Complianz Privacy Suite

When do you need a Privacy Statement

Mathieu

Mathieu

Categories

Popular articles

Editing Legal Documents

The legal documents are generated by the Wizard and will show up under ‘Pages’ with a shortcode in the content. This shortcode is used to

Read More

CNIL updated privacy guidelines

While the much-anticipated ePrivacy directive seems to be postponed for some years, local Data Protection Authorities formulate their statements, which provide us with concrete guidelines

Read More
Share on facebook
Facebook
Share on twitter
Twitter
Share on linkedin
LinkedIn

With Complianz Privacy Suite you can generate several legal documents, like a cookie policy, disclaimer, data processing agreement and a privacy statement. We will discuss the latter in this article. When do you need it and what do you need to include in this privacy policy?

What is a privacy statement?

A privacy statement is a document in which you inform your website visitors about the way your website and organization deals with personal data. Among other things, it informs the website visitor about which data is being collected and for which purposes.

When do you need a privacy statement?

In short: always when your website collects personal data. Most websites and webshops are obliged to put a privacy statement on their site because of the collection of personal data in one way or another. It does not matter whether your contact form is filled in 100 times a month or only once a year. When a website or webshop collects personal data, it is mandatory to put a privacy statement in place on the website or webshop.

Also when you’re indirectly gathering personal data, for example via cookies or social share buttons, you have to specify details of these in your privacy statement.

Examples of personal data

  • Name
  • Date of birth
  • Gender
  • Home address
  • Email address
  • Phone number
  • IP address

Contents of a privacy statement

There are several aspects that are mandatory contents of a privacy statement. Other than the ways and means of gathering personal data, you need to include:

  • The purpose and legal basis of the processing. If the organization is claiming a legitimate interest, what interest is at stake
  • The identity of the person who is responsible
  • The (categories of) recipients of the personal data. Whether you intend to disclose personal data outside the EU or to an international organization and on what legal grounds
  • Security level
  • Contact details of the contact person, companies outside of the EU need to communicatie contact details of a EU-based DPO (Data Protection Officer)
  • To what extent is it mandatory to provide data?
  • The retention period of the data
  • Whether automated decision-making is used, including profiling, and how these decisions are made
  • If data has been obtained from another organization: the source of this data and, if it originates from public sources.
  • The data subject’s rights, such as the right of access, rectification, and erasure

Related articles