Simple GDPR Notice (Sample)

The General Data Protection Regulation (GDPR) which goes into effect on May 25th, 2018.  GDPR is a major step in protecting the privacy of European Union (EU) residents, giving them more control over what, how, why, where, and when their personal data is used.

This document is meant to provide a very simple sample to get you started with your GDPR notice.  Make sure to consult with your legal counsel.

GDPR PRIVACY NOTICE (Sample)

Privacy Notice 

We are committed to safeguarding the privacy of personal data. This Privacy Notice outlines the collection, use, and disclosure of personal information provided to our users, clients, partners, and constituents. When information is submitted to us, or you use the our websites and other services, you consent to the collection, use, and disclosure of that information as described in this Privacy Notice.

Use of Information

We collect and processes Personal Information and Sensitive Personal Information from individuals who use our services or our customers only as necessary in the exercise of our businesses legitimate interests, functions, and responsibilities to deliver our products and services.  Personal Information is collected from users and customers and shared with internal and external parties as necessary and in the course of providing our products and services.

For purposes of this Privacy Notice, Sensitive Personal Information is defined as race, ethnic origin, religious or philosophical beliefs, health data, sexual orientation, and criminal convictions.

For purposes of this Privacy Notice, Personal Information refers to any other information concerning a natural person that is created by or provided to us from or concerning users and customers.

Third Party Use of Sensitive Information

We may disclose your Sensitive Personal Information and other Personal Information as follows:

  • Consent: We may disclose Sensitive Personal Information and other Personal Information if we have your consent to do so.

  • Emergency Circumstances: We may share your Personal Information, and Sensitive Personal Information when necessary to protect your interests and you are physically or legally incapable of providing consent.

  • Employment Necessity: We may share your Sensitive Personal Information when necessary for administering employment or social security benefits in accordance with applicable law or any applicable collective bargaining agreement, subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.

  • Public Information: We may share your Personal Information and Sensitive Personal Information if you have manifestly made it public.

  • Archiving: We may share your Personal Information and Sensitive Personal Information for archiving purposes in the public interest, and for historical research, and statistical purposes.

  • Performance of an Agreement or Services: We may share your Personal Information when necessary to administer an agreement or in the performance of services you have with us.

  • Legal Obligation: We may share your Personal Information when the disclosure is required or permitted by international, federal, and state laws and regulations.

  • Service Providers: We use third parties who have entered into a contract with us to support the administration our operations and policies. In such cases, we share your Personal Information with such third parties subject to the imposition of appropriate safeguards to prevent further unauthorized disclosure.

  • De-Identified and Aggregate Information: We may use and disclose Personal Information in de-identified or aggregate form without limitation.

Security

We implement appropriate technical and organizational security measures to protect your information when you transmit it to us and when we store it in our information technology systems.

Retention and Destruction of Your Information

Your information will be retained in accordance with applicable state and federal laws. Your information will be destroyed upon your request unless applicable law requires destruction after the expiration of an applicable retention period. The manner of destruction shall be appropriate to preserve and ensure the confidentiality of your information given the level of sensitivity, value, and criticality to our operations and organization.

Your Rights

You have the right to request access to, a copy of, rectification, restriction on the use of, or erasure of your information in accordance with all applicable laws. The erasure of your information shall be subject to the retention periods and in accordance with applicable state and federal laws. If you have provided consent to the use of your information, you have the right to withdraw consent without affecting the lawfulness of our use of the information prior to receipt of your request.

Users and customers may exercise these rights by contacting us at [email protected]

Information created in the European Union may be transferred out of the European Union. If you feel we have not complied with applicable foreign laws regulating such information, you have the right to file a complaint with the appropriate supervisory authority in the European Union.

Updates to This Policy

We may update or change this policy at any time. Your continued use of our website and third-party applications after any such change indicates your acceptance of these changes.