{"id":236,"date":"2022-01-05T12:51:26","date_gmt":"2022-01-05T11:51:26","guid":{"rendered":"https:\/\/www.amedeomaturo.com\/en\/?p=236"},"modified":"2022-03-31T09:34:11","modified_gmt":"2022-03-31T07:34:11","slug":"privacy-policies","status":"publish","type":"post","link":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/","title":{"rendered":"Privacy Policies"},"content":{"rendered":"<h1>Privacy Policies<\/h1>\n<h2>What are they?<\/h2>\n<p>Primarily, <strong>Privacy Policies<\/strong> are those statements drafted, emended and eventually approved by the Controller; i.e, the entity in charge of establishing the <strong>purpose<\/strong> for the <strong>personal data<\/strong> usage. Although the following formal definition is\u00a0<em>US-focused<\/em>, I think it&#8217;s worth to click on this <a href=\"https:\/\/en.wikipedia.org\/wiki\/Privacy_policy\"><strong>Wikipedia post<\/strong><\/a> to have a more precise idea of this important concept.<\/p>\n<p>Actually, from a personal perspective, we can split the <strong>Privacy Policies <\/strong>in two different categories, briefly described as following.<\/p>\n<h2>Public Privacy Policies<\/h2>\n<p>In this case, we coincide with the definition given in the Wikipedia. Summarizing, it&#8217;s about the controllers&#8217; statement on:<\/p>\n<ul>\n<li>who&#8217;s processing personal data;<\/li>\n<li>for which purposes;<\/li>\n<li>for how long\u00a0<strong>personal data<\/strong> will be processed\/stored (the so-called &#8220;<em><strong>retention period<\/strong><\/em><em>&#8220;<\/em>);<\/li>\n<li>to whom (if any) personal data will be disclosed and why;<\/li>\n<li>what rights are granted to the subjects;<\/li>\n<li>how to exercise those rights;<\/li>\n<li>how to contact with the <strong>DPO<\/strong> (Data Protection Officer), if any.<\/li>\n<\/ul>\n<p>Tip: generally speaking, the more transparent, the better.<\/p>\n<p>&nbsp;<\/p>\n<h2>Internal Privacy Policies<\/h2>\n<p>On the other hand, we have these internal policies, where the <strong>Controller<\/strong> should establish the internal <strong>security rules<\/strong> for a safe processing of personal data.<\/p>\n<p>Of course, there is no a &#8220;<em>one size fits all<\/em>&#8221; strategy in drafting these rules. Consequently, the Controller should establish the rules according to its own criteria and combining them with the <a href=\"https:\/\/www.amedeomaturo.com\/blog\/privacy-laws-and-regulations-applicable-to-you\/\"><strong>legal requirements<\/strong><\/a>.<\/p>\n<p>Hence, I&#8217;d like to suggest the following bullets points as an interesting path to reach a proper and useful document:<\/p>\n<ol>\n<li>What the rules are for? In other words, what is the entity <strong>objective<\/strong>? what do you want to achieve in implementing these rules?<\/li>\n<li>The <strong>scope<\/strong>: are the rules applicable to all your employees? Think about employees who don&#8217;t have direct access to the personal data: maybe they would need different rules;<\/li>\n<li>Define <strong>who is in charge of what<\/strong>. Talk to the stakeholders and dive deep into their daily routines. The real truth about you own company may surprise you, when you realize what is going on behind the scenes;<\/li>\n<li><strong>Entities must obey rules<\/strong>: I know, it could sound harsh, but it is true. If the employees think that there&#8217;s a better way to comply with the data protection and data privacy obligations, they should feel free to participate in the conversation; at the end of the day, there&#8217;s always room for improvement. What is not admissible is to circumvent the established rules; in this case, internal rules should state consistent penalties;<\/li>\n<li>Let the (<strong>DPO<\/strong>) door open: invite all the stakeholders asking questions, establish a <em>privacy-pedia<\/em>, renew the continual awareness and training programs. Lastly, make the rules part of the daily routine of the entity.<\/li>\n<\/ol>\n<h2>Conclusion<\/h2>\n<p>Most importantly, the rules established by the Controller must be consistent with the legal requirements <strong>and <\/strong>with the way the entity processes personal data and the rest of the information. This is not an easy task; on the contrary, it is pretty challenging. But this is what, among other things, makes the <strong>privacy <\/strong>domain always interesting.<\/p>\n<p>To conclude: need a help in drafting your own <strong>Privacy Policies<\/strong>? Feel free to send us <a href=\"https:\/\/www.amedeomaturo.com\/contacto\/\"><strong>an email<\/strong><\/a> anytime. We are your <strong>Privacy Manager in Spain, Europe<\/strong>. You know, we love <strong>privacy policies<\/strong>&#8230;<\/p>\n<div id=\"attachment_3114\" style=\"width: 160px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-3114\" class=\"size-thumbnail wp-image-3114\" src=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png\" alt=\"Privacy Policies geek\" width=\"150\" height=\"150\" \/><p id=\"caption-attachment-3114\" class=\"wp-caption-text\">Privacy Policies geek<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Privacy Policies What are they? Primarily, Privacy Policies are those statements drafted, emended and eventually approved by the Controller; i.e, the entity in charge of establishing the purpose for the personal data usage. Although the following formal definition is\u00a0US-focused, I think it&#8217;s worth to click on this Wikipedia post to have a more precise idea [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[27,28,29,30,31,32],"tags":[33,34,22,25,109,111,35,36,37,38],"class_list":["post-236","post","type-post","status-publish","format-standard","hentry","category-controller","category-data-protection-officer","category-dpo","category-privacy-policies","category-retention-period","category-wikipedia","tag-controller","tag-data-protection-officer","tag-dpo","tag-personal-data","tag-privacy-manager-europe-spain","tag-privacy-manager-in-spain","tag-privacy-policies","tag-purposes","tag-retention-period","tag-wikipedia"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Privacy Policies - Amedeo Maturo - English<\/title>\n<meta name=\"description\" content=\"Privacy Policies data protection personal data controller wikipedia human resources customers privacy security purposes retention period DPO\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Privacy Policies - Amedeo Maturo - English\" \/>\n<meta property=\"og:description\" content=\"Privacy Policies data protection personal data controller wikipedia human resources customers privacy security purposes retention period DPO\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/\" \/>\n<meta property=\"og:site_name\" content=\"Amedeo Maturo - English\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-05T11:51:26+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-03-31T07:34:11+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png\" \/>\n<meta name=\"author\" content=\"Amedeo Maturo\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Amedeo Maturo\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/\"},\"author\":{\"name\":\"Amedeo Maturo\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"headline\":\"Privacy Policies\",\"datePublished\":\"2022-01-05T11:51:26+00:00\",\"dateModified\":\"2022-03-31T07:34:11+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/\"},\"wordCount\":550,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png\",\"keywords\":[\"Controller\",\"Data Protection Officer\",\"DPO\",\"personal data\",\"privacy manager europe spain\",\"Privacy Manager in Spain\",\"Privacy Policies\",\"purposes\",\"retention period\",\"Wikipedia\"],\"articleSection\":[\"Controller\",\"Data Protection Officer\",\"DPO\",\"Privacy Policies\",\"Retention period\",\"Wikipedia\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/\",\"name\":\"Privacy Policies - Amedeo Maturo - English\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png\",\"datePublished\":\"2022-01-05T11:51:26+00:00\",\"dateModified\":\"2022-03-31T07:34:11+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\"},\"description\":\"Privacy Policies data protection personal data controller wikipedia human resources customers privacy security purposes retention period DPO\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png\",\"contentUrl\":\"https:\\\/\\\/www.amedeomaturo.com\\\/wp-content\\\/uploads\\\/2022\\\/01\\\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/privacy-policies\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Privacy Policies\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/\",\"name\":\"Amedeo Maturo - English\",\"description\":\"Otro sitio m\u00e1s de Amedeo Maturo - Multisite\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/#\\\/schema\\\/person\\\/785cb6d0576c93bd57ca5adc11f5175b\",\"name\":\"Amedeo Maturo\",\"sameAs\":[\"http:\\\/\\\/www.amedeomaturo.com\"],\"url\":\"https:\\\/\\\/www.amedeomaturo.com\\\/en\\\/author\\\/amedeomaturo\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Privacy Policies - Amedeo Maturo - English","description":"Privacy Policies data protection personal data controller wikipedia human resources customers privacy security purposes retention period DPO","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/","og_locale":"en_US","og_type":"article","og_title":"Privacy Policies - Amedeo Maturo - English","og_description":"Privacy Policies data protection personal data controller wikipedia human resources customers privacy security purposes retention period DPO","og_url":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/","og_site_name":"Amedeo Maturo - English","article_published_time":"2022-01-05T11:51:26+00:00","article_modified_time":"2022-03-31T07:34:11+00:00","og_image":[{"url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png","type":"","width":"","height":""}],"author":"Amedeo Maturo","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Amedeo Maturo","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#article","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/"},"author":{"name":"Amedeo Maturo","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"headline":"Privacy Policies","datePublished":"2022-01-05T11:51:26+00:00","dateModified":"2022-03-31T07:34:11+00:00","mainEntityOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/"},"wordCount":550,"commentCount":0,"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png","keywords":["Controller","Data Protection Officer","DPO","personal data","privacy manager europe spain","Privacy Manager in Spain","Privacy Policies","purposes","retention period","Wikipedia"],"articleSection":["Controller","Data Protection Officer","DPO","Privacy Policies","Retention period","Wikipedia"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/","url":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/","name":"Privacy Policies - Amedeo Maturo - English","isPartOf":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#primaryimage"},"image":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#primaryimage"},"thumbnailUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png","datePublished":"2022-01-05T11:51:26+00:00","dateModified":"2022-03-31T07:34:11+00:00","author":{"@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b"},"description":"Privacy Policies data protection personal data controller wikipedia human resources customers privacy security purposes retention period DPO","breadcrumb":{"@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#primaryimage","url":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png","contentUrl":"https:\/\/www.amedeomaturo.com\/wp-content\/uploads\/2022\/01\/2013_IAPP_geek_3x3-circle-sticker-template2013-01-150x150.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.amedeomaturo.com\/en\/privacy-policies\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.amedeomaturo.com\/en\/"},{"@type":"ListItem","position":2,"name":"Privacy Policies"}]},{"@type":"WebSite","@id":"https:\/\/www.amedeomaturo.com\/en\/#website","url":"https:\/\/www.amedeomaturo.com\/en\/","name":"Amedeo Maturo - English","description":"Otro sitio m\u00e1s de Amedeo Maturo - Multisite","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.amedeomaturo.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.amedeomaturo.com\/en\/#\/schema\/person\/785cb6d0576c93bd57ca5adc11f5175b","name":"Amedeo Maturo","sameAs":["http:\/\/www.amedeomaturo.com"],"url":"https:\/\/www.amedeomaturo.com\/en\/author\/amedeomaturo\/"}]}},"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/236","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/comments?post=236"}],"version-history":[{"count":4,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/236\/revisions"}],"predecessor-version":[{"id":285,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/posts\/236\/revisions\/285"}],"wp:attachment":[{"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/media?parent=236"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/categories?post=236"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.amedeomaturo.com\/en\/wp-json\/wp\/v2\/tags?post=236"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}