The General Data Protection Regulation (GDPR) strengthens the obligation of information and transparency with regards to data subjects whose data you process. The information required is defined by Articles 12, 13 and 14 of the GDPR.
Whenever you plan to collect personal data, and regardless of the medium used, you must provide a set of mandatory information to the individuals concerned before the collection of their data.
What is a privacy policy?
Generally, these notices are referred to as privacy policies, privacy notices or data protection notices. The data subjects can be your customers, prospects, website users, suppliers, etc.
Specific privacy notices must also be provided to employees before collecting their personal data, in particular as part of an HR privacy policy.
The details of transparency guidelines (Article 29 Data Protection Working Party) can be found in this document.
What is the difference between a privacy policy and a cookie policy?
A cookie policy is always part of the organisation’s privacy policy. It is a mandatory piece of information that specifically relates to the use of cookies and similar technologies (eg: pixel, trackers, etc.). In addition to the GDPR, the information required for the use of cookies is governed by the European ePrivacy Directive.
The first pieces of information about cookies are in the form of a banner when you visit a site. The cookie banner must refer to the complete information document (your cookie policy only and / or your complete privacy policy).
The banner is also used to manage user preferences in terms of the use of cookies according to their purpose if their installation requires the prior consent of the data subjects.
For clarity, the cookie policy may be the subject of a separate document, but you should always refer to it in a section of your privacy policy. It is also possible to put all the information relating to cookies in a dedicated section of your privacy policy.
Having a compliant privacy policy on your website is a legal obligation under the GDPR.
Create your custom privacy policy and cookie policy in less than 1 hour!