The Regional Court of Cologne ruled that the contact form of a web shop operator does not have to contain a direct reference to its privacy policy (Ref.: 81 O 32/17).
It was sufficient for the privacy policy to be easy to find and directly accessible at the start of use and at the time of data collection.
No privacy policy next to the contact form
The webshop operator was accused by its competitors of not sufficiently informing its users about its privacy policy as part of its contact form, which asked for their name, email address and telephone number.
Although the form did not contain a direct reference to the privacy policy, all the necessary provisions could be accessed via a “Data protection” link in the footer.
Nevertheless, the competitors considered this to be insufficient information about the type and scope of data collection within the meaning of Section 13 TMG.
Furthermore, the webshop operator had not obtained consent for the collection, processing and use of personal data.
Reference to privacy policy in the footer is sufficient
The Cologne Regional Court has now assessed the legal situation differently.
The notice in the footer complied with the requirements of Section 13 TMG.
The formal requirements of Section 13 TMG are also met if the privacy policy is easy to find and directly accessible at the beginning of use and at the time of data collection.
Privacy policy must be easily recognizable and directly accessible
The reason: Section 5 TMG stipulates that the imprint of the service provider must also be easily recognizable and directly accessible.
The same applies to the accessibility of the privacy policy.
It is therefore sufficient to fulfill the criterion of direct findability “if the link that leads to the information is labeled “data protection””.
It is not unusual and corresponds to the experience of users that general information and explanations are located at the end of the website, usually in the form of a link.
The information is always directly accessible if it can be called up after a maximum of two clicks.
In the case of the privacy policy in the footer, the user has to scroll to the bottom of the website.
Once there, however, a simple click on the hyperlink is sufficient to access the privacy policy.
According to the Cologne judges, this is sufficient.
Tip for the practice
A privacy policy is mandatory in the case of a contact form.
However, it does not necessarily have to be located directly above or below the contact form itself.
A hyperlink in the footer is sufficient.
Where data is collected for advertising purposes or for disclosure to third parties, the user’s consent is also required.