Privacy Notice and Transparency
Privacy Notice and Transparency
GDPR requires clear, comprehensive privacy notices that inform users about all aspects of data processing. Privacy notices must use plain language, avoiding legal jargon that users might not understand. Information must be provided at the time of data collection, not buried in terms of service or requiring users to search for it.
Key information that must be included in privacy notices includes the identity and contact details of the data controller, contact details of the data protection officer (if applicable), purposes and legal basis for processing, categories of personal data, recipients or categories of recipients, details of international transfers, retention periods, user rights, and the right to lodge complaints with supervisory authorities.
<!-- GDPR-compliant privacy notice structure -->
<div class="privacy-notice" itemscope itemtype="https://schema.org/PrivacyPolicy">
<h1>Privacy Notice</h1>
<p class="last-updated">Last updated: <time itemprop="dateModified">2024-01-15</time></p>
<!-- Data Controller Information -->
<section class="privacy-section">
<h2>Who We Are</h2>
<div itemscope itemtype="https://schema.org/Organization">
<p><span itemprop="name">Company Name Ltd.</span> ("we", "our", or "us") is the data controller responsible for your personal data.</p>
<address itemprop="address">
<span itemprop="streetAddress">123 Main Street</span><br>
<span itemprop="addressLocality">London</span>, <span itemprop="postalCode">EC1A 1BB</span><br>
<span itemprop="addressCountry">United Kingdom</span>
</address>
<p>Email: <a href="mailto:[email protected]" itemprop="email">[email protected]</a></p>
<p>Data Protection Officer: <a href="mailto:[email protected]">[email protected]</a></p>
</div>
</section>
<!-- What Data We Collect -->
<section class="privacy-section">
<h2>What Personal Data We Collect</h2>
<div class="data-category">
<h3>Information You Provide</h3>
<ul>
<li><strong>Account Information:</strong> Name, email address, password (encrypted)</li>
<li><strong>Profile Information:</strong> Profile picture, bio, preferences</li>
<li><strong>Communication Data:</strong> Messages, support tickets, feedback</li>
</ul>
</div>
<div class="data-category">
<h3>Information We Collect Automatically</h3>
<ul>
<li><strong>Technical Data:</strong> IP address (anonymized), browser type, device information</li>
<li><strong>Usage Data:</strong> Pages visited, features used, interaction times</li>
<li><strong>Cookie Data:</strong> As described in our <a href="#cookie-policy">Cookie Policy</a></li>
</ul>
</div>
</section>
<!-- Lawful Basis and Purpose -->
<section class="privacy-section">
<h2>How and Why We Use Your Data</h2>
<table class="privacy-table">
<thead>
<tr>
<th>Purpose</th>
<th>Type of Data</th>
<th>Lawful Basis</th>
</tr>
</thead>
<tbody>
<tr>
<td>Provide our services</td>
<td>Account information, profile data</td>
<td>Performance of contract</td>
</tr>
<tr>
<td>Send service emails</td>
<td>Email address, name</td>
<td>Performance of contract</td>
</tr>
<tr>
<td>Send marketing emails</td>
<td>Email address, preferences</td>
<td>Consent</td>
</tr>
<tr>
<td>Improve our services</td>
<td>Usage data, technical data</td>
<td>Legitimate interests</td>
</tr>
<tr>
<td>Ensure security</td>
<td>IP address, access logs</td>
<td>Legitimate interests</td>
</tr>
</tbody>
</table>
</section>
<!-- Data Retention -->
<section class="privacy-section">
<h2>How Long We Keep Your Data</h2>
<ul>
<li><strong>Account Data:</strong> Until account deletion + 30 days</li>
<li><strong>Analytics Data:</strong> 24 months</li>
<li><strong>Security Logs:</strong> 6 months</li>
<li><strong>Marketing Consent:</strong> Until withdrawn or 24 months of inactivity</li>
</ul>
</section>
<!-- User Rights -->
<section class="privacy-section" id="your-rights">
<h2>Your Rights</h2>
<p>Under GDPR, you have the following rights:</p>
<div class="rights-grid">
<div class="right-item">
<h3>Right to Access</h3>
<p>Request a copy of your personal data</p>
<button onclick="privacyRights.requestAccess()">Request Access</button>
</div>
<div class="right-item">
<h3>Right to Rectification</h3>
<p>Correct inaccurate personal data</p>
<button onclick="privacyRights.requestRectification()">Update Data</button>
</div>
<div class="right-item">
<h3>Right to Erasure</h3>
<p>Request deletion of your personal data</p>
<button onclick="privacyRights.requestErasure()">Delete Data</button>
</div>
<div class="right-item">
<h3>Right to Portability</h3>
<p>Receive your data in a portable format</p>
<button onclick="privacyRights.requestPortability()">Export Data</button>
</div>
</div>
</section>
</div>
Privacy notices must be easily accessible from every page where data is collected. Layered privacy notices can help manage complexity by providing summary information with links to detailed sections. Visual aids like icons, flowcharts, and infographics can improve understanding, especially for complex data flows.