Privacy Policy

Datenschutzerklärung

Privacy Policy

In a Privacy Policy, the company provides information about the purpose for which it collects data from data subjects, who receives it and how it is processed. It also explains where the processing takes place and what rights the data subject is entitled to. It is a written (text form is sufficient) declaration drawn up by companies and organisations to disclose their data protection practices and policies. According to the GDPR, companies and organisations that process personal data are obliged to provide transparent information about the use of this data. The privacy policy is an important tool to ensure this transparency. A privacy policy in accordance with the GDPR should contain at least the following information

  1. Contact information of the controller: The statement should include the name and contact details of the data controller (usually the company or organisation).

  2. Purpose of data processing: The privacy policy should explain the purpose for which the personal data is collected and processed. This may include, for example, contract fulfilment, customer care, marketing activities or other legitimate business purposes.

  3. Legal basis: It should specify the legal basis for the data processing, e.g. the consent of the data subject, the fulfilment of a contract or the protection of legitimate interests.

  4. Data categories: The types of personal data being collected should be detailed, e.g. name, address, email, payment information, etc.

  5. Duration of data storage: The statement should specify how long the data will be stored or the criteria used to determine this duration.

  6. Rights of data subjects: The privacy statement should explain the rights of data subjects under the GDPR, including the right of access, rectification, erasure, restriction of processing, data portability and objection.

  7. Data Protection Officer: If applicable, the privacy policy should include information on how to contact the Data Protection Officer (DPO)

  8. Right to lodge a complaint: The statement should indicate how data subjects can contact the data protection supervisory authority in the event of data protection violations or discrepancies.

  9. Data transfer and recipients: It should explain whether and to whom personal data is transferred, e.g. to third parties or to third countries.

  10. Security measures: The privacy policy should contain information about the security measures taken to protect the data.