SPRING DISCOUNT
Get 30% off on toolkits, course exams, and Conformio yearly plans.
Limited-time offer – ends April 25, 2024
Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
GDPR legal basis for online card payments
I have so far not had any information from our payment card processor regarding the legal basis for processing online card payments. Is this something you have come across before? I would think that there must be some legal requirement to continue to process data (eg financial record keeping). -
Cookies
Hi. I have a question regarding cookies, cookie-policy and implementing a new cookiebar. Is it okay to have pre-ticked cookies as long as a webpage-user is given the opportunity to withdraw and freely refuse to accept all or some of the specific cookies? I hope my question makes sense. Thank you. Best regards, Casper -
Purpose of requesting the birth date
1.For the Data Subject Access Request form. What is purpose of requesting the birth date. And is it needed? -
Language of the Privacy policy
I wanted to know if for a portfolio site in which there is only a link to google analytics and nothing else, published only in English but for Italian professional with Italian office, must enter the privacy policy in 2 languages? For site showcase that does not use any type of data collection (no formulation and no analytics) translated into 2 languages, ita / eng, the privacy policy can be only in Italian or should it be in English? -
Comprehensive consent document
I am looking to purchase a comprehensive consent document that includes all of the the required details that we are obligated to provide to a EU citizen who is providing personal information. It seems all of the templates I have purchased are individual lines on these and I would have to sort through them all and download individually and combine. Is there a comprehensive one that covers all mandatory fields? -
Supervisory Authority
If we are working as Data Controller (for example we sell our software directly to clients via Microsoft Store or App Store) in case of Data Breach (according to your document "9.1_Data_Breach_Response_and_Notification_Procedure_EN.docx" section "Personal data breach notification: Data controller to supervisory authority") - The Company must establish whether the personal data breach should be reported to the Supervisory Authority. -
Internal record of processing
I am trying to figure out if the organisation I am working for needs to maintain a record of processing (article 30), and if so, to get a better idea of what this record will look like. We are a small e-business selling good and software online. We are based in Israel, but do sell to customers within the EU. Any help is greatly appreciated. -
GDPR - specific protections for children
I am in independent assessor for dyslexia. I would like some advice on the wording of a consent form which I would ask parents to sign. This would give their consent for gathering personal details, information from other professionals, assessing their child and storing the information for six years following their 18th birthday. -
Data subject access requests
As a processor we have been requested by one of our clients (controller) to share some basic information (comprising transaction reference and email address) with their website provider. Am I correct in thinking this should be covered in the client's own privacy policy, and that any data access request relating to this shared information would be made via the client (controller)? -
Legitimate interest for marketing emails
Can we claim legitimate interest for marketing emails ?If we contact people to say, email us if you want to be removed from our mailing list, is that ok? Or do we need to say, contact us if you want to remain on our mailing list ?