Last updated on 21 July 2022 by Robert Bateman (Privacy and Data Protection Research Writer at TermsFeed)
If you've recently started an ecommerce business using WooCommerce, you're going to be focused on sales, suppliers, and investment. But you have other important duties too, such as complying with privacy law.
In some cases, explaining these kinds of practices is actually required by law.
As an ecommerce business, you'll likely find yourself regularly collecting and processing the personal information of your customers, your potential customers, and the visitors to your website. This can be through collecting financial information to complete sales, email addresses to send out marketing emails and other related processes.
There are probably two main ways in which you collect personal information:
You might also receive personal information from third parties, such as social media channels or subsidiary companies.
Here's an example of a clause from Amy Boyd that discloses what types of information it collects:
SurveyMonkey breaks down each different type of information into an easy-to-read, short paragraph, like so:
In addition to the personal information your customers provide to you, there's also the personal information you automatically collect from visitors to your website. The means by which you collect this type of personal information might include:
The types of personal information you collect in this way might include:
Here's an example from PhotoBite of how you can disclose this in a short yet informative clause:
You might be surprised to see some of these types of data listed as "personal information." However, personal information is defined very broadly, especially in places such as California, Canada, and the EU.
The table below describes some typical activities of an ecommerce business, together with the types of personal information it might need to collect for these purposes.
|Some typical activities of an ecommerce business:||Types of personal information it might need to collect for these purposes:|
|Communicating with a customer about their order or their customer service queries:||Name, email address, phone number|
|Processing a customer's order:||Name, shipping address, billing address, payment card details|
|Advertising:||Cookie ID, email address|
|Improving your website or app:||Analytics data, e.g. website usage|
|For security and fraud prevention:||IP address, cookie data|
|Setting up an account:||Username, password|
Here's how clothing retailer River Island explains some of the ways in which it uses personal information:
Practically every business needs to share personal information or to allow other companies to collect personal information on its behalf.
If you run a WooCommerce store, it's likely that your customers' personal information will be processed by third parties such as Wordpress, WooCommerce, and Stripe (which processes payments on behalf of WooCommerce Payments).
You might also share personal information with:
The business lists Wordpress, WooCommerce, Google Analytics, and MonsterInsights among the third parties with which it shares personal information.
You should also provide links to the Privacy Policies of your third-party service providers.
Here's how jewelry retailer Eileen Gatt does this:
Note that you don't necessarily have to identify your third parties service providers by name. It may be sufficient to list the types of third parties with which you share personal information (e.g. "payment processors," "mail carriers").
You should provide contact details for your company in case visitors have any questions about your privacy practices.
Here's an example of a contact clause from Viber:
Include as many different ways as possible for users to reach you, from email to conventional mail, to a phone number or web form if you offer such features.
If you have customers in the U.S., your main concern should be complying with the privacy laws of the state of California, which are the strictest in the country. For example, one of California's privacy laws is the California Online Privacy Protection Act (CalOPPA).
CalOPPA applies to all commercial websites that are accessible in California. This means that if your WooCommerce store has a shopper from California - which it most likely does - you need to comply.
Here's an example of how Medtronic discloses how its website treats "Do Not Track" signals:
The EU has the highest privacy standards in the world to date.
If you have customers in the European Economic Area (the EEA), you must comply with the General Data Protection Regulation (GDPR).
Here's how Bowles & Wyer explains how users can make a complaint to the UK's Data Protection Authority, the Information Commissioner's Office (ICO):
Note that the business encourages users to make a direct complaint before going to the ICO. This is perfectly reasonable.
Here's how Bayer Canada explains the right to access personal information under PIPEDA:
Here's our guide to privacy laws by country to help you out.
Next, we'll show how you can easily just copy-paste text from our generator into your WP website
Here's how Netflix does this:
Here's how The Wellbeing Project does this:
Check the other legal requirements that might apply in your target markets.
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
21 July 2022