Enter your email address where you'd like your policy sent, select translation versions and click "Generate."
You can see the relevant portion of Instagram's Platform Terms below:
First, explain what data you're processing. This should be a comprehensive list of all the forms of data you collect. You may want to specify that the particular types of information you're collecting may vary according to which of your products the user is using.
This clause from Brunswick Corporation gives a good example of one such list:
Next, give the various ways that you may use the data. It's important for consumers to know exactly how you will and will not use the data you collect from them. For example, you might collect data as an essential part of continuing to operate your website.
Other reasons could be in order to contact your users, to analyze your website for areas where improvement is needed, for customer service and support, and quite a few more.
Finally, you may want to provide the legal basis for your data collection. Although this isn't required by Instagram, it may be useful for preempting any questions users may have about the legality of your data collection.
Of course, some laws may require you to keep some data even after you've deleted what you can, so you should make sure to clarify that as well.
You can see a good example of this from Brunswick Corporation below:
However, you may receive a large volume of requests for data deletion. If that's the case, you might want to specify a process and include a link to a form or portal that users can use for both of your convenience.
If your data deletion process requires you to collect some customer data so that you can verify the user's identity (like an email address), it's a good idea to explain that in your data deletion section as well.
Mattel has one such portal that handles all of the data deletion requests, and you can see how it's introduce here:
Section 3 outlines all prohibited practices with regards to data and the conditions around transferring, deleting, accessing, and retaining data, as well as any exceptions to those rules. While the section is lengthy, it's important to review closely to make sure that your own policy and practices don't conflict with it.
So it's not just sufficient to explain the ways that you use data, as in the "Data Processing" section. You must also make sure that your data use does not conflict with Instagram's own rules on how data should and should not be used.
To comply with regionally specific laws, it may be best to create separate policies for specific needs. The two most common exceptions to normal Privacy Policies are special policies for residents of California and the European Union, which each have more strict privacy requirements in place.
You can see how UNiDAYS lays out a fairly simple menu here:
Although Instagram doesn't require it, a cookies clause is an important part of Privacy Policies.
Cookies can let you know if a user is visiting your website a second time and customize their experience accordingly. They can also allow users to log in without entering all their login information every time, giving them a more pleasant experience. Overall, they're used to collect non-personal data that improves website experience.
The Celiac Disease Foundation has a thorough cookies clause that includes all of the above-mentioned information, as you can see below:
A Transfer of Data clause explains that your website visitors' data may be transferred away from the jurisdiction in which they live. Because people could visit your website from all across the globe, they should know that the laws that apply to the data where they live may not apply where their data is stored.
Your Transfer of Data clause can let users know where their data is stored (non-specifically) and that the laws in that location may differ from those in the place they're accessing your website from. This can be important in setting expectations for data protection and maintenance.
You can also take this opportunity to reassure readers that you take steps to protect their data and keep it secure. You can explain that data transfer only happens when it is safe and necessary to do so.
Clickwrap is standard for many websites, such as Autodesk, whose clickwrapped account creation page you can see below:
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
24 September 2021