Privacy and cookies policies

3min

⚡TL;DR 
As a data controller, you have an obligation to provide information on your data processing to the data subjects. This is done via the privacy policy.
A privacy policy and a cookies policy are the basics every website should have.
Each policy must be available in all of your websites' languages. 
Book a free call with us. 
The purpose of the privacy and cookies policies is to inform the data subject notably about the following elements: 
Controller: This is the entity responsible for the processed personal data. In general, this is the company that created the privacy policy. 
Type of data processed: You must list all the types of personal data that you process. You can list categories such as "contact details" which includes phone number, address, etc. 
Source of the data: If data is collected indirectly (e.g., via Google Analytics), the source of the data must be disclosed. 
Processing purposes: This is the reason for processing data. For example, this can be "to provide our services", or "to recruit job applicants", etc. 
Data retention period: This is how long you will keep the data.
Categories of data recipients: This is notably relevant in case of third party transfers. The data recipients can be, for example, "hosting and cloud providers".
Data subject rights: These are the following: 
The right of access
The right to rectification of incorrect or incomplete data
The right to erasure
The right to restrict processing
The right to data portability
The right to object to the processing
The right to withdraw consent
Rights related to automated decision-making, including profiling
The right to file a complaint with a regulatory authority
Legal basis for processing: These are the legal basis justifying the processing of data. As long as no sensitive data (special categories of data) are being processed, the legal basis can be any of the following: 
Contract
Legitimate interest
Consent
Legal obligation
Vital interests
Public task
Cookies: Types of cookies collected (e.g., _ga), their purpose, and their retention period. 
Best practices
Information: These policies are meant to inform the data subjects. As such, their readability is important. Here are two tips: 
If you use a small amount of cookies, you can add that directly to the privacy policy and have only one document. If you have a lot of cookies, it is best to have two documents. 
Always draft the policies in clear and comprehensible language. 
Data subjects have the right to be informed about the processing of their data (meaning that controllers have the obligation to inform). 
The controller must do so by publishing a privacy policy and a cookies policy. Usually, these policies are displayed on the controller's website. 
This is the fundamental base of data subjects' rights as it serves as a starting point for other rights (e.g., you can only request your data to be amended if you know who processed them and how). 
Best practices
Privacy & cookies policies: A privacy policy and a cookies policy are implemented on the website in all the website's available languages 
Check our flat-fee package for websites and apps. 
Book a free call with us here.
Read more on the LEXR Blog 
﻿https://www.lexr.com/en-ch/blog/fadp-privacy-policy/﻿
﻿https://www.lexr.com/en-ch/blog/data-protection-and-gdpr-for-app-developers/﻿
﻿

Basics

Data breaches

Privacy and cookies policies

⚡TL;DR

What is it?

Best practices

Why is it important?

Best practices

How do I get this done?

Read more on the LEXR Blog