Types of Data
How It Is Used and Being Collected!
Next, you should include exactly how you are collecting the data. This can be seen through using cookies, email or text subscriptions, and other creative ways to bring in data to increase your website usage. Remember to be specific! How and what type of cookies are used and how they can be disabled. Users should also be aware of how to cancel text or email subscriptions from your site. The information does not need to be long or complex, just thorough.
Special Rules for Certain Regions!
If you live in California or in Europe you may be familiar with the fact that you have unique privacy laws. If you don't know what I am referring to, California and Europe each enacted extra privacy laws that further protect users from data being used in ways they do not approve of. If your user resides in California, they have the right to obtain once per year and free of charge the information on what was disclosed to third party marketers, and the names and addresses of each third party that was disclosed. The user also has the right to request that you remove any data that was publicly posted on your website. If you have a website and you get traffic from all over the county then you should have these California-specific rights listed in your privacy statement.
Europe has enacted a very similar privacy law called GDPR. The GDPR is a very detailed and complicated law that even skilled attorneys have had some trouble interpreting. For your purposes here is a quick rundown so you can at least have the basics. If you conduct business within Europe, or you know that you have European users on your site then your privacy statement should inform them that they have the following eight principles:
- Principal 1 - Fair, lawful and transparent: Users have the right to access their personal data, as well as know what is being gathered.
- Principal 2 - Purpose limitation: You must only gather personal data for a specific purpose.
- Principle 3 - Data minimization: Only the smallest amount of personal data necessary should be gathered.
- Principal 4 - Accuracy: They have the right to withdraw their consent at any time, and you must then delete all data about them.
- Principal 5 - Storage limitations: If you do not need the personal information of a user anymore you must delete it.
- Principle 6 - Integrity and confidentiality: Make sure that you safeguard all user data.
- Principal 7 - Accountability: You must demonstrate that you have complied with these principles if asked by the user or other authority.
- Principal 8 - User control: You must delete user data if the user asks you to.
Questions, Comments, Concerns?
Your policy should be polished off with an area that further describes your compliance with an area that shows your legal compliance with the terms and conditions, and allows for some type of contact method to allow for questions on the matter. This can be accessed through your site or on the document itself. Many users may be confused by the policy and it is best practice to work with your consumers to make them feel safe when using your site.
THIS BLOG POST IS NOT A SUBSTITUTE FOR LEGAL ADVICE. EVERY SITUATION IS DIFFERENT & IS FACT-SPECIFIC. A proper legal analysis is necessary based on your location and contract. Consult an attorney in your home state for advice regarding your contract or specific legal situation.