':203,1563,1715,1838,1845 'comment':991 'commerc':772 'common':1049 'communic':987 'compani':578,892,1867,2596,2931 'complaint':2197 'complet':2416 'complex':2413,3035 'complianc':100,654,1134,1235,1651,2135,2465 'compliant':57 'comprehens':1851 'condit':2445 'conduct':1638,1656 'confidentialité':34,1866 'confirm':1035,1109,1299,1707,1789,2648,2729,2746 'conflict':520 'consent':613,1149,1158,2381,2390 'construct':3064 'consult':1014 'consum':198 'contact':187,765,800,904,909,1359,1732,1981,2273,2432,2807 'contain':536,646,2122,2842 'content':1643,1829,2483,2581,2845 'contract':1117,2435 'contractor':179 'control':80,890,1329,1716,1876,2175,2199 'controllership':1339 'cooki':409,768,926,1366,1368,1397,1749,1831,1939,2109,2278,2282,2784,2788,2882,2990 'cookiebot':1387 'correct':699,710,2172,2265,2813 'council':2406 'counsel':2680,2724 'countri':1202,1722,1747,1913 'countries/markets':273 'court':2927 'cover':1840 'cpce':2227 'creat':26 'creation':924 'credenti':961 'credit':1501 'crimin':1536 'criteria':2298 'critic':2625 'crm':1184 'cross':1213,1765,2163,2951 'cross-check':1764,2162 'cross-refer':1212,2950 'current':2741,2889 'custom':195,2440 'customer/purchase':201 'd':1172 'dach':286 'data':82,225,257,418,590,744,753,762,784,790,816,847,916,930,1011,1018,1068,1113,1221,1362,1440,1468,1534,1538,1551,1558,1570,1578,1595,1611,1733,1881,1894,1907,1921,1956,1967,2314,2323,2395,2422,2425,2430,2722,2798,2939,2979,3015,3022,3040 'dataset':1564 'date':956,1871,2351,2606,2753,2878 'daten':3018,3042 'datenschutzerklärung':31,1863 'de':33,432,502,1684,1865,2223,2378,2404,2447,2860 'de.md':2159 'decis':413,473,820,1419,1429,1508,1948,2307,2926 'decision-mak':412,1507,2306 'dedic':2087 'default':247,265,1769,2190 'defin':845 'deliv':110,2506 'deliver':1494 'deliveri':2138,2640 'dens':3029 'der':3024 'describ':1609 'descript':152 'detail':756,910,1295,1760,1963,2808 'determin':123,131,215,269,484,875,1026,1093,1165 'dev':2796 'devic':793,968 'didomi':1389 'differ':316,1566 'direct':942,2427 'disabl':1057,1063 'disclos':1246,1283,1350,1640,2329,2412,2431,2453,2459,2484,2503 'disclosur':40,649,687,2080,2236,2240,2420 'discrep':666 'distinct':2437 'divers':3041 'document':63,223,341,631,1046,1678,2119,2512,2545,2554,2583,2622,3002 'docx':14,62,111,114,340,376,394,2508,2515,2525,2534,2609,2618,2629,2643 'docx-j':2617 'docx-processing-anthrop':2524 'doesn':2093 'dpa':1209,1261,1301 'dpf':1207,2755 'dpia':1460,1490,1615,1635,1642,1647,1671,1682,1695,2969 'dpo':322,907,1730,1878,2272,2276,2725,2811 'draft':9,87,333,830,1666,1698,1795,1798,1986,2131,2687 'driven':78 'dsgvo':2063 'dsk':1686 'dsk-list':1685 'dual':804,1037,2326,2764 'due':1061 'durat':978,2072 'duti':621 'dxa':2572,2631 'e':771,1365 'e-commerc':770 'e.g':317,501,545,662,1190,1830,2058,2219 'effect':1435,1515,2877 'either':3072 'elder':1583 'els':130 'email':905,913,953,1982,2809 'email/marketing':1182 'employe':176,178,1054,1580,1712,2398,2892 'employee/applicant':2224 'en':435 'end':197 'english':511,559 'ensur':642 'entiti':2436 'entri':2783 'es':294 'escrow':810 'especi':2754 'essenc':1347 'essenti':1371 'etc':1383,1391,2639 'ethnic':1002 'eu':5,46,291,556,2553,2569 'eu/eea':17,1200 'eu_common.md':1015,1098,2238 'evaluation/scoring':1497 'even':2089 'everi':2242 'exampl':3033 'except':1031,2336 'execut':1118 'exercis':1652,1936,2989 'exist':346,1302 'expect':1575 'expertis':2832 'explain':1624 'explicit':661,2248 'f':1147,1400,2062 'faith':448 'fallback':2544 'featur':785,814,2468 'feder':587 'fi':1529 'file':284,311,2210,2615,2644 'fill':1124,1132,1142,1151,1160,1170 'fill/adapt':385 'final':222,1243,2118,2142,2511 'fingerprint':971,1396 'first':126,2001 'flag':1232,1600 'flow':2799,2870 'follow':1481,2623,2702 'font':2555 'footer':2601,2866 'form':766,895,922,1718,1984 'formal':1335 'format':383,426,2541,2546 'fr':433,1688,2229 'fr.md':2160 'framework':2922 'franc':288 'french':605 'full':254,429,1023,1857 'function':912 'g':1459 'gap':652,655,1236 'gdpr':2,47,56,580,593,626,1226,1464,1619,2038,2498,2985 'gdpr-compliant':55 'gdpr-privacy-notice-eu-oliver-schmidt-prietz':1 'gdpr/dsgvo-compliant':10 'general':616,1958 'generat':50,51,88,389,1080,2482,2509,2516,2538,2613,2696 'generic':2189,3055 'genet':1006 'geograph':1555 'german':504,604,2043 'german/french':668 'germani':285 'googl':1192,1377 'govern':516,658,693,2006,2846 'group':483,859,866,888,914,1084,1171,1364,1399,1458 'guid':838,2128,2708,3010 'guidanc':1100,2930 'handl':628 'head':2561,2575 'header':2589,2595 'header/footer':421 'health':996,1064,1067 'high':1450,1552,2488,2975 'high-risk':1449,2487,2974 'highlight':406 'histori':776,965 'host':1175 'hubspot':1382 'human':1424 'human-in-the-loop':1423 'id':794,969 'ident':891,951,1877,2843 'identifi':696,1013,1218,2337 'ie':297 'ihr':3017 'immedi':1313 'impact':1470,1613,2981 'implic':1627 'import':2667 'improv':2112 'incl':1899 'includ':397,1260,1354,1775,1817,2085,2274,2285,2652 'include/skip':219 'indic':1461,1482,1598,2004 'individu':1499 'info':81,95 'inform':620,709,824,828,1484,1601,2471,3046 'innov':1585 'input':1074 'inputs/outputs':818 'instruct':2611 'intak':75,230,241,261,825,840,1024 'integr':2994 'interact':2473 'interest':2067 'intern':180,507,1911,2115,2710 'intro':2200 'introduc':2915 'inventori':83,917 'invoic':986 'iot':1591 'ip':967 'irrelev':1828,2361 'it/engineering':2806 'italian':606 'item':2243 'job':170 'joint':1338 'js':2619 'jurisdict':18,53,70,270,306,442,480,713,715,1720,1992,1998,2152,2183,2203,2213,2270,2344 'jurisdiction-awar':52 'jurisdiction-specif':714,2182,2212 'justif':2075 'keep':1919 'key':564,788,1762 'l.34-5':2226 'languag':438,469,472,482,486,493,500,510,524,532,636,644,659,674,691,722,1988,1994,2000,2018,2078,2206,2341,2821,2823,3038,3068,3077 'larg':1546 'large-scal':1545 'larger':2563 'last':1869,2604 'law':1140,3060 'lawyer':2023 'layer':1854 'least':603 'leav':1059 'legal':84,232,259,468,697,849,894,900,1038,1087,1095,1111,1431,1511,1896,2052,2074,2185,2327,2663,2679,2692,2715,2727,2742,2765,2831,2833,2921,3030,3070 'legal/tax':1133 'legales':3074 'legitim':2066 'levelformat.bullet':2633 'lifespan':1398 'light':2587 'like':236,846,2973 'limit':1453 'limited-risk':1452 'link':210,1985,2494,2863 'list':1266,1683,1687,1690,1735,1743,2635,2776 'load':139,277,301,308,2155 'locat':799,1177,1255,1745,2304 'log':786,972 'logic':858 'long':1917,2294 'loop':1427 'loyalti':2454 'machin':703,2838 'machine-transl':702 'made':2659 'make':414,1509,2308 'manag':1126,1942 'mandatori':648,684,935,1681,2235,2239 'mandatory/optional':1888 'mani':557,1557 'map':256,1780,1788,1808,2359 'margin':2564 'mark':656,1819,1825,2849 'markdown':2542 'market':282,491,498,506,522,558,565,1152,1373,2230 'marketplac':803 'match':439,1561,2181,2280,2301,2342,2354,2786,2800 'matomo':1381 'may':1472 'measur':1286,1959 'mechan':1204,1257,1748,1972,2300,2745 'mention':30,2340,2407 'merg':1926 'merger':2934 'messag':808,988 'met':2446,2493 'meta':1379 'method':983,1979 'minim':1456 'minimal-risk':1455 'minimum':2947 'minor':2320 'miss':2364 'mobil':165,791 'model':819,1443 'monitor':1520,2411,2815 'month':2385 'multi':305,471,673,1997,2820 'multi-jurisdict':304,1996 'multi-languag':470,672,2819 'multipl':204,479,1841 'must':1348,2029,2120,2244 'name':893,902,952,1251,1320,1717,1868,2167,2268,2597 'nation':1680 'nativ':2828 'ndsg':579 'necessari':2296 'need':37,138,150,2959 'new':586,2621,2910,2916,2924 'newslett':1153 'nfadp':585,610 'nl':295 'non':2022 'non-lawy':2021 'note':313,609,1306,1326 'notic':4,12,36,49,59,68,89,119,124,136,147,211,336,350,495,529,540,572,597,733,1052,1241,1249,1272,1317,1353,1626,1630,1663,1668,1708,1800,1814,1836,1839,1846,1862,1977,2044,2600,2675,2718,2852,2891,2897,2908,2998 'notif':1978,2961 'notifi':2894 'number':424,897,2056,2574,2603 'object':403,2028,2196,2260 'oblig':2492 'occur':2941 'offenc':1537 'oliv':6 'onboard':2869 'one':207,362,494,530 'ongo':2900 'open':2655 'openai':1191 'oper':1693 'opt':2443 'opt-in':2442 'option':369,525,537,937,1849 'order':775,981,2146 'orient':1001 'origin':1003 'other_eu.md':2161 'outdat':2782 'output':112,1081 'outsid':1199 'oversimplifi':3076 'overview':65 'pad':2594 'page':423,974,2548,2585,2602,2859 'pan':45,555 'pan-eu':44,554 'paragraph':3031 'parti':946 'partial':575 'partner':184,193 'passiv':3063 'patient':1582 'payment':774,809,982,1178,2451 'per':531,1166,1755,1859,1901,2286 'perform':1503,2139 'period':1763,2069,2180,2289,2738 'permiss':797 'person':188,1550,1594,2433 'pharmacy/insurance/fitness':1070 'phone':906,954 'photo':959 'pixel':1380 'place':1229 'placehold':457,2346 'plain':3067 'platform':724,741,811,1723 'point':921,1360,1738 'polici':2991 'policy/notice':29 'polit':998 'politiqu':32,1864 'pool':2380 'post':2387,2695 'post-gener':2694 'post-reject':2386 'postal':1983,2810 'practic':2051 'pre':366,844 'pre-built':365 'pre-defin':843 'precis':2057,3052,3071 'prefer':962,3007 'prepar':1674 'present':688,1101,2031,2246,2261,2352,2469,2641,2700 'preserv':379,449 'prevail':671 'previous':2873 'price':1293 'prietz':8 'primari':509,561,635,1999,2402 'primary-languag':634 'privaci':3,11,28,35,48,58,135,146,335,349,1271,1316,1629,1662,1861,2599,2717,2890,2997 'probe':228,879,950 'procedur':1937,2962 'proceed':1793 'process':617,1091,1164,1222,1333,1403,1539,1548,1607,1659,1692,1758,1892,2526,2714,2735,2763,2917,2945,2971,3036 'processor':1179,1197,1217,1250,1265,1291,1305,1742,1909,2303,2452,2773,2911 'processor/category':1322 'produc':1430,1701 'profession':61,339 'profil':93,258,754,821,834,873,1500,2458 'program':2455 'prohibit':1448 'project':2521 'promin':2032,2264 'proper':420 'proport':2562 'protect':591,1469,1612,2723,2980 'protocol':1025 'provid':372,445,985,1176,1189 'provis':1116 'public':1523,2666,2682,2713,2850 'purchas':925 'pure':3073 'purpos':1086,1110,1254,1417,1739,1895,1902,2918 'purposes/bases/retention':2106 'purposes/retention':407,3051 'push':795 'qa':2817 'qualifi':2678,2721 'question':127,242,262,855,885,2656 'rate':807 'raw':2837 're':2149 're-read':2148 'read':2150,2607 'readabl':2113,2592 'reader':2011 'reason':1574,2252 'receiv':1905 'recipi':1173,1908 'recommend':1312,1488,1645,2661,2669,2903,2977 'recruit':168,2397 'refer':249,280,283,1097,1214,1632,1944,2116,2123,2153,2209,2271,2887,2952,2963,3054 'referenc':598,2377 'references/de.md':287 'references/eu_common.md':302 'references/fr.md':289 'references/notice_types.md':140,251,747,836,1810,1844,2373 'references/other_eu.md':299 'references/templates.md':391,396 'referr':979 'regim':600 'regist':898,2177 'registr':896 'regulatori':2929 'reject':2388 'relat':1073 'relationship':202 'relev':310,721,2409 'religi':999 'religion':1065 'remain':2348 'remedi':1238,1314 'replac':456,2691 'repres':901 'requir':315,614,619,717,1237,1474,1623,1694,2100,2215,2365,2743,2851,2862 'respect':1355 'respons':1356,2954 'restructur':2937 'retent':246,264,324,1761,1900,1922,2068,2179,2288,2383,2414,2737 'return':778 'reveal':2943 'review':706,1504,2664,2676,2711,2716,2719,2769,2771,2825,2901,2906,2949 'rewrit':466 'right':1932,1935,2026,2037,2198,2258,2499 'risk':1451,1454,1457,2489,2976 'role':805 'row':2590 'rule':325,1987,2626,2928 'saa':779 'safeguard':1048,1914,2339,2768 'salarié':182 'scale':1541,1547 'scc':2757 'sccs':1206 'scenario':488 'schmidt':7 'scope':67,118,1556 'score':1502 'scores/decisions':1083 'seat':2178 'section':217,255,399,415,419,553,1773,1779,1781,1787,1801,1807,1818,1824,1928,2048,2088,2279,2353,2358,2362,2366 'secur':1957 'see':746,1843 'select':122,213,327,436,1802,1813 'self':535 'self-contain':534 'sensit':1961 'sentenc':3028 'sentinel':2967 'separ':528,544,1493,1650,1852,2034,2046,2262,2382,2988,3001 'sequenti':552 'server':1393 'server-sid':1392 'servic':275,307,477,1115,1188,1406,2317 'session':977 'set':963,2789,2868 'sever':209 'sexual':1000 'shade':2591 'shadingtype.clear':2636 'shall':670 'ship':777 'short':3026 'sick':1058 'side':547,549,1394,2568 'side-by-sid':546 'sie':2014,3016 'signific':1434,1514 'similar':622,1433,1513 'singl':490,492,505,596,1850 'site':764 'size':2549 'skill':115,395,1664,2126,2517,2528,2535,2610,2630,2968 'skill-gdpr-privacy-notice-eu-oliver-schmidt-prietz' 'skip':1783,1823 'sla':1294 'social':1374 'soft':2441 'sole':1420 'solut':1385 'sourc':941,1567,1887,2428 'source-lawvable' 'speaker':2829 'special':992,1016,1532,2321,2761 'specif':104,240,462,716,854,884,1139,1284,1375,1770,2071,2184,2214,2291,2335,2370,2734,3032 'standalon':571,1677 'standard':1855,2050,2191,2547,2551,2570 'start':864 'state':513 'step':116,679,822,1796,2133,2157,2504 'still':1319 'strict':2095 'structur':380,400,451,640,1703,1848,1856,2141,2573,3045 'style':3009 'sub':726,751,758,1264,1290,1726 'sub-processor':1263,1289 'sub-typ':725,750,757,1725 'subject':1363,1559,1571,1579,2426,3023 'subscrib':158 'substant':2844 'summari':1310,1696,1704 'supervisori':707,2165,2266 'supplier':191 'support':989,1185 'swiss':577,584 'system':1077,1411,2502 'systemat':1496,1519 'tabl':408,410,1104,1741,1832,1898,1923,2102,2104,2579,2586,2638,2785,3043 'talent':2379 'target':276,281,441,478,2343 'tax':1056 'technic':966,1962,2770,2802 'technical/organizational':1285 'technolog':1588 'templat':72,91,121,326,347,368,373,388,447,627,637 'term':1262,2456 'terminolog':698,2834 'text':2347,3049 'third':945 'threshold':321,323,1971 'ticket':990 'titl':903 'toc':427 'todo':2349 'token':796 'tom':1268 'tone':2008 'tool':1181,1183,1186,1376,1751,2684,2775,2797,2913 'topic-agent-skills' 'topic-automation' 'topic-law' 'topic-legal-work' 'topic-workflows' 'track':1367,1395,1530,1940 'trade':1004 'trail':2881 'train':815,1444 'transact':980 'transfer':1174,1198,1256,1746,1912,2299,2744 'translat':430,562,567,576,651,700,704,2816,2839 'transpar':43,2101,2491 'tree':474 'trigger':1050,2902 'two':521,523,527 'type':69,77,92,103,120,125,133,144,151,214,239,268,727,729,734,752,759,833,842,853,872,883,1053,1709,1724,1727,1756,1768,1778,1786,1804,1815,1860,2287,2356,2369 'type-driven':76 'type-specif':102,238,852,882,2368 'typic':594,760 'uk':298 'undergo':2932 'understand':2019 'undisclos':2944 'union':1005,1060 'unless':2389 'unusu':1772 'up-to-d':2750 'updat':1870,2350,2605,2885,2896 'url':2170 'usag':783,802,928,2283 'use':21,353,361,374,392,632,831,870,911,1167,1370,1407,1413,1441,1586,1805,2070,2084,2103,2201,2393,2513,2616,2780 'user':23,157,330,371,387,444,944,1107,1298,1439,1486,1603,1706,1791,2470,2672,2706,2905,2957,3005,3020 'usercentr':1386 'uwg':2450 'vagu':2077,3037 'valid':453,467,2205,2748 'various':3039 'vendor':190 'verif':675,2136 'verifi':97,1219,2232,2739,2804,2835 'version':512,515,645,660,669,692,694,723,2007,2758,2824,2841,2847,2874 'via':113,984 'visit':975 'visitor':156 'visual':405,543 'voic':3062 'volum':1553 'vous':2015 'vs':2434 'vulner':1577 'wall':3047 'way':1569 'web':162,780 'websit':153,161,736,748,1710,1729,2792,2865 'website/app':728 'well':2540 'well-format':2539 'whether':1466 'wi':1528 'wi-fi':1527 'widerspruchsrecht':2047 'width':2632 'within':2854 'without':705,1639,2297 'word':381,454,2192 'work':2405 'workflow':64,2699 'workforce/users':508 'would':1572 'write':1989,3008 'yes/no':1731,1759 'yet':2217","prices":[{"id":"e981cf3a-7d7b-4754-93f1-cf1bf915c991","listingId":"1954bdb4-47b2-43cb-89c4-8482541d9f44","amountUsd":"0","unit":"free","nativeCurrency":null,"nativeAmount":null,"chain":null,"payTo":null,"paymentMethod":"skill-free","isPrimary":true,"details":{"org":"lawvable","category":"awesome-legal-skills","install_from":"skills.sh"},"createdAt":"2026-04-18T22:04:25.429Z"}],"sources":[{"listingId":"1954bdb4-47b2-43cb-89c4-8482541d9f44","source":"github","sourceId":"lawvable/awesome-legal-skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz","sourceUrl":"https://github.com/lawvable/awesome-legal-skills/tree/main/skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz","isPrimary":false,"firstSeenAt":"2026-04-18T22:04:25.429Z","lastSeenAt":"2026-05-02T18:53:55.078Z"}],"details":{"listingId":"1954bdb4-47b2-43cb-89c4-8482541d9f44","quickStartSnippet":null,"exampleRequest":null,"exampleResponse":null,"schema":null,"openapiUrl":null,"agentsTxtUrl":null,"citations":[],"useCases":[],"bestFor":[],"notFor":[],"kindDetails":{"org":"lawvable","slug":"gdpr-privacy-notice-eu-oliver-schmidt-prietz","github":{"repo":"lawvable/awesome-legal-skills","stars":310,"topics":["agent-skills","automation","law","legal-work","workflows"],"license":"other","html_url":"https://github.com/lawvable/awesome-legal-skills","pushed_at":"2026-03-03T11:25:06Z","description":"A curated list of awesome Agent Skills for automating legal work","skill_md_sha":"82e4817587d3c4ed744ec2a8f9458cf1fdca2130","skill_md_path":"skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz/SKILL.md","default_branch":"main","skill_tree_url":"https://github.com/lawvable/awesome-legal-skills/tree/main/skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz"},"layout":"multi","source":"github","category":"awesome-legal-skills","frontmatter":{"name":"gdpr-privacy-notice-eu-oliver-schmidt-prietz","description":"Draft GDPR/DSGVO-compliant privacy notices as .docx for any EU/EEA jurisdiction and audience. Use when user asks to create a privacy policy/notice, mentions \"Datenschutzerklärung\", \"politique de confidentialité\", \"privacy notice\", needs Art. 13/14 disclosures, AI Act transparency, cookie policy, or notices for applicants (\"Bewerber-Datenschutz\"), employees (\"Beschäftigten-Datenschutz\"), B2B partners, or B2C customers. Covers DE (DSGVO+BDSG+TDDDG), FR (RGPD+LIL+LCEN), AT, IT, ES, NL, BE, IE, UK GDPR. Five notice types: Website/App, Applicant, Employee, Business Partner, B2C Customer."},"skills_sh_url":"https://skills.sh/lawvable/awesome-legal-skills/gdpr-privacy-notice-eu-oliver-schmidt-prietz"},"updatedAt":"2026-05-02T18:53:55.078Z"}}