Data Privacy Statement
Why do you need a Data Privacy Statement on a Website?
When you are collecting and/or processing personal data of a data subject, you must inform the data subject about the details of the processing of their data. This is the result of the principle of transparency & fairness. In the General Data Protection Regulation (GDPR), the information obligation is stipulated in Art. 13 in case, that personal data is being collected directly from the data subject, which is true for the data collection within the scope of the operation of a website.
What is the necessary content of a Data Privacy Statement on a website?
The Data Privacy Statement must include detailed information regarding the processing of personal data taking place when accessing and using a website. The details about the required content are listed for the European Union/European Economic Area (EU/EEA) in Art. 13 GDPR. Bayer's "Data Privacy Statement Generator" incorporates the legal requirements for the information of the data subjects and will assist you to determine the necessary content of the Data Privacy Statement on your website and furthermore to draft it.
How can I generate the Data Privacy Statement of a website?
Before initiating the process of generating the Data Privacy Statement for your website, you must gather all information regarding the processing of personal data on your website - therfore, see the section "website functionalities". Do not forget to also include the data processing taking place on your website by third parties, such as Social Media providers.
The Data Privacy Statement shall be drafted using the "Data Privacy Statement Generator". The Data Privacy Statement Generator is a tool that helps you generate a privacy statement for a website, mobile app, other online services or in general. It is based on the requirements of the GDPR but may also be used for other regions outside of the EU/EEA, which require a Data Privacy Statement. The generator asks you questions related to the personal data processing to be performed on your website and based on the information provided by you, it generates a data privacy statement. Note however that the generated privacy statement potentially needs to be adjusted according to the specific requirements of your website and/or the applicable legislation!
Therefore, as a next step, the generated data privacy statement must be reviewed in each individual case with respect to whether it is in compliance with all applicable laws and whether it contains an accurate description of all relevant procedures where personal data are collected, processed and/or used in connection with the operation of the respective website. In coordination with LPC Express, the privacy statement must, where applicable, be adapted to the specific requirements and technical specifications of the website and/or the special requirements of applicable law.
The data privacy statement must be easily accessible to users at all times by a separate link labeled as "Privacy Statement", reachable from every webpage within a website.
Privacy Statement vs Consent
Please note that the privacy statement is merely an informative document: Its function is to inform in a transparent and easily understandable way about the processing of personal data. Therefore, it cannot include any kind of consent for data processing. For this reason, users should never be asked to accept or acknowledge the content of a data privacy statement. You can refer to the privacy statement (e.g. with a link) for more information about the data processing performed on the website, when obtaining your users' consent.
