poster
Privacy (GDPR)

Privacy Kit: Website and Apps solution

Privacy Kit: website and apps solution

Earlier we wrote that, due to mass digitalisation, almost any company collects personal data. A general overview of its implications can be found here.

Most of the collection happens through the company's website or mobile app. The collection process requires privacy documents and interface settings to be compliant with data protection laws. To streamline this process for you, we created the Privacy Kit, a ready-to-go solution for websites and apps. This article explains how it works and why it is worth your attention.

What is Privacy Kit?

Privacy Kit is a standardised set of documents for any type of a website/app that has one or more of the following features: cookies collection, contact or registration forms, software for the processing of other people's data, or communication features (e.g. messengers). Do you provide any of the above? Then Privacy Kit will fit your needs.

Privacy Kit consists of public documents (the number depends on the type of your business) and supporting guidelines:

  1. Privacy Policy (Notice) - a legal statement written in a user-oriented manner about the ways how you collect and use information from your users;
  2. Cookie Policy (Notice) - a legal statement on the use of cookies and similar technologies, such as pixels tags;
  3. Interface recommendations - comprehensive guidance on legal aspects of the digital design, including hints about checkboxes, pop-up windows, and a footer;
  4. Data Processing Agreement (DPA) - a legal agreement for your EU-based B2B clients that share their customers' data with your company.

Why do you need a Privacy Kit?

You have a duty to inform your users about the purposes and ways you collect the data. In this regard, the industry best practice is posting Privacy Notice for contact and registration fields and Cookie Notice for the cookie collection.

Regarding the interface recommendations, they help with another legal duty - providing users with the choice, where appropriate, of how the company can use their data. By using our recommendations, you will be able to place necessary checkboxes and pop-up windows for securing your marketing and business intelligence practices.

Finally, a Data Processing Agreement is your contract with B2B clients who entrust data of their customers to you. Examples of such situations may include online CRM, Task Manager, Cloud Services or email notification services. The DPA is required by Art. 28 of the GDPR. In the digital environment, this agreement is usually published on the website along with the Privacy and Cookie Policies.

What to pay attention to?

When you order legal documents from a lawyer, it is vital to have a checklist of what to pay attention to. Below we created one for the Privacy Kit.

Privacy Policy should:

  1. Contain company's contact details, information on why you collect personal data, the legal grounds for processing, for how long you store the information, whom you share it with, including third-party providers, such as Google Analytics; and 
  2. explain what rights the users have over their data, such as the right to access or erase the data;
  3. Provide meaningful and example-based information rather than legal theory;
  4. Be concise and well-structured in blocks of information;
  5. Be user-oriented, written in a clear and plain language, without using legalese and vague terminology, such as "hereinafter", "we reserve our right to", etc. Ideally, it must be supported by visual design, which facilitates the policy's comprehension;

Cookie Policy should:

  1. Explain in plain language what a cookie is, why you use them, and how they work;
  2. List all types of cookies and similar technologies used on the website, as well as their storage periods. Don't forget that almost any third-party analytical service places cookies on your website - make sure you mention them in the notice;
  3. Provide ways of how to accept or decline non-necessary cookies, and how to perform other user rights. Your Cookie Policy should reflect all cookie notifications and pop-up windows appeared on the website.

Interface recommendations should:

  1. Explain how to collect and store consents to privacy policies (Privacy + Cookie Policy), marketing emails, and cookies. Usually, consent collection is tied to relevant checkboxes placed throughout the user journey on the website/app;
  2. Describe how to publish and update policies on the website/app;
  3. Contain examples of interface best practices and solutions in the form of pop-up windows, layered notices or information icons;
  4. Show, where appropriate, examples of dashboards for users to manage their privacy.

Data Processing Agreement (GDPR-specific) should:

  1. List the data points you receive from B2B clients and activities you perform on it, as well as how you protect the data;
  2. Contain all details required by Art. 28 of GDPR;
  3. Stipulate the way how your client can manage the customers' data entrusted to you;
  4. Stipulate transfers of data to third parties, as well as any transfers outside of the European Union.

Privacy Kit provides a usable solution for complying with interface privacy obligations in a digital environment. Based on the UX and policies, users initially decide whether to trust the website, and any legal check of the business starts from its face - public policies.

If you are interested in implementing the Privacy Kit on your website or app, we are more than happy to provide you with instant estimates for it here. Then, our network of privacy professionals will do the rest of the job.

 

Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice. 

Legal Nodes Team

Legal Nodes Blog

Privacy (GDPR)
Internet data mining. Is it legal in the EU?

Data mining is the process of collecting and analyzing human-readable data for own purposes. More and more businesses are built on that concept, scientists and medics also use automatically combined data from different sources to spawn predictio...

Ewa Wojnarska-Krajewska
Privacy (GDPR)
11 simple (but complete) steps towards the GDPR compliance in 2020

The GDPR can be a wake-up call to sort out your processes, procedures and technology and thereby run a more successful organisation. Data is now more essential than ever, regardless of your activities or market sector. Not only will efficiencies...

Thomas Hayes
Contract Work
Force Majeure Clauses and the Effect of Coronavirus on Businesses

The coronavirus pandemic has made force majeure clauses one of the hottest legal topics worldwide. To help businesses navigate this issue, we asked Tom Bohills, an English qualified lawyer and the Founder of Chronos Law, to explain the backgrou...

Tom Bohills
Privacy (GDPR)
Privacy Policy: Everything you need to know

Privacy Policy (or Privacy Notice) is a public legal statement of the company. It explains how the organisation uses information about its users, customers, or employees....

Legal Nodes Team
Privacy (GDPR)
Initial Privacy Assessment: Everything You Need to Know

A privacy assessment is a methodic review of your state of compliance with personal data protection laws....

Legal Nodes Team
Legal Nodes Updates
Legal Nodes Secures the $50k Grant from the Ukrainian Startup Fund Pitching Competition

We are delighted to announce that Legal Nodes scored the highest during the fifth Ukrainian Startup Fund pitching competition and was awarded a $50k Grant. ...

Legal Nodes Team
Privacy (GDPR)
Privacy Kit: Website and Apps solution

Privacy Kit is a standardised set of documents for a website or an app....

Legal Nodes Team
Privacy (GDPR)
Ultimate Privacy Compliance Guide

Legal Nodes presents a guide to privacy compliance. Privacy laws deal with the protection of personal identifiers, such as a name, email or IP-address (personally identifiable information), as well as with any information about individuals that ...

Legal Nodes Team
FinTech
Not everyone can do everything: Things FinTech businesses should keep their eye on

5 practical recommendations for FinTech businesses from a regulatory and compliance expert....

Lamara von Albertini, PhD