- From: Rigo Wenning <rigo@w3.org>
- Date: Sun, 20 May 2012 18:37:56 +0200
- To: www-p3p-policy@w3.org
- Cc: Markus Hartmann <hartmann-m@celanio.com>
Dear Markus, I see that you're coming from a European context. There the answer to your question is pretty simple. Whoever is the data controller has to be the responsible person mentioned in the P3P Policy. So if the application data collected is owned and controlled by your company the P3P Policy should be in your name, that means the <Entity></Entity> field should be filled with your company's contact information. If you're only a processor and your customer owns the data and is responsible for the processing and you just process on their behalf, the customer's contact information should go into the <entity> field. Best, Rigo Wenning W3C On Tuesday 08 May 2012 10:25:01 Markus Hartmann wrote: > Hello everyone, > > We need for a customer a P3P Policy, but we are not sure to whom it has > to be issued. > > We are a service provider for a web based event-management software. > With this software a customer can realize events, starting with planning > events through to write invoices, creating statistics etc. Also all > content of the website provided by us, is created and administrated from > our customer. > > Customers of our Customer can participate on such events, if they > register themselves for it via a web-based form with personal data, > similar to a web shop and therefore we need a P3P Policy. > > Our Customer has the opinion, that the Policy has to be issued to > ourselves, because we store the data and provide the software. > > We think differently, because our customer ascertains and works with > data from customers of himself. > > So to whom we have to issue the Policy? > > TIA > Markus Hartmann
Received on Sunday, 20 May 2012 16:38:26 UTC