Privacy Policy for Content Downloads/Upgrades
A Privacy Policy is essential if you offer your users the opportunity to download content or other upgrades from your website. You should publish this Privacy Policy on your website so that it is easily accessible for users to view.
The reason you need a Privacy Policy is simple. Privacy Policies are legally required if you handle, process, collect, or store information about the people who visit your website, which is the case for most companies who offer downloadable content.
We recommend that anyone who offers downloadable content to their users drafts and publishes a simple Privacy Policy. A Privacy Policy shows your users that you take their personal information seriously.
The bottom line is that users have the right to control what happens to their personal information and what kind of information a business collects about them. Although drafting a Privacy Policy may feel time-consuming and onerous, it's designed to help you understand consumer behavior without infringing upon someone's right to privacy.
For example, a Privacy Policy lets you track daily content downloads, or collect information for an email sign-up letter, without violating someone's data protection rights.
Don't worry - we'll look at what your Privacy Policy should include in detail later. For now, it's important that you understand:
- What a Privacy Policy is
- Where to place your Privacy Policy
- Why, specifically, you need a Privacy Policy
- How a Privacy Policy affects your business
- Who benefits from a Privacy Policy
- Which laws govern the need for and content of a Privacy Policy
Just so we're clear, let's begin with what a Privacy Policy is.
Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:
- Click on "Start creating your Privacy Policy" on our website.
- Select the platforms where your Privacy Policy will be used and go to the next step.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
-
Enter your email address where you'd like your Privacy Policy sent and click "Generate".
And you're done! Now you can copy or link to your hosted Privacy Policy.
- 1. What is a Privacy Policy?
- 2. Why You Need a Privacy Policy
- 2.1. GDPR
- 2.2. PIPEDA
- 2.3. CalOPPA
- 3. Where to Display Your Privacy Policy
- 3.1. Point of Download
- 3.2. Website Footer
- 3.3. Pop-Up Notification
- 4. Breakdown of a Privacy Policy
- 4.1. Name & Business Contact Information
- 4.2. The Data Collected
- 4.3. Why You Collect the Data
- 4.4. Your Sharing Policies
- 4.5. Opt Out Information
- 5. Content Upgrades and Downloads Clauses
- 5.1. Analytics Clause
- 5.2. Point of Collection Clauses
- 5.3. Limitation of Liability
- 6. Example in Action
- 6.1. Apple App Store
- 7. Conclusion
What is a Privacy Policy?
A Privacy Policy is a written document or statement outlining how you plan on handling a user's personal information, whether this means:
- Storing their data for future contact
- Collecting information about user behavior and how they navigate your site
- Processing personal data and sharing it with third parties
Personal information is any information which can identify someone, such as their:
- Name
- Home address
- Work address
- Email or IP address
- Telephone number
- Social security number
- Blood type
- Medical records
Why You Need a Privacy Policy
There are a number of privacy laws that require a Privacy Policy if you collect personal information, which you will be doing if you allow users to download anything from you, even if it's free. Let's take a look at some of these laws.
GDPR
Otherwise known as the General Data Protection Regulation, this regulation demands that commercial companies should harvest the minimum possible personal data from their site users. It protects EU residents and those visiting websites from EU Member States. The GDPR says that commercial companies must:
- Tell users that they collect data
- Restrict the data they collect to necessary information; e.g. you don't need a home address to sign someone up for an email newsletter
- Give users the clear opportunity to withdraw their consent to data collection
PIPEDA
The Canadian equivalent of the EU's GDPR, the Personal Information Protection and Electronic Documents Act (PIPEDA) controls how private sector businesses collect, store, and share data from those residing in Canada. If your business operates in Canada, chances are this law applies to you.
- Like the GDPR, PIPEDA gives individuals the freedom to decide what information businesses collect about them
- Businesses should ideally get express consent from individuals to data collection and storage
CalOPPA
The California Online Privacy Protection Act (CalOPPA) applies to any online service, business, or website that collects personal data from users residing in California. This means that if you receive any business from users based in California, you're subject to this Act.
- It demands the safe handling and protection of personal data
- Like the other laws, CalOPPA states that you must give users the chance to turn off cookies
It's probably clear by now that every website collecting personal information from users, or using cookies to track their behavior, needs a Privacy Policy. The next question, then, is what should a Privacy Policy contain?
Where to Display Your Privacy Policy
It should never be difficult for a user to find your Privacy Policy. There are a few key places where you can put a link to your Privacy Policy, namely:
- Point of download
- Website footer
- In a pop-up notification
Let's briefly look at examples of these placements in turn.
Point of Download
You can ask users to consent to your Privacy Policy, and your use of personal data, at the point when they're downloading your app, ebook, or other content.
WhatsApp, for example, directs users to its Privacy Policy right before they download the app onto their device:
You can also ask users to click a checkbox explicitly saying they've read and agreed to your Privacy Policy. NetGalley, a publishing website, takes this approach. You can't set up an account or download content until you agree to the Privacy Policy:
Website Footer
Sports retailer Gymshark1 places a link to its Privacy Notice (this is the same thing as a Privacy Policy) in its website footer. This link is available no matter which page a user visits:
The Privacy Policy is important because Gymshark offers users an app which they can download. The app lets them follow and track their workouts, and set fitness goals. Users can also pay for a premium service with extra features.
Since Gymshark collects personal information from users such as payment details, a Privacy Policy is essential so that users know how their information is stored, processed, and shared. And displaying the link in the website's footer makes it easy for users to find at any time.
Pop-Up Notification
The best way to display your Privacy Policy is the two-pronged approach.
This approach typically means using a notification on your homepage, or landing page, to tell your visitors about your cookie usage and your policy regarding their personal data. Then, visitors can read the Privacy Policy by clicking a link on the header or the footer or, even better, a link embedded into the notification itself.
Let's consider an example.
Origin is an online gaming platform where users download whatever games they feel like playing. Origin collects information about users to personalise their experience. A user's experience is personalized by showing them games similar to the ones they typically download and remembering their login details:
A link is provided to a detailed cookie message where users can customize what cookies Origin can place on their device and for what purpose. As you'll note, there's also a handy link to the site's Privacy Policy here:
Origin's approach draws a user's attention specifically to your Privacy Policy before letting them browse the site.
Breakdown of a Privacy Policy
The great thing about Privacy Policies is that there are only a few clauses you need to stay legally compliant. The key point is that your Privacy Policy is easily accessible, easy to read, and easy to understand.
Name & Business Contact Information
Specify how users can contact you if they want further information about your services. You should set this out at the top or bottom of your Privacy Policy. MyProtein chooses the end of its policy:
The Data Collected
Your Privacy Policy should lay out what data you collect from users. You should note that you only collect the data needed to provide your services. WhatsApp highlights this in its Privacy Policy:
It then goes on to explain what information it collects in a simple, user-friendly, bulleted style:
Why You Collect the Data
Users have a right to know why you're collecting personal information about them. The Privacy Policy should explain that you collect the data to fulfill your service obligations. Here is an example of a simple yet effective clause from Barnes & Noble:
Your Sharing Policies
Tell users who you share their data with. WhatsApp tells users that it shares their data with third party service providers to improve and market their services:
The company also specifies when the data sharing takes place; for example, when a user engages with a third party service through the Instagram platform:
Opt Out Information
Users must be able to opt out of cookie installation and data collection for marketing or analytics purposes. You should also explain what steps the user can take to do so and adjust their preferences.
MyProtein, for example, spells out the steps for opting out of marketing communications. You'll note that the steps are simple - all users must do is update their settings or contact the retailer:
Instagram's version of the opt out clause is equally straightforward. Again, it breaks down exactly what users can do to opt out of communications, and like MyProtein, it highlights that it's impossible to opt out of necessary emails that relate to the performance of the contract the users have with the platform:
Content Upgrades and Downloads Clauses
If you offer content upgrades and downloads, your Privacy Policy should highlight how these features affect privacy and data sharing options. Let's take a quick look at these clauses before studying a full Privacy Policy in action.
Analytics Clause
When users download or use your applications, you may want to collect personal information from them to check on the health of your products and their compatibility with various operating systems.
EA, for example, specifies that it collects data about a user's hardware, device, system interactions and usage statistics to help improve the safety and quality of its downloads.
This clause because it makes it easier for the platform to collect additional information, because this extra information is now essential to providing services:
Point of Collection Clauses
If users can download content from your platform, you should make it clear how this affects your Privacy Policy. Again, EA does this well. It explains specifically what information it collects, including crash reports and browser settings:
Limitation of Liability
You don't want to be responsible for everything that could go wrong if a user downloads content from your platform, or if they browse your website.
DeviantArt has a great clause for this. Although DeviantArt is responsible for its own content and for taking all reasonable steps to ensure the content's safety from, e.g., viruses, vulnerabilities are still inevitable:
The bottom line is, so long as you act reasonably as opposed to negligently, you can't be responsible for every possible security breach. This is a vital clause when, for example, you make content available for download, or you collect personally identifiable information (PII) and payment details.
Example in Action
Let's take a closer look at a Privacy Policy for a site with downloadable content and the points at which personal information is collected.
Apple App Store
In the Apple App Store, users can download apps, upgrades, and other content for their devices. Apple places a link to its "Principles and Practices" in its website header:
When users click this link, they land on a user-friendly, highly readable page which highlights Apple's values and dedication to providing a great customer experience with safe downloads:
Users can then click through to Apple's Privacy Policy.
The Policy highlights what personal information is:
Apple then highlights what information it collects and when - specifically, at the point of purchasing a product or downloading software:
There are also comprehensive cookie clauses which explain when Apple uses cookies and, even more importantly, when and how users can opt out:
Apple also has a clear third party sharing policy which emphasises that third parties providing content over their platform are responsible for ensuring personal data protection standards are maintained:
Before you can download content from Apple, you need an Apple ID. Before signing up for an Apple ID, you're made aware of the platform's Privacy Policy:
Put simply, Apple is a great example of a user-friendly Privacy Policy and you should be familiar with it if you offer downloadable content to your users.
Conclusion
If you offer users downloadable content, software upgrades, or apps, you must publish a Privacy Policy on your website. Place a link to the policy in your header or footer, and ensure users are familiar with it before they download content by asking for either implied or agreed consent to the policy.
The Privacy Policy should contain standard clauses regarding data transfer, storage, and handling, and it should comply with global privacy standards including laws such as the GDPR, PIPEDA, and CalOPPA.
Users should know:
- What personal data you collect
- Why you collect it
- How you handle and share it
- What their marketing options are, and how to change them
- The scope of your liability and obligations to them
Keep your Privacy Policy accurate and up to date, and use Update Notices for material changes.
