If you have a website that collects any personal information such as names, email addresses, etc. and/or third party apps, including those for e-commerce, you are required by law to have a privacy policy.
A privacy policy informs your visitors of data collection practices as well as terms and conditions relevant to those practices. Your users’ privacy is important to them, and giving full disclosure about how their data may be collected or used will be appreciated.
Types of Information
The types of information you collect must be itemized in your privacy policy. This includes name, e-mail address, credit card information (used in e-commerce), and other personal data.
The Purpose of Collecting Data
This is where you explain why you’re keeping credit card information. “Orders” for processing and shipping, account maintenance, customer service, engagement, etc. are all valid reasons for collecting data.+
How the Data Is Used
It’s imperative (and required by law) for you to explain how the data is used. Personalization and customization of their user experience, send service or support messages, provide customer service, enable access to the services, etc. are all perfect examples.
Storage, Security, and Access
You need to state up front if you’re using third party tools, such as Google Analytics or AdSense, so that your audience knows who else has access to their information. All instances of third party data sharing and you should include the links to those third party companies’ policies.
Opt Out Options
It is required by law that you offer an opt-out option for ongoing data collection. As mentioned earlier, your users have the right to see the information you’ve gathered about them. They are allowed, by law, to have access to that information. Make sure the contact information is easy to read and accurate.
Affiliated Third Party Websites or Organizations
Email service providers, social media interaction, Google Analytics, Google Adsense, and many other third-party services that track user browsing behavior requires a privacy policy. You must have a section that discloses all third-party data collectors. As mentioned earlier, you must list the third party organizations by name and list what data they gather and what it is used for.
Data Privacy Regulations (GDPR, CPPA, And Beyond)
Create your privacy policy and save yourself a lot of stress. If you’d like to know more about generating a privacy policy, the Better Business Bureau offers a sample for your use and the Federal Trade Commission (FTC), has a Privacy and Security breakdown to help keep you on track. If you follow their guidelines, you won’t go wrong.
To make it even easier, you don’t need to write your own terms; you can use a website like TermsFeed to generate and host your privacy policy.
You must also be aware of various data privacy regulations from across the world that require a privacy policy:
- The California Online Privacy Protection Act
- Privacy Shield
- EU General Data Protection Regulation (effective may 2018)
- Children’s ONline Privacy Protection Rule
Each of these regulations relate to all sites built and maintained in the United States. If you run any online ad campaigns, even those through social media, you must have a privacy policy in place. Set one up and save yourself a ton of trouble (and potential fines) in the future.
