Introduction to privacy policies
More details about this follow below.
We define personal data as follows: it is information that can lead back to an individual on its own or in combination with other data.
Directly identifiable data are for example: names, adresses, email adresses, account information and photos. But of course also information about income, cultural profiles, religion and health information are personal data as well.
Important in this context we can say that user or visitor behaviour is also considered to be personal data. Browser usage and visitor behaviour can be tracked by cookies. Click targets and scroll depth on certain pages are examples of that.
In almost all cases cookies are set by your website. For example if you use social media share buttons, plugins or analytics on your site, cookies are being set. But if you would not use that, if your web is being hosted, cookies are probably being set by your hosting provider.
You should also be aware that some locally defined laws can be extraterritorial laws in practice. This is the case with the European GDPR and the CCPA of the US state California. These laws are applicable to all organisations serving the citizens within their geographical area.
In the GDPR text, under article 12, there’s a requirement that you should inform your website users about how you process personal data in the following ways:
- Easily accessible
- Free of charge
- Easy to understand
Almost all privacy laws require to inform your users about:
- Exactly which personal information you collect from your users (email adress, name, IP adress, etc)
- You own business details and contact details
- The methods you use to collect the personal data, with third party scripts and cookies
- What digital security measures you take
- The purpose for which you collect personal information
- How users can opt-out and what the consequences would be
- What third party tools your website is using to collect, store or process the information (like an advertising service or an email newsletter-tool
The most difficult and tricky part of making your Website compliant are is the handling of cookies. Other parts of a website where data collection happens are mostly visible and static. For example a newsletter subscription or a contact form only store information when a user actively fills in the form, the user is aware of his personal data being stored.
Other processes operate in the background, like third party scripts that trigger cookies. Cookies are quietly being stored on a visitors computer when visiting a site without the user knowing. Most of the time even the website owner has no idea of these background processes.
Once the cookie has landed on the users computer all kinds of data can be collected and sent to third parties for any given length of time. There are millions of cookies and they tend to change every now and then.
This information is:
- Available for the website owner