Find out how a robust privacy policy can protect your personal information, enhance your online security and ensure a smooth browsing experience: everything you need to know is here!
It is also a legal requirement in many countries, including the European Union and the United States:
- A showcase site (landing page)
- An e-commerce site
- A digital platform (social network, rating platform, exchange platform, etc.)
- Any application (intranet, mobile application, B2B application).
However, the mentions provided are not identical due to the categories of data collected and the purpose of such processing.
The privacy policy ensures the protection of your users' personal data and the transparency of your data processing practices in accordance withArticle 13 of the RGPD.
This article states that when personal data is collected from the data subject, the controller must provide him or her with various detailed information at the time the data is obtained.
This information includes the identity and contact details of the controller, the purposes and legal basis of the processing, the recipients of the data, and other details related to the protection of personal data.
Article 14 of the GDPR provides similar guidance for cases where personal data has not been obtained directly from the data subject.
In this article, we'll guide you through the steps involved in setting up an effective privacy policy for your BtoB or BtoC website.
You can also be accompanied by an RGPD lawyer
How to establish a Privacy Policy?
The first step in establishing a privacy policy is to understand what data you collect and how you use it. This may include contact information, IP addresses, transaction data and other information relevant to your business.
You must also take into account local data protection laws, such as the RGPD in Europe.
In many countries, including the European Union and the United States, having a privacy policy is a legal requirement for websites.
Secondly, you need to clearly inform your website users about(i) the types of data you collect, (ii) how you collect it, and (iii) how you use it. This can be done through a privacy policy accessible from any page of your website under a clear heading ("privacy policy", "privacy page", or "personal data") to ensure that your users will understand that information about their connected data is on that page.
Finally, you must ensure that you provide information on the intended processing of the data collected or, if necessary, that you obtain the user's consent before collecting any data. This collection is accompanied by the implementation of appropriate security measures to protect such data.
Is it mandatory to have a Privacy Policy?
In France, this obligation stems from the requirement for transparency regarding the data collected and the processing purposes for which it is collected in particular in accordance withArticle 13 of the RGPD.
As such, a specific page should exist at the bottom of each of your URL pages, with a recognizable name.
How to write a Privacy Policy on an E-commerce site?
A privacy policy for an e-commerce site must include information about the data you collect during the transaction, such as payment and shipping information. You should also inform users about how you will use this data and how you will protect it. And be sure to mention your return and exchange policy in your privacy policy.
Unlike a Showcase site, the information collected is likely to be more numerous and for different purposes. This also means that there will be more places on the website where this data is collected.
Please note that if you use third-party service providers to deliver your products, run email campaigns or track your users' activity, they must be listed as subcontractors in your policy and their contact details indicated.
What are the most important elements to include in a privacy policy?
Without being exhaustive, a privacy policy must include the following elements:
- The types of data you collect ;
- How you collect data ;
- How you use the data ;
- How you protect data ;
- How you share data with third parties;
- How users can exercise their data protection rights ;
- What treatments are performed?
- How data is transferred outside the European Union.
Who should write the privacy policy?
The privacy policy must be drawn up by the data controller, who may be the company itself or a natural or legal person appointed for this purpose. This may also be your lawyer.
There are a number of players who can help you draw up your privacy policy, including legaltechs, IT service providers and lawyers.
As a reminder, service providers other than lawyers must not provide advice on these regulations.
From then on, it is advisable to go through a lawyer who will offer you a complete analysis of your RGPD analysis in order to guarantee your compliance with French and European law.
What are the confidentiality rules?
When we talk about privacy rules, we're really talking about the regulations on personal data protection framed (i) in Europe by the General Data Protection Regulation (GDPR), which came into force on May 25, 2018 in the European Union, and (ii) in France by the "Loi Informatique et Libertés" (originally adopted in 1978, it has undergone several amendments since then, notably to comply with the EU's GDPR).
This regulation aims to strengthen the protection of users' personal data by imposing obligations on companies collecting and processing such data. In particular, it imposes the need to inform users about how their data is collected, used and stored.
What's the difference between legal notices and privacy policies?
Legal notices and privacy policies are two types of information that websites must make available to their users.
To find out more about legal notices, please read the following article: "Legal notices for an e-commerce site!"
The legal disclaimer describes the company's identity and legal information, while the privacy policy describes how users' personal data is collected, processed and stored.
The two pieces of information are complementary, but distinct.
Inconclusion, the privacy policy is an indispensable element for any website collecting personal data. It must be clear and concise, and contain the essential information concerning data processing.
It is framed by the RGPD and its drafting must be entrusted to a competent data controller. Companies must therefore ensure that they comply with legal obligations regarding the protection of personal data and inform users about how their data is processed.
If you want to ensure your data is protected and your website is compliant with the RGPD, don't hesitate to get in touch today. Click here for a free audit of your privacy policy and find out how we can help you navigate the world of personal data protection with peace of mind.
