Does your website have a privacy policy?
If you have a website, especially if you run an online business, your privacy policy is incredibly important. And not having a compliant one can actually lead to big problems for your business.
I’ll give you a basic overview about what you must include to comply with state and federal laws, and what you might want to include to protect your business, including swipe copy.
Privacy policies in a nutshell:
If you collect any personal information through your website, even just an e-mail address through an opt-in or contact form, from anyone in California or the European Union (unless your business is purely local this probably includes you), you are required by California state law and the European Union’s General Data Protection Regulation (GDPR) to post a policy on your website telling your users what you will do with this information, such as whether you sell it to third parties or share it with your advertisers or partners, or allow third parties to collect identification from your site.
Your Privacy Policy tells your site visitors exactly what you do with the personal information you collect from them, answering questions like:
- If I give you my name and email address, are you going to sell it to someone else?
- What providers will you share my information within the normal course of business (i.e., processing payments and delivering services)?
- What precautions do you take to make sure the personal information I’ve shared with you doesn’t get into the wrong hands?
Here’s what to include:
- List of the data you collect, why you collect it, how you’ll use it, how long you keep it, and whether you require that it be provided
- List of the third parties with whom you share or from whom you receive individuals’ data
- How the visitor can request their data, review and request corrections to their data, or ask that you erase their data
- How the visitor can withdraw consent for you to use or store their data
- How you notify visitors of changes to your privacy policy
- How the website responds to Do Not Track signals from Web browsers
- Choices a consumer has regarding the collection, use and sharing of his or her personal information
- The effective date of the privacy policy
- Whom to contact with questions about the privacy policy
- Visitors’ rights under GDPR, including the right to lodge complaints with supervisory authority
If you collect information from those under the age of 13, you must also comply with a federal (nationwide) U.S. law called Children’s Online Privacy Protection Rule (“COPPA”) and get parents’ consent before collecting any information. If your business is not geared towards children, you can include a note in your privacy policy that you do not intentionally collect information from anyone under 13 years old.
Need an updated privacy policy that complies with U.S. and EU privacy rules? We’ve got you.
Or are you really needing some support to go through your entire business- website, agreement, products, trademarks, and more- to point out exactly what your business needs to stay legally lit, Contact me today to set up your business the legal way.
Diane Littlejohn