How does it work?

Privacy Label is a summary of a privacy statement. It explains in a simplified way the most important things a everyone needs to know. If someone want more information they can read the corresponding privacy statement itself.


An organisation needs information. That data flows through the organisation inmanner. The organisation collects, uses and shares the data in order to do itsbusiness. The left side of the Label shows how data is collected, what it’sused for and to whom it’s shared.  


Privacy Label distinguishes three sorts of personal data. An organisation can process aggregated data, personal data and sensitive personal data.


Personal data may only be processed for a specific goal. The goals for which personal data is used by the organisation is shown here. Additional to processing goals, Privacy Label shows weather or not an organisation makes use of automated decision making (and profiling).


The last part of the data flow tells the reader how personal data leaves theorganisation. Data could for instance be shared with other originations, processors or customers.


There is more information important for data subjects when their personal data is processed. In Privacy Label information could be found about where data is stored, retention periods, legal basis for processing and ways to ask questionsair exercise rights as a data subject. Important to notice is that Privacy Label does not substitutes a privacy statement. Therefore, a link to the whole privacy statement is embedded in the label.


This section shows details on storage of data. It shows where personal data is stored and its retention periods. The location of data shortage is important since it shows whether it’s under EU law protection. Personal data should not be stored longer than necessary for its processing goal. The label shows what retention periods are used by the organisation.  


In order to process personal data, an organisation needs a specific goal and a legalbasis.  The goals are discussed in the label under ‘usage’ in the data flow. Here, the legal basis is shown. Also, we show here where the organisation is legally based. Because, that could have consequences for data protection.


This section contains information for data subjects to exercise their rights as a data subject. For instance, one could find contact information of the Data Protection Officer, Privacy Officer or a general privacy email address. Also important is a link to the whole privacy statement. Since, the Privacy Label is a summery of the whole privacy statement.


Privacy Label provides extra explanation on all the entities. You can drop down the extra information by clicking on ‘?’ icons in the label.

When you click on the '?', you will see a small standard explanation on what this entity is. By clinking on ‘learn more’ you will be directed to our website for additional explanation. You can become a privacy expert yourself!

Organisations may provide you with extra information on why they use your data. In the example above, you see an explanation on why the organisation receives your personal data.

Organisations might also add a link to more information why they do it. This could for instance link to a certain part in their privacy statement on the particular subject or to an additional page with more information provided by the organisation itself.