Want to watch this video? Sign up for the course here. Or enter your email below to watch one free video.

Unlock This Video Now for FREE

This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.

We have mentioned before the need to include certain information on your Privacy Policy.

When you collect the data directly from the data subject, you must tell them how you intend to handle it at the time of collection. This can be provided via a link on your email that takes them to your privacy policy or a privacy notice on your website.

The information that should be included in your privacy policy should be:

  • Your company name and address 
  • What you will do with their data
  • Who you will share the data with
  • The Legal Basis for processing their data, including any legitimate interest relied upon
  • How long you will retain their data
  • The rights of the data subject
  • Safeguards for any data sent outside of the EU
  • Who to contact if they want information
  • Information if you intend to process the data for any other purposes
  • The right to complain or lodge a complaint with a Supervisory Authority
  • The existence of automated decision making (profiling) if carried out
  • And finally, any legal requirements to provide data and the consequences of not providing it.

If the data is obtained from elsewhere (a third party) then the Privacy Notice or Privacy Policy needs to be provided to the data subject in the following ways.

  • The first time the data is used to communicate with the data subject
  • Within a reasonable period of having obtained the data (maximum of 1 month)
  • And, if disclosing the data to another recipient at the latest, before the data is disclosed.

It is important to confirm both the categories of the data and the source of the data.