What is a Privacy Notice?

A privacy notice is directed externally. It explains to clients,  customers, website visitors, authorities, and other interested parties  what the company does with personal data. It provides information  regarding the categories of personal data handled, the legal  justification for processing personal data, and the data provided to  third parties.

A privacy notice typically describes an organization's data  processing practices and what website visitors can expect. It informs  the users regarding their personal data, how it is collected, how it  will be retained, what security measures the organization has adopted to  keep their data secure, and how they can exercise their privacy rights as per applicable privacy laws.

To sum up, where a privacy policy  instructs an organization’s employees, a privacy notice, on the other  hand, explains to users and customers how the user's personal data is  handled and processed.

What Should a Privacy Notice Include?

In the digital context, privacy notices must be provided at or before  the point of collection of personal data. A layered approach is  recommended to ensure full transparency. Privacy notices can be  push-and-pull, privacy dashboards, or just-in-time notices.

As far as a privacy notice is concerned, the privacy notice or a link  to the privacy notice should also be posted on the page where the data  collection occurs whenever a website collects personal information  online.

A detailed privacy notice should address the following questions:

1. What is the business, and what does it do?

2. Scope of the notice (to whom does it apply?)

3. What are the applicable laws (according to the jurisdiction where the business is located or services are provided)?

4. What personal data does the business collect?

5. How does the business obtain personal data?

6. How does a business use and process personal data?

7. How does the business share or disclose personal data to third parties?

8. How long does the business keep the personal data in the system?

9. What measures are in place to ensure the protection and safety of the collected data?

10. Whether there is a cross-border transfer of personal data?

11. What rights do individuals have regarding their personal data?

12. Who is the data controller for personal data?

13. How does the business use cookies and similar technologies?

14. How can the users access or control their personal data collected and indicate their opt-out or opt-in preferences?

15. How can individuals contact the business?

16. How will the business update the privacy notice?