Privacy Policy (General Data Protection Regulation)

from Wikipedia, the free encyclopedia

According to Articles 13 and 14 of the General Data Protection Regulation (GDPR), those responsible in their area of ​​application are obliged to inform those affected in a data protection declaration how their personal data will be processed.

This information obligation applies not only to telemedia such as websites, but to all situations in which personal data is processed.

purpose

The data protection declaration serves to inform the data subject, in particular so that he can effectively assert the data subject's rights against the person responsible in order to protect his privacy. It is not used to obtain consent.

content

Under Article 13 DSGVO a privacy policy must, if the collection of data at a data subject is given the following information:

  • Name and contact details of the person responsible and, if applicable, his representative in the European Union
  • if applicable, the contact details of the data protection officer
  • The purpose of the data processing and the legal basis (according to Art. 6 and, if applicable, Art. 9 or Art. 10 )
  • the legitimate interests pursued with the data processing if the processing is based on Art. 6 Para. 1 lit. f) is based
  • if applicable, the recipients or categories of recipients of the data
  • If necessary, the intention to transfer the data to non-EU countries and the legal basis for this (according to Art. 44 ff. )
  • the intended storage period
  • the indication of the affected rights pursuant to Art. 15 et seq. (existence of a right of access, existence of a right to correction, the existence of a right to delete , existence of a right to restrict the processing (block), existence of a right to object to the processing, existence of an Right to data portability, existence of a right to withdraw consent (insofar as the processing is based on Art. 6 Paragraph 1 lit. a ), existence of a right of appeal to a supervisory authority )
  • the indication of whether the provision of the data is required by law or by contract and, if applicable, the consequences of not providing it
  • if necessary, the existence of automated decision-making or profiling ( Art. 22 )

If the data is not collected from a data subject, according to Art. 14 Para. 2 lit. f. It is also stated from which source the personal data originate and, if applicable, whether they originate from a publicly accessible source.

shape

According to Art. 12 , the information mentioned must be transmitted "in a precise, transparent, understandable and easily accessible form in clear and simple language". They can be issued in writing , electronically or in another form.

Time at which information was provided

If data is collected from the data subject, the information in accordance with Art. 13 Paragraph 1 must be provided at the time of collection. Otherwise, the information must be provided in accordance with Article 14 (3) GDPR

  • taking into account the specific circumstances of the processing of the personal data within a reasonable period of time after the personal data has been obtained, but no longer than one month,
  • if the personal data are to be used to communicate with the data subject, at the latest at the time of the first communication to them, or,
  • if disclosure to another recipient is intended, at the latest at the time of the first disclosure.

Access

There is only the obligation to have the data protection declaration ready. It is not necessary for those affected to read them or even take note of them. In particular, there is no legal reason to have the data subject confirm that they have received the information (or even "read and understood"). On websites, the mandatory field "I have received the data protection declaration" or similar is inadmissible and subject to a warning according to Section 309 No. 12 b BGB .

Individual evidence

  1. Matthias Lachenmann: Form manual for data protection law . Ed .: Ansgar Koreng, Matthias Lachenmann. 2nd Edition. Beck, Munich 2018, ISBN 978-3-406-69542-1 , FI