The privacy statement should meet several requirements. For example, it should be concise, transparent, easily accessible and written in understandable language. In terms of content, these 10 points should certainly not be missing:
- Identity of your company and contact information.
- The purpose for which you collect your customer, client or patient data.
- How long you expect to keep the data.
- Who has visibility into the data.
- Clearly state whether there are legal or contractual obligations associated with providing personal data and why it is necessary.
- State that individuals have the right to object to the use of data.
- Indicate that individuals may access, have their data rectified or deleted at any time.
- That consent may be revoked by the provider.
- Whether there is automated decision-making or profiling.
- The right to file complaints with the Personal Data Authority.
Having the privacy statement written by a lawyer may be technically foolproof, but the question is whether it is also readable and understandable for your visitors. So we recommend having the privacy statement written by someone who can make it concrete and clear for your target audience. Afterwards, however, you can have a lawyer check whether it is legally correct.