Do I Actually NEED A Privacy Policy?
When creating your website, you’re probably thinking about making everything eye-catching and beautiful. While the physical appearance is a big part of a successful platform, you CANNOT forget that even your website needs to be legally legit. Specifically? Don’t forget to add in a privacy policy. It is usually that little link that you see all the way down at the bottom of the site, out of the way for appearance purposes but still available to current and future customers to view.
For reference here is the link to the privacy policy on the TLP website:
The privacy policy on your website informs your customers of how you use data and saves you from any big legal issues!
A website privacy policy is a legal document that states how a company collects data from website users. A privacy policy should have descriptions of how a company processes personal data, and how that information is kept confidential. Every website that collects user data in some way (which is almost every single website out there), MUST have a privacy policy.
What Should The Privacy Policy Include?
Types of Data
There are various types of data that can be collected from the users on your site: Content analytics, social media analytics, customer analytics, and much more. In your privacy policy, you need to list every type of data that will be collected. Even if you use a different data collection type ONE TIME, it needs to be in the privacy policy. Why? Well, because people are providing you with information that they find to be private or confidential. Users are concerned about their information being leaked to other companies or third parties. Specifically, they do not want their names, addresses, phone numbers, emails, etc. to be leaked to spammers and out on the web for anyone to find. This is why it is important to be completely transparent about the data you are collecting from users of your site.
How It Is Used and Being Collected!
Now that you have established what data is collected, you need to explain how it is handled and processed. This is a big one, potentially more important than what type of data is collected. Users want to know who is seeing their data. Users should be able to look at the privacy policy and be able to answer the following questions: Is it being shown to third parties or affiliates?; Who is viewing and using the information?; and How is it stored? These are all questions that need to be addressed in your policy. Further, you need to understand that not all users will be comfortable with data collection and storage. You can either provide users a way to opt-out of having their data set in the policy OR clearly state in the policy that it is non-negotiable.
Next, you should include exactly how you are collecting the data. This can be seen through using cookies, email or text subscriptions, and other creative ways to bring in data to increase your website usage. Remember to be specific! How and what type of cookies are used and how they can be disabled. Users should also be aware of how to cancel text or email subscriptions from your site. The information does not need to be long or complex, just thorough.
Special Rules for Certain Regions!
If you live in California or in Europe you may be familiar with the fact that you have unique privacy laws. If you don't know what I am referring to, California and Europe each enacted extra privacy laws that further protect users from data being used in ways they do not approve of. If your user resides in California, they have the right to obtain once per year and free of charge the information on what was disclosed to third party marketers, and the names and addresses of each third party that was disclosed. The user also has the right to request that you remove any data that was publicly posted on your website. If you have a website and you get traffic from all over the county then you should have these California-specific rights listed in your privacy statement.
Europe has enacted a very similar privacy law called GDPR. The GDPR is a very detailed and complicated law that even skilled attorneys have had some trouble interpreting. For your purposes here is a quick rundown so you can at least have the basics. If you conduct business within Europe, or you know that you have European users on your site then your privacy statement should inform them that they have the following eight principles:
- Principal 1 - Fair, lawful and transparent: Users have the right to access their personal data, as well as know what is being gathered.
- Principal 2 - Purpose limitation: You must only gather personal data for a specific purpose.
- Principle 3 - Data minimization: Only the smallest amount of personal data necessary should be gathered.
- Principal 4 - Accuracy: They have the right to withdraw their consent at any time, and you must then delete all data about them.
- Principal 5 - Storage limitations: If you do not need the personal information of a user anymore you must delete it.
- Principle 6 - Integrity and confidentiality: Make sure that you safeguard all user data.
- Principal 7 - Accountability: You must demonstrate that you have complied with these principles if asked by the user or other authority.
- Principal 8 - User control: You must delete user data if the user asks you to.
As you can see a user in Europe has much more say in how a company uses their information and there is much more regulation on this issue. If you are a small business you are likely not going to need to know the ins and outs of the GDPR, and may not even need to put these rights in your privacy statement. With that being said if you are a travel vendor that does lots of weddings, or events, in Europe then you should get to know these sets of rules and put these user rights into your privacy policy.
Questions, Comments, Concerns?
Your policy should be polished off with an area that further describes your compliance with an area that shows your legal compliance with the terms and conditions, and allows for some type of contact method to allow for questions on the matter. This can be accessed through your site or on the document itself. Many users may be confused by the policy and it is best practice to work with your consumers to make them feel safe when using your site.
Overall, every website that is using consumer data needs to have a privacy policy readily accessible—usually in the footer. You are using people’s personal information to increase your business in some way thus should inform users of that. Everyone has the right to know where their trusted information is going if it is technically only given to your company. This may be an infrequent issue for your company, but it is always better to have a clear policy to protect your business. If you need any help creating a privacy policy for your site, check out The Legal Paige’s Website Terms, Conditions, and Privacy Policy template!
THIS BLOG POST IS NOT A SUBSTITUTE FOR LEGAL ADVICE. EVERY SITUATION IS DIFFERENT & IS FACT-SPECIFIC. A proper legal analysis is necessary based on your location and contract. Consult an attorney in your home state for advice regarding your contract or specific legal situation.
Join the Community
Be a part of 8000+ TLP Community Members in this safe space and get real-time answers from Paige and her legal team daily!
Leave a comment