Privacy Label - Privacy Statement
Privacy Label privides a standardized summary of privacy statements. It gives in a simplified way an overview of the use of personal data. This information allows data subjects to make an assessment of the risks attached with providing their personal data. When data subjects want to have more detailed information, they can read the details in the corresponding privacy statement.
The privacy label project aims to collect as little data as possible.
Website
Our main educational website does not collect any personal data on your behaviour. There are no trackers. Trackers are made to follow your behaviour online. For instance, when you shop for shoes online, you will find adds for those shoes on a lot of website afterwards. Those adds are abe to know you are intreseted in shoes because of trackers. Trackers migth also pick up your location history, search history, browsing history, your age, ethnicity, gender, interests, and habits. We do not need and do not want to know such information about you, therefore we do not track you.
The only data it can provide us is your email address if you decide to get in touch with us.
Privacy Label Manager
The Privacy Label manager does not contain any behavioural tracking. It does not load any third party scripts or content.
The tool does have a login component. If you create an account, you will need to input information such as an email address.
When you create a label you will share more information. In theory none of the information about your data practices is personal (unless you decide to share personal information yourself, for example in the explanation for a field).
The label does allow you to input contact details for a person that is responsible for privacy protection within your organisation. We recommend making a general emailaddress (such as "privacy@companyname.com") that forwards to that person, and inputting that generic e-mail address.
Identity and contact details of controller
Privacy Label is the controller for its website and our Privacy Label Manager. To maintain Privacy Label’s independence, we are founding the Privacy Label Foundation. In this foundation we collaborate with ECP, Pineapple Jazz, Privacy Company, SURF and the SIDN fund.
Questions about this privacy statement or about our services can be directed to info@privacylabel.org. If you wish to make use of one or more of your rights, you can contact us via all these means.
Contact details data protection officer
Privacy
Label does not have a Data Protection Officer. Organisations need a data
protection officer when they are a public authority or body, systematic
monitoring of data subjects on a large scale or processing special categories
of personal data on a large scale (GDPR Article 37).
Privacy Label does not fit one of these three. However, if you have any
questions, you can contact us via info@privacylabel.org.
Purposes and legal basis for processing personal data
With your consent:
We might use your personal data to be able to contact you if you ask us. For instance, when you contact us via our website. We do this under the legal basis Consent. You actively sent us an e-mail and by doing so, we consent to reading and replying to that e-mail.
We might use your personal data for the purpose of sending you our newsletter
When we use consent as a legal basis, you always have the possibility to revoke your consent. You can revoke your consent by sending us an e-mail to info@privacylabel.org.
For the performance of a contract:
For the purpose of providing and maintaining a Privacy Label Manager environment we use some of your personal data. When you, as a user of the Privacy Label Manger, create a Privacy label, we necessarily must process your personal data to be able to do so. We also use this basis to provide you with the necessary information about updates, contact you to ask you how you like Privacy Label, if we can help to implement Privacy Label. When you create an account for our Privacy Label Manager, you engage in a contract (legal basis) with us.
For our legitimate interest:
When you created a Privacy Label with our Privacy Label Manager, we might ask you if we could use your Privacy Label as an example to share with the world (whether or not anonymised). We will explain more about this legitimate interest in the next item of this privacy statement.
Legitimate interests pursued by the controller or by a third party
We believe Privacy Label has a legitimate interest to contact you, if you made a Privacy label with our Privacy Label Manager, to ask you if we could use your Privacy Label as an example to share with the world. Privacy Label has a legitimate interest because we want to inspire others with well informing and good-looking Privacy Labels. Also, we want to expand the knowledge about Privacy Label since we aim to make it the standard in privacy communication around the world. We do not believe this impacts the data subject too much. We will send you an e-mail to which you can respond. If you do not want to engage in this activity, we will no longer bother you or use your e-mail address for this purpose. And, if you want, we can publish your label anonymous.
Categories of personal data
On our website you can contact us via e-mail. When you contact us, we will process your e-mail address and the content of your e-mail.
In order to send you our newsletter we also use you e-mail address.
With our Privacy Label Manager, you can create your own Privacy Labels. The tool does have a log in component. If you create an account, you will need to input your log in information such as an email address. If you create a label you will be sharing more information. In theory none of the information about your data practices is personal (unless you decide to share personal information yourself, for example in the explanation for a field).
Categories of recipients
Privacy Label does not share your personal data with others. However, it’s good to know that Privacy Label is a collaboration between ECP, Pineapple Jazz, Privacy Company, SURF and the SIDN fund. This means that your questions might be answered by an employee of Pineapple Jazz or Privacy Company
Third countries (and their level of protection)
Privacy Label will not process personal data outside the European Union, or European Economic Realm. To be more precise. Privacy Label processes all data from our server in the Netherlands.
Functioning of data subject rights
Pursuant to the General Data Protection Regulation, you have the right to inspect your personal data on request and, if necessary, to amend them or have them deleted. In addition to the right of access, correction, and deletion, you may ask us to restrict the processing of personal data and it is possible to object if you disagree with the processing. Finally, in some cases it is possible to invoke the right to data portability. We do not use automated individual decision-making, such as profiling.
At the top of this privacy statement, or in its Privacy Label, you’ll see how you can contact us to exercise your rights. To verify your identity, we may ask a number of identifying questions, for example.
Retention periods
We do not store personal data for longer than is necessary for the purpose for which we obtained it. When you contact us via e-mail, we will we only keep your data during the current procedure, with a maximum of 1 year thereafter.
For the personal data that are processed when using our Privacy Label Manager, we use a retention period that is equal to the time you have an account. When you delete your account, all your information will be deleted as well.
Functioning of complaints
It is possible to lodge a complaint with the local Data Protection Authority (DPA). We are based in the Netherlands. In order to contact the Dutch DPA you can go to: https://autoriteitpersoonsgegevens.nl/ However, you can choose any DPA. You can find your most convenient authority via https://edpb.europa.eu/about-edpb/board/members_en
Rights concerning automated decision making (including profiling)
As stated above: in some cases, it is possible to invoke the right to data portability. However, we do not use automated individual decision-making, such as profiling.
Source of personal data (when collected from another source)
We do not collect personal data from another source than directly from the data subject.
Last update: March 2020