What is a privacy statement?
A privacy statement is a document in which you inform your website visitors about the way your website and organization deals with personal data. Among other things, it informs the website visitor about which data is being collected and for which purposes.
When do you need a privacy statement?
Most websites and webshops are obliged to put a privacy statement on their site because of the collection of personal data in one way or another. It does not matter whether your contact form is filled in 100 times a month or only once a year. When a website or webshop collects personal data, it is mandatory to put a privacy statement in place on the website or webshop.
Also when you’re indirectly gathering personal data, for example via cookies or social share buttons, you have to specify details of these in your privacy statement.
Examples of personal data
- Date of birth
- Home address
- Email address
- Phone number
- IP address
Contents of a privacy statement
There are several aspects that are mandatory for a privacy statement. Other than the ways and means of gathering personal data, you may need to include:
- The purpose and legal basis of the processing. If the organization is claiming a legitimate interest, what interest is at stake
- The identity of the person who is responsible
- The (categories of) recipients of the personal data. Whether you intend to disclose personal data outside the EU or to an international organization and on what legal grounds
- Security level
- Contact details of the contact person or a Data Protection Officer.
- The retention period of the data
- Whether automated decision-making is used, including profiling, and how these decisions are made
- The data subject’s rights, such as the right of access, rectification, and erasure
In Complianz it is possible to generate a privacy statement based on the privacy laws of the region where you are located and/or the region(s) you are targeting with your website.