A Privacy Policy agreement is the agreement where you specify if you collect personal data from your users, what kind of personal data you collect and what you do with that data.
This agreement is required by law if you collect personal data. Personal data is any kind of data or information that can be considered personal (identifies an individual) such as:
- Email address
- First and last name
- Billing and shipping address
- Credit card information
What is a Privacy Policy
A Privacy Policy is a legal statement that specifies what the business owner does with the personal data collected from users, along with how the data is processed and for what purposes.
This agreement can also be known under these names:
- Privacy Statement
- Privacy Notice
- Privacy Information
- Privacy Page
A Privacy Policy can be used for both your website and mobile app if it’s adapted to include the platforms your business operates on.
The requirements for Privacy Policies may differ from one country to another depending on the legislation. However, most privacy laws identify the following critical points that a business must comply with when dealing with personal data:
Notice – Data collectors must clearly disclose what they are doing with the personal information from users before collecting it.
Choice – The companies collecting the data must respect the choices of users on what information they choose to provide.
Access – Users should be able to view, update or request the removal of personal data collected by the company.
Security – Companies are entirely responsible for the accuracy and security
(keeping it properly away from unauthorized eyes and hands) of the collected
personal information.
Who needs a Privacy Policy
Any entity (company or individual) that collects or uses personal information from users will need a Privacy Policy.
A Privacy Policy is required regardless of the type of platform your business operates on or what kind of industry you are in:
- Websites - WordPress blogs, or any other platforms: Joomla!, Drupal etc.
- E-commerce stores
- Mobile apps – Not having a Privacy Policy can be a reason for rejection during the app review.
For example, as of October 2018, a Privacy Policy will be required for all iOS apps.
Facebook apps – Facebook requires all pages, groups and events that collect user data to have a Privacy Policy:
Desktop apps
All SaaS apps must have a Privacy Policy
Digital products
If you use Google AdSense, you need a Privacy Policy:
The Basics
In Canada, we have the Personal Information Protection and Electronic Documents Act (PIPEDA) generated by federal privacy laws.
This law established acceptable standards to limit and organize personal data gathering, usage, and disclosure by commercial institutions. This means that organizations may gather, use and disclose that percent of information for purposes that a reasonable person would consider fit in the circumstance.
The Privacy Commissioner of Canada stands for receiving and peacefully taking care of complaints against organizations. Its purpose is to solve privacy matters through compliance, not through enforcement.
What to Include:
Information Collection and Use
This section is the most important section of the entire agreement where you need to inform users what kind of personal information you collect and how you are using that information.
Types of Data Collected
- Personal Data
- Usage Data
- Tracking & Cookies
- Use, Transfer & Disclosure of Data
- Security of Data
- Contact Information
And Finally, a few questions to consider when developing a Privacy Policy:
- What kind of personal information do you collect?
- What kind of personal information is collected automatically, e.g. via the web server (Apache, nginx etc.)?
- What kind of third parties are collecting personal information from your users?
- How are you using that personal information?
- Do you send promotional emails (newsletters)? If yes, can users opt-out? If so, how?