Privacy Kit: Website and Apps solution
Legal Nodes Team
Privacy Kit: website and apps solution
Earlier we wrote that, due to mass digitalisation, almost any company collects personal data. A general overview of its implications can be found here.
Most of the collection happens through the company's website or mobile app. The collection process requires privacy documents and interface settings to be compliant with data protection laws. To streamline this process for you, we created the Privacy Kit, a ready-to-go solution for websites and apps. This article explains how it works and why it is worth your attention.
What is Privacy Kit?
Privacy Kit is a standardised set of documents for any type of a website/app that has one or more of the following features: cookies collection, contact or registration forms, software for the processing of other people's data, or communication features (e.g. messengers). Do you provide any of the above? Then Privacy Kit will fit your needs.
Privacy Kit consists of public documents (the number depends on the type of your business) and supporting guidelines:
- Interface recommendations - comprehensive guidance on legal aspects of the digital design, including hints about checkboxes, pop-up windows, and a footer;
- Data Processing Agreement (DPA) - a legal agreement for your EU-based B2B clients that share their customers' data with your company.
Why do you need a Privacy Kit?
You have a duty to inform your users about the purposes and ways you collect the data. In this regard, the industry best practice is posting Privacy Notice for contact and registration fields and Cookie Notice for the cookie collection.
Regarding the interface recommendations, they help with another legal duty - providing users with the choice, where appropriate, of how the company can use their data. By using our recommendations, you will be able to place necessary checkboxes and pop-up windows for securing your marketing and business intelligence practices.
Finally, a Data Processing Agreement is your contract with B2B clients who entrust data of their customers to you. Examples of such situations may include online CRM, Task Manager, Cloud Services or email notification services. The DPA is required by Art. 28 of the GDPR. In the digital environment, this agreement is usually published on the website along with the Privacy and Cookie Policies.
What to pay attention to?
When you order legal documents from a lawyer, it is vital to have a checklist of what to pay attention to. Below we created one for the Privacy Kit.
- Contain company's contact details, information on why you collect personal data, the legal grounds for processing, for how long you store the information, whom you share it with, including third-party providers, such as Google Analytics; and
- explain what rights the users have over their data, such as the right to access or erase the data;
- Provide meaningful and example-based information rather than legal theory;
- Be concise and well-structured in blocks of information;
- Be user-oriented, written in a clear and plain language, without using legalese and vague terminology, such as "hereinafter", "we reserve our right to", etc. Ideally, it must be supported by visual design, which facilitates the policy's comprehension;
- Explain in plain language what a cookie is, why you use them, and how they work;
- List all types of cookies and similar technologies used on the website, as well as their storage periods. Don't forget that almost any third-party analytical service places cookies on your website - make sure you mention them in the notice;
Interface recommendations should:
- Describe how to publish and update policies on the website/app;
- Contain examples of interface best practices and solutions in the form of pop-up windows, layered notices or information icons;
- Show, where appropriate, examples of dashboards for users to manage their privacy.
Data Processing Agreement (GDPR-specific) should:
- List the data points you receive from B2B clients and activities you perform on it, as well as how you protect the data;
- Contain all details required by Art. 28 of GDPR;
- Stipulate the way how your client can manage the customers' data entrusted to you;
- Stipulate transfers of data to third parties, as well as any transfers outside of the European Union.
Privacy Kit provides a usable solution for complying with interface privacy obligations in a digital environment. Based on the UX and policies, users initially decide whether to trust the website, and any legal check of the business starts from its face - public policies.
If you are interested in implementing the Privacy Kit on your website or app, we are more than happy to provide you with instant estimates for it here. Then, our network of privacy professionals will do the rest of the job.
Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice.
Legal Nodes Team