Skip to main content
Metasoul Docs
Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Toggle Dark/Light/Auto mode Back to homepage
  1. Metasoul Docs
  2. /
  3. Data privacy tips & tricks
  4. /
  5. Privacy notice

Privacy notice

When do I need a privacy notice?

A privacy notice is required whenever personal data is processed. This includes, for example, the data of customers, visitors, suppliers, applicants, or employees. The obligation arises from the transparency principle of the GDPR and applies regardless of the method used to collect the data.

What must a privacy notice include?

A privacy notice must clearly and understandably inform who is responsible for data processing and how the data subject can contact the controller and, where applicable, the Data Protection Officer. The purposes and legal bases of the processing must be explained. It must also specify who the recipients of the data are or may be, whether data is transferred to third countries, and how long the data will be stored. The notice must also inform data subjects of their rights. Additionally, it should mention the right to lodge a complaint with a supervisory authority. If consent is the legal basis for processing, the right to withdraw consent must be provided. If data is not collected directly from the data subject, the source of the data and its categories must also be stated. When creating privacy notices, using tools like Metasoul and the Metasoul data protection generator is advantageous, as it allows for easy creation of GDPR-compliant privacy notices.

What is the best way to provide a privacy notice?

The privacy notice should be provided in a way that is easily accessible and understandable to the data subjects. On websites, it is recommended to include a clearly visible link, such as in the footer or main menu. In offline processes, the notice can be handed out as an information sheet or displayed in a prominent location. It is important that the information is provided in a timely manner, no later than at the time of data collection.
Using tools like Metasoul allows privacy notices created with the Metasoul data protection generator to be easily embedded on a website or converted into a PDF for offline processes.

Do I need to have a privacy notice signed?

A signature or active confirmation of the privacy notice is not required. It is sufficient if the data subject has the opportunity to acknowledge the notice. The GDPR only requires the provision of the information, not confirmation by the data subject.

What is the difference between a privacy notice, a privacy statement, and a privacy policy, and which term should I use?

Privacy notices and privacy statements are external information documents for data subjects and fulfill the legal information requirements under the GDPR. They are often used interchangeably, although “privacy notice” is increasingly recommended to avoid misunderstandings. The privacy policy, on the other hand, is an internal set of rules for employees and serves to implement and document data protection within the company.

We recommend using the term data protection notice.

What is the best way to refer to the privacy policy in my application?

There are various ways to provide a privacy notice for an application, but the following procedure has proven effective:

Step 1: Make the privacy notice for your application publicly available on your website (for example, via “Privacy notice ‘App name’ application” alongside the website privacy notice).

Step 2: Refer to the privacy policy in the application before registration. This usually happens together with the acceptance of the terms and conditions, before the customer’s registration data has been transmitted.

Important: Privacy notices should never be “accepted” in the wording, and we recommend the following wording:

I accept the “Appname” terms and conditions and confirm that I have read the privacy notice.

The terms and conditions and the privacy notice should also be linked accordingly.