Add a summary to your privacy statement
We want to help organisations communicate clearly and effectively about their data use. With Privacy Label we created an open standard to provide consumers with clear, transparent and multi-layered privacy information.
Here's what it looks like:
The data river
An organisation needs information. That data flows through the organisation in a certain manner. The organisation collects, uses and shares the data in order to do its business. The left side of the Label shows how data is collected, what it’s used for and with whom it’s shared.
Find out how your personal data flows through an organisation.
Collected personal data
Find out what kind of personal data an organisation collects and how they collect it.
Personal data is data that says something about you as an individual. In short: all the information that makes you. We distinguish aggregated, normal and sensitive personal data. Organisations collect personal data in different ways.
Find out for what purposes your personal data is used.
When an organisation wants to process information about you, they need a specific goal to do so. Personal data may not be used for other purposes than it’s collect for initially.
Find out where else your personal data goes.
Organisations can also share personal data with other organisations. This can be done for the execution of a task, or for a collaboration. Sometimes data must be shared because of a government. Or data can be sold to another organisation.
What esle do you need to know?
There is more information important for data subjects when their personal data is processed. In Privacy Label information could be found about where data is stored, retention periods, legal basis for processing and ways to ask questionsair exercise rights as a data subject. Important to notice is that Privacy Label does not substitutes a privacy statement. Therefore, a link to the whole privacy statement is embedded in the label.
Find out where your data is processed.
Personal data could be processed on different locations. In the EU, the GDPR is in place. If data about you is processed outside the EU, the laws of those countries may apply to the data too.
Find out for how long an organisatoin stores your data.
Once personal data is collected you should know that organisations cannot store it indefinitely. The rule of thumb here is: you must not keep personal data for longer than you need it for the goal its collected.
Find out on what legal basis your personal data is processed.
If an organisation wants to process data about you, they need to have a specific goal and a lawful basis. The lawful basis is the foundation for data processing under the GDPR. There are 6 lawful bases to base a processing activity.
And, maybe most important, Learn how to exercise your rights or get more information.
If an organisation wants to process data about you, you have the right to information and other fundamental rights. You can find information in the privacy statement. You can also contact the organisation.
Get an explanation
Privacy Label provides extra explanation on its items. You can drop down the extra information by clicking on ‘?’ icons in the label.
When you click on the '?', you will see a small standard explanation on what this entity is. By clinking on ‘learn more’ you will be directed to our website for additional explanation. You can become a privacy expert yourself!
Organisations may provide you with extra information on why they use your data. In the example above, you see an explanation on why the organisation receives your personal data.
Organisations might also add a link to more information why they do it. This could for instance link to a certain part in their privacy statement on the particular subject or to an additional page with more information provided by the organisation itself.