Over the last few decades, the online world has seen a massive spike in the popularity of online auction websites. These types of platforms can be a great idea for any budding entrepreneur to design and launch.
- 2.1. Types of Information You Collect
- 2.2. How Information is Collected
- 2.3. How Collected Information is Used, and Third Party Access
- 2.4. Cookies Use
- 2.5. Dispute Resolution
- 2.6. User Generated Content
- 2.7. Notification of Changes to the Policy
Personal information might seem like a relatively broad term, and it applies to a large variance of information.
But basically, if it has the potential, no matter how slight, to identify an individual, it falls under the umbrella of personal information and is legally protected by a number of global privacy laws.
Below is a list of what can be considered 'personal information':
- First and last names
- Email addresses and phone numbers
- Date of birth
- Shipping and/or billing addresses
- Credit card and/or bank account information
- Social security numbers
- Credit information and state of finance
- Sexual orientation
- Health information
- Employment information such as employee name or place of business
This is good business practice, as it provides users with more security. But it's also legally required under various laws and legislations that have been put in place to safeguard individual privacy and personal information on the internet.
The first legislation you'll need to be aware of is called the European Union's (EU) General Data Protection Regulation (GDPR). This legislation came into play on the 25th of May, 2018, and is a key player in privacy and security online.
It was created with strong protective measures in mind back when the European Union recognized severe gaps in online data security for individuals, in the now-defunct Data Protection Directive of 1995.
- Your business' location and all current contact information
- Detailed information regarding the rights that EU users have around their personal data
- The kind of personal information you'll be collecting, as well as how it's collected, the purpose of such collection AND whether it's shared with any additional outside parties
- Data retention; how long you'll store collected personal information and customer data
Further, it must be written in clear, easy to understand language without too much legal jargon or confusing industry terms.
Another important law is the California Online Privacy Protection Act (CalOPPA).
- Include the types of personal information you collect, as well as any other companies or apps that you share such information with
- Give clear instructions for how users can change, edit or delete any personal information they provide
- Inform how your auction site will handle 'Do Not Track' browser requests set by users
And they're applicable to you, regardless of where your business is located.
For example, if you're an Australian business owner but your site is able to be utilized by overseas customers who may be located in the EU or California, you're required to abide by these legislations.
This may not sound too expensive, but 'per violation' means per site visitor.
So if you have hundreds or thousands of visitors across your site each day, that can equate to massive amounts of monetary fines.
If you fail to adhere to the GDPR framework, you can be fined a maximum of four percent of your company's annual global turnover, or €20 million Euros, whichever is the greater amount.
Here are the main clauses you'll need to include, as well as some examples of how other auction sites have approached the clause in their own Privacy Policies.
Types of Information You Collect
This clause is essential because it protects your auction site from any liability and potential risk that may occur, by ensuring customers know exactly what type of information is collected.
The below example is taken from eBay, one of the world's most successful auction sites. They clearly state the circumstances around the collection of personal data, with a link to a more in-depth explanation:
How Information is Collected
After describing the type of information you collect, it's now a good idea to detail how the information is collected through your site.
This includes all the automatically collected data such as IP addresses from apps like Google Analytics, as well as information that is manually input by your customers, such as email addresses, user login details and so on.
How Collected Information is Used, and Third Party Access
After you detail how the information is collected, you should mention how it is used. For example, collecting payment information after customers make their auction purchase in order to successfully complete their transaction.
Your auction site will also likely be integrated into third party software like advertisers, analytics apps and various social networking platforms.
Because of this integration, you will be sharing information with those third parties. This means a 'third-party access' addition to this clause will be essential. In it, you should detail how you share your collected data with those third parties.
The below example shows how auction site GraysOnline explains how it uses all collected personal information:
It follows this with a section on who it discloses such information to. It's a succinct, clear way to inform users of the purposes surrounding that collection:
You don't have to list third parties specifically by name, but you need to share categories of third parties, such as credit providers, financial advisors, business partners, related entities, etc.
In your cookies clause, it's a great idea to begin with a brief explanation of what cookies are, and why they're useful to your site.
Some reasons for cookie usage on an auction site include being able to 'save' the content of a user's shopping cart, so they can come back later to continue browsing and purchasing.
Internet giant Amazon gives a great, quick explanation of what cookies are and follows that up with the purpose of cookies on its website.
You should also inform users how they can adjust any cookie settings either with your website or through their browser of choice.
For example, if you're an auction site that operates from Europe, you can mention in your dispute resolution clause that any issues that arise will be dealt with in accordance to European law, regardless of where the customer with the dispute is located.
Amazon has a good example of a dispute resolution clause, as it explains exactly how disputes will be solved: out of court, through binding arbitration.
This is followed up with an 'Applicable Law' clause that states the use of Amazon services will follow the laws of Washington state:
User Generated Content
As an auction site, it's likely that you'll be allowing your users to advertise and sell their own items, as well as place user reviews and/or comments. This is known as user generated content (UGC), and it's important to put in place some boundaries that dictate what your site users can and can't do with such content.
You'd want to prevent users from advertising and selling racist, sexist, violent or pornographic items just to name a few examples, which is why the UGC clause is essential. This clause is also great to touch on Intellectual Property Rights, for example if you have a seller that is auctioning off hand-made items.
eBay gives a very detailed explanation of who owns the rights to any content provided on the site:
Note that the clause explicitly mentions that it offers product data provided by third parties. It retains the right to revoke permission to allow user generated content, and has users agree to not violate the rights (copyright, intellectual property rights) of eBay or the third party sellers.
Notification of Changes to the Policy
This way, they're able to stay on top of the policies of your auction site and determine whether these changes might affect their decision to use your site.
- Types of Information Collected
- How Information is Collected
- How Collected Information is Used, and Third Party Access to it
- Cookies Use
- Dispute Resolution/Governing Law
- User Generated Content Management
- Notification of Changes to the Policy
- Answer the questions related to your entity type and location.
- Answer the questions relating to what type of information you collect from your users.