Privacy Notice

A privacy notice is a statement that informs individuals about how their personal information will be collected, used, stored, shared, and protected. Privacy notices are fundamental transparency tools required by virtually all privacy laws. They must be provided at or before the time of data collection, clearly communicating what data is collected, for what purposes, with whom it's shared, how long it's kept, and what rights individuals have regarding their data. The GDPR Articles 13 and 14 specify detailed requirements for privacy notice content, including data controller identity, legal basis for processing, recipient categories, data transfers, retention periods, and data subject rights. Privacy notices must be concise, transparent, intelligible, easily accessible, and written in clear and plain language. They should be layered or formatted for readability, not buried in lengthy legal documents. A notice at collection is specifically required when data is collected directly from individuals, while a different notice applies when data is obtained from other sources. Privacy notices differ from privacy policies—notices are context-specific and provided at point of collection, while policies are comprehensive documents covering all data practices. Effective privacy notices are prominent, timely, specific to the context, and actionable—giving individuals the information they need to make informed decisions about their data.