Privacy & cookie statement
Posted: Sun Dec 22, 2024 6:54 am
Impact of GDPR on forms on your website
Almost all forms on your website ask for personal data. Think of name and address details for quotation or order forms, or the email address for a newsletter subscription. The privacy by design and privacy by default principles of the GDPR require that such data be sent encrypted via https. In addition, no more data may be requested than necessary for the purpose for which the data is processed. Checkboxes that request consent may not simply be checked by default, because then there is no longer any explicit consent.
Also read: Privacy Act 2018: avoid a fine & start now with these 7 changes
There is a good chance that the GDPR will also have consequences for the privacy and cookie statement on your website. Here are some important points of attention on which you can check your current privacy statement:
Simple language: precise and complete description of data processing
Effectiveness and/or legal basis
The retention period of data, for each of the types of data you collect
Required unambiguous consent, opt-in and opt-out options
Profiling that takes place
Indication of the (legal) persons with whom data is shared ('processors')
Right to access, change, delete or transfer data
Possibility to file a complaint with the us phone number list Dutch Data Protection Authority
In addition to company data, also the name and contact details of the person responsible for privacy and data processing on behalf of the organization
Specifically, for the first three points, make sure you do this for each of the different purposes of data processing. In other words, if your website contains multiple forms that collect data for different purposes, you need to describe each of those purposes. For example, a retention period may be different for data from an order form (data subject/data subject becomes customer) than for, for example, an application form (data subject/data subject becomes applicant).
privacy statement
Specified and explicit opt-in/opt-out
Under current legislation, in some cases, implicit consent based on 'an act of active will' is sufficient. An example of such an act is clicking through from the entry web page to a next page on the website - after the visitor has been informed about the use of cookies in a cookie bar. Data is then collected on this second page.
Almost all forms on your website ask for personal data. Think of name and address details for quotation or order forms, or the email address for a newsletter subscription. The privacy by design and privacy by default principles of the GDPR require that such data be sent encrypted via https. In addition, no more data may be requested than necessary for the purpose for which the data is processed. Checkboxes that request consent may not simply be checked by default, because then there is no longer any explicit consent.
Also read: Privacy Act 2018: avoid a fine & start now with these 7 changes
There is a good chance that the GDPR will also have consequences for the privacy and cookie statement on your website. Here are some important points of attention on which you can check your current privacy statement:
Simple language: precise and complete description of data processing
Effectiveness and/or legal basis
The retention period of data, for each of the types of data you collect
Required unambiguous consent, opt-in and opt-out options
Profiling that takes place
Indication of the (legal) persons with whom data is shared ('processors')
Right to access, change, delete or transfer data
Possibility to file a complaint with the us phone number list Dutch Data Protection Authority
In addition to company data, also the name and contact details of the person responsible for privacy and data processing on behalf of the organization
Specifically, for the first three points, make sure you do this for each of the different purposes of data processing. In other words, if your website contains multiple forms that collect data for different purposes, you need to describe each of those purposes. For example, a retention period may be different for data from an order form (data subject/data subject becomes customer) than for, for example, an application form (data subject/data subject becomes applicant).
privacy statement
Specified and explicit opt-in/opt-out
Under current legislation, in some cases, implicit consent based on 'an act of active will' is sufficient. An example of such an act is clicking through from the entry web page to a next page on the website - after the visitor has been informed about the use of cookies in a cookie bar. Data is then collected on this second page.