Does a website privacy policy refer only to data collected on the website, or is it a policy for all data collated in an organisation?
Alasdair Taylor's Answer
Typically, a website privacy policy will cover data collected through the website. However, in some cases, it will extend to other categories of data processed by an organisation. For example, it may cover customer or customer personnel data collected via some other channel – this is especially likely to be the case where there is cross-over between website activities and offline activities.
It would however be very unusual for a website privacy policy to cover ALL processing. For instance, the processing of employee data would usually be subject to a separate notice.