This post is presented for information purposes only.
The content of this post does not constitute legal advice and should not be relied upon as such.
Consult your legal advisor to understand your rights and obligations in order to comply with any laws and/or regulations.
Do you need a cookies policy on a website?
Your website should inform users that cookies are used, explain what the cookies are used for, and obtain consent from users. This should include a full list of cookies used and explain what data is collected and how it is used. There are a number of approaches to this including using popups alongside a longer cookies policy page on your website.
- The purpose of and legal basis for processing the data including all legitimate interests pursued by the controller
- The source of the personal data
- Details of recipients, or categories or recipients, of the data.
- Any countries that the data is transferred to and what safeguards are in place. These are known as approved transfer mechanisms
- The period for which the data will be stored or the criteria to that will be used to determine how long the data will be stored for (the retention period)
- The existence of the rights of data subjects
- Confirmation of the existence of individual’s right to request access to, and rectification or erasure of, personal data as well as the right to restrict or object to processing concerning the data subject, and the right to data portability.
- The existence of the right to withdraw consent that has been provided previously.
- The identity and contact details of the controller (and where applicable, also the controller’s representative)
- The contact details of the data protection officer (if applicable)
- Details of the right to complain to the Data Protection Authority
- Whether data provision is a statutory or contractual requirement or a requirement necessary to enter into a contract including whether the data subject is obliged to provide the personal data and the possible consequences of the failure to provide the data.
- Details of where the legitimate interest condition has been relied upon
- The existence of any automated decision making including profiling. Provide information about the logic involved as well as the significance and consequences of such processing
- Any additional information that is needed considering the circumstances in which the data is or is to be processed.