Hello Bill,<div><br /></div><div>The only "glaringly wrong" thing I've noticed on the policy, would be the gallery page – You might want to detail a bit on gallery entries, eg. Can the drawings be anonymous? Do you store something else besides name and drawing? Etc.</div><div><br /></div><div>You also forgot to mention Facebook (widget at left, on the navigation bar). It seems to store cookies and trackers as well.</div><div><br /></div><div>You should also inform the country where data is processed, iirc? I remember a lot of problems involving Google and Facebook on that regard. I'm not so up to date as I should be, I guess.<br /><br />Other than that, I advise giving a quick look at gdpr.eu/checklist , it was very helpful for me, and might be helpful for you as well.</div><div><br />Unrelated: You might want to consider using Let's Encrypt to add HTTPS support to the website as well. Failing that, Cloudflare can also cover the requests if you add a self signed certificate to your Apache installation. Your Apache seems severely outdated and not using mod_security either, the /css/ folder has directory listing, and your website might be vulnerable to XSS attacks. My browser was weeping a bit about that, thought I would let you know.</div><div>Lighthouse also complained about unused JavaScript, the language selection not having a label for screenreaders, and lack of DOCTYPE.</div><div>TL;DR You might want to revise the whole website if you get time, these problems might really hurt SEO performance and expose the server to attacks – A problem if you happen to have sensitive information on it!</div><div><br /></div><div><br /></div><div>-- </div><div>Jesusalva</div><div>Sent from Yandex.Mail for mobile</div>