Today's business world is largely dependent on data and the information that is derived from that data.
Data is critical for businesses that process that information to provide services and products to their customers. From a corporate context, in a company - from the top executive level right down to the operational level - just about everyone relies heavily on information.
- 4.1. What Information is Collected and How
- 4.2. How the Information is Used
- 4.3. How the Information is Stored and Protected
- 4.4. Company Contact Information
- 4.6. Opt-Out Policy Clause
- 5. FAQ on Privacy Policies
- 6. Conclusion
Personal information about an individual may include the following:
- Phone number
- Marital status
- Religious beliefs
Additionally, Pinterest also states that it collects user location data from mobile devices, and if someone makes a purchase on Pinterest, payment and contact information - including an address and phone number - will be collected. If users buy products or services for others, Pinterest gathers their contact information and shipping details, too.
Users may also give Pinterest permission to access information that is shared with other websites like Facebook and Twitter by linking their Pinterest account with them. This information would also include information about their friends and followers. The account settings have information about how much access Pinterest has to their users' data.
Privacy is not a new concept. Humans have always desired privacy in their social as well as private lives. But the idea of privacy as a human right is a relatively modern phenomenon.
Around the world, laws and regulations have been developed for the protection of data related to government, education, health, children, consumers, financial institutions, etc.
This data is critical to the person it belongs to. Data privacy and security binds individuals and industries together and runs complex systems in our society. From credit card numbers and social security numbers to email addresses and phone numbers, our sensitive, personally identifiable information is important. This sort of information in unreliable hands can potentially have far-reaching consequences.
Here are some of the main reasons:
- Required by the law
- Required by third party services
- Increases Transparency
Let's take a look at each of these reasons in more depth.
For individuals to feel comfortable sharing their personal information on the internet, there should be some sort of legal responsibility on businesses to protect that data and keep the users informed about the status and health of their information.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
A majority of countries have already enacted laws to protect their users' data security and privacy. These laws require businesses to obtain explicit consent from users whose data they will store or process.
A few of these laws include the following:
For a business or a website that collects and processes user information in a certain region or country, it is very important to have complete knowledge of the data and privacy protection laws enforced in that region and the region your customers and end users are in. Non-compliance with these laws can result in hefty fines or even prosecution against the violator.
In some cases, businesses have to follow laws specific to states or regulations specific to industries.
If your website/app reaches users around the world, regardless of where you're located or headquartered, you'll need to make sure you follow privacy laws in all applicable countries you reach.
Whether your website is a self-help blog or a game hosted at Google Play, it is your responsibility to give your end users complete information about how any associated third-parties will collect and process their data and (if possible) to what purpose.
Many websites and apps use in-page/in-app advertising by third parties to generate revenue. As these ads also collect user data, third parties require the websites or apps to ask their users' permission for sharing their personal data.
- Amazon Affiliates
- Google Play Store
- Google Analytics
- Google AdSense
- Google AdWords
- Facebook Apps
- Twitter Lead Generation
- Apple's App Store
Third party vendors like Google, Facebook, and Amazon require their users (website and app owners) to explicitly inform their users if they're using advertising features, cookies, or tracking services on their websites/apps in order to deliver better user experiences based on prior browsing behavior.
Another popular location for ecommerce store apps and websites is the checkout page, or account registration page if you don't have an ecommerce component but allow users to create accounts.
It includes the following clauses:
- Information We Collect & How We Use It
- Information Disclosure
- Public Data
- Data Storage
- Third-Party Embed
- Tracking & Cookies
- Modifying or Deleting Your Personal Information
- Data Security
- Business Transfers
- Email from Medium
- Changes to this Policy
There's also a section that specifically addresses EU users and includes information required by the GDPR such as:
- The legal bases for collecting and processing information
- What third parties (like payment processors) Medium engages with and shares data with
- How long data is retained
- The rights of EU data subjects
- How to make a subject access request
- Contact information for Medium's EU Representative
- What information is collected and how
- How is the information used
- How is the information stored and protected
- Company contact information
- How a user can opt out of data collection/usage
Here's each one in action.
What Information is Collected and How
Here's an example of how you can construct a clause to explain this information to your users:
How the Information is Used
How the Information is Stored and Protected
In addition to this, it also states that the website takes steps to ensure as much security as possible, however it doesn't guarantee that the measures they take will prevent unauthorized access:
Company Contact Information
The British Heart Foundation provides a Contact clause that includes a mailing address as well as an email address for getting in touch:
In any case, website owners are required to inform their users about the tools the company uses to collect user information and track their behavior, including cookies.
Most websites and app owners use log files to automatically collect and store information about their users' IP address, browser, data/time etc. and use it for different purposes.
Note how it uses simple descriptions and clear terms to describe the use of these files, which is helpful since most people likely have no idea what these types of files are actually there to do.
Opt-Out Policy Clause
Apps and websites should inform their customers about their right to opt out of certain aspects or services offered by a website.
Note how the clause is broken up into many short parts with simple, clear instructions for each method of opting out.
FAQ on Privacy Policies
- CCPA and CalOPPA in the US (California)
- GDPR in Europe (all member states)
- PIPEDA in Canada
- DPA in the UK
- And many more privacy laws from other countries such as Australia, South Korea, South Africa
- What personal information you collect and how
- How the collected personal information is used
- Information on cookies and other trackers
- Your contact & company information
As a website owner, you need to be aware of:
- The privacy laws in the jurisdiction your business is based out of and where your users are located.
- The Terms of Service requirements of third party services your website is associated with.