Last updated on 19 December 2020 by Sara Pegarella (Law school graduate, B.A. in English/Writing. In-house writer at TermsFeed)
Privacy Policies are written statements that let your clients, customers, or website visitors know exactly what personal information you are gathering from them, and how that information will be used, managed, and disclosed to others.
A Privacy Policy is mandatory even if you collect just an email address. It's mandatory to have it posted online and make it easy to find by users.
In the US, the Federal Trade Commission (FTC) has provided guidance on the use of these agreements, and all states have laws requiring at least a minimal disclosure of exactly what information is being collected and how that information will be used.
Before you begin to draft this legal agreement, read this checklist to make sure you can keep your customers informed and your business compliant when dealing with personal information collection.
Make sure you include all of the required important information in your Privacy Policy.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
Enter the email address where you'd like the Privacy Policy delivered and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
Identify all of the types of personal information you collect, as well as:
Include information about how people can request to see what information you've collected, and either make changes themselves or request that you make changes.
Describe any processes you have in place, such as contact forms, email addresses or account sections where users can access this information.
Additionally, you must disclose how your website responds to any actions a client or customer takes to maintain privacy, such as the "Do Not Track" web browser settings which is required by CalOPPA in the US.
Disclose whether third parties have access to the data you collect or are collecting this data themselves through your business.
Always include the effective date of the policy, and describe the process that you will use to notify users of any material changes to your policy.
Always post your Privacy Policy in an easy to find, conspicuous place on your website and within your mobile app.
The footer of websites and the Legal section of your mobile app are common placement locations.
To summarize, here are some best practices for creating an appropriate and thorough Privacy Policy:
If you work with any third party companies that have access to your users' data and personal information, make sure your Privacy Policy accurately reflects the agreement between your business and those third parties when it comes to third party information collection.
Keep in mind that agreements between central businesses often translate through to subsidiaries and affiliates, so one contract can have long-running ramifications.
Shopify mentions third parties collecting certain personal information from users in its Privacy Policy:
Passive tracking methods include cookies, pixel tags, web beacons, browser fingerprinting, and other simple but material ways of tracking users.
Your Privacy Policy must thoroughly address these passive means of data collection for you to stay compliant and out of trouble.
Misrepresentations here can lead to charges of deceptive advertising. Even the smallest and simplest tracking method needs to be disclosed.
With the collection of personal information comes the drive for appropriate privacy.
Users don't want you collecting excessive data from them, and you don't want to have to deal with maintaining and disclosing this excessive collection.
Because of this mutual wish for minimal data collection, there is a new trend towards considering privacy from the beginning and only collecting minimal and necessary data. When developing your website or mobile app, keep this in mind.
Design your websites or mobile apps with a drive for privacy to avoid complications with lawsuits and lengthy and complex legal agreements.
Always give your users the option to opt-out of any marketing communications, or make them have to opt in explicitly.
This makes it easy when it comes to consent and notice requirements because your customers will always be consenting to receive your communications.
This isn't required of all businesses, but it's a best practice for any business and may become a legal requirement one day.
By documenting what your business will do to protect the collected data, you will be favorably regarded by your customers and third-party collaborators, and will help avoid potential future data disasters, or at least know how to deal with one if one arises.
Online Behavioral Advertising ("OBA") works by collecting data about what someone views online and then tailoring advertising specifically to the personal interests of the individual at a later date and on a different website.
If your company participates in this, you must remember to include indemnity provisions and requisite insurance information in any agreements with vendors who collaborate with the OBA campaigns and also disclose all OBA activities in your Privacy Policy.
Retargeting, also known as remarketing, is an example of Online Behavioral Advertising. If your business started running any retargeting campaigns, make sure to follow the requirements from various platforms you use:
Before data can be collected about anyone under the age of 13, aside from the fact that the individual is under the age of 13, parental consent must be obtained.
If your website or mobile app is not directed towards children, take steps to ensure you are not collecting data from these children to avoid a violation of the Children's Online Privacy Protection Act (COPPA).
If your company develops the website and/or the mobile app to be used by children under 13, make sure you comply with the COPPA Act.
Location-based information technology works by tailoring advertising or technological features to an individual based on his or her GPS location, such as in or near a specific store, or in a certain town.
Always give notice to your customers about how this location information will be collected and used, shared and disclosed.
By following the above checklist you can ensure compliance when it comes to your Privacy Policy requirements and notification procedures.
Create Privacy Policy, Terms & Conditions and other legal agreements in a few minutes. Free to use, free to download.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
19 December 2020