Privacy Statements
A good privacy policy should:
- explain how the organization safeguards your information,
- including details about third-party involvement, or
- direct you to relevant pages for more information.
Almost all data protection and privacy laws require you to explain, concisely and using plain language (no legal speak), why you collect this data, who you share it with and why and when you delete it. Transparency and choice are the foundations of a good Privacy Statement (some list it as Privacy Policy on their website).
Your privacy policy must cover the following information.
- Identity and contact details of the Privacy lead, including 2 ways to easily reach that person.
- Contact details of the Data Protection Officer (if required or appointed)
- How the organization uses specific fields of data and their purposes (this includes any processing activity, not only through third-party services like newsletters, customer information, invoice data, and social media)
- Legal basis of the processing and the reasoning behind it
- Information about special categories of personal data (like handling of children’s data and sensitive data)
- Recipients of data
- Information about data transfers to third countries and the suitable safeguards
- Period for which data will be retained
- How to make use of data subject rights
- Option to change or withdraw consent
- Option to complain or appeal to supervisory authorities
- Existence of automated decision-making and its uses
