Last updated on 01 July 2022 by William Blesch (Legal and data protection research writer at TermsFeed)
First, you should know that laws are changing worldwide with new data privacy regulations going into effect. Many of these rules update and expand upon existing data privacy laws, and so business owners must ensure they comply with whatever geographic location they happen to do business.
This can be part of an introduction clause, such as this clause from Pandora that notes the official business name, and that the policy applies to itself and its subsidiaries:
Let users know what information you are collecting. Be as specific as possible, like Pandora is here with listing out each different data type in a separate section:
The clause also includes how the data is collected, such as when a user registers, signs up for a subscription, or responds to ads.
This clause is where you let users know what you'll be doing with the collected personal information. As always, be as specific as possible without being overly complex in language.
Here's how Pandora does this:
Using a list format makes a clause like this easier to read and helps with clarity.
This is a very important clause, as users have the right to know not only what you do with their information, but if any other company who isn't you will also have access.
Here's how Pandora lets users know who information may be shared with, under what circumstances, and how the sharing will be done:
You'll need to let users know what their rights are, and how they can exert them. These rights may only apply to people in certain jurisdictions, such as rights specifically granted to people in California via state laws.
Here's how Pandora lets users know about their rights and how they can exert them:
Here's how Pandora notes that users should check the policy page periodically, and also that any material changes will come with notice, likely via an email:
While many of the clauses seem fairly boilerplate and the same across the board, they still need to be specific to your own practices and must be accurate.
Recall the maxim that people do business with those whom they know, like, and trust. If you break the trust of those who use your website, blog, or app, they're not going to want to use your products or services any longer. You're going to make them angry, and then through word of mouth, each one is likely to tell about fifteen other people.
Your company could suffer a severe backlash along with potentially awful PR because you made a wrong choice. You don't want to put your company in the position of having to do damage control for years to come.
For example, you need to let users know:
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
01 July 2022