February 14, 2022
The provisions of the EU GDPR have been incorporated directly into UK law as the UK GDPR. However, in practice, there is little change to the core data protection principles, rights and obligations.
Your business website should display a customer facing privacy policy, which will notify the visitors to your website about how it collects, uses and stores personal data (excluding special categories of personal data and data relating to criminal convictions and offences), through the use of your website, to enable you to provide goods and services.
As part of the UK GDPR principles, businesses must comply with the “transparency requirements”.
The transparency principles require all data controllers (your business) to notify data subjects (your customers) about their personal data handling practices through a privacy policy, at the time that data is collected. For an online business, that will usually be done via their website privacy policy.
A privacy policy informs data subjects about how your organisation collects, uses, stores, transfers and secures personal data.
In addition to a privacy policy, your business website should also notify users about your general website terms and also a cookie policy. In addition, you may wish to display your general trading terms of business on your website.
When collecting personal data from a data subject, as a data controller, the UK GDPR requires you to provide the data subject with the following information:
your business identity (meaning the name of the legal entity), contact details and details of its representative, if any
the contact details of your data protection officer (DPO), where applicable
the intended purposes of, and the legal basis for, the processing
where the processing is based on the “legitimate interest” ground, what legitimate interest is being pursued
the recipients or categories of recipients of the personal data, if any
where applicable, the fact that your business intends to transfer the personal data to a recipient in a country outside the UK or an international organisation, and the existence or absence of adequacy regulations or information about the appropriate or suitable safeguards adduced to secure the data and the means to obtain a copy of them
A business must also provide the data subject with the following information to ensure fair and transparent processing:
the period for which the personal data will be stored, or, if that is not possible, the criteria used to determine that period
the existence of the individual’s:
right of access
right to rectification
right to erasure
right to restriction of processing
right to object to processing
right to data portability
where processing is based on the individual’s consent, the right to withdraw that consent at any time
the individual’s right to lodge a complaint with the Information Commissioner
whether the provision of personal data is a statutory or contractual requirement or a requirement necessary to enter into a contract. The individual must be informed about any obligation to provide personal data and of the consequences of a failure to do so
the existence of automated decision-making or profiling and meaningful information about the logic involved, as well as the significance and the envisaged consequences of that processing for the individual
If you have any queries about website privacy policies or other data protection or e-commerce issues, please contact our Stephen Thompson on sthompson@darwingray.com or 07970 160166.
I have worked with Darwin Gray for a number of years and the level of service, professionalism and timely response is second to none. I would highly recommend Darwin Gray to any business.”
Darwin Gray have provided us with a first-class service for many years now. They really take the time to understand our business and develop relationships which results in advice and support that is contextualised and effective.”
We have worked with Darwin Gray for several years and have always found their services and advice to be first class.”
An extremely professional and sincere company who make time for your queries and understand the need to break down certain facts and information to ensure everything is understood perfectly. I would highly recommend the company to anyone looking for any type of legal advice”
PSS has worked with Darwin Gray for many years. We have always received an excellent service. Prompt and professional advice and support.”
We have used several departments within DG recently and we have been very pleased with an effective, efficient and down to earth service. Very happy thus far and I expect that we will continue to use DG.”
Darwin Gray offer us truly superb services. Very professional, quick and services available bilingually which is very important to us, highly recommend.”
My “go to” in urgent and time sensitive cases for direction, support and advice. The team are quick to respond to calls or emails for advice and support on all matters. Always explain complex matters in a way a lay person can easily understand.”
