Data Privacy Policy for Your Website

Data Privacy Policy for your website

Ensure legal certainty and gain the trust of your visitors with a professional privacy policy for your website. At heyData, we offer you the support of a team of certified lawyers.

What is a privacy policy for a website?

A website's privacy policy is key to maintaining privacy and building trust in the digital age.

It is a written basis informing visitors how their personal data is collected, used, and protected. In particular, it explains what types of data are collected, how they are used, and how visitors can exercise their rights in relation to their data.

Is a privacy policy on my website required by law?

Yes, a privacy policy on the website is required by law in many countries. Especially in countries that belong to the European Union, the General Data Protection Regulation (GDPR) applies, which sets clear requirements for data protection.

The GDPR places great emphasis on transparency and the obligation to inform visitors to your website. The regulation requires that your website informs visitors about what personal data is collected, how it is processed and for what purpose. You must also inform visitors about their rights regarding their data.

Even if you are not based in the EU, you may still be affected by the GDPR requirements. If your website collects personal data from EU citizens or you are targeting EU citizens, you should take GDPR compliance seriously and provide a comprehensive privacy statement.

It is important to note that the exact requirements may vary by country and region. It is recommended that you seek legal advice to ensure that your privacy policy complies with the applicable laws and meets their specific requirements.

In any case, it is advisable to provide a privacy statement on your website to both comply with legal obligations and to gain the trust of your visitors by giving them clear information about how their data will be handled. 
 

What should a privacy statement contain?

The privacy policy must transparently set out all aspects of the collection, processing, and use of personal data. This includes, among other things, the processing of IP addresses, browser data, cookies, the use of web analytics tools such as Google Analytics, and the integration of social media plug-ins.

Our checklist for your privacy policy

Free checklist for data protection declarations!

Our checklist will help you cover all the important aspects of your privacy policy!

Types of data collected

There are different types of data that can be collected by a website and mentioned accordingly in a privacy policy:

  • Personal data: This is information that relates to an identified or identifiable natural person. This includes name, address, email address, telephone number, date of birth and other similar information.
  • Communication data: This includes information collected in the course of communication between provider and visitor via the website, such as emails, chat transcripts or comments.
  • Device data: This is information about the device used by the user when visiting the website, such as browser type, operating system or hardware.
  • Usage data: This data collects information about how visitors interact with the website, such as pages visited, content viewed, clicks, time spent and search queries.
  • Location data: This is information about your geographical location, either based on IP address or through the use of GPS or similar technologies.
  • Payment Data: When the user makes payments on the website, payment data such as credit card information or other payment details may be collected.

It is important to note that not all of the above types of data are collected on every website. The actual types of data collected depend on the type of website, the services offered, and the interactions between users and the website.

Our experienced lawyers will gladly support you!

Purpose of data collection

The purpose of collecting data is to ensure an optimal experience on the website and to provide our own services effectively. The data collected from you may serve various specific purposes, such as:

  • Provision and personalisation of services: Data may be collected to provide services tailored to the individual needs of your visitors. This may include processing orders, providing personalised content, or customising features and settings.
  • Communication and support: this data is typically used to respond to enquiries, provide assistance or communicate important information about your services, such as order information.
  • Website improvement: Some of the data is only used to improve the website by analysing user behaviour, statistical analysis, and identifying vulnerabilities to ensure a better user experience.
  • Security and protection: These measures include fraud detection and prevention, protection against unauthorised access, and data security.
  • Marketing and advertising: Finally, some data may be used for marketing and advertising purposes. This purpose is always voluntary.

The exact purpose of data collection may vary depending on the type of website, the services offered, and the interactions between visitors and the website. However, the privacy statement must describe the specific purposes in a clear and understandable way in order to provide transparency to users about the use of their data.

What must be included in the privacy policy if I want to use cookies?

If you intend to use cookies on your website, it is not sufficient to include a general notice in your privacy policy. Instead, you must inform visitors to your website in detail about the cookie policy. You should also distinguish between the different types of cookies. The following points should be included in your cookie banner:

  • Explanation of cookies and their different types
  • Clarification of whether the cookies are transferred to the user's browser from your server or from an external (third-party) server.
  • Description of the purposes and methods of the use of cookies, e.g. pseudonymous range measurement,
  • Improvement of the user-friendliness and security of the website as well as storage of access data.
  • Indication of the tools, plug-ins and services used, e.g. analysis tools.
  • Information on how visitors can prevent cookies from being set, e.g. through browser settings or opt-out options.
  • Specification of the retention period for the collected data

Use of social media plug-ins

If you use social media plug-ins on your website, you should include them in your privacy policy. Including Facebook "Like" buttons or sharing content on other social media channels can lead to greater reach and promotional impact, but there are also privacy issues to consider that affect your visitors.

When using social media plug-ins, data is transferred directly from users' browsers to the servers of LinkedIn, Facebook, Twitter, and similar platforms. This happens not only when your users are connected to these platforms, but also when they do not have their own account on these platforms.

To ensure privacy, it is recommended to include all social media plug-ins in your privacy policy. Explain the following:

  • which tools, plug-ins and services you use
  • what personal data is collected and transmitted from users during the process
  • how the data processing works
  • how users can prevent their personal data from being linked to their social media accounts.
  • Please also refer to the privacy policies of the respective platforms, such as LinkedIn's privacy policy.

By including this information in your privacy policy, you can better explain to your users the impact of social media plug-ins on their data and enable them to take steps to protect their privacy where appropriate.

Hear it From Our Customers

"heyData impressed us with their digital software solution and expertise. Like us, heyData is a digital pioneer in a rather traditional and less digital industry. heyData is a strong partner for the BRZ Group."

Markus Schobert

Head of Customer Service at BRZ Gruppe

"heyData is a great help for us and makes the topic of data protection really easy. We are very satisfied with the digital audit, the online training and the customer support."

Leonard von Kleist

CTO & Co-Founder at Hive Technologies GmbH

"I value this feature for its ability to simplify supplier risk assessment. It is an indispensable tool for anyone dealing with data compliance in the European Union and Switzerland."

Jan Stephan

Head of Legal Affairs at Learnship

"As a customer, we have only had good experiences with heyData's support and communication. Questions were answered in detail, responses were always prompt and personal 1-1 support is also no problem."

Roman Georgi

Director Of Customer Support at AMBOSS

“What sets heyData apart is its responsiveness and rapid implementation.”

Sandra Scherzer

Legal department at Bioland

"We always receive competent and prompt advice from heyData and have so far been able to find a satisfactory solution to every question relating to the GDPR or data protection in general."

Nikolai

CTO at Instaffo GmbH

Frequently asked questions

View our prices

It is not recommended to simply copy a privacy policy from another website. Each website has its own requirements and practices for handling personal data. A generic privacy policy may not meet your specific needs and may have legal consequences. It is advisable to create a customised privacy policy for your website.

It is important to regularly review and update your privacy policy to ensure that it complies with current legal requirements and reflects your business practices. Changes in the way you collect or use personal data should be communicated transparently in your privacy policy.

If you want to use Google Analytics to collect data about your website visitors, there are some privacy issues you should be aware of. Here are some important points:

  • Update your privacy policy: Make sure you are clear and transparent about the types of data you collect with Google Analytics, how you use it, and how visitors can exercise their privacy rights.
  • Anonymise the IP address: Google Analytics collects the IP addresses of visitors by default. To ensure the anonymity of users, you must activate the IP anonymisation function in Google Analytics. This function removes part of the IP address before processing.
  • Order processing contract: If you use Google Analytics, you as the website operator are responsible for the processing of the data. Make sure you have a data processing agreement with Google to ensure that your data is processed in accordance with applicable data protection laws.
  • Limit data transfers: Avoid submitting personal data to Google Analytics. Ensure that no sensitive data is collected or sent to Google Analytics.
  • Limit data storage: Check the settings of your Google Analytics account and make sure that you only store data for as long as it is necessary for your analysis purposes.