7 articles in this collection.
Written by Veethi Telang

Types of Documents – Contractual & Consensual


By now, you’re well-versed with the concept of general data privacy, and just how important it is for your customers to be in complete control of their data. Now, we come to the real deal – what kind of documents does your online coaching business absolutely need to have?

To ensure smooth business sails, there’s a handful of documents you need to be ready with. These docs can be put into two categories – contractual and consensual.

Allow us to explain both of them in detail, and then, pick and incorporate the ones that your business certainly can’t do without in order to stay GDPR-compliant.

Contractual Documents

Noticed that mandatory “I agree to the terms and conditions” checkbox each time you have to purchase something online? It’s annoying alright, but you can’t proceed further if you don’t tick that box. That, is a contractual obligation that you, the user, has to fulfill before you get to the fun part – using the product or service.

Any document (or a set of documents) that contains essential information for your business/organization to provide services or sell your products to your customers is a contractual document.

Documents like Terms & Conditions, Privacy Policy, Cookie Policy, and End User License Agreement are fine examples of what contractual documents are.

Think about it yourself – you wouldn’t want a new user to get onboard without agreeing to your services’ terms and policies, would you? It’s a safe bet for both parties, and that’s precisely why you need to incorporate them right away.

Things to consider

  • A contractual document states the guidelines for usage of the main service/product that the customer has purchased.
  • The user must agree to providing their consent for this agreement before they can start using the product/service that has been purchased.
  • Agreement to a contractual document should be recorded for future evidence (A signed form or a digital action like ticking a checkbox).
  • The user cannot revoke the consent provided to a contractual agreement.
  • Any amendment to an existing policy or terms would need a separate consent from the end-user.
  • In an event of a dispute, the data controller (business/company) should be able to prove that the customer explicitly agreed to the terms laid down in the contractual document.

The rules of contractual agreements are clear! As is obvious now, the user can’t use your product or avail your services if they do not agree to signing (or accepting) these documents.

Consensual Documents

Unlike the big (read: mandatory) guns above, consensual documents are fairly easy to comprehend. These are documents that cover details of consents taken from your customers for offering additional services that may not be essential to provide your main line of service (access to your product, for example).

Documents that involve a user signing up to receive Promotional Offers and Company Newsletters are examples of consent documents, wherein, the user will explicitly give their consent to you beforehand.

As you may have guessed already, the user can, at any point of time, easily choose to revoke their consent, something that’s not possible in the case of contractual documents.

Things to Consider

  • Consent is required from the customer/user before processing is done for a purpose/intent that is not explicitly mentioned in the company’s contractual document.
  • Consent must be asked explicitly for a clear purpose, and must be freely given.
  • Consent cannot be linked to provisioning of services that are agreed upon in the contract or that the user is already entitled to (like the terms and conditions document which the user has already accepted).
  • Consent must not be requested in ambiguous or uncertain language.
  • Consent must be recorded for future evidence (a signed form or a digital action like ticking a checkbox).
  • Consents should not be bundled. If consent is needed for multiple purposes, separate consent must be taken for each purpose. For example, asking for just one consent to process both personal data for analyzing trends and sending personalized offers is a nay-game! Since the personal data would be processed for two different purposes, the consent needs to be asked twice.
  • Every user should have the option to withdraw consent at any point in time.
  • No processing activity should be carried out prior to receiving written or recorded consent from the user. 

As a business owner, it is your responsibility of seeking consent before you process their data for any purpose. Just remember; in the event of a dispute, it is up to you to prove through evidence (signed or recorded consent document) that consent was explicitly obtained for the data processing event currently under dispute.

Alright then! Now that you have chosen the kinds of documents you need to incorporate into your business, let’s get down to creating them one by one in ConsentUp in our upcoming tutorials. It’s so easy, you’ll be surprised! Keep reading.