A Privacy Policy for Auction Websites

A Privacy Policy for Auction Websites

Over the last few decades, the online world has seen a massive spike in the popularity of online auction websites. These types of platforms can be a great idea for any budding entrepreneur to design and launch.

However, if you're about to set sail on an auction-site business venture, it's imperative that you have all the legalities in place, especially when it comes to your Privacy Policy.

This article will explain why it's so important to have a solid Privacy Policy in place for your auction site. We'll show you what to include to ensure you have the best chance at avoiding any unnecessary fines, as well as some great examples that can be found in some hugely popular auction sites.

Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:

  1. Click on "Start creating your Privacy Policy" on our website.
  2. Select the platforms where your Privacy Policy will be used and go to the next step.
  3. PrivacyPolicies.com: Privacy Policy Generator - Select platforms - Step 1

  4. Add information about your business: your website and/or app.
  5. PrivacyPolicies.com: Privacy Policy Generator - Add your business info - Step 2

  6. Select the country:
  7. PrivacyPolicies.com: Privacy Policy Generator - Add your business info - Step 2

  8. Answer the questions from our wizard relating to what type of information you collect from your users.
  9. PrivacyPolicies.com: Privacy Policy Generator - Answer questions from our wizard - Step 3

  10. Enter your email address where you'd like your Privacy Policy sent and click "Generate".

    PrivacyPolicies.com: Privacy Policy Generator - Enter your email address - Step 4

    And you're done! Now you can copy or link to your hosted Privacy Policy.

Why Do You Need a Privacy Policy?

As an auction site, you will legally require a Privacy Policy because you'll be collecting personal information from your customers.

Personal information might seem like a relatively broad term, and it applies to a large variance of information.

But basically, if it has the potential, no matter how slight, to identify an individual, it falls under the umbrella of personal information and is legally protected by a number of global privacy laws.

Below is a list of what can be considered 'personal information':

  • First and last names
  • Email addresses and phone numbers
  • Date of birth
  • Shipping and/or billing addresses
  • Credit card and/or bank account information
  • Social security numbers
  • Credit information and state of finance
  • Race/ethnicity
  • Sexual orientation
  • Health information
  • Employment information such as employee name or place of business

While your auction site likely won't be collecting information from every single one of these points, any collection of data, even if it's just an IP address, means you'll need a Privacy Policy.

This is good business practice, as it provides users with more security. But it's also legally required under various laws and legislations that have been put in place to safeguard individual privacy and personal information on the internet.

The first legislation you'll need to be aware of is called the European Union's (EU) General Data Protection Regulation (GDPR). This legislation came into play on the 25th of May, 2018, and is a key player in privacy and security online.

It was created with strong protective measures in mind back when the European Union recognized severe gaps in online data security for individuals, in the now-defunct Data Protection Directive of 1995.

To abide by the GDPR, you're required to include all of the following in any Privacy Policy you create:

  • Your business' location and all current contact information
  • Detailed information regarding the rights that EU users have around their personal data
  • The kind of personal information you'll be collecting, as well as how it's collected, the purpose of such collection AND whether it's shared with any additional outside parties
  • Data retention; how long you'll store collected personal information and customer data

Further, it must be written in clear, easy to understand language without too much legal jargon or confusing industry terms.

Another important law is the California Online Privacy Protection Act (CalOPPA).

To have a Privacy Policy in compliance with CalOPPA, you'll need to do the following:

  • Post a conspicuous Privacy Policy that can be easily found on your website
  • Include the types of personal information you collect, as well as any other companies or apps that you share such information with
  • Give clear instructions for how users can change, edit or delete any personal information they provide
  • Describe how you'll contact customers to let them know of any changes or updates to your Privacy Policy
  • Include the date your most recent Privacy Policy came into effect
  • Inform how your auction site will handle 'Do Not Track' browser requests set by users

The key things you need to know about both of these laws is that they legally require you to have a Privacy Policy on your auction site.

And they're applicable to you, regardless of where your business is located.

For example, if you're an Australian business owner but your site is able to be utilized by overseas customers who may be located in the EU or California, you're required to abide by these legislations.

Failing to do so can result in fines of varying severity. If your Privacy Policy falls short of following CalOPPA guidelines, it can result in fines of $2,500USD per violation.

This may not sound too expensive, but 'per violation' means per site visitor.

So if you have hundreds or thousands of visitors across your site each day, that can equate to massive amounts of monetary fines.

If you fail to adhere to the GDPR framework, you can be fined a maximum of four percent of your company's annual global turnover, or €20 million Euros, whichever is the greater amount.

While this might sound quite intense, it is easy enough to create a Privacy Policy that successfully follows both the GDPR and CalOPPA framework for your auction site.

What to Include in Your Privacy Policy

What to Include in Your Privacy Policy

Every website and business' Privacy Policy will differ depending on their individual practices. But there are some specific items and clauses you should include in the Privacy Policy for your auction site in order to protect your business effectively.

Here are the main clauses you'll need to include, as well as some examples of how other auction sites have approached the clause in their own Privacy Policies.

Types of Information You Collect

The best way to begin your Privacy Policy is by first stating the types of information you collect from your customers, such as their names, contact details, credit card and other banking numbers.

This clause is essential because it protects your auction site from any liability and potential risk that may occur, by ensuring customers know exactly what type of information is collected.

By putting it in your Privacy Policy, it also gives customers the opportunity to either agree or disagree with the collecting of their information, which they provide by using your site or not.

The below example is taken from eBay, one of the world's most successful auction sites. They clearly state the circumstances around the collection of personal data, with a link to a more in-depth explanation:

eBay Privacy Policy: What personal data we collect and process clause

How Information is Collected

After describing the type of information you collect, it's now a good idea to detail how the information is collected through your site.

This includes all the automatically collected data such as IP addresses from apps like Google Analytics, as well as information that is manually input by your customers, such as email addresses, user login details and so on.

Etsy has a great example of a simply-written clause in its Privacy Policy, in which it details the various examples of information it collects, such as profile (gender, age and so on), and location information (IP addresses etc):

Etsy Privacy Policy: Information Collected or Received clause excerpt

How Collected Information is Used, and Third Party Access

After you detail how the information is collected, you should mention how it is used. For example, collecting payment information after customers make their auction purchase in order to successfully complete their transaction.

Your auction site will also likely be integrated into third party software like advertisers, analytics apps and various social networking platforms.

Because of this integration, you will be sharing information with those third parties. This means a 'third-party access' addition to this clause will be essential. In it, you should detail how you share your collected data with those third parties.

The below example shows how auction site GraysOnline explains how it uses all collected personal information:

GraysOnline Privacy Policy: How we use your personal information clause excerpt

It follows this with a section on who it discloses such information to. It's a succinct, clear way to inform users of the purposes surrounding that collection:

GraysOnline Privacy Policy: Who we use your personal information to clause

You don't have to list third parties specifically by name, but you need to share categories of third parties, such as credit providers, financial advisors, business partners, related entities, etc.

Cookies Use

Cookies Use

It's always appropriate to include a cookies clause in a website's Privacy Policy, regardless of the site's purpose.

While the use of cookies might seem foreign to many users, cookies are an essential part of computer technology that can assist a business owner like yourself in helping websites run smoothly.

In your cookies clause, it's a great idea to begin with a brief explanation of what cookies are, and why they're useful to your site.

Some reasons for cookie usage on an auction site include being able to 'save' the content of a user's shopping cart, so they can come back later to continue browsing and purchasing.

Internet giant Amazon gives a great, quick explanation of what cookies are and follows that up with the purpose of cookies on its website.

Amazon Privacy Notice: What About Cookies clause

You should also inform users how they can adjust any cookie settings either with your website or through their browser of choice.

Dispute Resolution

While dispute resolution clauses are generally included in Terms and Conditions rather than Privacy Policies, it can be a great idea to include one in your Privacy Policy regardless. And they're important for your auction site because you're liable for potential customer disputes more than, say, a general cooking blog.

The dispute resolution clause outlines the way your company intends to handle any customer-driven disputes, and is similar to a clause called the 'governing law' clause. This clause dictates what area of law (such as state and country) your Privacy Policy abides by.

For example, if you're an auction site that operates from Europe, you can mention in your dispute resolution clause that any issues that arise will be dealt with in accordance to European law, regardless of where the customer with the dispute is located.

Amazon has a good example of a dispute resolution clause, as it explains exactly how disputes will be solved: out of court, through binding arbitration.

Amazon Conditions of Use: Disputes clause excerpt

This is followed up with an 'Applicable Law' clause that states the use of Amazon services will follow the laws of Washington state:

Amazon Conditions of Use: Applicable Law clause

User Generated Content

As an auction site, it's likely that you'll be allowing your users to advertise and sell their own items, as well as place user reviews and/or comments. This is known as user generated content (UGC), and it's important to put in place some boundaries that dictate what your site users can and can't do with such content.

You'd want to prevent users from advertising and selling racist, sexist, violent or pornographic items just to name a few examples, which is why the UGC clause is essential. This clause is also great to touch on Intellectual Property Rights, for example if you have a seller that is auctioning off hand-made items.

eBay gives a very detailed explanation of who owns the rights to any content provided on the site:

eBay User Agreement: Content clause excerpt

Note that the clause explicitly mentions that it offers product data provided by third parties. It retains the right to revoke permission to allow user generated content, and has users agree to not violate the rights (copyright, intellectual property rights) of eBay or the third party sellers.

Notification of Changes to the Policy

Notification of Changes to the Policy

A notification of changes clause is the best way to let your users know how you'll contact them in the event of any changes to your Privacy Policy.

This way, they're able to stay on top of the policies of your auction site and determine whether these changes might affect their decision to use your site.

Etsy has a clause dedicated to Privacy Policy changes where it informs users that the policy may be amended from time to time, and that it may alert users through emails, messages or update notes in the version notes on the app's platform. Users are encouraged to always check the Policy itself to see any updates:

Etsy Privacy Policy: Privacy Policy Changes clause

In conclusion, a Privacy Policy is an essential component of your online auction site. Without one, you leave yourself open to various, and quite serious, legal issues and risks.

It's imperative to protect yourself and your online business as best as you can, and a Privacy Policy is the most effective way to do this.

The key clauses to remember including in your Privacy Policy are:

  • Types of Information Collected
  • How Information is Collected
  • How Collected Information is Used, and Third Party Access to it
  • Cookies Use
  • Dispute Resolution/Governing Law
  • User Generated Content Management
  • Notification of Changes to the Policy