Privacy Policy Template

The processing of personal data requires all companies to provide information to the data subjects regarding this processing of personal data.

Companies often comply with this by having a privacy policy that can be shared with data subjects, e.g. customers, users, etc.

To help you, we have made this free privacy policy template for general purposes. This can be uploaded to your website so that you can fulfil the requirements listed in articles 12-14 in the GDPR.

Instructions

Use this free template as you wish, e.g. for inspiration or copy and paste. 

This template can be sued when a company processes personal data collected from the data subject following article 13, which is the most widely used way of collecting personal data.

You should adopt this template for your specific processing of personal data. Specifically, you will need to adjust this template if you:

  • Disclose personal information.
  • Transfer personal data to third countries.
  • Process personal data about children.
  • Make profiling and automated decisions.
  • Process personal data not collected directly from the ‘data subject’ but via a third party. 
  • Have other processing activities than those described in this template.

 

In addition, you must fill in the information in the [square brackets] and generally check that the privacy policy matches your processing of personal data.

________________________________

Controller

We are data controllers as we process the personal data of our customers and partners. You will find our contact information below.

  • [company name]
  • [Address]
  • Business identification number: [Business ID number]

 

If you have questions about processing your data, you can contact us via [email address].

Processing Activities

Website visitors

When you visit our website, we use cookies for the website to function, which you can read more about in our cookie policy.

Communication with potential customers

When you have questions about our website or want to learn more about our services, you can contact us via:

  • Contact form
  • Email
  • Telephone

 

With these means, we will process your personal information to enter into a dialogue with you, e.g. answer questions about our services. We only process the information you give us in connection with our communication.

We will typically process the following general information: name, email, and phone number.

Our lawful basis for processing this personal data is Article 6(1)(f) of the GDPR.

We will delete our communication with you when it is clear whether you wish to use our services or not.

Should there be a need in a particular case to store your personal information for a more extended period, this could be the case.

Customers

We communicate with our customers to ensure that our services are delivered correctly. We may process information about name, address, services, special agreements, payment information, etc.

The lawful basis for processing this personal data is Article 6(1)(b) of the General Data Protection Regulation.

When the service has been completed, along with any outstanding payments, we will immediately delete the personal data.

Newsletter

We have a newsletter which it is voluntary to sign up for – and it is always possible to unsubscribe.

The purpose of the newsletter is to send news from the company, which may deal with new content on the website or advertising our services.

We will only send you emails if you have given your active consent to this. This requires that you enter your e-mail address in the first instance, to which we subsequently send an e-mail so that you can confirm the registration. In this way, we ensure that you have signed up for the newsletter yourself, i.e. given active consent.

Our lawful basis for processing your data in connection with the newsletter is Article 6(1)(a) of the General Data Protection Regulation. 

We will process your personal information as long as you are subscribed to the newsletter. We will stop sending this to you by unsubscribing from the newsletter. If we have not sent you a newsletter for one year, your consent will lapse due to our inaction.

Accounting

We store invoices and similar documents for accounting purposes, including general personal information such as name, address, and service description. We must save all accounting documents from complying with accounting laws. 

The lawful basis for processing personal data for accounting purposes is Article 6(1)(d) of the General Data Protection Regulation.

We store this information for a minimum of 5 years after the end of the current financial year.

Job applications

We welcome job applications to assess whether applicants match a hiring need in our company.

Suppose you send your job application to us. In that case, our lawful basis for processing your data is Article 6(1)(f) of the General Data Protection Regulation.

We will immediately assess unsolicited applications to see whether they fit current employment needs. We will delete your information again if there is no match.

If you applied for a job opening, we would discard your application if you are not hired and immediately after the right candidate is found for the job.

Suppose you are part of a recruitment process and get hired for the job. In that case, we will provide you with separate information on how we process your data in this connection.

Processor

Few can handle everything themselves, and the same goes for us. Therefore we cooperate with business partners and suppliers, and some of which may be data processors.

External suppliers can, for example, provide software used to organise our work, services, consulting, IT hosting or marketing.

  • [If necessary, list your data processors with company name and purpose of processing]

 

It is our responsibility to ensure that your personal information is processed correctly. That is why we place high demands on our partners. Our partners must guarantee that your personal information is protected.

We enter agreements data processors that handle personal information on our behalf to increase the security of your personal information.

Disclosure of Personal Information

We do not disclose your personal information to third parties.

Profiling and Automated Decisions

We do not profile or make automated decisions.

Third Country Transfers

We mainly use processors in the EU/EEA or processors which store data in the EU/EEA.

This is not possible in some cases, and data processors outside the EU/EEA are used, but only if these can provide your data with appropriate protection.

Safety Measures

We keep the processing of personal data secure by ensuring appropriate technical and organisational measures.

We have made risk assessments of our processing of personal data. We have subsequently introduced appropriate technical and organisational safety measures to increase processing security.

One of our most important measures is to keep our employees updated on GDPR through ongoing awareness training, GDPR courses, and reviewing our GDPR procedures with employees.

Rights of Data Subjects

Under the General Data Protection Regulation, you have several rights regarding the processing of your data. You can read more about these rights at RGPD.COM.

If you want to make use of your rights, don’t hesitate to get in touch with us so that we can help assist you.

Right of Access

You have the right to access the information we process about you.

Right to Rectification

You have the right to have incorrect information about yourself corrected.

Right to Erasure (The Right to be Forgotten)

Under certain circumstances you have the right to have information about you deleted before the time of our general deletion occurs.

Right to Restriction of Processing

In some instances, you have the right to have the processing of your data restricted. 

We may only keep processing your information with your consent or if we have a legitimate interest when this occurs. We can still store your data.

Right to Object

In some instances, you have the right to object to our otherwise lawful processing of your data. You can also object to the processing of your information for direct marketing.

Right to Data Portability

You have the right to receive a copy of your personal information in a structured, commonly used and machine-readable format and to have this personal information transferred from one data controller to another without hindrance.

Withdrawal of Consent

When our processing of your data is based on your consent, you have the right to withdraw your consent.

Complaint to the Data Protection Agency

You have the right to file a complaint to the Data Protection Agency if you are dissatisfied with how we process your data.

We would generally encourage you to read more about the GDPR to be up to date on the rules.