Is your website’s legal notice correct ?

What is the section of any website most of us rarely read ? The legal notice page ! A substantial number of Belgian websites either have no legal notice or an incomplete legal notice. Yet they are compulsory in Belgium.

Why are they so disregarded ? Because the website owners do not always know what they need to put in it! So they forget to redact a legal notice, leave the page empty, etc.

With the introduction of the new General Regulation on the Protection of the Personal Data (GDPR), it is high time to take a closer look at what needs to be included in the legal notice of websites in Belgium.

Small precision : this article relates to all website types. E-commerce sites however need to also include the general terms and conditions of sale in addition to the mentions detailed in this article.

Is your website’s legal notice compliant? Read this article now. You will thank us later!

Which elements does the law require the legal notice to contain?

Identity and contact details of the website’s publisher

Company name
Legal form
Postal address of the company’s registered office
Telephone no.
E-mail address
CBE (Crossroads Bank for Enterprises) number
VAT number
The competent data protection authority (if required for your activity)
Regulated occupation (trade qualification and link to the professional standards)
Code of conduct (if required for your activity and link to consult the code)

Confidentiality policy (processing of personal data of visitors and users)

This part was already compulsory before the GDPR took effect. Now, it is more detailed and required to contain the following information :

The identity and the contact details of the data controller (or of the data controller’s representative)
The identity and the contact details of the “Data Protection Officer” if this post exists within your company si ce poste existe dans votre entreprise
The purposes of the processing as well as the legal basis which proves that you are within your rights to process the data (express consent from the visitor, legal obligations, etc.)
The recipients or the categories of recipients of the personal data
The possible transfer of data to another organisation or a third country
The data retention period and the criteria used to establish the duration of this period. For example, for how long do you keep the data on record that were sent in to you using your contact form ?
The visitor’s right to requestaccess to his personal data held by the data controller, but also the right to rectification, amendment or erasure. The data subject also has the right to request that the processing relating to him be limited, or to object to having his data processed.
The visitor’s right to request a copy of the data dans un format structuré. (Droit à la portabilité)
The right toenter a complaint with a supervisory authority. The supervisory authority in Belgium is the Data Protection Authority.
The information relating to possible profiling as well as the consequences thereof for the data subject.

For full details on the obligations under the GDPR, please see the European regulation : http://eur-lex.europa.eu/legal-content/FR/TXT/PDF/?uri=CELEX:32016R0679&from=FR

The use of cookies

No need to remind you what cookies are in connection with websites. However, it is worth noting that any given website often uses several cookies, and that the law requires you to provide some information for each of the types of cookies used on your website :

Cookie name
Purpose
The way it works (in broad outlines)
The legal status that authorises you to use this cookie

The use of tracking tools

If you use tracking tools such as Google Analytics or Hotjar to analyse the traffic on your website and the behaviour of the users, for each tool used you also need to specify the name, the data collected, the purpose of the processing and the data retention period.

It is also important to enable visitors to refuse permission to be tracked during their visit for statistical purposes. As such, visitors must be given opt-out procedures which are generally available for this type of tools.

Some further information on Google’s confidentiality rules : https://www.google.com/intl/fr/policies/privacy/partners/.

Things you are free to add in your legal notice but which are not compulsory

The above section outlines the obligatory mentions which must be included in your website’s legal notice. However, you are free to include other elements to provide visitors with the broadest possible information.

Intellectual property

This paragraph should specify the elements of the website which are protected as being the intellectual property of the site’s publisher, and which may not be copied or reproduced in any shape or form, whether in full or in part, without permission.

Disclaimer

The purpose of the disclaimer is to waive or restrict the liability of the site’s publisher with particular reference to gaining access to the website (possible maintenance or IT problems), the information available (accuracy of the information supplied, whether or not the information is updated on a regular basis), the hyperlinks (links to external sites), the possible comments from visitors (over which the owners do not always have direct control), etc.

General terms of use

As the name says, the general terms of use set out the rules subject to which visitors may use the website. Here you need to specify the way in which the site in question operates and the rules that must be complied with when using/visiting the site. This can be particularly useful for the members’ areas, the forums, etc.

However, you should also know that the general terms of use of a website carry legal weight and are enforceable only if the visitor has actually read these terms and expressly accepted them.

See other articles on this topic :

http://economie.fgov.be/fr/Pressroom/Votre-entreprise-a-un-site-web-ou-une-page-Facebook/

https://c-marketing.eu/votre-site-est-il-legal/

http://blog.legalstart.fr/2017/08/04/importance-cgu-site-internet/