Privacy statement

Privacy Label - Privacy Statement

Privacy Label privides a stadarised summary of privacy statements. It gives in a simplified way an overview of the use of personal data. This information allows data subjects to make an assessment of the risks attached with providing their personal data. When data subjects want to have more detailed information, they can read the details in the corresponding privacy statement.

The privacy label project aims to collect as little data as possible.

Website

Our main educational website does not collect any personal data on your behaviour. There are no trackers. Trackers are made to follow your behaviour online. For instance, when you shop for shoes online, you will find adds for those shoes on a lot of website afterwards. Those adds are abe to know you are intreseted in shoes because of trackers. Trackers migth also pick up your location history, search history, browsing history, your age, ethnicity, gender, interests, and habits. We do not need and do not want to know such information about you, therefore we do not track you.

The only data it can provide us is your email address if you decide to get in touch with us.

Similarly, we do not track anything about visits to specific labels.

Privacy Label Manager

The Privacy Label manager does not contain any behavioural tracking. It does not load any third party scripts or content.

The tool does have a login component. If you create an account, you will need to input information such as an email address.

When you create a label you will share more information. In theory none of the information about your data practices is personal (unless you decide to share personal information yourself, for example in the explanation for a field).

The label does allow you to input contact details for a person that is responsible for privacy protection within your organisation. We recommend making a general emailaddress (such as "privacy@companyname.com") that forwards to that person, and inputting that generic e-mail address.

Privacy Label website This Privacy Label concerns all processing activities by Privacy Label. It goes without saying that it's very privacy friendly. This Label will give you the information at a glance. For more details, you can check our privacy statement below.
Collected data we receive from you personal data sensitive personal data This is data you have explicitly and knowingly shared with this organisation. learn more We receive your information when you send us an e-mail or when you create your own Privacy Label. When you create your own Label we need your log-in information and the information you create when making a Label. Log-in details are sensitive personal data	location no data is processed outside the EU If data about you is processed outside the EU, the laws of those countries may apply to the data too. learn more Privacy Label processes all data from our server in the Netherlands. duration most dataless than a month This amount of personal data is stored for one month or less by this organisation. According to the GDPR personal data may not be stored for a longer period than is necessary for the purpose for which it was obtained. learn more For the personal data that are processed when using our Privacy Label Manager, we use a retention period that is equal to the time you have an account. When you delete your account, all your information will be deleted as well.learn more some dataless than 1 year This amount of personal data is stored for one year or less by this organisation. According to the GDPR personal data may not be stored for a longer period than is necessary for the purpose for which it was obtained. learn more When you contact us via e-mail, we will we only keep your data during the current procedure, with a maximum of 1 year thereafter.learn more
Purpose Providing goods and services Certain information about you might be used by this organisation in order to provide you a good or a service learn more For the purpose of providing and maintaining a Privacy Label Manager environment we use some of your personal data. marketing, sales and customer relationship Certain information about you might be used by this organisation for marketing goals or building a customer relationship. learn more We might use your personal data to be able to contact you if you ask us or for our newsletter. automated decision making we do not make use of automated decision making Automated decision making is a judgement about you generated by a computer. Profiling is when this judgement generates a profile of your behaviour. European law dictates you can always talk to a human if you feel the judgement is incorrect or incomplete. learn more	Legal basis you gave consent You have given clear consent this organisation for to process your personal data for a specific purpose. learn more to be able to contact you if you ask us. For instance, when you contact us via our website. we have a contract The processing of your personal data is necessary for a contract you have with this organisation. learn more when you, as a user of the Privacy Label Manger, create a Privacy label, we necessarily must process your personal data to be able to do so. we have a legitimate interest This organisation considers processing your data necessary for the purpose of its legitimate interest and it does not a conflict with your own interests. learn more When you created a Privacy Label with our Privacy Label Manager, we might ask you if we could use your Privacy Label as an example to share with the world (whether or not anonymised).
Data sharing	Take action Contact our privacy officer info@privacylabel.org Read our privacy policy
Last updated 2020-03	Privacy Label version 2019-09 BETA

Identity and contact details of controller

Privacy Label is the controller for its website and our Privacy Label Manager. To maintain Privacy Label’s independence, we are founding the Privacy Label Foundation. In this foundation we collaborate with ECP, Pineapple Jazz, Privacy Company, SURF and the SIDN fund.

Questions about this privacy statement or about our services can be directed to info@privacylabel.org. If you wish to make use of one or more of your rights, you can contact us via all these means.

Contact details data protection officer

Privacy Label does not have a Data Protection Officer. Organisations need a data protection officer when they are a public authority or body, systematic monitoring of data subjects on a large scale or processing special categories of personal data on a large scale (GDPR Article 37).
Privacy Label does not fit one of these three. However, if you have any questions, you can contact us via info@privacylabel.org.

Purposes and legal basis for processing personal data

With your consent:

We might use your personal data to be able to contact you if you ask us. For instance, when you contact us via our website. We do this under the legal basis Consent. You actively sent us an e-mail and by doing so, we consent to reading and replying to that e-mail.

We might use your personal data for the purpose of sending you our newsletter

When we use consent as a legal basis, you always have the possibility to revoke your consent. You can revoke your consent by sending us an e-mail to info@privacylabel.org.

For the performance of a contract:

For the purpose of providing and maintaining a Privacy Label Manager environment we use some of your personal data. When you, as a user of the Privacy Label Manger, create a Privacy label, we necessarily must process your personal data to be able to do so. We also use this basis to provide you with the necessary information about updates, contact you to ask you how you like Privacy Label, if we can help to implement Privacy Label. When you create an account for our Privacy Label Manager, you engage in a contract (legal basis) with us.

For our legitimate interest:

When you created a Privacy Label with our Privacy Label Manager, we might ask you if we could use your Privacy Label as an example to share with the world (whether or not anonymised). We will explain more about this legitimate interest in the next item of this privacy statement.

Legitimate interests pursued by the controller or by a third party

We believe Privacy Label has a legitimate interest to contact you, if you made a Privacy label with our Privacy Label Manager, to ask you if we could use your Privacy Label as an example to share with the world. Privacy Label has a legitimate interest because we want to inspire others with well informing and good-looking Privacy Labels. Also, we want to expand the knowledge about Privacy Label since we aim to make it the standard in privacy communication around the word. We do not believe this impacts the data subject too much. We will send you an e-mail to which you can respond. If you do not want to engage in this activity, we will no longer bother you or use your e-mail address for this purpose. And, if you want, we can publish your label anonymous.

Categories of personal data

On our website you can contact us via e-mail. When you contact us, we will process your e-mail address and the content of your e-mail.

In order to send you our newsletter we also use you e-mail address.

With our Privacy Label Manager, you can create your own Privacy Labels. The tool does have a login component. If you create an account, you will need to input your log in information such as an email address. If you create a label you will be sharing more information. In theory none of the information about your data practices is personal (unless you decide to share personal information yourself, for example in the explanation for a field).

Categories of recipients

Privacy Label does not share your personal data with others. However, it’s good to know that Privacy Label is a collaboration between ECP, Pineapple Jazz, Privacy Company, SURF and the SIDN fund. This means that your questions might be answered by an employee of Pineapple Jazz or Privacy Company

Third countries (and their level of protection)

Privacy Label will not process personal data outside the European Union, or European Economic Realm. To be more precise. Privacy Label processes all data from our server in the Netherlands.

Functioning of data subject rights

Pursuant to the General Data Protection Regulation, you have the right to inspect your personal data on request and, if necessary, to amend them or have them deleted. In addition to the right of access, correction, and deletion, you may ask us to restrict the processing of personal data and it is possible to object if you disagree with the processing. Finally, in some cases it is possible to invoke the right to data portability. We do not use automated individual decision-making, such as profiling.

At the top of this privacy statement, or in its Privacy Label, you’ll see how you can contact us to exercise your rights. To verify your identity, we may ask a number of identifying questions, for example.

Retention periods

We do not store personal data for longer than is necessary for the purpose for which we obtained it. When you contact us via e-mail, we will we only keep your data during the current procedure, with a maximum of 1 year thereafter.

For the personal data that are processed when using our Privacy Label Manager, we use a retention period that is equal to the time you have an account. When you delete your account, all your information will be deleted as well.

Functioning of complaints

It is possible to lodge a complaint with the local Data Protection Authority (DPA). We are based in the Netherlands. In order to contact the Dutch DPA you can go to: https://autoriteitpersoonsgegevens.nl/ However, you can choose any DPA. You can find your most convenient authority via https://edpb.europa.eu/about-edpb/board/members_en

Rights concerning automated decision making (including profiling)

As stated above: in some cases, it is possible to invoke the right to data portability. However, we do not use automated individual decision-making, such as profiling.

Source of personal data (when collected from another source)

We do not collect personal data from another source than directly from the data subject.

Last update: March 2020