Privacy policy on the website

The privacy policy and measures for the protection of personal data are not just a formal requirement, but a very serious and responsible matter, so it must be treated as seriously as possible.

If you have decided to create a website or online store, you need to take special care of creating a privacy policy to comply with the principles of legality and integrity. Any processing of personal data must have a legal basis.

In this article we will tell you what customer data is considered to be personal data, which is the processing of personal data and when your website should have a privacy policy.

What is personal data?

The most common personal data are the given name, surname and personal identity number. However, this is not the only data that allows the identification of a person. An identifiable person shall be one who can be identified, directly or indirectly, in particular by reference to an identifier such as that person’s name, personal identity number, location data, online identifier, one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity. It follows from the foregoing that personal data are different information, which, when collected, can identify a particular person.

  • Name (e.g. Anna Bērziņa)
  • Personal identity number, personal identification document number
  • Address of the place of residence (e.g., Anna Bērziņa, residential address: 5 – 2 Non-existent Street, Riga)
  • Workplace ( e.g. Anna Bērziņa works for SIA Neīsts)
  • Position held (SIA non-existing accountant)
  • E-mail address (e.g. anna.berzina@sianeists.lv)
  • IP address (Internet Protocol)
  • Location data (e.g. location data function on mobile phone)
  • Cookie identification number
  • Patient data stored in medical institutions

It has to be said, however, that the same name and surname, which is common, for example, Anna Bērziņa, will not yet be personal data if there is no additional information about which Anna Bērziņš is talking about. However, if this particular given name and surname is linked to an additional identifier, such as a personal identity number, place of work or place of residence, then it is personal data, since the person in question thus becomes identifiable.

Individuals may also be associated with the online identifiers they use on their devices, applications, tools and protocols, such as IP addresses, cookie identifiers or other identifiers. This may leave traces that, in particular when combined with unique identifiers and other information received by servers, can be used to create profiles and identify profiles of individuals.

Personal data are not:

  • Name (if not accompanied by an identifier that clearly indicates a specific person)
  • The General Data Protection Regulation does not protect the data of a deceased person
  • Company registration number
  • Address (if no other data is attached, e.g. first name)
  • E-mail (as long as the connection with someone is not identifiable)

What is the processing of personal data?

By definition, the processing of personal data is any operation or set of operations performed on personal data or sets of personal data, whether or not by automated means. For example:

  • Video surveillance
  • Storage and destruction of documents containing personal data
  • Creating and maintaining customer databases
  • Sending advertising e-mails/text messages.c, etc. with personal data

The Regulation does not apply to data processing concerning data relating to legal personality data, such as information on the name of the company, the form of business and contact details.

Privacy policy on your website

The requirements of data protection laws must be met by everyone who obtains and uses any personal data. As we have already found out, personal data is any information that allows to legally identify a particular person – name, surname, address, e-mail address, date of birth, etc. Personal data protection obligations shall apply to absolutely everyone who:

  • Offers goods or services to individuals
  • Issues invoices
  • Lets you communicate with yourself
  • Uses Google Analytics or any other statistical tools that create cookies on the user’s computer
  • Anyone else uses personal data

If you offer products or services on your website or you have customers, or your website has a statistical collection or contact form, even if you are simply communicating with website visitors, it is mandatory to have a privacy policy on your website.

What should be specified in the privacy policy?

The Privacy Policy is a section of the website or a document that informs the visitor or customer of the website about the principles of data processing on your website, online store and company.

The Privacy Policy must clearly describe the following:

  • What personal data is collected? (given name, surname, e-mail address, address of the place of residence)
  • How will data protection be ensured? (using any data protection tools and/or measures)
  • How long will the data be stored?
  • Who will be able to access the data? (authorised persons only)
  • Are cookies used and how? (to get site visit statistics – how long the visitor is on the site, what sections are viewed, what device, etc.)
  • What are the user’s rights in relation to the data? (to access, correct, delete and request termination of the processing of your personal data)

The privacy policy should not be very long and complex, but it should contain answers to all the above questions. When creating a privacy policy, it is mandatory to inform the person about his or her rights.

  • Access your data
  • Edit your data
  • Delete your data
  • Delete your data
  • Request termination of unjustified processing of your data
  • Rights specified in regulatory enactments

Cookies on your website

If you use statistical collection or marketing tools on your website or online store, such as Facebook pixel, Google Analytics or any type of tracking codes, then the visitor of the site must be informed about the use of cookies because these tools use cookies. When creating a section on cookies, you must include the following:

  • What types of cookies are used
  • What purposes are cookies used for? (to obtain attendance statistics, assess the effectiveness of advertisements, etc.)
  • How can a user opt out of cookies? (private browsing mode can be used)

Important!!!

The privacy policy strictly prohibits the inclusion of unauthorised practices, such as the right to send advertising emails to the customer if he or she has made a purchase but has not individually applied for advertising (prohibited by the EU’s general data protection regulation).

When compiling a privacy policy, be sure to take into account that each company, website and online store is different, so you should not copy the privacy policy of any other company or website even if you feel that you are doing exactly the same thing or something similar. Take a look at the issues related to the drafting of the privacy policy and, if necessary, also attract a lawyer.

We hope that this article helped you understand why it is necessary to include a privacy policy on your website.