Notes for the privacy policy on your website

With the entry into force of the GDPR, there must be a privacy policy on all websites that are not of a purely private nature. We list here which topics you should address in your data protection statement if they play a role on your website. This list does not claim to be correct or complete.

The German Association for Data Protection (Deutsche Gesellschaft für Datenschutz) offers a free generator for DSGVO-compliant data protection declarations on websites on its website, which can be used by including the generated link: >

Another one can be found on the page > of the law firm Weiß und Partner. Here, too, the link to the source must be under the privacy policy.

  • Person responsible for the website (company, street, postcode/city, email contact, managing director if applicable, link to imprint).
  • Contact details of the data protection officer (necessary if more than 9 people in your institution have access to personal data)
  • Server log files
  • Cookies
  • Contact forms
  • Newsletter
  • Login/registration function
  • Comment function
  • Statistics tool (Google Analytics, Matomo (formerly Piwik), Facebook Pixel)
  • Integration of online shops, e.g. ticket providers
  • Affiliate links
  • Google tools for online marketing (Google AdWords, Google Tag Manager, Google Analytics ...)
  • Social media sites
  • Integration of third-party content, e.g. YouTube, Vimeo, Google Maps, social media plug-ins, Google Fonts
  • Podcast/Soundcloud widgets
  • Online application