The U.K., Canada, and Australia laws also require Privacy Policies.
- Email addresses
- Birth dates
- Job titles
- Or any other type of identifying information
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- 1. Clause 1: Types of information collected
- 2. Clause 2: How information is collected
- 3. Clause 3: What you do with collected information
- 4. Clause 4: Cookies policy
- 5. Clause 5: Third party access to information
- 6. Clause 6: Dispute resolution
- 7. Clause 7: Business transfer clause
- 9. Clause 9: Email marketing
- 10. Clause 10: COPPA compliance
- 11. Clause 11: Data retention
- 12. Clause 12: Contact information
Clause 1: Types of information collected
This kind of clause makes it clear to users what personal information you need for your website or mobile app to function properly and allows users to determine whether they are comfortable giving that information to you.
Other Privacy Policies contain more detail. SurveyMonkey gives a complete list in its agreement:
A detailed but incomplete list of types information collected can work against your business more than broadly described information types.
Clause 2: How information is collected
Under its section "How We Collect Information", Trello explains that it collects information in two ways:
- The use of services
- And the information provided by users
Like the type of information collected, these are also detailed sections.
Clauses regarding information collected just by using the Trello app mention Google Analytics and IP addresses. The clause also clarifies that this collection usually collects non-identifying personal information:
Information provided directly by users could seem self-explanatory. After all, many businesses request names, email addresses, user names, and payment information.
Clause 3: What you do with collected information
Explaining why you collect data and what you do with it also provides additional liability relief. Depending on your business, you may have several purposes for collecting information from users.
The "What we're doing with the collected information" section is best written in detail since you do not want to be accused of using personal data inappropriately.
Clause 4: Cookies policy
Trello does not have a separate "Cookies Policy", but in its section on collecting information, it mentions cookies. It explains that cookies help with analytical data and users have an option to refuse them (but by doing so there's a likelihood that Trello may not work properly).
Clause 5: Third party access to information
Advertisers, analytics apps, and social networking apps (Facebook, Twitter) are third parties who may access the collected data or collect data through your website or mobile app.
AOL addresses this regarding advertisers but also third parties that help the AOL website function:
Clause 6: Dispute resolution
Unlike Terms & Conditions, Privacy Policies do not normally contain provisions on governing law.
That said, privacy is often a contentious issue and disputes can arise. For that reason, "Governing Law" provisions are replaced with clauses regarding dispute resolution.
Clause 7: Business transfer clause
If your company merges with another or is acquired by a larger entity, your users will likely feel concerned about the continued handling of their information.
The method you chose for notifying your users about changes can be described by you in the agreement.
Clause 9: Email marketing
Due to anti-spam laws in several nations, such as CAN-SPAM in the US, you need to be careful sending users unwanted email.
Microsoft includes a section to comply with CAN-SPAM in its "Privacy Statement":
Clause 10: COPPA compliance
The Child Online Privacy Protection Act (COPPA) is a U.S. law that places additional requirements on web service providers who cater to children. COPPA applies to children under 13 who live in the U.S.
Websites or apps that are only available to adults or those over 13 generally include that there's no intention to collect information from those under 13.
The Public Broadcasting Service (PBS) runs a "PBS Kids" page designed for children. A detailed COPPA page explains that data is only collected with the consent of parents or guardians and extra protection is taken in account:
Clause 11: Data retention
Users can delete their accounts with you or you may act on your Terms & Conditions and deny access to a user who violated your rules.
The normal course of action is to retain personal information only as long as necessary and destroy at the end of that time period, but compliance requirements may compel you to keep it longer.
Clause 12: Contact information
Large companies generally afford to have separate departments for these inquiries, especially if the company takes a Privacy By Design approach.