Your right to be informed

Websites you visit must tell you when they use your personal information, and they must tell you how they use it.

The information they provide to you must be:

  • concise, clear, easy to understand and easy to access
  • written in plain English, particularly if you are under the age of 18
  • free of charge

The details must include:

  • that you have rights regarding how your personal data is used, including that you can withdraw your consent for use at any time (if consent was the basis on which they use it), and that if you are unhappy, that you can lodge a complaint with the supervisory authority
  • exactly who is using your data: including the name of the organisation, contact details, any third party representative and any data protection officer
  • the reason why the data will be used, and what lawful basis there is for use
  • how the organisation has a legitimate interest to use it
  • who else will use or process the data
  • whether the data will be transferred to non-EU countries and how it is protected if it is
  • how long the data will be used for
  • whether the data is used for automated decision making (including profiling); how those decisions are made and the significance and the consequences of those decisions

Most often, this information should be placed in the privacy policy or privacy notice of the organisation’s website.

If you provide personal information

If the data is collected directly from you, the organisation must tell you how it will be used at the time of collection.

You also have the right to know whether provision of the data is a legal requirement, and whether there are possible consequences of failing to provide it.

If your personal information was obtained from another organisation

If the data is provided by a third party, you have a right to be told how it will be used within a reasonable period. That would be:

  • when your information is first used to communicate with you
  • before it is disclosed to anyone else

and in any case, within one month.

You also have the right to know:

  • what categories of personal data the organisation holds
  • the source of the data about you, and whether those sources are publicly accessible