Introduction and meaning of imprint and privacy policy:
According to the legal requirements of the GDPR and the Telemedia Act (TMG), websites must provide certain information, including an imprint and a privacy policy. These documents are crucial to ensure transparency and protect the rights of users. Here are the requirements explained in detail:
Legal notice requirement (Telemedia Act – TMG):
- Necessity of an imprint: Every website that is operated commercially must have an imprint. This also applies to blogs and information portals if they have a certain regularity and permanence.
- Content of the imprint: The imprint must contain the following information:
- The name and address of the service provider
- Contact information, including an email address and a telephone number
- Information on commercial register entry, if available
- VAT identification number or business identification number, if available
- For legal entities: Name of the authorized representative (e.g. managing director)
Data protection declaration (Articles 12, 13 and 14 GDPR):
- Need for a privacy policy: Every website that processes personal data must have a privacy policy. This also applies to websites that only passively collect data such as IP addresses.
- Content of the privacy policy: The privacy policy must be formulated clearly and comprehensibly and contain the following information:
- The identity and contact details of the controller and, where applicable, the data protection officer
- The purposes and legal basis of data processing
- The categories of personal data that are processed
- The recipients or categories of recipients of the data
- The transfer of data to third countries or international organisations, if applicable
- The storage period of the data or the criteria for determining this period
- The rights of the data subjects, including the right to information, rectification, erasure, restriction of processing, data portability and objection
- The existence of a right of complaint to a supervisory authority
- Information about the origin of the data if it was not collected from the data subject
- The existence of automated decision-making, including profiling, where applicable
Relevant articles of the GDPR and the TMG:
- Article 12 GDPR: Transparent information, communication and modalities for exercising the rights of the data subject
- Article 13 GDPR: Obligation to provide information when collecting personal data from the data subject
- Article 14 GDPR: Obligation to provide information if the personal data were not collected from the data subject
- § 5 TMG: General information obligations (legal notice obligation)
Examples of compliance with the requirements:
- Legal notice: An online store must provide an easily accessible legal notice that contains all the necessary information. This includes the name of the company, address, contact information and commercial register entry.
- Privacy policy: A social media platform must provide a comprehensive privacy policy that describes the processing of personal data. This includes information about the collection of IP addresses, the storage of cookies, the use of tracking technologies and the sharing of data with third parties.
Summary:
Websites must provide an imprint and a privacy policy to meet the legal requirements of the GDPR and the TMG. The imprint must contain clear information about the service provider, while the privacy policy must provide comprehensive information about the processing of personal data. These documents help to ensure transparency, protect the rights of users and ensure compliance with legal regulations.
