Page 1 of 1

Written privacy statement

Posted: Sun Dec 22, 2024 7:27 am
by Arzina3225
The information that you need to convey in clear and simple language should be provided in writing or by 'other means' (including electronic means). In short: make sure you have a nice privacy statement that you place somewhere on a website, so that you can link to it. It does not necessarily have to be in the form of a privacy statement, as long as you provide all the information in the correct way.

By the way, you only have to provide the information from such a privacy statement if the data subject has not previously received the information.

Also read: This is what you need to know about the new European privacy rules
What should your privacy statement include?
There are some general details that must be included in all privacy statements. In addition, there are some more specific rules, in case you collect sensitive data. You must also provide additional information if you do not collect the data yourself, but have obtained it from a third party.

It's going to be a long list (which I also discuss in the video below), so grab some coffee and sit down for it.


General information
Identity . For example, the company name (as registered with the Chamber of Commerce) and contact details.
Purposes and legal bases for the processing . Legal bases include consent, performance of a contract or a legal obligation. A purpose can be the performance of the contract, but it can also be a marketing purpose, such as sending a newsletter. You must describe all purposes.
If the processing of the personal data is a legal or contractual obligation or a necessary condition, you must also state the consequences of not providing the personal data .
Duration of storage . You must indicate how long the data will be stored, or otherwise: which criteria determine how long it will be stored.
Right to access, rectify or erase personal data . The data subject has this right and you must inform him/her about this in the privacy statement. You can also immediately state how the data subject can submit this request.
The right to lodge a complaint with the Dutch Data Protection Authority .
Only in some cases
Contact details of the Data Protection indonesia mobile number list Officer (if any).
Categories of recipients of the personal data . You must state to whom the data is passed on. For example, because the data is stored with service providers of SaaS solutions, but also if data is collected and passed on to a partner. Sometimes it is sufficient to just mention the category (such as 'payment services'), but often you will have to mention the specific party.

Image

If the data is provided to a 'third country' , for example because the servers are located in another country, you must also state this. You must also state whether the country has been declared adequate (these are in any case all countries in the EU) or whether appropriate safeguards have been taken. It is important that personal data may not be handled more easily in another country.
If data has been obtained with consent, you must state that consent may also be withdrawn .
If automated decision-making or profiling is involved , you must state why this is done and what the expected consequences are.
When data has not been obtained from the data subject himself.