Former civil litigation attorney. Content legal strategist at TermsFeed.
On this page
- 2.1.1. What Information You Collect
- 2.1.2. How Data is Collected
- 2.1.3. Information You Share or Disclose
- 2.1.4. How Customers Can Update Their Information
- 2.1.5. Data Protection and Security Measures
- 2.1.6. Opt-out Procedures
- 2.1.7. Updates to the Policy and Notifications of Updates
At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
Let's look at each of these more.
Personally identifiable information is the universal description of any information that can be used to identify, contact or locate an individual. It includes but isn't limited to the following:
- Full names
- Dates of birth
- Physical addresses
- Any type of national identification number
- IP addresses (if tracked)
- Telephone number
- Screen names or handles
- Email address
- Credit card numbers
Small businesses have the most to lose from poor data practices. You can handle data in a way that's consistent with local laws and your internal policies, but if a customer interprets that as mishandling, you may face liability or at least an expensive and time-consuming legal battle to fight the claim.
What Information You Collect
Almost all Privacy Policies start with a description of the data collected. Here is where you'll tell customers exactly what information you will collect, such as names, addresses, email address, and payment information.
It is better to be overly specific in this section rather than vague. You can make this into a list format for readability.
ABC Fitness lists the information it collects and offers specific examples:
Notice the use of plain language. When it comes to explaining to customers what type of data you require and request, keeping things simple is the best course of action.
How Data is Collected
The information regarding how you collect information may be included in your clause with the types of information you collect, or in can be in its own clause.
ABC Fitness makes it clear that it obtains some data in the course of processing payment in the following clause excerpt:
This clause will vary depending on the nature of your business. Just make sure you let users know how you end up obtaining their data, whether it's from them, from a third party, or via cookies.
Information You Share or Disclose
Most companies share or disclose some sort of information under some types of circumstances, such as when required by law, when consent is obtained to share the information, or if the business is sold. Make it clear to your users when and under what circumstances their data will be shared.
Here's how ABC Fitness does this, and lets users know that information may be shared with clients, debt collection agencies, service providers and third-party vendors:
How Customers Can Update Their Information
Data Protection and Security Measures
Telling consumers how you protect data is required in laws like the UK's Data Protection Act. It is also reassurance for your users that their data will likely stay safe with you.
While you don't have to go into specifics about your security practices, you should at least note the general steps you take.
ABC Fitness states that it uses SSL, firewalls, encryption, and also limits the numbers of employees that have physical access to the data center amongst its steps to secure date:
Make sure that whatever you say you're doing, you're actually doing to keep data secured.
Many countries have laws restricting unsolicited email or spam. You are required to give customers the chance to opt out of these communications and failure to do so could result in civil liability and fines.
It is also simply a nice thing to do. If a customer made one purchase and no longer wants promotions from you, offering a procedure to make this request helps your goodwill. While you may consider the promotions a money-making effort, being respectful towards customers also helps you gain in your market.
Here's how ABC Fitness does this:
Updates to the Policy and Notifications of Updates
Other places to provide a link to your Policy include on sign-up pages, online checkout pages, email subscription forms and other places where personal information is collected.
- Never ask for more information than is necessary. If you do not require a customer's date of birth to provide services, do not ask for it. The less personal data you collect the less work you need to perform to keep it safe and track it.
- Collecting and Using Personal Information
- Usage Data
- Use of Personal Information
- Transfer of Personal Information
- Disclosure of Personal Information
- Security of Personal Information
- Links to Other Websites
- Contact Information
More specific Privacy Templates are available on our blog.