Welcome to THE ADVANCE PRIVACY NOTICE CHECKER!

You are using his tool since: 

 

You control the operation of a website in the EU/EEA which directly collects personal data of data subjects, or

 

You are offering goods or services to customers in the EU/EEA via your website, and 

 

You want to get a high level assessment whether your website privacy notice contains the main elements as required by the GDPR towards data subjects. 

If you have answered one or more questions with “NO”, then it is likely that your website privacy notice is not completely in accordance with the obligations under the GDPR to timely and fully inform data subjects. 

 

 

Questions?

Feel free to mail me at info@mouritzlegal.nl

 

 

Have you - at the time when personal data are obtained - provided the data subject with all the following information:

Thank You!

The form has been successfully sent.

Please answer the following questions below as follows:​

YES
NO
NOT APPLICABLE

 1. The identity and the contact details of you as the controller or of the controller’s representative?​

YES
NO

2. If you have a data protection officer, the contact details of the data protection officer?

YES
NO
NOT APPLICABLE

3. Each of the intended purposes for the processing of the personal data? E.g. execution of sales, KYC checks, own research, etc.​​

YES
NO

4. The legal basis for the processing for each purpose?

 

Typically: necessary for i) the performance of a contract, ii) compliance with a legal obligation, iii) purposes of legitimate interests, and/or iv) a task of public interest, OR where the data subject has given consent.

All of the purposes (described under question 3) should be aligned with a legal basis.

 

 In addition:

Where the legal basis for processing is based on consent or explicit consent, have you indicated that the data subjects have the right to withdraw consent at any time and that such withdrawal does not affect the lawfulness of consent-based processing before the moment of withdrawal?

 

Where the legal basis for processing is based on either a statutory requirement, a contractual requirement, or a requirement necessary to enter into a contract, have you indicated such legal basis? In addition have you indicated if the data subject in such cases is obliged to provide the personal data and the possible consequences of failure to provide such personal data?

 

Where the legal basis for processing is based on legitimate interests, have you specified those legitimate interests?

E.g. marketing or research purposes.

YES
NO

5. The recipients or categories of recipients of the personal data?

 

Please be clear on organizations with whom personal data is being shared, such as service providers and subsidiaries and/or affiliates. Special focus on marketing companies and commercial data companies receiving personal data.

YES
NO

7. The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that peri​od?

YES
NO

8. The possibility to exercise the following rights:

 

Access to personal data

Rectification of personal data

Erasure of personal data

Restriction of processing

The right to object to processing

The right to data portability

YES
NO

9. The right to lodge a complaint with a supervisory authority?​

YES
NO

10. Where applicable, the existence of automated decision-making, including profiling? 

 

In such case, have you also provided meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject?

YES
NO
NOT APPLICABLE

6. In case of transfer of personal data to a country outside of the EU/EEA, have you indicated whether for that country an adequacy decision exists of the European Commission or if suitable safeguards have been put in place, such as binding corporate rules, EC model clauses or EU-US Privacy Shield? In case of the latter, where can these safeguards be viewed?​

YES
NO
NOT APPLICABLE

Thank You!

The form has been successfully sent.

Please answer the following questions below as follows:​

YES
NO
NOT APPLICABLE

 

1. The identity and the contact details of you as the controller or of the controller’s representative?

YES
NO

2. If you have a data protection officer, the contact details of the data protection officer?   

YES
NO
NOT APPLICABLE

3. Each of the intended purposes for the processing of the personal data? E.g. execution of sales, KYC checks, own research, etc.​

YES
NO

4. The legal basis for the processing for each purpose?

 

Typically: necessary for i) the performance of a contract,

ii) compliance with a legal obligation, iii) purposes of legitimate interests, and/or iv) a task of public interest, OR where the data subject has given consent.

All of the purposes (described under question 3) should be aligned with a legal basis.

 

 In addition:

Where the legal basis for processing is based on consent or explicit consent, have you indicated that the data subjects have the right to withdraw consent at any time and that such withdrawal does not affect the lawfulness of consent-based processing before the moment of withdrawal?

 

Where the legal basis for processing is based on either a statutory requirement, a contractual requirement, or a requirement necessary to enter into a contract, have you indicated such legal basis? In addition have you indicated if the data subject in such cases is obliged to provide the personal data and the possible consequences of failure to provide such personal data?

 

Where the legal basis for processing is based on legitimate interests, have you specified those legitimate interests?

E.g. marketing or research purposes.

YES
NO

5. The recipients or categories of recipients of the personal data?

 

Please be clear on organizations with whom personal data is being shared, such as service providers and subsidiaries and/or affiliates. Special focus on marketing companies and commercial data companies receiving personal data.  

YES
NO

6. In case of transfer of personal data to a country outside of the EU/EEA, have you indicated whether for that country an adequacy decision exists of the European Commission or if suitable safeguards have been put in place, such as binding corporate rules, EC model clauses or EU-US Privacy Shield? In case of the latter, where can these safeguards be viewed?

YES
NO
NOT APPLICABLE

7. The period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period?

YES
NO

8. The possibility to exercise the following rights:

 

Access to personal data

Rectification of personal data

Erasure of personal data

Restriction of processing

The right to object to processing

The right to data portability

YES
NO

9. The right to lodge a complaint with a supervisory authority?

YES
NO

10. Where applicable, the existence of automated decision-making, including profiling? 

 

In such case, have you also provided meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject?

YES
NO
NOT APPLICABLE