Privacy Statement

The General Data Protection Regulation (GDPR) requires data processors to inform their customers, visitors and employees about which data is being collected for which purpose. This information is usually provided by means of a Privacy Statement (also referred to as the Privacy Policy). A Privacy Statement must be clear to those involved and must also be easy to find.

What is stated in a Privacy Statement?

A Privacy Policy provides an overview of which information about your customers or users is collected by or on behalf of your organisation. A proper Privacy Statement meets the requirements of the Dutch Personal Data Authority (AP) and will help prevent fines.

 In a Privacy Statement the following information must be included at least:

  • Identity: it is very important that the person involved knows with which organisation he or she is dealing. You should therefore include your company details in the Privacy Statement. The contact details of your Data Protection Officer must also be stated in the Privacy Statement;
  • Purposes and principles: in the Privacy Statement you must clearly state what the purposes and legal principles of your data processing are;
  • Data subject's rights: under the General Data Protection Regulation (GDPR), all data subjects have the right to inspect their data at any time. In addition, a data subject may ask you to correct or delete his or her data. All these rights must be dealt with in the Privacy Statement, and it must also be stated how the persons concerned can assert his or her rights;
  • Security measures: you must state in the Privacy Statement which measures you have taken to protect the personal data;
  • Recipients: if personal information is shared with third parties, you must specify in the Privacy Statement with whom this information is shared;
  • Processing outside the EU: if your organization processes or has processed personal data outside the European Union, you must state this;
  • Retention periods: you are also obliged to indicate the periods you use for the retention of personal data. The statutory retention periods that apply to certain personal data must be taken into account;
  • Profiling: do you use profiling, or automated decision-making? If so, you are obliged to inform the parties involved about this in the privacy statement. It is important that you explain to the parties involved how you have structured this process.

Contact us

We at Legal Q are happy to assist you in drafting and/or reviewing your Privacy Statement. For more information about this service or if you have any other questions about the AVG, please feel free to contact us.



Specialist privacy statement

A Privacy Statement is required for almost every organization. A good Privacy Statement is clear and easy to find for those involved.
Innovation / Growth / Commitment

Lawyer privacy statement

Do you have questions about this subject? We can help you with this. Contact us without obligation!