Guest user Created: Mar 21, 2018 Last commented: Mar 21, 2018

Publishing Privacy Policy

As we are an outsource contact center provider, we are the data controller in terms of HR, Recruitment etc. putting the Privacy Policy on the website doesn’t seem right to me, as this is also used for prospective new clients? How would this work for us? Same for DSAR requests – our website doesn’t seem the right place to put this information but I don’t know where else we could?

0 0

Assign topic to the user

Select user

Expert

Andrei Hanganu Mar 21, 2018

Answer:

Based on your description bellow it does not make sense to publish the Privacy Policy on your website unless you use the website to collect data for example CVs for recruitment purposes or get data subjects to set up an account.

In the case above you just need to publish the Privacy Policy on your intranet for example.

Regarding DSARS these should come from the data subjects for which you are acting as controllers so you need to provide this information only to them. For example, in case of requests from your employees you can provide the information on your intranet. However, bear in mind that also former employees have these rights so the informat ion should be available to them as well so Intranet might not be sufficient in this case.

You can find out more about Data Subject Access Requests from our webinar “Data Subject Rights under the EU GDPR” (https://advisera.com/eugdpracademy/webinar/data-subject-rights-under-the-eu-gdpr-free-webinar-on-demand/).

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 21, 2018

Expert Advice Community