A "How Do We Collect Your Information" clause outlines your methods of gathering personal information, thus contributing to GDPR and various privacy law compliance. Transparency with customers and trust-building hinge significantly on this clause, regardless of business size.
Understanding this clause is crucial for legal protection and fostering a credible business image. This article aims to dissect what goes into the clause, its importance, and provide guidance on crafting it to suit your distinct needs.
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- 1. What is a "How Do We Collect Your Information" Clause?
- 2. Is a "How Do We Collect Your Information" Clause a Legal Requirement?
- 3. What to Disclose in Your "How Do We Collect Information" Clause
- 3.1. Categories of Information Collected
- 3.2. Data Collection Methods
- 3.2.1. Directly From Users
- 3.2.2. Automated Data Collection Techniques
- 4. How to Write a "How Do We Collect Your Information" Clause
- 4.1. Use Short Paragraphs
- 4.2. Use Bullet Points
- 4.3. Don't Use Legalese
- 4.4. Combine With Other Clauses
- 5.1. In the Website Footer
- 5.2. During User Account Creation
- 5.3. Checkout or Transaction Pages
- 5.4. On Email Subscribe Forms
- 6. Summary
What is a "How Do We Collect Your Information" Clause?
Is a "How Do We Collect Your Information" Clause a Legal Requirement?
Yes, a "How Do We Collect Your Information" clause is a legal requirement. Privacy laws across the globe mandate this transparency in data collection, including the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA/CPRA) in the U.S. just to name a slight few.
The primary motivation behind these laws is to ensure that users have control over their personal information. They highlight the necessity of informed consent.
Users have the right to know what personal information of theirs is being collected, how it's collected, and for what purposes.
For instance, under the GDPR, organizations are required to disclose the 'source' from where they collect customer information. In the United States, the CCPA necessitates businesses to be transparent about their data collection processes.
What to Disclose in Your "How Do We Collect Information" Clause
Creating an inclusive "How Do We Collect Your Information" clause involves detailing the processes you employ to gather personal information. The following information should be included.
Categories of Information Collected
Identify the types of personal information you acquire, such as names, email addresses, device information, IP addresses, geographical data, or user browsing records. Ensure all aspects are covered, as The Gold Standard does below:
Data Collection Methods
Clearly define the methodologies employed for data collection. This usually involves two primary methods.
Directly From Users
Instances where users willingly provide their information should be stated. Examples include account registration, newsletter subscription, transaction completions, or contact form submissions.
Here's how Mika Myers lists this information:
Automated Data Collection Techniques
Details of any automated means of data collection should be mentioned, as seen below:
Cookies: Elucidate how cookies are utilized to gather data on user preferences or browsing habits.
Analytics Tools: Indicate if you employ services like Google Analytics to acquire cumulative data on site usage like Arkatechture does here:
Server Logs: Disclose if you gather data such as device info or IP addresses from server logs as you can see from this Mancan example:
Third-party Data Collecting: If data about your users is acquired from third-party sources like advertising networks or social media platforms, it should be mentioned. Disclose who these third parties are and the type of data they provide.
Remember, your goal is to offer a transparent and complete understanding of your data-gathering practices. This not only builds trust with your users but also adheres to your legal responsibilities under global privacy laws.
How to Write a "How Do We Collect Your Information" Clause
Privacy laws mandate that websites disclose how they gather user information in their Privacy Policies, and this disclosure must be easy to understand for all users. For instance, the GDPR mandates it to be done in a "concise, transparent, intelligible and easily accessible way."
Hence, when writing this clause, you need to ensure clarity and simplicity, avoiding complex and confusing language to ensure user comprehension and legal compliance. Remember that if the clause is not easily understood, it could cause legal problems in the future.
A 'How Do We Collect Your Information' clause should also be tailored to fit your company's way of doing things, though there are common formats to consider, including paragraphs being incorporated into other clauses and a list of bullet points.
Use Short Paragraphs
Short, simple language paragraphs are most effective. Also, it's helpful to break up the text with white space or visuals for readability.
Here's an example of a paragraph format from Align Pay:
LinkedIn uses subheadings to categorize the data collected, followed by examples and short descriptive paragraphs:
Short paragraphs of three or fewer sentences also help maintain user engagement.
Use Bullet Points
Bullet points are favored for their ability to handle a large amount of personal information in an organized and concise manner.
MeWe uses this approach to outline its data collection methods in clear, concise sentences:
Here's how Pepsico uses bullet points to set out information in a way that's directly to the point and easy to take in:
Don't Use Legalese
The clause should be devoid of jargon or industry terms. Make it so that your average non-lawyer reader can understand what the clause is saying. Content should also be focused on short, concise sentences and sections.
Google's Information Google Collects clause is an excellent example of clarity:
Combine With Other Clauses
This technique can contextualize the types of personal information collected with the methods and timing of the collection.
In summary, when writing this clause, ensure it is easy to understand, contains relevant information, and is well-formatted for readability and comprehension.
In the Website Footer
This is a common practice as it allows the policy to be accessible from every page on your site. Users typically expect to find legal information in the footer, making it a practical spot.
Here's how Wolverine does this:
During User Account Creation
Checkout or Transaction Pages
Tervis does this well in the following screenshot:
On Email Subscribe Forms
Here's how The Daily does this:
The clause must be clearly written and easy to understand, using common language. It can be presented in various formats like paragraphs, bullet points, or even integrated with other clauses. The important thing is that it maintains readability and transparency.
- Website footer
- User account creation page
- Checkout page
- App store descriptions
- Data collection forms