The total price for this privacy statement is €200,00 ex. vat. This amount will be invoiced once this form is completed.
- The use of personal data
- The source of personal data
- If data is shared with third parties
- How personal data can be amended
- The rights of the customer/client
How long can I keep personal data?
While many businesses would prefer to keep data indefinitely because it might prove useful later, this is not allowed. When collecting data, you must consider beforehand how long you genuinely need certain data.
You are allowed to use personal data only for predetermined, legally permissible purposes. Once you no longer need specific data to achieve that purpose, you must delete or anonymize the data.
- You keep a personnel file for all your employees because it is legally required. Once an employee leaves your company and all salary payments have been made, you must delete his personnel file.
- You have customer data in your financial records. You are legally required to keep this data for seven years for tax audit purposes. After those seven years, you must delete your customers' personal data from your records.
- You keep email addresses and purchase history of your customers to later send them information about offers. Over time, the purchase history is filled with very old orders that are no longer relevant. You must then delete these data.
One of the key obligations of the GDPR is to inform the person whose data you process - the data subject - about this. If at all possible, you should do this before you obtain their data.
What constitutes personal data?
The concept of 'personal data' is broadly interpreted. It doesn't only refer to someone's name, but to any data that can be used to identify a person. A unique number, a home address, a postal code, an IP address—all qualify as personal data. Data in a database that's linked to such identifiers becomes personal data due to that association. Pseudonymized data (like hashed or encrypted data) also fall into the category of personal data.
Indirectly identifying data
Data that allows only indirect identification of an individual also qualifies as personal data. For instance, if you have a database storing only location data, this data could be so unique that only a small group of people could potentially have that location pattern. In such cases, it still constitutes personal data.
Even when you process data solely about small businesses, it usually involves handling personal data. This is because a business can be a sole proprietorship or a company with only one employee.
Some examples of personal data include:
- Account number
- Professional activities
- Interest in a product
- Name, address, and phone number (NAP) data
- Profile picture
- Travel behavior
- Social contacts
- Surfing behavior
- Telephone number