[prev in list] [next in list] [prev in thread] [next in thread]
List: www-p3p-policy
Subject: Re: P3P Policy Creation
From: Rigo Wenning <rigo () w3 ! org>
Date: 2012-05-20 16:37:56
Message-ID: 12740790.f5xaCV3j06 () hegel ! sophia ! w3 ! org
[Download RAW message or body]
Dear Markus,
I see that you're coming from a European context. There the answer to your
question is pretty simple. Whoever is the data controller has to be the
responsible person mentioned in the P3P Policy.
So if the application data collected is owned and controlled by your company
the P3P Policy should be in your name, that means the <Entity></Entity>
field should be filled with your company's contact information. If you're
only a processor and your customer owns the data and is responsible for the
processing and you just process on their behalf, the customer's contact
information should go into the <entity> field.
Best,
Rigo Wenning
W3C
On Tuesday 08 May 2012 10:25:01 Markus Hartmann wrote:
> Hello everyone,
>
> We need for a customer a P3P Policy, but we are not sure to whom it has
> to be issued.
>
> We are a service provider for a web based event-management software.
> With this software a customer can realize events, starting with planning
> events through to write invoices, creating statistics etc. Also all
> content of the website provided by us, is created and administrated from
> our customer.
>
> Customers of our Customer can participate on such events, if they
> register themselves for it via a web-based form with personal data,
> similar to a web shop and therefore we need a P3P Policy.
>
> Our Customer has the opinion, that the Policy has to be issued to
> ourselves, because we store the data and provide the software.
>
> We think differently, because our customer ascertains and works with
> data from customers of himself.
>
> So to whom we have to issue the Policy?
>
> TIA
> Markus Hartmann
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic