At Step 1, select the Website option or App option or both.
Answer some questions about your website or app.
Answer some questions about your business.
- 1. What is a "What Are Your Privacy Rights" Clause?
- 4. What Information Should a "What Are Your Privacy Rights" Clause Include?
- 4.1. Explanation of Users' Privacy Rights
- 4.2. How Users Can Exercise Their Rights
- 4.3. Your Cookies Policy
- 5. Summary
What is a "What Are Your Privacy Rights" Clause?
A What Are Your Privacy Rights clause is a statement summarizing:
- The kind of personal data you collect
- Users' rights in relation to their personal data
- How users can raise any concerns or otherwise exercise their privacy rights
If you have users in the UK, EU, or California, you are required to inform users of their privacy rights under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).
Including this clause enhances your organization's transparency around data processing, a subject of increasing importance to users. It reassures users that you handle their personal information ethically and responsibly.
If you're including a What Are Your Privacy Rights clause in compliance with UK or Californian data protection laws, you can also directly refer to the relevant legislation.
For example, Claridge's Privacy Notice refers to this clause as "Your California Privacy Rights." It goes on to list five CCPA-specific user rights and provides an email address users can contact to exercise their rights under the CCPA:
What Information Should a "What Are Your Privacy Rights" Clause Include?
A What Are Your Privacy Rights clause should include the following points of information:
- An explanation of users' privacy rights
- An explanation of how users can exercise their rights
- Information about how you handle cookies, or a link to your Cookies Policy, if applicable
Explanation of Users' Privacy Rights
A What Are Your Privacy Rights clause should clearly set out and explain users' fundamental privacy rights in relation to their personal information.
- Users have eight rights under the GDPR including the right to be informed, the right to request their information be deleted, and the right to access their personal information.
- Users have five rights under the CCPA including the right to know what personal information is being collected and how it's being used and the right to opt-out of the sale of their personal information.
This information can be presented in several different ways.
In its What Are Your Privacy Rights clause, Quitain lists users' rights in a table format with a detailed explanation of each right:
MullenLowe Profero's "What Are Your Privacy Rights" clause includes a brief statement of the users' main data protection rights under the GDPR:
How Users Can Exercise Their Rights
Your What Are Your Privacy Rights clause should also tell users how they can exercise these rights in relation to their data. This includes correcting and accessing personal information as well as opting out of the sharing or sale of their personal information.
Hologo has a separate clause for California residents and informs them of how to exert their rights by submitting a request in writing to the provided contact information:
Verbolia explains how European users can make a complaint to their local data protection supervisory authority:
Including an email address in your What Are Your Privacy Rights clause that users can contact with any privacy-related issues, complaints, or requests would also be sufficient.
Your Cookies Policy
If your site collects cookies, you must notify users of this, and inform them that they can opt out of this. A What Are Your Privacy Rights clause is a good place to do this, especially if you don't have a separate standalone Cookies Policy.
A What Are Your Privacy Rights clause should use clear and simple language to explain users' privacy rights, how they can exercise their rights, and your Cookies Policy.