A Privacy Policy is a legally required element for every company that processes personal data. It serves to create transparency and protect the rights of data subjects and thus fulfills the legal obligation to provide information to the data subjects.
Key message: A clear and legally compliant Privacy Policy not only protects the privacy of data subjects, but also protects the company from legal risks. There are efficient options for creating a Privacy Policy, the choice of which depends on the way and scope of the data processing in a company.
In detail:
1. Privacy Policy - what is it?
A Privacy Policy is a document that describes how a company collects, uses, stores and discloses personal data. It informs the data subjects about their rights and how these can be exercised.
Data protection laws (Switzerland and the EU) stipulate an obligation to provide information to data subjects. This legal obligation is fulfilled by means of the Privacy Policy.
2. When is a Privacy Policy required?
A Privacy Policy is always required if a company processes personal data. A Privacy Policy is particularly relevant for companies with online presences, such as software solutions or apps that process user data.
3. Swiss law or EU law ("GDPR"): Can I use the same Privacy Policy?
The Swiss Data Protection Act (DPA) and the EU General Data Protection Regulation (GDPR) have many similarities, but also differences. Companies that operate in both Switzerland and the EU should ensure that their Privacy Policy covers both legal systems.
It is possible to draft a Privacy Policy that meets the requirements of both the DPA and the GDPR. This is recommended for companies operating in Switzerland and the EU.
4. How do I efficiently obtain a good Privacy Policy?
In simpler circumstances, various providers of templates can be found online, e.g. DSAT - Datenschutz Self Assessment Tool.
For website providers that do not process any personal data in addition to the website, there are also automated solutions that continuously update the Privacy Policy, e.g. PrivacyBee - your Swiss data protection generator
If you need a legally compliant Privacy Policy that is tailored to your company, the most efficient way is to first list your company's data flows (known as data mapping) and use this list to afterwards create the Privacy Policy. You can order a template for data mapping under Swiss law free of charge here. If you want Lex Futura to guide you through the whole process, you can find our fixed-price package Privacy Policy here.
5. What else needs to be considered?
It is important to know that a Privacy Policy alone is not sufficient to fulfill all data protection obligations. Companies must ensure that they take all aspects of data protection into account, including the implementation of technical and organizational measures (so-called "TOM") to protect personal data. You can find more information on this in the description of our fixed-price package Data Protection Compliance.
