Hi Ofnuts,
first of all thank you for clarifications,
I would like to report to you on what is established for similar cases by the European Union regulation about the processing of personal data.
Should software, services and widgets that do not collect personal data still be included in the privacy policy? What about the cookie policy? Below you will find the answers to these questions and learn what the GDPR and ePrivacy Directive approach is to services that do not process personal data.
Some rather popular services (such as statistical analysis tools or heat mapping) claim that their software does not collect personal data. This means that when users browse a site or use an app that integrates them, the latter does not collect and process their personal data.
This generally occurs in two cases:
When these services actually do not collect any personal data, or
when personal data is anonymized before it is collected, so that the user cannot be identified.
It is therefore not necessary to mention these services in your privacy policy. Articles 13 and 14 of the GDPR (which stipulate what information data controllers must provide to data subjects) apply only when personal data are collected.
Therefore, services that do not collect personal data do not need to be mentioned, not least because-considering the principle of transparency (Articles 5 and 12 of the GDPR)-doing so could lead users to think that these services collect and process personal data.
The above also does not apply to the cookie policy. In this case, European legislation requires site and app providers to disclose cookies or similar tracking technologies, regardless of whether they collect or process personal data. This approach was recently confirmed by the Court of Justice of the European Union in the Planet judgment49.
Therefore, it is not only cookies that need to be mentioned in the cookie policy, but also similar technologies* that allow access to or storage of information on the user’s device, including - but not limited to - tracking pixels, installed fonts, etc., should be indicated
We can therefore avoid dwelling on whether or not the Privacy Policy is in place; however, the GDPR requires us to at least check the cookie policy of any provider, be it a software or widget or similar service.
Unfortunately, in fact, although your site explicitly states that neither trackers nor cookies are used, our system has detected two currently in operation ,check performed from cookieserve.com (altoughts is it possible that are not correct identification?)
Could you please confirm that what is stated in your statement is correct?
Thank you very much in advance,
Sincerely.