Privacy Policy - What Do You Need In It

Privacy Policy – What Do You Need In It

Welcome to the fourth part in the Privacy Policy series. In the previuos three sections we have looked at generally what a privacy policy is about and had a more indepth look at what it is exactly. Then we also examined in the last session personal data and what it is.

Welcome to this the fourth one where we are taking a dive into what you need in a privacy policy. What are the different components and text pieces that you need to make up a good privacy policy in these current times.

One of the things that you will immediately need is to state how any client or customer coming to your website will be able to contact you. This can be as simplye as stating your website address. Or depending on the jurisdiction you are in, you may be required to state more information such as a contact person, the address, the telephone number perhaps even the email. But at the bear minimum you should provide the website address. So that is the first bit of information about how people contact you.

You should also have a clear outline of the kind of data you collect on your website. Whether it be an email address, or whether it is going to be firstname, surname, credit card details or address. You need to have a clear list outlining what kind of data you collect.

The next stage would be to let your users know what happens to the data when it is collected. Where do you store it? How do you process it? Very important. In addition to what you do with the data the user should also know or be able to have a clear understanding from your privacy policy what happens if they actually dont want to give you the data. They dont want you to collect it. What happens if they decline? Will they still be able to use your website? Will things work correctly or will they not? These are issues that must be clearly outlined in your privacy policy.
The next thing to consider is methods. You need to kind of give the user an outline on the methods you are going to use to process the data. What is going to happen to it? What method are you going to use to collect that data. That must be clearly stated. How you protect their data? In what way. What is it within your system, within your processing platform that helps them protect their data or helps you protect the data you collect from them. In some instances and depending on your jurisdictions all these things may vary.

Another thing you need to consider is location . Where exactly is the data processed? Is that something your users need to know because the jurisdiction you are in requires that you make a clear statement in your privacy policy about this. You might want to consider this in particular in the developing country scenario, especially in Africa.You might want to state this because alot of the time, even though websites appear to be local, they are hosted in other countries.

That brings me nicely to the next point. You really need to state what happens when data is transferred outside your country , outside the EU, or to other international destinations or even entitites or public international bodies like the UN and then what are the international and local laws that prevail in those areas that might be a positive or negaitve to your data. So there has to be a clear statement of what happens when data is transferred intra and inter country. Very very important.

Because of many of the new rules on privacy. Privacy policy for personal data. It is now becoming very important to state how long the personal data of your customers or your users will be kept. You might want to state a retention expiration time or date or period. As in a period after which that data is deemed to have expired and maybe expunged and maybe deleted. If you are going to have a retention period then you need to clearly state what happens, after that retention period has expired, to the data.

In addition there needs to be a clear purpose. Why are you collecting the data? Are you collecting it in order to contact me? Are you collecting it in order to send newsletters? You must state in your privacy policy why you even bother to collect the data.

Another fact to consider in terms of what should be in your privacy policy, another statement should also outline what are the rights of the user regarding the collection and processing of their personal data. Or if they want access to their data to check and make sure it is correct and where they find that it is not correct, there should be a way to make that data correct. Where do they go? Who do they contact? What happens if they want to ask you to delete their data? Again who do they contact? Where do they go and what is the process ? What actually happens and when does it happen?

Nowadays there is this option that can be switched on in mobiles, tablets, not so sure about pcs that “says” do not track. It is a do not track request that is basically a flag saying dont track me when i come to your website. Do as if i am an anomimous user. Now what happens? Does your website or your app cater for this or does it not? You need to clearly state this in your privacy policy.

Now it sounds very boring but all these statements are required. The more complex your website, the more functionality it has, the more features it has, the more third party sites it interacts with, the more complex it is likely your privacy policy needs to be. It needs to be able to incorporate any other issues that may arise from all the other situations listed.

One of the final things i would like to touch on is most privacy policies, especially the bigger ones, especially as the website becomes more complex will have a page that defines all the common terms you expect to find when you are talking about privacy policy. So there will be definitions on personal data, usage data, what a user is , the data subject,the data processor, the data controller, an application, services, jurisdictions like the European Union, cookies and basically legal information. This is just a quick nutshell. A quick touch on all the different sections that you may or may not need depending on the complexity of your site, depending on how many other plugins and third parties you interact with, in order to create what should be a robust, in some cases a legally binding, privacy policy that helps your users and the customers that come to your website to clearly understand what your privacy policy is in terms of how you deal with them and their personal data.

Now, I hope this brief run through on what is required will help you create your own privacy policy. You can create it manually or you can create it through means that we will discuss in the next session.

I hope to meet you there. Thank you for now.

This is YJ.


Leave a Reply

Your email address will not be published. Required fields are marked *