Privacy & Cookie Policies
If you already have a website for your business, or are considering setting one up, Blacks Solicitors’ Commercial Law team can help you with your Privacy and/or Cookie Policies.
Privacy Policies
A Privacy Policy is a legally required document that requires a data controller to provide specific information to an individual at the time that personal information is collected.
The document should be clear, easy to read and identify specific points listed in Article 13 of the UK GDPR. These can include:
- The name and contact details of your organisation
- The contact details of your Data Protection Officer (if applicable)
- The purposes of the processing (why you use peoples’ personal data and clarify each purpose)
- The lawful basis for the processing
- The third parties (or categories of third parties) that will receive peoples’ personal data
- The countries to which any data transfers are made to and the legitimising transfer mechanism relied on
- The relevant data retention periods
Failure to have a Privacy Policy in place means that an organisation is not complying with a key transparency requirement under the UK GDPR, in that individuals have the right to be informed about the collection and use of their personal data. The Information Commissioners Office (ICO) regularly fines organisations for failing to be transparent with individuals in respect of this.
Cookie Policies
A Cookies Policy is a legally required document that should set out a variety of things, including:
- What cookies your websites uses (essential and non-essential)
- Explains what the cookies are doing and why
- Gains the persons consent to store cookies on their device
The information must be clear and easily available and users must be able to understand the potential consequence of allowing the cookies.
Failure to have a Cookies Policy is similar to a failure of an organisation in not having a Privacy Policy (see above), namely that the organisation is not complying with a key transparency requirement under the UK GDPR. The use of cookies and how transparent organisations are with its website users is something that is increasingly becoming subject to scrutiny both at a UK level (by the ICO) and at an EU level.
For more information on the above, or about to find out how Blacks’ Commercial Law team can assist you with Privacy and/or Cookie Policies, please email or call us today on 0113 207 0000.