02 February 2020
Online forms are a great way to collect important information from visitors and users of your website.
A basic online form would be a form in a pop-up box that collects email addresses of people who visit your site and wish to subscribe to your email newsletters.
It's not mandatory to include your legal agreements near where the web form is located, but the legal agreements must be accessible to users.
The example of the basic form below that simply asks for a user's email address:
An example of a more complex online form is a registration form for a paid subscription service.
The image below is from the Birchbox account sign-up page. After filling out home address information, a user is asked for billing and financial information:
Whether your form collects just basic personal information or asks for pages of information from users, you are always required to collect this information in a legally compliant way.
For websites and mobile apps, this means 3 things, each of which will be discussed in greater detail, as well as in specific scenarios, throughout this article:
You must have the correct legal agreements created and placed on your website or mobile app.
A Terms and Conditions may be recommended depending on the web form being used.
You must make sure that adequate information is included in the legal agreements, such as what data is being collected and why.
Disclosure and accuracy are very important when it comes to staying compliant with privacy laws.
Now, let's discuss a few of the most commonly used or encountered web forms - Contact forms and Registration forms. For each form we will cover the following:
Contact forms are used by websites and mobile apps to make it easier for users to contact the website owner or the team behind the website/mobile app.
Typical contact forms have fields for the user's name, email address, and room for a message that the user wishes to convey to the website operators. The most basic information required from a user in order to be able to contact the user with a response is typically all that is or should be requested on a contact form.
Additional fields may be requested, such as the city the user is located in, as seen in the example below.
Note how in the example below, a phone number field is listed, but marked as being not required. This gives users options as to how much information beyond the basics (name/email address/message) they wish to provide.
In your agreement, let users know why you need each of the pieces of requested information, and how you will use this information. Disclose if any third parties may have access to this information.
if you should choose to provide us with personal information - as in an e-mail or by filling out a form and submitting it to us through the Site - we will use that information to respond to your message and to help us get the information you have requested. The University does not collect personal information for commercial marketing or distribution to any private organizations.
This lets users know how their information will be used, and how it will not be used:
Where should you place the links to your legal pages on your contact web form to make them the most effective?
The first is at the top of the page, or early in the web form design to ensure that a user notices it quickly and before any information has been submitted.
Below is a randomly generated example of how a website could place a box with information in it at the top of a web form.
Note how the information box provides a short but to-the-point summary by letting users know right away that "Information entered on this page will not be used to send unsolicited email, and will not be sold to a 3rd party."
Note how there is a long informative paragraph near the CTA button.
The information in this paragraph in part states that "by responding to this form, you are consenting to the University of Regina using your personal information to contact you to follow up on any suggestions or problems you may identify."
This paragraph also lets users know that different legal bodies are being followed (the University of Regina Act, the Local Authority Freedom of Information and Protection of Privacy Act, etc.).
A link to further "Privacy & Legal" information is provided close to this paragraph, which helps users notice that there may be other relevant privacy information they would be interested in knowing.
The image below shows the email subscription form for users who wish to sign up for email newsletters from the Health Impact News website. The form has a link at the bottom that lets users know that information is available to them about issues of privacy if they click the link.
Clicking this link takes a user to a very clear and basic summary page about how an email address will be used, and how to unsubscribe in the future.
Registration forms are typically far more comprehensive than contact forms, and thus typically collect far more personal information than a contact form would.
Registration forms also play a very important role: registered users are given access to separate and special sections on a website or mobile app that non-registered users are not able to access.
Registration forms collect information that is used to create a special agreement between users of a website or mobile app and that website or mobile app itself.
Yes. A Terms and Conditions is highly recommended for websites that provide users with the ability to register and thus access a separate section of the website than non-registered users have access to.
This agreement is where you can list all requirements and limitations that you have for registered users of your website, as well as protect your website from abuses.
For example, you can limit use of your website to personal use and not allow commercial use, and reserve the right to block a user from your website if this or any other limitation is violated.
Below is the table of contents from the Terms of Service of ESN-VUniverse.
Notice how many topics are covered and are within the scope of the Terms, from Billing and Pricing Modifications to Prohibited Uses.
You are able to include as much information in your Terms as you want regarding the general use of your website or mobile app.
While Privacy Policies are good for telling users how their privacy is protected, a Terms and Conditions agreement covers everything else that you would want to be covered.
Where should you place links to legal pages on your registration web forms to make them the most effective?
The registration form should include information about your Terms and Conditions to ensure that users who are registering are aware that this agreement exists, and know that they are agreeing to the terms and rules from the agreement.
Without this notice, it will be difficult to prove that users agreed to your Terms and Conditions since they may not have even known such a legal agreement existed.
Put links to your Terms and Conditions close to the CTA button. Make this the last thing the user will see before taking the final step and clicking Submit/Register/etc. and make it clear that the user is agreeing to these Terms by continuing to complete the registration process.
Note how Facebook's Sign-Up/Registration form has clear language towards the bottom of the form right before the Sign-Up button, that states, "By clicking Sign-Up, you agree to our Terms, and that you have read our Data Use Policy, including our Cookie Use."
The same standards should be applied to mobile apps and not only websites.
Go one step further with your registration form and require users to actually check a box to acknowledge that they are aware of and agree to your Terms and Conditions.
This is known as the clickwrap method of obtaining agreement to your Terms, and it holds up in court very well.
Below is an example of how to obtain more active, click-wrap acceptance of your legal agreements by users who are in the process of registering.
Have users click this box right before they click the "Sign Up" button for very clear acceptance:
After a user has registered, you can include links to the Privacy and Terms agreements somewhere in the login section just as a regular reminder to your registered users that these are the legal agreements that apply to them.
However, this is not required, but it makes it easier for your users to know what's going on with their personal information, as well as what you expect from them when using your website or mobile app.
If you allow users to register for your website, you aren't required to have a Terms and Conditions agreement but you absolutely should.
Always place links to any legal agreements very close to the CTA button so that a user will notice the links before submitting their information to you. This helps ensure that users clearly know they are accepting your legal agreements.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.