GDPR : Privacy Policy

A Privacy policy is a document whose contents must be aligned with General Data Protection Regulation (GDPR).

In the case of a landing page and a privacy policy linked to it, you have to remember a few things.

  • There are two concepts at work here: the Personal Data Controller (PDC) and Personal Data Processor (PDP). The first one is the landing page owner. He has to have consent on a so-called data processing agreement with data processors – subjects that will process these data. In the context of landing pages, the processor will be the Landingi company for example, but also every other company creating marketing software that works somehow with a created landing page (e.g MailChimp, Zapier, Intercom, etc.). It also concerns every other company that has personal data that we then share.
  • There’s no need to put the entire content of a privacy policy document on the landing page. You can put a link to your website that has the entire content (in a .pdf file for example).
  • In the privacy policy there has to be a clause about the possibility to push litigation in front of a supervisory authority. Please check who that would be in your country.
  • You have to put a checkbox on the landing page that will be visible next to a text informing that every person handing over personal data has to agree on processing them. You can also place a text informing that you have a data processing agreement with MailChimp, for example, for the purpose of sending newsletters. You don’t have to mention the specific tool, but you have to list the specific tool category; email automation software for example.
  • In the document there should be listed information about what data is processed and how it’s being stored.
  • In the document there also should be information about how personal data is protected by the landing page owner. Securing a landing page with SSL is a form of enforcing a barricade, so the information about that should be posted in a privacy policy document. The Landingi app has the option of securing landing pages with SSL.
  • There are two categories of personal data – common and vulnerable. Common can be categorized by name, surname, a Social Security Number, email address, etc. Among vulnerable are: information on criminal record, health state, genetic data. Regulations on common data are placed in Article 6 of the GDPR, whereas information about vulnerable data is gathered under Article 9. You have to inform landing page users of the legal basis under which data is gathered with your landing page.
  • What are the legal consequences for the organization not aligned with GDPR guidelines on privacy policy? The law is talking about penalties ranging from 10 mln to even 20 mln Euros, or 2% up to 4% of a company’s annual turnover. Penalties are not specified here and their nature is designed mostly to scare off people wanting to avoid compliance with the GDPR. This is not, however, a good idea. The amount of the penalty is set by the supervisory authority.
  • The privacy policy on a landing page has to be aligned with the company’s character. There is no template that can be used by every organization. We can create a basic template that you can use for creating your own privacy policy document. It goes like this:

1. General Provisions

1. The administrator of personal data is [company’s, with the headquarters in [city,, registered under the number [number]. The corresponding court for the company is [court’s name, city, the name of department, company’s identification Personal data security is handled according to the restrictions of the law and their storage takes place on secured servers.

2. For interpretation of terminology, we use the regulation glossary in the Privacy Policy document.

3. For a better understanding of the Privacy Policy, we use the term You for the User and We for the Administrator. The term GDPR means General Data Protection Regulation (GDPR), which is the law created by the European Parliament and Council (EU) 2016/679 dated April 27th 2016, regarding the protection of natural persons under the processing of personal data.

4. We respect the privacy law and care about data security. That’s why we use the Secure Sockets Layer (SSL) protocol.

5. Personal data given in the form on a landing page are treated as private and as such they are not visible to unauthorized personnel.

2. The Data Administrator

6. The service provider is the administrator of customers data. It means that, if you have an account on our website, we may process your data such as: name, surname, email address, telephone number, professional title, the company you work for, an IP address.

7. The service provider is also the administrator for people enrolled in for [for a newsletter or a webinar.

8. Personal data are processed:

a) according to the law on the protection of personal data

b) according to our Privacy Policy

c) for the purpose necessary for agreement creation and shaping its contents, changes in it and finally revoking it and for the purpose of services performed digitally

d) for the purpose necessary for fulfillment of legally-backed interests and goals and the processing does not affect the disputes and freedoms of the person whose data is concerned

e) within the boundaries of the purpose of our agreement if you (for example) signed up for newsletter

f) within the boundaries of the purpose  of our agreement if you (for example) signed up for a webinar

9. Every person which handed over his or her data (if we are this person’s administrator) has the right to access the data, edit, delete or limit its processing. Also, the right to objection and the right to litigation in front of a supervisory authority.

10. Contact with the person overseeing the processing of the personal data in the organization of the contractor is possible via email: [

11. We reserve the right to process your data after the contract dissolution or the agreement withdrawal only in the field of pursuing the potential claims before the court or if the local, European or international law obligates us to data retention.

12. The service provider has the right to hand over a user’s personal data or other data to the authorized organizations that have the right to view them (police for example).

13. Deleting the personal data can happen when the user withdraws his or her consent or present a legally-binding objection for personal data processing.

14. The service provider does not share personal data with other organizations unless they are authorized to view them based on the local law.

15. We have put pseudonymization, data encryption and access control in place to minimize the impact of a possible security breach.

16. Personal data are processed by the authorized personnel or outside personnel that we closely cooperate with.

3. Cookies

17. The uses cookies. They are 16 text files sent by a web server and stored by computer browser software. When the browser reconnects to the site, the site recognizes the type of device used by the user for connecting. Parameters allow reading of the information contained in the cookies only to the server that created them. Therefore, cookies make it easier to use previously-visited sites.

The information collected relates to the IP address, the type of browser used, language, operating system type, internet service provider, information about the time and date, location, and information sent to the site via a contact form.

18. The collected data are used to monitor and determine how users use our websites, to improve the functioning of the service in order to ensure more efficient and seamless navigation. Monitoring of information about users is performed with use of the Google Analytics tool that registers user behavior on a site.

19. Cookies identify the user, allowing to adjust the content of the website to the user’s needs. Remembering user preferences allows for the proper fit of displayed advertisements. We use cookies to ensure the highest comfort standard of our site, and the collected data are used by [company only internally in order to optimize activities.

20. The data are stored and processed in accordance with [country’s law. We respect the privacy of our users, therefore the stored data are confidential and not shared with third parties. Their security is a high priority for us, that is why they are collected on safe and protected servers.

Cookies can not access data on a user’s disk, nor are they able to establish a user’s identity. Also, they do not track user’s activities after leaving our site.

21. On our site we use the following types of cookies:

a) essential cookies which allow the use of services available on the website, such as authentication cookies used for services that require authentication through the website

b) cookies used to ensure safety, such as the ones used for detection of fraud in authentication through the website

c) performance cookies for collecting information about the use of the website

d) functional cookies for saving user-selected settings and customizing the user interface, as regards (for example) language or region of origin of the user, font size, website appearance, etc.

e) advertising cookies that provide users with advertising content more tailored to their interests

21. Users can at any time disable or enable the option of cookie collection by modifying the settings in their browser.