Introduction
I’m Rachael Chiverton, The Contract Lady, I make sure your contract covers you so you get paid on time, every time. Tosca has asked me to write an article on privacy notices to help you ensure you have the right documentation in place and you are compliant with the law. My aim is to make this article informative and helpful, hopefully not dull and boring!
A website privacy policy is:
a document that explains how an organization handles any customer, client or employee information gathered in its operations.
Source https://whatis.techtarget.com/definition/privacy-policy
However, we need to clarify one thing immediately, it shouldn’t be called a privacy policy if you are using it on your website, it should be a privacy notice.
Why do you need a Website Privacy Notice?
Providing Privacy information is a requirement under the Data Protection Act (DPA) , which will be succeeded on May 25th 2018 by the Eu’s General Data Protection Regulation (GDPR).
You should view your privacy notice as a flexible document that you can deliver in different forms and through a number of channels, sometimes using more than one.
For the remainder of this article I will be focusing on Privacy notices for websites.
Website Privacy Notice, what to include
To start with you need to make sure you tell people the basics:
- who you are;
- what you are going to do with their information; and
- who it will be shared with.
Under the DPA this is the bare minimum you should include, however under GDPR there is more information you need to provide.
New rules for your privacy notice
So what do you need to include now?
- Background
- Who you are
- What are your customer’s rights?
- What data do you collect on them?
- How will you use that data?
- What legal basis will you be processing their data?
- How you will be storing and sharing their data?
- What are cookies and how will you use them?
- Changes to your privacy notice
Some of the above seem to me to be very self explanatory, so I will explain the ones which you may need guidance on.
3 – What are your customer’s right?
This section need to include:
- Right to be informed
- Right of access
- Right of rectification
- Right to be forgotten
- Right to restriction of processing
- Right of portability
- Right to object
- Rights in relation to object to automated processing & profiling
5 – How will you use that data?
Here you need to include:
- How long you will store the data for
- A list of the ways you may use their data.
How should you write your privacy notice?
As with everything, you need to keep in clear and concise, in simple English assuming not everyone understands the same terminology you do. You should do you research and draw on features in other privacy notices. You need to be truthful, write it in your style so it fits with the rest of your website. Finally make sure they are consistent across all platforms and you can update each platform easily.
Can I help you with your privacy notice?
I offer a standard template you can purchase that you then fill in the highlighted areas by yourself to create your privacy notice. This template has in it all the areas above, all you need to do is insert the correct information for your processes and website. If you would like to purchase one of the templates, please contact me via this link.
