I have a website that is a travel search engine and I am very concerned about GDPR.
I am not interested in any private information from the users for marketing or such things. I just use Google Analytics to see the behavior on the page and to be able to improve it. No log-ins or accounts, no retargetting, no e-mail gathering, no newsletters...
According to GDPR:
‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
I have already anonymized the IPs for Google Analytics, so I would assume I do not have any personal data from the users anymore.
Is my assumption correct?
If so, do I need to care about all the clear explanations like where data is stored, how long is stored and so? Or can I just say something like:
"This website does not collect any personal data"
?
