Privacy Policy
A privacy policy for a website explains how personal data is collected, stored and handled. Since the General Data Protection Regulation, GDPR, came into effect in 2018, the requirements for how personal data may be processed have become stricter.
What is personal data?
Personal data is any information that can directly or indirectly be linked to a physical person.
Direct personal data can identify a person directly, for example:
name
personal identification number
Indirect personal data can, together with other information, identify a person, for example:
IP address
city of residence
Other examples of personal data include address, phone number, images and email address.
What is a privacy policy?
All websites that process personal data must comply with GDPR. A basic principle is that the registered person should give their consent to the processing of their data.
A privacy policy should clearly describe:
- what information is collected
- how it is used
- how it is stored
- how to contact the website owner
-
what rights the visitor has
How does it work?
All companies and organizations that process personal data through a website must have a privacy policy.
The policy works as an internal framework for how personal data is handled and should be:
- clear
- specific
-
easy to find
Once the policy has been created, it should be published on the website so that all visitors can access it.
Additional information
It is also recommended to have:
a cookie policy that explains how cookies are used
terms and conditions that regulate how the website may be used