Setting up my company's website What should I include in the Privacy - - PowerPoint PPT Presentation
DiFens - 2017-1-CY02-KA205-000998 Setting up my company's website What should I include in the Privacy Policy, Terms of Use, and the Cookie notifications? Erasmus + DiFens - 2017-1-CY02-KA205-000998 But first how to choose a hosting
DiFens - 2017-1-CY02-KA205-000998 Erasmus+
DiFens - 2017-1-CY02-KA205-000998 Erasmus+
3
Erasmus+
MOST IMPORTANT ASPECTS
The hosting services normally act as data processors and the clients are the data controllers who determine the purposes and means of processing of personal data. The clients (as controllers) have the responsibility to choose a service that guarantees the application of suitable safeguard measures to protect the personal data.
4
Erasmus+
Take a look at the Terms of Use of the services you consider to use and especially at the security safeguards the service claims to apply. Take a look at the Privacy Policy – you should find information about the country where the personal data is being hosted (including all data centres between which the information may be moved).
Why is that important?
5
Erasmus+
Where is it better for the personal data I process to be stored? Within the EU or the EEA; In a country for which the European Commission has issued an Adequacy Decision (they can be found on the EC’s website); Choosing a hosting service that stores the information in a country for which there is no Adequacy Decision requires you to check if
6
Erasmus+
7
Erasmus+
cookies which do not contain personal data
What’s a cookie?
A small piece of data which is stored on a user’s computer/
“remember” your actions or preferences over time
8
Erasmus+
9
Erasmus+
Is only informing the users you use cookies enough if they do not give their consent explicitly?
YES NO
If you have cookies that do not gather personal data (the user is not identified or identifiable, i.e. session cookies) If you have cookies which gather personal data and the user can be identified (especially when they register for your site)
10
Erasmus+
If the cookie collects any kind of personal data of identified of identifiable persons, you must gather and store the explicit consent of the users; It is better, if possible, to ensure the basic functioning of your website without cookies that gather personal information in case the user does not give their consent; You should explicitly inform users if the cookies gather information that is processed by third parties (i.e. analytics);
11
Erasmus+
is gathered;
cookies that gather personal data;
Freely given before the data is gathered
informs on the purposes for gathering the data and the types of data gathered;
the use of every type of cookie.
Specific, informed, unambiguous
as easily as they gave it.
Easily withdrawable
12
Erasmus+
13
Erasmus+
1. Information about you as controller (name of your company), your DPO, if you have one, means of contact 2. Types of personal data you process and purposes for their processing 3. Grounds for processing 4. Third parties to which you disclose personal data 5. Transfers to third countries (if you make such) 6. The rights of the users of the site
14
Erasmus+
to proceed with your registration
you age is above the required minimum
the products on our site
E X A M P L E S
Beware of the principles of: ꙰ Data minimisation ꙰ Specified, explicit and legitimate purposes
E X A M P L E S
15
Erasmus+
The grounds for processing of data – they are enlisted in Art. 6
is a party
controller or a third party The grounds for gathering information in websites is most often contract with the user. The legitimate interest is also used, but you should be able to prove that your interest as controller is not
to be used, except when no other legal grounds can be justified.
16
Erasmus+
that are competent and authorised to request and
certain information under national or EU law;
controller (your company) who fulfill the requirements
the European data protection legislation
E X A M P L E S E X A M P L E S
17
Erasmus+
Transfers to third countries
You are required to inform the users about transfers to third countries for the EU/international organization and also provide information whether there is an adequacy decision of the European Commission regarding that third country/international
whether there are other safeguards in the absence of an adequacy decision.
18
Erasmus+
You are obliged to inform the users of their rights under the GDPR:
processing of their personal data
data
19
Erasmus+
20
Erasmus+
Is there a difference between Terms of Use, Terms of Service and Terms and Conditions?
Am I obliged to have Terms of Use?
certain information that you must provide if you deal with online services/selling goods online (however, you may include it in separate policies i.e. consumer policies, return policies, shipping policies, etc).
21
Erasmus+
Why should I have Terms of Use?
rules for your users to follow and determine consequences if they do not do so, such as the termination of their accounts. Also, you may restrict your liability in certain cases.
Are the Terms of Use “binding” for me?
users of your site.
22
Erasmus+
Rules regarding the original content you publish (i.e. rules for using the content) Rules users should follow – i.e. rules not to use rude language when communication with other users Rules regarding user accounts and registration Restriction of liability – i.e. for content posted by users in certain cases, for content of linked sites Disclaimer – i.e. regarding the provision of content on an "as-is" and "as-available" basis Clauses regarding consequences when users infringe the Terms of Use or perform illegal activities (i.e. deactivation of account)
23
Erasmus+
24
Erasmus+
If you manage an e-commerce website, according to the Consumer Rights Directive, you should provide your users with the following information: 1. The main characteristics of the goods or services 2. The identity of the trader (trading name); 3. Your address of establishment/ place of business and your contacts; the address and identity of the trader on whose behalf you are acting; 4. The total price of the goods or services with all costs, charges and taxes; if the cost cannot be reasonably calculated in advance, you should provide the manner in which the cost will be calculated;
25
Erasmus+
5. The arrangements for payment, delivery, performance, the time by which you will deliver the goods or perform the services; 6. Your complaint handling policy; 7. The conditions, time limit and procedures for exercising the right
Directive; 8. A reminder of the existence of a legal guarantee of conformity for goods; 9. The existence and the conditions of after sale customer assistance, after-sales services and commercial guarantees; 10. The existence of relevant codes of conduct you abide; 11. The duration of the contract or the conditions for terminating it;
26
Erasmus+
12. The minimum duration of the consumer’s obligations under the contract; 13. The existence and the conditions of deposits or other financial guarantees to be paid or provided by the consumer; 14. The functionality, including applicable technical protection measures, of digital content; 15. Any relevant interoperability of digital content with hardware and software that you are aware of or can reasonably be expected to have been aware of; 16. The possibility of having recourse to an out-of-court complaint and redress mechanism, to which you are subject, and the methods for having access to it.
27
Erasmus+
Requirements for the information provided to the consumers: Plain and intelligible language Legible, on a durable medium (available to the consumer at any time) Available to the consumer in a way appropriate to the means of distance communication used
28
Erasmus+
Other Requirements under the Directive for e-commerce websites
Clearly indicating at the latest at the beginning of the ordering process whether any delivery restrictions apply and which means of payment are accepted Ensuring that the consumer, when placing an order, explicitly acknowledges that the order implies an obligation to pay
Providing the consumer with confirmation of the contract on a durable medium within a reasonable time and at the latest at the time of the delivery of the goods/ the start of the performance of the service
29
Erasmus+
How can you fulfill the requirements? A clear and understandable policy for your consumers (or separate policies for ordering, delivery, returning of goods) that is easily accessible at all times on your site; Fast e-mail replies containing all the necessary information for the service/goods purchased; Unambiguous formulation indicating that placing the order entails an obligation to pay.
30
Erasmus+
31
Erasmus+
and restrictions to consumers on the basis of their nationality or place of residence.
commerce, which are one of the initiatives in the Digital Single Market Strategy
the EU Commission, adopted in 2015.
introduced with Regulation (EU) 2018/302, in force since 3 December 2018.
32
Erasmus+
They enforce a ban on the blocking of access to websites and re-routing without the customer’s prior consent Online traders do not have an obligation to provide the same
Online traders must accept payment instruments without discrimination based on the place of issue of the instrument The Regulation do not apply to certain services (transport, gambling, financial services, audiovisual services) The Regulation does not apply when the goods or services are not purchased for the sole purpose of end use (i.e. to be resold, transformed, rented, subcontracted, etc)
DiFens - 2017-1-CY02-KA205-000998 Erasmus+