Article 13 of the General Data Protection Regulation (GDPR) is one of the most important provisions concerning transparency and the rights of data subjects. It outlines the exact information that a data controller must provide when personal data is collected directly from an individual. In simple terms, Article 13 ensures that people clearly understand who is collecting their data, why it is being collected, how it will be used, and what rights they have in relation to it.
This obligation applies whenever an organization collects personal data from users, such as through websites, mobile apps, forms, subscriptions, or customer registration processes. The information must be communicated in a concise, transparent, intelligible, and easily accessible form, using clear and plain language.
To help you better understand how Article 13 works in practice, below are five detailed examples of GDPR Article 13 notices tailored for different real-world scenarios. Each example demonstrates how organizations can meet compliance requirements while maintaining clarity and user trust.
Example 1: GDPR Article 13 Notice for an E-commerce Website
Privacy Information When Placing an Order
When you place an order on our website, we collect and process personal data necessary to fulfill your purchase. This includes your name, billing address, shipping address, email address, phone number, and payment details.
Data Controller: ABC Online Store Ltd, 123 Commerce Street, London, United Kingdom. Email: privacy@abconlinestore.com
Purpose of Processing: Your personal data is processed for the purpose of processing and delivering your order, managing payments, handling customer service requests, and complying with legal and accounting obligations.
Legal Basis: Processing is necessary for the performance of a contract in accordance with Article 6(1)(b) GDPR and to comply with legal obligations under Article 6(1)(c).
Recipients of Data: Your data may be shared with payment service providers, delivery companies, and accounting service providers strictly for the purpose of fulfilling your order.
Data Retention Period: We retain your data for as long as required to fulfill contractual obligations and comply with statutory retention requirements, typically up to 7 years.
Your Rights: You have the right to access, rectify, erase, or restrict the processing of your data. You may also object to processing and lodge a complaint with a supervisory authority.
Contact for Data Protection Matters: You can contact our Data Protection Officer at dpo@abconlinestore.com.
Example 2: GDPR Article 13 for Newsletter Subscription
Privacy Notice for Newsletter Sign-Up
When you subscribe to our newsletter, we collect your email address and, optionally, your name to deliver marketing communications and updates.
Data Controller: XYZ Media Group, 45 Digital Avenue, Berlin, Germany. Email: privacy@xyzmedia.com
Purpose of Processing: Your personal data is processed to send you marketing emails, promotional offers, and company news.
Legal Basis: Processing is based on your explicit consent under Article 6(1)(a) GDPR. You may withdraw your consent at any time.
Recipients: Your data will not be shared with third parties, except for email distribution service providers under strict contractual agreements.
Data Retention Period: Your data will be kept until you unsubscribe from the newsletter or withdraw your consent.
Your Rights: You have the right to request access, correction, or deletion of your personal data at any time. You also have the right to withdraw consent without affecting the lawfulness of processing prior to withdrawal.
To unsubscribe, click the link at the bottom of any newsletter email or contact us directly.
Example 3: GDPR Article 13 for User Account Registration
Privacy Information for Account Creation
When registering an account on our platform, we collect personal data such as your name, username, email address, and password.
Data Controller: TechSolutions Ltd, 88 Innovation Road, Amsterdam, Netherlands. Email: gdpr@techsolutions.eu
Purpose of Processing: Your data is used to create and manage your user account, provide access to platform features, and improve user experience.
Legal Basis: Processing is based on your consent and the necessity to perform a service contract.
Data Sharing: Your data will not be shared with third parties unless required by law or for platform security purposes.
Data Storage Period: Data is retained for the duration of your account's activity and up to 12 months after account closure.
Your Rights: You have the right to access your data, request its correction or deletion, request data portability, and restrict processing under certain conditions.
You may contact our Data Protection Officer for assistance with your rights.
Example 4: GDPR Article 13 for Job Applications
Candidate Privacy Information
When submitting your job application, we collect your CV, contact details, work history, and educational background.
Data Controller: BrightHire Recruitment Ltd, 200 Careers Plaza, Dublin, Ireland. Email: hr@brighthire.ie
Purpose of Processing: Your data is processed to evaluate your suitability for employment and manage the recruitment process.
Legal Basis: Processing is based on your consent and steps taken at your request prior to entering into a contract under Article 6(1)(b).
Data Access: Your application data may be accessed by HR personnel and hiring managers involved in the recruitment process.
Retention Policy: Application data is stored for a maximum of 12 months after the recruitment process, unless you give consent for longer retention.
Your Rights: You have the right to request access, rectification, or deletion of your personal data and to withdraw your consent.
Example 5: GDPR Article 13 for Event Registration
Privacy Information for Event Participants
When you register for our event, we collect your name, contact details, company name, and dietary preferences.
Data Controller: Global Events Ltd, 10 Conference Way, Paris, France. Email: privacy@globalevents.com
Purpose of Processing: Your data is processed to manage event participation, coordinate logistics, and communicate event-related updates.
Legal Basis: Processing is based on contractual necessity and legitimate interest under Article 6(1)(b) and (f).
Recipients: Your data may be shared with event partners strictly for logistical purposes.
Storage Duration: Personal data will be retained for 6 months after the event unless legal obligations require longer retention.
Your Rights: You may request access, correction, or deletion of your data at any time and lodge a complaint with a data protection authority.
Key Elements Every Article 13 Notice Must Include
Across all examples, the following elements are essential for compliance with GDPR Article 13:
- Identity and contact details of the data controller
- Purpose of data processing
- Legal basis for processing
- Recipients of the data
- Data retention period
- Rights of the data subject
- Right to lodge a complaint
- Information about data transfers outside the EU (if applicable)
- Whether providing data is mandatory or optional
These elements ensure transparency and help build trust between organizations and individuals.
Conclusion: Why GDPR Article 13 Examples Matter
GDPR Article 13 examples provide practical guidance on how organizations should communicate data collection practices in a transparent and structured manner. By clearly stating who processes the data, why it is being collected, how long it will be stored, and what rights individuals have, companies reduce the risk of non-compliance and enhance user confidence.
Implementing well-written Article 13 notices helps businesses demonstrate accountability while empowering users with knowledge and control over their personal information. Whether you run an e-commerce store, manage a newsletter, hire employees, or organize events, ensuring GDPR-compliant privacy notices is vital in today’s data-driven world.
By using the examples above as templates, organizations can create their own tailored GDPR Article 13 notices that meet legal requirements and promote transparency, accountability, and trust.