The Privacy Label explained
The Privacy Label is build up of two sides. On the left side you learn about how data flows through the organization: how it's collected, processed and how it is then shared with other parties.
On the right side you find important additional information on the data processing: where the location is stored, how long it's stored, on what legal grounds the data is processed and how you can take action.
The data river
Organisations need information to provide their service. Data flows through organizations in a certain way, almost like a river. The data is collected from different points, after being processed the data flows on and might be shared with other parties to do business or exchange information. The left side of the Privacy Label informs you on this data flow.
Find out what kind of personal data an organisation collects and how they collect it. Personal data is data that says something about you as an individual. In short: all the information that makes you.
We distinguish aggregated, normal and sensitive personal data. Organisations collect personal data in different ways.
Find out for what purposes your personal data is used. When an organisation wants to process information about you, they need a specific goal to do so.
Personal data may not be used for other purposes than it was collected for initially.
Find out where else your personal data goes. Organisations can also share personal data with other organisations. This can be done for the execution of a task, or for a collaboration.
Sometimes data must be shared on behalf of a government, next to this it occurs that data is sold to (an)other organisation(s).
Important elements of data processing
Next to the flow of data, there are additional important elements when it comes to the processing of personal data. This is information on the location and duration of the stored data and the legal basis on which the data is being used and how you can take action to exercise your rights.
Find out where your data is processed. Personal data could be processed on different locations. In the EU, the GDPR is in place. If data about you is processed outside the EU, the laws of those countries may apply to the data as well.
Find out for how long an organisatoin stores your data. Once personal data is collected you should be aware that organisations cannot store it indefinitely. The rule of thumb here is: personal data must not be kept longer than the time needed to attain its intended purpose.
Find out on what legal basis your personal data is processed. If an organisation wants to process data about you, they need to have a specific goal and a lawful basis. The lawful basis is the foundation for data processing under the GDPR. There are six lawful bases to base a processing activity.
Conclusively, learn how to exercise your rights or get more information. If an organisation wants to process data about you, you have the right to information and other fundamental rights.
You can find information in the privacy statement or contact the organisation.
Create your own Privacy Label
Using the Label Maker you can create a Privacy Label on the data processing of your products and services. Going through the steps of the seven categories, you can summarize your privacy statement for any situation.
In doubt about a category? Using the ‘?’ question marks next to the items you can find more information on the category and its subelements. In the final step of the Label Maker you find how to share and embed it on your own site or online communication.