Are templates for data protection guidelines protected by copyright

Data protection declaration for website, blog and co .: Requirements and information

The most important information about the data protection declaration on websites in brief

  • Any website must have a privacy policy - also private lover sites.
  • Create no privacy policy for your homepage, you are threatened with a warning. You will be charged the warning costs of approx. 100 to 200 euros be invoiced.
  • You can go to Creation of a data protection declaration use our free sample for your website. Please keep in mind, however, that Adjustments are necessary.
Important! Elevate the patterns in the text below no claim to correctness and completeness. We strive to keep the pattern on the current status to keep. Nevertheless, we strongly advise you to obtain your individual data protection declaration from a data protection officer create or review allow.

Legal basis: Even a private homepage needs a data protection declaration


What belongs in the Data protection a homepage? Is there a mandatory for all operators, data protection information accommodate? The provisions on data protection on the Internet are often particularly useful for laypeople difficult to understand.

This counselor explains which provisions the Data protection must suffice for a website and what consequences missing data protection notice entails. A free sample of a data protection declaration for websites can also be found below.

Consumers have that Law to find out whether, to what extent and for what purpose their personal data collected and stored before you submit a corresponding offer use.

This principle doesn't just apply to them Websites from companies or authorities: Also private Service providers are subject to it.

This follows from the Telemedia Act (TMG). Section 13 of the Act provides:

The service provider must inform the user at the beginning of the usage process about the type, scope and purpose of the collection and use of personal data [...] in a generally understandable form, unless such information has already been given.

"Personal data" is not only valid obviously personal information such as a person's name, place of residence or email address, but also theirs IP address or knowing which pages they are in Internet visited. So every website raises in this sense personal data about their users.

It follows that a privacy policy is based on any website It is mandatory - regardless of the operator.

Website or webpage?

Between Anglicisms and legal Special terms it is not easy for laypeople to keep track of all definitions. The terms "Website" and "Website" do not mean the same thing in two different languages. The Entire Internet presence understood - analogous to a book - while a website is a single bottom this presence - analogous to a book page - referred to.

This threatens if you do not have a data protection declaration on your homepage

According to the German and European jurisprudence a missing or inadequate data protection declaration applies to a commercial website as a violation of competition law. This means that competitors (competitors) Warnings send, claim damages and insist on omission can.

Since the beginning of 2016, not only competitors, but also Consumer protection associations Send warnings for missing data protection declarations. That means this option not alone commercial websites.

However, it still remains not very likelythat private website operators receive a warning because they do not Data protection on their website. Consumer associations have one primary interest ensure compliance with data protection guidelines on the part of Trader to control which possibly with illegally obtained data Profits can achieve. Commercial providers must therefore expect to be warned if the data protection declaration on their website does not comply conditions corresponds to.

Unlike Copyright Infringement on the Internet - for example through file sharing - there was a lack of data protection declarations on private websites no warning industry educated. This is mainly due to the fact that Claims for damages to private operators almost impossible are to be quantified.

Compensation for damages and the right to cease and desist: These claims may contain a warning

§ 7 of the Federal Data Protection Act (BDSG) states:

If a responsible body inflicts damage on the person concerned through an inadmissible or incorrect collection, processing or use of his personal data under this Act or other data protection regulations, it or its carrier is obliged to pay compensation to the person concerned. The obligation to pay compensation does not apply if the responsible body has taken the care required by the circumstances of the case.

According to this principle, competitors can in theory claim damages. However, this is the amount of the claim just very difficult to quantify.

Let's take one example: Mr. Müller and Mr. Schmidt each run one Online shopto sell garden tools. In contrast to Mr. Schmidt, Mr. Müller has none Data protection on his website.

But this one can not noticeHow many customers therefore tend to buy from Mr. Müller or whether the missing Data protection notice one at all difference turn off.

Still, competitors have one Right to cease and desist. That means that they give the warning Cease and desist declaration can enclose. The warned person is obliged to him signature in addition, a correct privacy policy on his website. Often times these cease and desist statements include a Contractual penalty. If those affected act contrary to her, they must fixed amount numbers.

Companies also need to sensitive fines Expect when they don't adequately address their customers Collection, storage and use inform about personal data. A fine up to 50,000 euros can arise for this - in individual cases are also higher amounts possible.

What do you need to state in your website's privacy policy?

First of all, the Explanation have the note ready that personal data are generally collected. Write in the Explanationwhich data this concerns. Server log files, which are based on almost every website act, for example, save the IP address the user, time and Length of stay on the homepage and the pages visited.

Furthermore, most of the time they create websites these days Cookies. These small text files are sent to the Browser the user sent and there saved. Cookies store information about that User behavior and on the one hand increase the user friendliness (by, for example settings made remain on later visits) but also the Amount of information stored about the user.

Because of this you need to Server log files and cookies in your website's privacy policy mentioned become.

Analysis and statistics applications in data protection notices

Many website owners Interestedwhat content their website read particularly often how long users stay on your site and with which ones Terminals they visit them.

This information to satisfy on the one hand the curiosity of the site operator, on the other hand they play a decisive role Further development of the offers at.

Various Programs and Plugins allow extensive information collection on user behavior on websites. The most used is Google Analytics. Since these tools collect a great deal of specific data, it is essential that they are in the Data protection be treated. A note on which personal data according to Google should also be included.

Use social media plugins? Not without a note in the data protection declaration!

So popular Social media buttons on websites are: From a data protection point of view, their use is problematic. Often, by integrating the appropriate plugins - for example from Facebook, Twitter or Google Plus - a direct connection between the browser of your users and the servers of the social media operator.

Explicit and detailed information In order to use these services on your website, the data protection declaration must therefore keep ready.

Note on the handling of contact data

Any website needed in addition to a data protection declaration imprint. In there are them Contact options of the operator. Every user can thus contact him. The privacy policy of your website must also to explainhow to proceed with the information which is transmitted via the contact of a user - such as his E-mail address.

Record interaction options on websites in your website's data protection declaration

Across from analog information options the internet offers a special advantage: users can communicate with each other exchange and participate. However, interactions are usually only possible if they are Sign in. For this they have to personal data specify. How these are treated must be specified in the Data protection information explained.

The same thing applies if your users Comments or the entire website subscribe to because they can do at least one E-mail address must specify.

Sample: The privacy policy of your website can be formulated as follows

Below is a exemplary data protection declaration. It contains sample formulations for:

  • General data protection information
  • Technical aspects (server log files)
  • Handling of personal data
  • Use of cookies
  • Contact form integration
  • Collection of personal data using the comment function
  • Subscription options for a website
  • Use of Google Analytics
  • Integration of a Facebook plugin
  • Integration of a Google Plus plugin
  • Integration of a Twitter plugin
  • Newsletter offer
  • Final provisions: Right to information, correction and deletion

Data protection declaration for a website: template for download

Here you can see the pattern of a Data protection bundled with all of the above download:

Download as PDFDownload as .doc

Danger! Apply this template not unchecked! The Your website's privacy policy be supplemented or shortened by a few points.

It is recommendableto only use those sections of text in the data protection declaration of your website, which also needed become. In this sense, every data protection notice is on a homepage individually created. Make sure your statement all points includes, which in the sense of BDSG and TMG are relevant.

Important! Would you like to use this template of a data protection declaration for a website which commercial is oriented, are others additions necessary. It is also advisable to have your personal data protection declaration from a Data protection officer to be checked.

Where does the privacy policy need to be placed on a website?

The TMG certainlythat the information on data protection at any time must be visible to the user. That means that the Link to your privacy page from every single one of your website clickable have to be.

In addition, the user must instantly can determine where the appropriate Provisions are located.

So the link must clearly labeled (for example with “data protection” or “data protection declaration”). It is for example not permitted, the explanation to be placed in the imprintif this can only be reached via the link "Imprint".

(103 Ratings, average: 4,09 of 5)
Data protection declaration for website, blog and co .: Requirements and information
4.095103Loading ...

You might also be interested in: