• Skip to primary navigation
  • Skip to content
  • Skip to primary sidebar

Adlex Solicitors

UK internet and domain name lawyers

Call us now: +44 (0) 207 317 8404   Email us now  

Request Callback
  • Home
  • What We Do
    • Website and App Terms & Conditions
    • Privacy and GDPR
      • Intro
      • Privacy Policies
      • Cookies and GDPR
    • Contracts
      • Intro
      • Website / App Design and Development Contracts
      • Web Hosting Contracts
      • White Label and Content Distribution Contracts
      • SEO Contracts
      • Internet Affiliate, Advertising and Marketing Contracts
    • Disputes
      • Intro
      • Domain Name Disputes and Cybersquatting
        • Intro
        • UDRP
        • Nominet’s DRS
        • Cybersquatting
        • Domain Name Hijacking
        • Domain Name Law
        • Domain Names and Trade Marks / Passing Off
        • Adlex’s Domain Name Legal Expertise
        • Free Legal Opinion
      • Online Copyright Infringement
      • Internet Trade Mark Infringement and Passing Off
    • Content Removal
      • Intro
      • Removal From Google Search Results
      • Removal From Facebook and Other Social Media
      • Removal From Websites
      • Internet Defamation
      • Right to be Forgotten
  • Who We Are
  • Testimonials
  • Blog
  • Contact Us
Home  ›  What We Do  ›  Privacy and GDPR  ›  Privacy Policies

Website / App Privacy Policies and the GDPR

If you operate a website or app, a starting point for GDPR compliance is to include a detailed privacy notice or privacy policy which explains in detail what kind of personal data you collect via your website or app, the legal basis for collecting it, how you use it, to whom you send it, how long you keep it etc. (See Cookies and GDPR for information about how the GDPR affects cookies and cookie consent notices.)

The GDPR sets out various requirements for privacy notices including that they be “clear and transparent”.

In some cases – e.g. if you want to use contact details for email or other marketing – the GDPR dictates that you have to go further and get appropriate consent from web users at the point where you collect the data. This must be “unambiguous and involve a clear “affirmative action”, i.e. “opt in”. This is a stricter requirement than before. Careful records must be kept and you must make it as easy for people to withdraw their consent as to give it – relying on an unsubscribe option in a marketing email won’t do! If you don’t get the right consent, then amongst other things you can be sued by data subjects or subject to regulatory enforcement action.

You’ll need to take additional protective steps if collecting “special category data” (such as details of racial or ethnic origin or physical or mental health) or when acquiring any form of personal data from children.

Another factor which lawyers drafting privacy policies need to think about is whether you are transferring personal data outside the European Economic Area, known as the EEA (the EU plus Iceland, Liechtenstein and Norway). This can arise even if say one of your technology providers is storing personal data of your customers (including IP addresses) outside the EEA, e.g., your website host, Google Analytics, Mailchimp email services etc. There are various ways round this including export to various countries recognised by the EU as providing an adequate level of data protection, transfer to US companies which have signed up to the “EU / US Privacy Shield” or transfer under contracts which contain certain provisions sanctioned by the EU. Your privacy policy must explain what steps you are taking to protect personal information sent outside the EEA.

The GDPR also requires that your privacy policy tells your users about their various data protection rights, including to access personal information, to rectify mistakes, to delete, restrict or object to its use in certain circumstances, and to “data portability”. You must also inform users as to how they can complain if they’re unhappy with the way that you’re dealing with their personal information. As internet privacy lawyers, we’ll help you minimise the risk that users will have a reason to complain!

Primary Sidebar

Blog Categories

  • Domain Name Disputes
  • Internet Content Removal

Recent Blog Posts

  • Helping Google “Forget” – Removing Convictions from the Web
  • 10 Top Tips for Writing a Domain Dispute Complaint

How Adlex Solicitors Can Help You

For a free initial chat, call Adam of Adlex now on +44 (0) 207 317 8404 or request a callback or email.

  • Home
  • Sitemap
  • Website Terms of Use
  • Privacy and Cookies Policy
  • Complaints

© Adlex Solicitors 2001 - 2021. Authorised and regulated by the Solicitors Regulation Authority (SRA number 344672).

This website uses cookies to ensure you get the best experience on our website. Learn More