Privacy policy


According to the GDPR, the privacy policy is mandatory as soon as a company processes personal data. In the privacy statement, companies must in particular disclose how personal data is collected, processed and stored. In contrast to the Data Processing Agreement*, the data privacy policy does not constitute a contract.

Expert Tip: The privacy policy on the website is particularly significant for two reasons. First, a great deal of personal data can and is collected and processed via the website. Second, the website is your most important external presence - anyone who designs their website in a data protection-compliant manner is already showing the outside world that measures have been taken to comply with the GDPR.

*Find the definition here: Data Processing Agreement