Your privacy policy is the "face" of your company or product
The General Data Protection Regulation (GDPR) requires that data subjects — users, customers, and even employees — be informed of a whole list of up-to-date information related to the processing of personal data.
This list is set out in Articles 13 and 14 of the Regulation and includes the contacts of your data protection officer, purposes and legal grounds for each processing, categories of data that are being processed, facts and conditions of cross-border transfer, references to the rights of data subjects, and so on.