In this article, we explain what a privacy statement is, when you should place a privacy statement on your website, what should be included in a privacy statement, and how to set up a privacy statement on your website.

What is a privacy statement?

In a privacy statement, as a school, you explain what you do with personal data. You specify how you collect, store, secure, and whether you share the data with third parties. You also inform people about how they can make requests to access, modify, or delete their data.

When should I place a privacy statement?

Placing a privacy statement is mandatory on every website that collects personal data. This is stipulated in the Personal Data Protection Act (Wbp). The Dutch Data Protection Authority (AP) supervises compliance with the Wbp and can compel organizations to take measures in case of a violation. The main measure the AP can take is the exercise of administrative coercion. In this case, the AP demands that the offender rectifies the violation within a certain period. The AP can also impose a penalty or issue a fine, for example, when the processing of personal data is not, incorrect, or belatedly reported.

Therefore, a privacy statement is already required if you have a contact form on your website.

What should be included in a privacy statement?

In a privacy statement, you must include at least the following:

• • Identity
    Your school name, including the address details of your school and a contact address for privacy-related questions.
  • Purposes
    The purpose of processing personal data. This can include things like 'registering new students' or 'securing and optimizing the website' (such as recording IP addresses).
  • Use of cookies
    If your site uses cookies (which is almost always the case), you are obliged to explain what cookies are and what you do with them, even if it's just keeping people logged in.
  • Access and correction
    Customers have the right to access their data. They can request correction or deletion of their personal data. However, deletion is only allowed if the data is no longer relevant.
  • Security
    You must explain the technical and organizational measures you have taken to secure personal data against loss or any form of unlawful processing. For example, securing the internet connection with SSL is necessary when placing orders, and passwords on the database itself.

How do I set up a privacy statement on my website?

See here how to add a privacy statement.