Control Panel


GDPR: Privacy Policy

Posted on May 8, 2018 by Elsa under Business, GDPR, Theimagefile

Over the past few weeks, we have been focusing on GDPR which comes into practice on 25 May 2018 as well as how to manage your existing email subscribers to be GDPR compliant. This post explains more about privacy policies to help you get ready for the launch date. 



A privacy policy is a public statement which communicates information about how you collect, store and use personal data. 



Your privacy policy needs to be: 

  • Concise
  • Transparent
  • In clear and plain language so that it is easy to understand 
  • Intelligible
  • Easily accessible to visitors 
  • Free of charge

Equally, the following seven concepts must be covered somewhere within your privacy policy. It doesn’t matter whether they are written as separate or stand-alone clauses, they just have to be included somewhere. 

  • Who is your data controller? : The data controller is the person or company that is in charge of deciding what personal data is collected. This is most likely going to be the business owner. 
  • How can clients contact your data controller? : Regardless of whether you or a separate company is the data controller, you need to provide some contact details so that visitors to your site can get in touch with the relevant person should they need to. 
  • Do you use personal data to make automated decisions? : This is unlikely to be the case for most of our business types, however, if your business makes automated decisions, such as employment decisions using personal data you need to disclose this. You can also let visitors know if you do not do this, although this isn’t strictly necessary. 
  • Does the visitor have rights under GDPR? : Yes, and you need to inform them of their eight GDPR rights. They don’t have to be explicitly listed out but they should be addressed somewhere within your privacy policy. 

  • Is providing personal data mandatory? : You must tell users if any data that you collect is mandatory to use your service or website and what will happen if they don’t provide this data. An example might be if users need to provide an email address to create an account. If they don’t provide the email address then they cannot create an account. 
  • Do you transfer data internationally? : You must tell users if you transfer their personal data to a different country. You must also provide a description or explanation of suitable safeguards that you have in place to protect the transfer as well as how users can obtain a copy. 
  • Why you are legally processing data? : You will likely cover this when you explain what data you collect and how you use it. For example, let users know that you collect financial information for payment processing, use cookies to remember preferences and collect email addresses to communicate at a later date. 



We have created a new privacy page that you can add to your website which includes an easy option for adding it as a link to your contact page. You can create this page by going to Create New Web Page > Others > Privacy Page. Within this section, there are also instructions on how to add this page to the footer of your website. 

We have added an optional opt-in to “Offers and Updates” checkbox to all contact [age templates, so you have all the tools for list building at your fingertips. Theimagefile Email Export Tool automatically does the right thing when you download your email marketing list from the system, in the sense that by default it will omit submissions who declined or were not asked to opt-in.