Privacy notice

The privacy notice, as defined by the GDPR, is a mandatory document that must be provided to data subjects before their personal data is collected or processed if the data is collected directly from the data subject (per Article 13 GDPR). Alternatively, it must be provided within one month of data collection or at the time of the first communication with the data subject if the data is collected from third parties (per Article 14 GDPR). The purpose is to ensure transparency and clarity, allowing data subjects to understand how and for what purposes their data will be used, as well as which rights they can exercise in relation to the processing.

According to Articles 12, 13, and 14 of the GDPR, the privacy notice must be written in clear and understandable language and must include at least the following information:

  • Identity and contact information of the data controller: Who is responsible for processing the data and how they can be contacted.
  • Purpose of processing and legal basis: The reasons why personal data is processed and on which legal basis (e.g., consent, legitimate interest, contractual obligation).
  • Categories of data processed: A description of the categories of personal data collected, especially if it involves special categories of data.
  • Recipients of the data: To whom the personal data will be disclosed (e.g., business partners or service providers).
  • Data retention period: How long the data will be retained or the criteria used to determine this period.
  • Data subject rights: A description of the rights of data subjects, including the right of access, rectification, erasure, restriction of processing, objection, and data portability.
  • Right to withdraw consent: Information on how the data subject can withdraw their consent at any time without affecting the lawfulness of processing already carried out.
  • Right to lodge a complaint: Details about the supervisory authority to which the data subject can submit a complaint (in Italy, it is the Garante for the Protection of Personal Data).
  • Existence of automated decision-making processes: If applicable, information on the use of automated decision-making processes, including profiling, and the logic involved, as well as the significance and expected consequences for the data subject.

Trust Guardian’s approach to privacy notices
Trust Guardian enables companies to manage privacy notices in a centralized and compliant manner, considering them as one of the main assets of corporate privacy, ensuring they are always up-to-date and properly versioned. The platform facilitates the creation and management of different versions of privacy notices, ensuring that each data subject has access to the relevant notice at the time consent is given, and maintaining the link between the version of the notice viewed and the consents or processing authorizations activated for each data subject.

Legal, ICT, marketing: comprendiamo le tue necessità

Vogliamo sollevarti dai grattacapi nella gestione di consensi e privacy dei clienti.

legal1 legal2

Come DPO, Legal & Compliance voglio gestire le contestazioni e recuperare prove e fatti
ict1 ict2

Come ICT voglio mettere ordine nei flussi di gestione della privacy dei clienti
marketer1 marketer2

Come Marketer voglio lavorare in tranquillità e sicurezza

Trust Guardian è perfetto per diversi casi d’uso

Ecommerce basket

Solutions for trade shows and events
Fidelity card

Solutions for Loyalty Cards
Stand

Solutions for Marketers
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.