AEPD is not responsible for the legality of other third-party websites from which the portal is accessible. The AEPD is also not responsible for the legality of other third-party websites that may be linked or linked from this portal. Hello Santiago: You might have a problem, because if you can assume that these legal texts are an original work, the result of the ingenuity of a lawyer, they could of course claim you. Greetings hello, If you are not a business but you have a website where you sell third-party items, I understand that you must provide your contact information on the legal notice page. Is it enough to specify the name and initial letter of the surname, username and e-mail? Thank you for the information. Best wishes. The processing of your data is carried out for the fulfillment of the legal obligations of the AEPD, for the performance of tasks of public interest or in the exercise of the public powers conferred on the AEPD, as well as when the purpose of the processing requires your consent, which must be achieved by a clear positive action. The consequences of publishing an incomplete legal notice, non-compliance with applicable regulations or even non-publication can represent a significant expense. In accordance with Article 39 of Law 34/2002, offences are classified as minor, serious and very serious and may result in a fine of between 600 and 600,000 euros. A minor violation could be, for example, not providing information about the TIN or codes of conduct to which a website adheres. On the other hand, failure to clarify the terms of contests and promotions can result in a fine of up to 30,000 euros. It should be emphasized that these violations and the corresponding sanctions affect not only the pocket of the administrator of a website, but also the public image of a brand or company – especially in relation to its customers. Nowadays, it`s common for multiple websites to share their legal notices, and while this may work in some cases, it`s not entirely recommended.
If you are considering creating a website, it will never hurt to devote the necessary time to an element of such relevance to the health of the website and the reputation of your project. However, it should be noted that all these recommendations, or that can be found on the Internet, do not replace an appointment with legal advice in case you have doubts or want to be sure. There are variables that can sometimes be the source of misunderstandings. Nevertheless, the current rules recognize these possible errors and allow them to be corrected before sanctions are imposed. The privacy policy is nothing more than the notices that our legal notice must contain with regard to the personal data that we may collect through the various forms that we have set up on our website. Hi Juan: If the website does not collect any personal data, it is obvious that it does not require a privacy policy. However, if, in the course of your activity, you process personal data collected in another way, you must comply with the provisions of the applicable regulations (GDPR and new LOPDGDD). A salvation that I said because even if they try to protect data, legislators forget that those of us who are not autonomous or society (SLU p.e.) Name the address DNI, and we spread it in the four winds. At Viveros Solís we have the example of a legal opinion from the website of a small gardening company. In the link to access it, they identify it as a privacy policy, but it`s an equally valid designation. We can check if an SME can also have a complete legal opinion that includes sections such as the official language of the site, which, although they are not mandatory, it is not bad to have them.
Good evening Nando, my company wanted to include a job area on the website so that you could send resumes to the human resources department and thus get new talented profiles. However, the person responsible for our website has informed us that the LOPD will not be respected. What should we do to include this section in accordance with the law? Also, I read that until this section is integrated, you can insert a premise that says, “If you want to work with us, you can send us your resume at ****@****. Should we also send an automated response stating that the data will be included in a file for offers published in the company? Do you know the approximate costs that should include the stage of employment that corresponds to the LOPD? Finally, thank you for your time and commitment. It is greatly appreciated that you respond to all the comments on your blog. I will definitely recommend you. Yes, the inclusion of legal notices is mandatory for any website or online site that realizes economic benefits or collects personal data from its users. Hi Nando, What a great help, both the post and the comments and your responses. Files, laws, cookies, privacy, legal notices..
puffff… Your enthusiasm for your project will be taken away from you, given the effort and time it takes for those who want to get it right but don`t know any legal aspects. Not only do I thank you for your dedication and knowledge, but I also ask for your permission to use your legal opinion as a template to customize mine. I also wanted to consult you.: On my website I want to publish photos of projects that I have made, but that contain photos of third parties (including children), I must have your permission, right? Could you tell me what to do and if there are standard forms? Thank you very much! – Data allowing to identify the owner of the WEB whether it is a natural or legal person: name, company name and contact details (address, e-mail address, telephone or fax), if necessary legal representatives, as well as the N.I.F. or the C.I.F. If it is a company registered in the commercial register, this registration data must be collected. Hi Josep: At the moment, this authorization by the AEPD is unnecessary because there is a new framework called Privacy Shield to replace the invalid Safe Harbor. The Rocket Science Group, the company that owns Mailchimp, adheres to this Privacy Shield, so the transfer of personal data to Mailchimp is currently and if there are no changes, completely legal. Theoretically, yes, you need to fill in the data related to the international data transfer. A greeting This is covered by the LOPDGDD and the GDPR, which govern any activity that collects personal data, for example through a form to comment on a blog. The legislation obliges the reader to provide the reader with information on how his data is collected, the purpose of the collection and use of his data, and his possibilities of application of the so-called ARCO rights, i.e. access, rectification, cancellation and opposition, as well as on the rights of restriction and portability added by the GDPR.
What is the legal basis for the processing of your personal data? – when a regulated professional activity is carried out (lawyer, doctor, detective, etc.), the data of the professional order, the college number, the academic title and the State of the European Union in which they were obtained, as well as the professional statutes or the code of ethics governing the exercise of their profession, indicating the means by which they can be known (including electronic), are registered. The legal notice of the website is a document hosted on the page itself, usually in the form of a subpage accessible via a link on the main page, in which a certain amount of commercial data is collected so that users who browse this website can become acquainted with all the legal information associated with it. 5.2. Your personal data may also be processed on our behalf by our trusted third-party service providers. Hello buddy. I have a doubt, I see websites that instead of a form or in addition have a “contact” on which you click, and your mail application opens, with a new email to send, already addressed to the email address provided by the owner of the web. Either this is their only form of contact, or if I contact them in this way instead of the form (by sending them my personal data); The owner of the site would receive my personal data without me having accepted any confidentiality clause. It is true that when I send my data, I consent to the processing, with regard to their receipt, but not to keep them or to include them in a database. I don`t know if I`m on the wrong track. Thank you in advance Hello Maria: Well, I`m sorry I don`t agree with your web designer.
An employment service designed to collect C.V. does not violate the privacy policy. What violates the privacy policy is to process personal data and not to do it properly. First of all, you must have a privacy policy that informs the person who will send you the CV appropriately about everything that is required by the new General Data Protection Regulation. On the other hand, you must have a register of processing activities that specifies the privacy policies that you have implemented in your company for the protection of personal data. You must also obtain the consent of the person sending you the CV to process their data.