Thursday, 5 February 2015

A short privacy policy – but is it legal?

A new journal in European data protection law is on its way. It’s going to be called the European Data Protection Law Review, and will be published by Lexxion.

Can you tell whether an organisation is serious about data protection just by reviewing its privacy policy? If it is, then what do you make of Lexxion's privacy policy, which is only 135 words long?

A privacy policy in just 135 words?

But is it fit for purpose? Well, as the journal is being produced by a reputable German legal publishing company, and the purpose is to consider data protection issues from an academic (and legal) perspective, so I can only assume that Lexicon fully satisfies every aspect of German data protection law.

For those that wondered how Lexicon decided to meet their fair processing obligations, here is the policy:

Please note that we do not pass on personal data to third parties unless it is to companies helping us to comply with your requests.

We need your personal data, such as name, address, mailing address and telephone number to be able to deliver requested goods as quickly as possible. We also need your personal data in order to provide you with information on new products.

If we should generate statistics about sales, customers, etc., we will do so only in anonymised form.

You are entitled to condradict to such use of your personal data at any time.

We inform you that our company does not use cookies which are stored on your computer beyond the time of the respective session.

If you have further questions, please do not hesitate to contact us on:

Privacy Talibanista that object to a fair processing statement being expressed so succinctly should contact Lexxion – not me.