Internet Law

Privacy Policy Template

Privacy and data protection in the context of commercial websites

The topic of privacy and data protection was around even before Google Street View brought it to everyone’s attention. A privacy policy must be provided on all websites which process personal data for any other purpose than for private use. Here, we explain the legal principles underlying this area of law and provide a privacy template which can be adapted to suit individual business needs.

Legal principles

The legal requirements concerning data protection are contained in the German Federal Data Protection Act and the German Telemedia Act.

Under § 4 sub-paragraph 1 of the Federal Data Protection Act personal data may only be collected, processed or used if there is a legal provision allowing or requiring such action, or if the person concerned consents.

Particularly relevant here are §§ 27 – 31 Federal Data Protection Act which list a range of commercial data processing activities which cannot be undertaken without the prior consent of the person concerned.

Notification requirements

Visitors to a website must be notified at the beginning of their visit of the extent to which personal details will be collected, processed and used (§ 13 sub-paragraph 1 Telemedia Act and § 33 sub-paragraph 1 Federal Data Protection Act). The notification should be centrally placed on a website so that it is accessible to every visitor. The link to the notification should be entitled “data protection”, “data protection policy”, “privacy policy” or “data protection information”. Alternatively a customer information page could be provided, with the “data protection” section, containing the relevant information, being visible. It is not permitted to simply include a privacy policy in a business’s terms and conditions.

——————————————————————————————————————————————————————

Privacy policy template

This privacy policy template can be used free of charge, provided a link to the law firm www.wbs-law.de is available. The template does not to purport to be complete, accurate or up-to-date and should therefore be used simply as an orientation tool and as guidance to a website operator. The website operator intending to use this template should assess whether, in light of changes in the law or requirements of a particular scenario, modification is required.

 

The sections of bold-printed text which follow represent the elements of the privacy policy template.

To enable individual modification, this template is broken down into separate sections. Each section is followed by an explanation of its content.

The basic position in as far as it applies here, is that the privacy policy only need contain information as to the type, scope and purpose of data collection and processing.

Privacy policy

Thank you for visiting our website. The protection of your person details is very important to us. With the following information, we would like to give you detailed information on how we use this information. We will ensure that when handling your personal information, we will comply with the legal provisions contained in the Federal Data Protection Act, the Telemedia Act and other data protection rules.

Just a few introductory sentences should prepare the visitor or user for the following details about data protection.

Data collection and processing

In general you do not need to divulge your personal details in order to use our website. The only information which will be saved is access data, which has no personal link. These could include, but are not limited to, the name of the internet service provider, the name of the website you visited before visiting our website, the name of data accessed and the date on which it was accessed. These data will be collected solely with the aim of improving our internet services and are in no way linked to your personal details.

Your personal details will only be collected if you freely disclose them to us. This may take place through the placement of an order, when opening a customer account or through subscribing to our newsletter.

If you offer a customer account service or subscription to a newsletter it is advisable to include in the registration process, in addition to the general data protection information, a check box for the user to tick (i.e. to opt-in) and in doing so confirm their acceptance for their personal data to be used. You should also explicitly state that the acceptance can be retracted at any time.

Use and passing on of personal data

If you purchase one of our services or request delivery of a product from us, your personal details will only be used to the extent needed in order to permit the service to be carried out, unless you give special permission for any other use. Use of your personal data in this context includes passing on your data to a third party courier, credit companies or other service providers relevant for the completion of the order.

Unless you specifically permit your personal data to be used for further purposes, after completion of the required service any further use of your data will be blocked and after expiry of the data retention periods set by tax and commerce regulations your details deleted.

If you have subscribed to receive our newsletter, your personal details will be used for our own advertising purposes until you unsubscribe. You may unsubscribe at any time.

Note: You need not inform a customer of any data activities which you do not pursue. Should you use personal data in a form beyond that which is described here (for example passing on data to a marketing company), you must disclose this to the customer and obtain their express consent.

Use of cookies

In order to understand how you use our website and to improve your experience, we use cookies on some of our webpages. Cookies are text files which are stored on your computer. After you have finished your session and closed your browser many of the text files are deleted (“session cookies”). So-called “persistent cookies” are also stored and these allow us to recognise you when you next visit our website. Our partner companies are not permitted to collect, process or use personal data stored in the form of cookies on our website. You can prevent cookies being saved on your computer by changing your browser settings. This may result in some functions used by our website being restricted.

The cookies referred to here are often used by online-shops (for example by the “shopping basket” function). Express permission should be obtained from a visitor, if you intend to use persistent cookies for other purposes, such as to monitor the visitor’s shopping habits.

Use of Google Analytics

This website uses Google Analytics, a web analysis service operated by Google Inc. (“Google”). Google analytics uses cookies (text files) which are stored on your computer and which allow for analysis of your visit to be conducted. Information concerning your visit produced through cookies (including your IP address) will be transferred to and stored on a server in the USA operated by Google. Google will analyse this information to produce a report for the operator on website usage and online usage of associated services. Google may also transfer this information to third parties either where this is required by law or where third parties are contracted by Google to process data. Google will not allow your IP address to be linked to any other personal data. You can prevent cookies being installed on your computer by changing your browser settings; however, if you choose to do this, your visit to our website and use of some functionalities may be impaired. By using this website you are deemed to have expressly consented to the use and processing of your data collected by Google as described above. You can withdraw consent to your data been collected and processed at any time. This withdrawal concerns consent to future activities. Please be advised that to avoid personal data being collected through IP addresses, we use Google Analytics ad-on “_anonymizeIp()”. As a result a shortened (or anonymous) IP address is sent to Google.

This paragraph on Google Analytics relies on a template recommended by Google. If, as a website operator, you use services mentioned above, you should ensure that you utilise the “_anonymizeIp()” ad-on. This means you will protect visitor’s privacy as best you can in accordance with data protection legislation. As regulatory authorities regularly assess “opt-out” possibilities, it is advisable to stay informed of legal developments in this area.

Right to disclosure

In accordance with the Federal Data Protection Act you have a right to free disclosure of the information stored about you. You also have a right to correct, block or delete this data.

Data protection contact person

If you have any questions concerning the collection, processing and use of your personal data, disclosure, correction or deletion of data, or if you wish to withdraw consent to data being collected, please contact:

[Name, Address of the contact person or company responsible for implementing the privacy policy]

Replace square brackets and the information in them with the details of the contact person for privacy and data protection.

Christian Solmecke is a partner at the law firm WILDE BEUGER SOLMECKE. He is the author of numerous legal publications in the area of internet and IT law. He is also an associate lecturer for social media law at the Cologne University of Applied Sciences.

Do you like this article? Feel free to rate it now:

1 Stern2 Sterne3 Sterne4 Sterne5 Sterne (2 Ratings, Average: 5.00 of 5)

RSSComments (0)

Leave a comment

Leave a comment

By submitting your comment, your consent to our privacy policy is deemed to be given.