It can be a trial to manage all the rules and regulations in the General Data Protection Regulation (GDPR). We have ourselves established many procedures and initiatives that you can read more about here.
Since we have offered you our privacy policy in connection with the ticket sales module on your website, we consider it our job to ensure that you can use our policy and not think about it anymore. In this connection, we have some thoughts that we would like to share with you.
Difference between your own privacy policy and the one we offer you
The GDPR states that all those who collect information, for example via websites, must inform the data subjects about the collection, etc. This collection and use, as well as the cookie policy (which is a separate policy), are maintained in a privacy policy.
In addition, the GDPR requires that the information about the collection, etc. happens in an easily understandable language and the information is easily accessible (i.e. you can easily find the policy on your website).
The policy that we have offered to you and which can be found via the website module for ticket sales only covers the collection that takes place through our website module. It does not cover all other information collection via your website!
We can see that some of you are already using your own privacy policy, which is a good start. But it can also mean that you have conflicting policies, double policies, etc. and thus no longer fulfill the duty of disclosure and the requirement for easily accessible and easily understandable information about the collection and use of data, etc.
Combine all privacy policies into one
Our advice to you is to gather all information into one privacy policy that covers all elements of your website. This means that website visitors never have any doubt about what information you collect on them, what it is used for, when it is deleted, etc.
Your cookie policy should be included in the privacy policy, but not made depending on it. That’s why we advise you to keep your privacy and cookie policies separate.
But how do you think cookie policy into privacy while keeping the two apart?
This is done by writing about the general use of cookies in the privacy policy and linking to a sub-page containing the cookie policy and cookie classification, as well as enabling users to select and deselect individual categories of cookies (there are 4 categories: strictly necessary, functional, statistical and marketing cookies – the latter 3 must always be deselected and must never be turned on from the start).
But what if I am not an IT expert or a lawyer?
We know that navigating the GDPR requirements can be a jungle and that not all of you are IT developers or lawyers specializing in personal data law.
Therefore, we will release a new module in your backend soon, where you can plot your information into a finished privacy policy from us, which deals with live/BACKEND, and in the module has the opportunity to adapt the text to your wishes. However, as mentioned, this one covers only live/BACKEND, so if you have one of the following elements on the page, it would be a good idea to review your general privacy policy for your website to uncover.
Website elements that may give rise to its own privacy policy:
- Newsletter Sign-Up
- Social media buttons
- Sign-up forms for voluntaries
- Participation-application
- Sign-Up form for members
- SMS-service
- User log-in
- Tracking-cookies like Google Ads or similar technology
- Cookies (remember cookie classification)
We hope you endure the corona shutdown and that you benefit from our upcoming module, and that we can at least make a small positive difference for you in these times.
NOTE: The information mentioned above is not guaranteed. We are not educated lawyers and therefore technically cannot give you professional advice. The information above is just a collection of experiences that we think would benefit you. Responsibility for your privacy policy – whether your website or just the live/BACKEND section – lies with you.
This article is written by our compliance specialist. If you have any questions, comments or issues regarding IT-security, data protection, etc., feel free to contact him at gdpr@gatewayapi.com.
