The data protection declaration is a legally required statement in which a company or organization explains how it collects, processes, stores and protects personal data. In this context, both the legal basis and the technical and organizational measures to ensure data protection are outlined.
In the European Union, the Privacy Statement is a requirement of the General Data Protection Regulation (GDPR), which entered into force in May 2018. The DSGVO aims to ensure the protection of individuals with regard to the processing of personal data and to ensure the free movement of such data within the EU. In Germany, the Federal Data Protection Act (BDSG) is the national implementation of the GDPR and supplements the European provisions.
- Name and contact details of the responsible person or his representative
- Purposes for which personal data are processed
- Legal basis for data processing
- Categories of personal data that are processed
- Recipients or categories of recipients to whom the personal data are disclosed
- Duration of the storage of personal data
- Information on the rights of data subjects, such as the right to access, rectify and delete their personal data
- Information on the right of appeal to a data protection authority
Companies and website operators that process personal data are required to provide a privacy statement that meets the requirements of the GDPR and the BDSG. The statement must be easily accessible and understandable and provide data subjects with transparent insight into the processing of their personal data.