DiFü-logo
Start Home
Please enter a valid email address
Please enter your password
Lost password?

Create an account and save your progress

Please enter a valid email address
Please enter a password

To issue certificates, we also need your name and date of birth

Please enter your name
Please accept our terms and conditions to proceed
Exam Topic exam

D1 | Privacy

Here you will learn about data protection, privacy policies, and what companies should consider when it comes to data protection.

  • Business owners need to take the data protection rights of their customers and business partners seriously. Above all, you must not publish or forward customer data without asking first. Data can only be requested for a specific purpose, and customer consent is required.

    Data protection is relevant for business owners wanting to sell goods or services online, such as in an online shop, where they must ask customers to accept a privacy policy when shopping online. The wording of your privacy policy needs to be carefully considered.

    GDPR

    The European General Data Protection Regulation (GDPR) aims to standardize data protection measures in Europe. According to the GDPR, a privacy policy should be clear and understandable. A business website should clearly state the rights of its customers, and not resort to overly long and complicated text.

  • Depending on what internet services you use, a variety of data may be requested from you, including your address or bank details. But websites are able to get even more information from you, as can be seen in the following points.

    If you buy office supplies online, the online shop will most certainly need your company’s delivery address in order for you to receive the supplies. But do you really need to include a name in the delivery address, or would the word “office” be sufficient?  The online shop also needs an email address from the company for invoicing purposes, but does it have to be an address that contains an employee’s first and last name? Would a generic company email address (info@….) be sufficient instead? Your date of birth is sometimes required when verifying certain legal requirements. Always think about what information a retailer actually needs.

    When you browse the internet, online providers collect a variety of technical information, such as which browser you use, or how long you have stayed on a website. This is called tracking, and allows companies to statistically evaluate how popular their sites are on the internet. In order to restrict this form of tracking, you must reject the cookies that the provider needs for statistics, because these are what allow your surfing behavior on the website to be “tracked.”

    2_LE3_TSEN01_2

    Sometimes smartphone apps will gather information as well, if you’ve given them permission to do so. The weather app on your smartphone will ask for your location in order to display the local weather, but this information also tells the weather app company exactly where you are. If you don’t grant permission to access your location, the weather app will simply show you weather from a random location, and you would have to manually enter your location to see the local weather.

    Online retailers like to send promotional emails or newsletters once they have your email address on file, such as through an online purchase. If you don’t want to receive these kinds of emails, you have to unsubscribe from them in the customer portal, or opt out through email.

  • Do you need a privacy policy for your company’s website? Keep in mind that it should answer the following questions:

    • What personal data is stored?
    • For what purposes is the data being stored, and for how long?
    • Is the data shared with partner companies?
    • What security measures are in place at the company to protect the data from hackers?
    • Who is in charge of data protection that will act as a contact for questions from interested parties?

    The answers should be clear and understandable for all readers of the policy.

  • You can use the following checklist to see whether your company handles customer data in a respectful and confidential manner:

    Is there a clear privacy policy available on your company’s website?

    This should be linked at either the top or at the bottom of the company homepage.

    Is your company transparent about what personal data it stores, processes, and shares with third parties?

    If your company privacy policy does not explicitly state how the company handles personal data, it may appear questionable to customers and business partners.

    Does the section “Purposes of data collection” mention the explicit purposes of data storage?

    If not, customers and business partners could think their data is being misused, such as for unsolicited advertising.

    Has a data protection officer been appointed?

    If not, it may seem very dubious to the customer.

Progress Level 1 – Business