Privacy policy

Our privacy policy templates lets you get started with a Privacy Policy agreement. This template is free to download and use.
Privacy Policy agreement is the agreement where you specify if you collect personal data, what kind of personal data you collect from users and what you do with that data.
This agreement is required by law if you collect personal data. Personal data is any kind of data or information that can be considered personal (identifies an individual):
  • Email address
  • First and last name
  • Billing and shipping address
  • Credit card information
  • And so on

What is a Privacy Policy

A Privacy Policy is a legal statement that specifies what the business owner does with the personal data collected from users, along with how the data is processed and why.
In 1968, Council of Europe did studies on the threat of the Internet expansion as they were concerned with the effects of technology on human rights. This lead to the development of policies that were to be developed to protect personal data.
This marks the start of what we know now as a “Privacy Policy”. While the name “Privacy Policy” refers to the legal agreement, the concept of privacy and protecting user data is closely related.
Loading video
This agreement can also be known under these names:
  • Privacy Statement
  • Privacy Notice
  • Privacy Information
  • Privacy Page
The Privacy Policy can be used for both your website and mobile app if it’s adapted to include the platforms your business operates on.
The contents of a Privacy Policy may differ from one country to another, depending on the country legislation, but most privacy laws identify the following critical points that a business must comply with when dealing with personal data:
  • Notice. Data collectors (meaning, you or your company) must make clear what they are doing with the personal information from users before gathering it.
  • Choice. The companies collecting the data must respect the choices of users on what information to provide and how personal that provided information will be.
  • Access. Users should be able to view or contest the accuracy of personal data collected by the company.
  • Security. The companies are entirely responsible for the accuracy and security (keeping it properly away from unauthorized eyes and hands) of the collected personal information.
This means that a “Privacy Policy” serves as a way to inform users how their personal information will be used, along with how the information will be collected and who has access to it.

Who needs a Privacy Policy

Any entity (company or individual) that collects or uses personal information from users will need a Privacy Policy.
A Privacy Policy is required regardless of the type of platform your business operates on or what kind of industry you are in:
  • Web sites
  • WordPress blogs, or any other platforms: Joomla!, Drupal etc.
  • E-commerce stores
  • Mobile apps. Not having a Privacy Policy can be a reason for rejection during the app review.
    A Privacy Policy is required for all iOS apps. Section 17 of “Apple’s App Store Review Guidelines” and the “iOS Developer Program License” require developers with apps that collect personal information from users to have this legal agreement.
    It’s also a requirement from the “Developer Distribution Agreement” of Google to have a Privacy Policy for Android apps.
  • Facebook apps. Facebook requires all Facebook apps to have a Privacy Policy.
  • Desktop apps
  • All SaaS apps must have a Privacy Policy.
    Even if your SaaS app is only through a website and not through a mobile app (thus you’re not required by a third-party such as Apple or Google to have the agreement), you’re required by law to have the agreement because your app collects personal information from users.
  • Digital products.
  • If you use Google AdSense, you need a Privacy Policy.
    Google AdSense is requiring all websites through its “Section 8” of its Terms & Conditions agreement to have the policy ready:

The basics of a Privacy Policy

In the EU, the “Data Protective Directive” and the “ePrivacy Directive” acts are the laws that required EU companies to have a Privacy Policy.
The “Data Protective Directive” applies to websites or mobile apps that include the use of personal data of users, while the “ePrivacy Directive” applies whenever users’ data is directly or indirectly identifiable to a controller or to a third party.
There are differences between EU’s legislation regarding data safety and other states’ data privacy laws.
They are applicable only to businesses legally operating within the EU territory and to any other organization or company that collects personal data from EU citizens or data that concerns them. There are agreements between the EU and the US to ensure legal compliance with their law differences, such as Safe Harbor.
In the US, there are no overall laws. The U.S. privacy legislation may vary from one state to another. Certain federal laws that govern users’ data in some circumstances, such as in these examples:
  • The Gramm-Leach-Bliley Act. The obliges organizations to offer clear and accurate statements about their information collecting practices and it also limits usage and sharing of financial data
  • COPPA law. The act is especially for web sites that gather information about children under 13 – any site of this category is legally obliged to adhere to the restrictions implemented by the act.
  • Health Insurance Portability and Accountability Act. The act applies to online health services too.
  • California Online Privacy Protection Act.
  • SOPIPA law. This act applies if you collect personal data from students.
  • Content Eraser law. This law applies if you collect data from minors (under the age of 18).
In Canada, there’s the Personal Information Protection and Electronic Documents Act (PIPEDA) generated by federal privacy laws.
This law established acceptable standards to limit and organize personal data gathering, usage, and disclosure by commercial institutions. This means that organizations may gather, use and disclose that percent of information for purposes that a reasonable person would consider fit in the circumstance.
The Privacy Commissioner of Canada stands for receiving and peacefully taking care of complaints against organizations. Its purpose is to solve privacy matters through compliance, not through enforcement. It reaches complaints, spreads the importance of awareness of and conducts studies about privacy issues.
Before you draft this agreement for your business, consider the basic requirements for most online businesses that deal with personal data from users (this includes SaaS apps or Facebook apps as well).
  • That the privacy of your users is protected
  • That you take full responsibility to protect the privacy of your users
  • That you comply with active privacy laws.
Based on these above, the basic requirements of Privacy Policy agreements are:
  • What information you collect from users. “Information” means “personal information”: any kind of information that has the potential to identify a user.
  • What will you do with the collected personal information
  • With whom you share the collected personal information, i.e. with third-parties
Users need to know what kind personal data you collect from them. It’s best to tell users exactly what data you collect from them and why:
  • Contact information, such as email address
  • Name, profession and date of birth
  • Preferences and interests
  • And so on
Your agreement should mention why you collect this kind of data. Generally, the only purpose for collecting personal data from users is to use it and do what’s best for your company and users as well:
  • You may use the data gathered to help towards development of new services or improve your existing services
  • You may send users emails about special offers, new services or other information that may be interesting for them
  • You may use their data to get in touch with them in order to invite them to participate in market research
  • Nonetheless, their personal information may be used to personalize their sessions on your website in order to better fit their interests, such as offering them relevant, individually tailored content
If you already have the agreement for your website and you’re now launching a mobile app, you need to first consider what kind of new personal data you collect through the mobile app. Then update your agreement to include the new changes: what you collect from the website and from the mobile app.

What to include in Privacy Policy

What to include in a Privacy Policy depends on what personal information you collect, how you collect it and what you are doing with that collected information.
You’ll need to disclose if any third parties are involved collecting personal information in your name, i.e. you use MailChimp to collect email addresses to send weekly updates to your members.
A few examples:
  • The Information Collection And Use section is the most important section of the entire agreement where you need to inform users what kind of personal information you collect and how you are using that information.
  • Log Data disclosure section should inform users that certain data are collected automatically from the web browser users are using and through the web server you’re using: IP addresses, browser types (Firefox, Chrome etc.), browser versions and various pages that users are visiting.
  • Cookies disclosure should inform users that you may store cookies on your their computers when they visit the pages of your website.
    This applies even if you use Google Analytics (which would store cookies) or any other third party that would store cookies.
    It’s best to do this through a separate Cookies Policy.
  • Links To Other Sites is a very common disclosure added in a Privacy Policy informing users that your website may link to other websites outside your control or ownership, i.e. linking to a news website, and that users are advised to read the Privacy Policies of each website they visit.
  • Do Not Track clause. The Do Not Track requirement for a Privacy Policy applies only to U.S. companies.
  • Security disclosure in the policy can give users assurance that their personal data is well protected, but you may also want to note that no method is 100% secure.
    The security of your Personal Information is important to us, but remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Information, we cannot guarantee its absolute security.
    Example of trust elements can include SSL certificates. Definitely use SSL certificates if you have an ecommerce store.
Here’s how the Privacy Policy of Asana, a project management tool, informs users on what kind of personal information Asana collects:
The Privacy page of Asana clearly describes what kind of information a user can provide and how (by becoming a member, by connecting through Facebook, Twitter etc.):
Information You Provide: You provide us information about yourself, such as your name and e-mail address, if you register for an account with the Service, including by connecting to the Service via a third-party service, or by “following,” “becoming a fan,” adding the Asana application, etc., on a third party website or network.

The agreement also specifies that registered members (users) may receive marketing messages, but users can opt-out following unsubscribe instructions in each email sent by Asana:
We may use your email address to send you Service-related notices (including any notices required by law, in lieu of communication by postal mail). We may also use your contact information to send you marketing messages. If you don’t want to receive these messages, you can opt out by following the instructions in the message. If you correspond with us by email, we may retain the content of your email messages, your email address and our responses.

The Privacy Policy of The Guardian informs users what GMC (Guardian News & Media Limited) does with the collected data:
It specifies the four reasons why they collect personal information:
At GNM we collect different types of information about our users for four main reasons:
1. To provide personalised services unique to individual users.
2. To help us to monitor and improve the services we offer
3. To sell advertising space on the site. This helps us to keep the site free for people who visit it.
4. If we have permission from the user, to market services to them.

Here’s a list of questions that can guide you when drafting your own Privacy Policy:
  • What kind of personal information you collect?
  • What kind of personal information is collected automatically, e.g. via the web server (Apache, nginx etc.)?
  • What kind of third parties are collecting personal information from your users?
  • How are you using that personal information?
  • Do you send promotional emails (newsletters)? If yes, can users opt-out? If so, how?
  • And so on

How to enforce a Privacy Policy

Even if this agreement is required by law, it’s important to understand the enforceability issue of this agreement.
There are two methods of implementation in regards to the enforceability of a legal agreement: browsewrap and clickwrap.
A browsewrap agreement is defined as simply a link found in the footer of the web site:
In a clickwrap implementation, the website is informing users of the legal agreements that users need to read and agree to right when users sign up for an account:
You can use both: browswrap and clickwrap.
eBay is using a browsewrap technique by informing users of the legal agreements (its User Agreement page and its Privacy Policy page) in the footer of the website:
Then eBay uses the clickwrap technique when a user creates a new account:
This is the mandatory requirement of a new user to agree that they have read eBay’s User Agreement and Privacy Policy:
By clicking “Submit” I agree that:
  • I have read and accepted the User Agreement and Privacy Policy.
  • I may receive communications from eBay and can change my notification preferences in My eBay.
  • I am at least 18 years old.

Examples of Privacy Policy agreements

It doesn’t really matter if your website is based on WordPress or not. As long as you collect personal data, you’ll need a Privacy Policy.
It’s the same for mobile apps: all mobile appsshould have a Privacy Policy.
GitHub links to its “Privacy Statement” from the footer of the pages:
Its “Privacy Statement” includes a “short version” of what GitHub’s privacy practices with user data.
Here’s the most important part of GitHub’s Privacy Statement – the “What information GitHub collects and why section:
StackOverflow (StackExchange)
StackOverflow, part of StackExchange portfolio of website, takes a similar approach when linking to StackExchange’s Privacy Policy. It’s placed in the web page’s footer:
The Privacy Policy of StackExchange is simple. The left column is titled “Legally Useless Summary for Short Attention Spans”.
The most important clause is titled “Types of Information“:
Dropbox uses the embedded method for its iOS mobile app to make its Privacy Policy available to its users.
In the example below from Dropbox, you can see how a user, right from within the app, can navigate to the “Legal & Privacy” menu:
Clicking this will take the user to another menu screen that shows the list of entire legal agreements from Dropbox:
And ultimately to the content of the legal agreement, right within the app:
eBay uses the linked method to link to its “Mobile Privacy and Legal Notice” agreement for its users rather than linking to its standard Privacy Policy agreement page, which may be more difficult to read on a mobile device.
The mobile-friendly legal agreement from eBay, called “Mobile Privacy and Legal Notice“, provides short and clear information on all of the main concerns and issues that users would have. It’s the summary of eBay’s full Privacy Policy:
The same “Mobile Privacy and Legal Notice” agreement is embedded in eBay’s iOS app:
Evernote iOS app includes the Privacy Policy of Evernote right within from the app by using the embed method.
This simply opens the agreement’s web page within a screen on the app:
On Evernote’s website, this agreement is linked in the footer as well:
Twitter included their Privacy Policy right within the mobile app by using the embed method:
Twitter’s Privacy Policy, embedded in the app, is the same Privacy Policy from Twitter that can be found on Twitter’s official website, but made easily readable for mobile devices:
On Twitter’s website, the legal agreements are linked from the footer of the website:

Download Privacy Policy Template

Use the Privacy Policy Generator to create this legal agreement.
This template available for download, for free, includes these sections:
  • Information Collection And Use
  • Log Data
  • Cookies
  • Security
  • Links To Other Sites
  • Changes To This Privacy Policy
  • Contact Us

No comments:

Post a Comment

Personal Profile

Real Name _ Akshay Barwal Date of Birth   _        13-08-2002 Father Name. -   Daleep Singh Mother Name _ Meena Devi ...

Physical fitness and health