When do you need a Privacy Statement

Legal documents

Mathieu

Mathieu

IT Law Specialist

Categories

Most Popular Articles

Subscribe to our newsletter

    For EU Subscribers | Privacy Statement
    For USA Subcribers | Privacy Statement

  • This field is for validation purposes and should be left unchanged.

With Complianz Privacy Suite you can generate several legal documents, like a cookie policy, disclaimer, data processing agreement and a privacy statement. We will discuss the latter in this article. When do you need it and what do you need to include in this privacy policy?

What is a privacy statement?

A privacy statement is a document in which you inform your website visitors about the way your website and organization deals with personal data. Among other things, it informs the website visitor about which data is being collected and for which purposes.

When do you need a privacy statement?

In short: always when your website collects personal data. Most websites and webshops are obliged to put a privacy statement on their site because of the collection of personal data in one way or another. It does not matter whether your contact form is filled in 100 times a month or only once a year. When a website or webshop collects personal data, it is mandatory to put a privacy statement in place on the website or webshop.

Also when you’re indirectly gathering personal data, for example via cookies or social share buttons, you have to specify details of these in your privacy statement.

Examples of personal data

  • Name
  • Date of birth
  • Gender
  • Home address
  • Email address
  • Phone number
  • IP address

Contents of a privacy statement

There are several aspects that are mandatory contents of a privacy statement. Other than the ways and means of gathering personal data, you need to include:

  • The purpose and legal basis of the processing. If the organization is claiming a legitimate interest, what interest is at stake
  • The identity of the person who is responsible
  • The (categories of) recipients of the personal data. Whether you intend to disclose personal data outside the EU or to an international organization and on what legal grounds
  • Security level
  • Contact details of the contact person, companies outside of the EU need to communicatie contact details of a EU-based DPO (Data Protection Officer)
  • To what extent is it mandatory to provide data?
  • The retention period of the data
  • Whether automated decision-making is used, including profiling, and how these decisions are made
  • If data has been obtained from another organization: the source of this data and, if it originates from public sources.
  • The data subject’s rights, such as the right of access, rectification, and erasure
© Copyright - Complianz 2019