Disclaimer: This information is based on our own research and understanding of the topic but please understand that this is general advice only. We are not lawyers and it is important to get your own legal advice in regards to these matters.
- Concise, transparent, intelligible and easily accessible.
Ensure there is a link to the policy at the footer of your site, and mentioned in any other relevant places, such as contact forms.
- Written using clear and plain language, particularly if addressed to a child.
Avoid using any complicated legal language, the policy can be written in an informal fashion, so long as it outlines all the points below.
- Free of charge.
Fairly straightforward, the policy cant be hidden behind any paywalls, and physical copies should not have a charge attached to them.
The policy should also address the following points:
- What, if any information are you collecting?
This includes any content people give in contact forms, along with usernames, IP and email addresses.
- For what reasons are you collecting information?
If you keep email addresses from contact forms for later contacting purposes for example.
- Will the information be shared with any third parties?
Any third party tracking, like Google Analytics must also be included.
- How will the information be used?
If you share any information with third parties, how will they be using it?
- How long will the information be held for?
By both you and any third parties.
- What rights does the user have?
These are all covered in articles 12 through to 23 of the GDPR. Whilst we cover some of the rights users have in our quick guide, you can find a more detailed summary of these rights within the OAIC’s guide under the “Expanded rights for individuals” section.
- In what ways can a user raise a complaint?
Make sure that users have an outlet to contact you if they wish to exercise any of the rights afforded to them by the GDPR.
If you aren’t sure if the GDPR applies to you, consider looking over our previous guide.