Privacy Notices

The GDPR principles include a requirement on Data Controllers to be ‘transparent’ about the Personal data processing that we do, and for this to include specific and explicit explanations about the purposes of this processing.

This is supported by the GDPR rights to be informed about the processing when data is being collected directly by us, and when it is being collected indirectly (i.e. from another organisation) In short, we must not do anything with personal data without having taken steps to inform the individuals about it. To process without informing is a breach of the law, unless the Data Protection Act provides a valid exemption. The main means of informing is through ‘Privacy Notices’, and ARU provides comprehensive information on all of our routine processing on our Corporate Privacy Policy on our public website.

The Right to be Informed

How the information is presented

Layered approach

Truncated Privacy Notices


Privacy Notices for Children

What information should we give to children?

How should we provide privacy information?

What if we are relying upon parental consent?

What if the child is pre-literate?

When would ARU be likely to asking children for their data?