Terms of Service

[Department] is committed to transparency and privacy protection for individuals that visit a website of
the [Department] with regard to the use of any tracking technologies, including but not limited to
cookies, device fingerprinting, key loggers, and other similar methods for monitoring or collecting
information from website users.

A. Cookies
The use of cookies on [Department] websites and digital services must comply with applicable
privacy and security policies. Cookies should be limited to essential operational purposes, and any
use of tracking or third-party cookies for analytics or similar functions must be disclosed clearly to
users, with an option to consent where required by law.

B. Device Fingerprinting
Device fingerprinting is prohibited unless explicitly authorized by the CAO and where the legal
basis or appropriate justification for such processing is documented in a privacy impact
assessment. The purpose and extent of fingerprinting must be clearly defined, documented, and
disclosed to users in a privacy notice or statement that complies with applicable legal
requirements.

C. Key Loggers
Key loggers are prohibited without specific authorization from the CAO and documented
justification in the activity's PIA. Key loggers may only be used when there is a clearly defined
operational need that complies with security standards and legal requirements, including
appropriate user notice where required.

D. Other Tracking Technologies
The use of other tracking technologies, such as web beacons, pixel tags, or similar tools, is
prohibited unless explicitly authorized by the CAO, and the legal basis for such tracking is
documented in a PIA. Disclosure of these technologies must be included in user-facing privacy
statements, with user consent obtained when required by law.

E. User Notification and Consent
[Department] must ensure users are informed about the use of tracking technologies. A clear
website privacy statement must explain the types of data collected, the purpose of the tracking,
and how users can manage their preferences or consent. Any updates to tracking practices must
be promptly reflected in the privacy statement.

F. Data Security and Retention
Data collected through authorized tracking technologies must be securely stored, with access
limited to authorized personnel. Retention of this data must align with approved retention
schedules, and the data should only be retained as long as necessary for the defined operational
purpose.