What should privacy policy contain

Some websites permit users to either transmit text messages to the company for support purposes, for example or between users on dating sites, for example. If this is applicable to your site, then you should notify the user that the company reserves its right to retain this information indefinitely. Your website's privacy policy should also tell users how your company might utilize their data. Here are some possibilities. If your company sells products online, it must collect user information in order to ship the product or otherwise make it available to the user.

Whether your company provides a product or service, it needs user information for customer support services, including dealing with guarantees, returns, repairs, replacements, rescheduling, cancellations, billing and payment issues, or other matters. Your company might also collect user information for routine follow-ups in order to assess customer satisfaction. Your website might use personal information for periodic general announcements to users. These can include notifications, updates regarding the company or the site, marketing communications, and so forth.

Your company might need to use personal user data in connection with website maintenance, upgrades, new releases, or analytics data review or compilation.

Your privacy policy should make it clear that your company will be required to share user data with any third-party service providers that it might engage to assist in these efforts. Similarly, your company might have to share user information in connection with third-party marketing or advertising services.

However, your company should be responsible for ensuring that these service providers employ adequate security measures with respect to user data. In addition to the administrative and marketing purposes discussed above, your privacy policy should further describe any other instances in which it might share user information. Feel free to start with the following general statement:.

We do not sell or rent information about you. We will not disclose personal information or message data to third parties without your consent, except as explained in this Privacy Policy.

Note that if your company is subject to any industry-specific regulations regarding the sharing of user information for example, the protection of patient information under HIPAA guidelines , then you should further reassure the user that your company will adhere to such regulations.

Sharing with affiliates or acquirers. Your company must be permitted to share user data with its affiliated entities, including parent companies and subsidiaries. Furthermore, if the company participates in a merger, stock purchase, asset purchase, or other acquisition, it will be required to share user information with the purchaser or surviving entity.

Your company might be required to disclose user information in order to comply with any court orders or applicable laws.

The following is a standard provision that addresses this issue:. We may therefore disclose personal information, usage data, message data, and any other information about you, if we deem that it is reasonably necessary to: a satisfy any applicable law, regulation, legal process such as a subpoena or court order , or enforceable governmental request; b enforce the Terms of Use, including investigation of potential violations thereof; c detect, prevent, or otherwise address fraud, security or technical issues; or d protect against harm to the rights, property or safety of the Company, its users or the public, as required or permitted by law.

Your privacy policy should assure users that the company will use necessary measures to protect the security of their data. However, the policy should also emphasize that it's impossible for the company to completely guarantee that user data will be immune from malicious attack or compromise; as such, the users should understand that their transmission of personal data is always at their own risk.

Assuming that your company will collect and store all user data domestically, your privacy policy should notify users that their information will be subject to the laws of the United States of America, regardless of the country from which their data originates. The user should be permitted to correct, update, or change their personal information, or adjust or cease the frequency with which they receive company communications.

The user should also have the ability to disable their account, in accordance with the Terms of Use. Secondly, it should include instructions on how to opt out of email communications and how to prevent the site from sharing personally identifiable data. The cookie policy is third. Your privacy policy must contain at least five items: the personal information collected, the categories of third parties with whom your company shares the information, how consumers can review and request changes to their information, how your company notifies consumers of material changes to your privacy policy and the effective date of your privacy policy.

Some enterprise companies will choose not to use a product based on the stated privacy policy. YEC members represent nearly every industry, generate billions of dollars in revenue each year, and have created tens of thousands of jobs.

Learn more at yec. Show index. What data is being collected? How is that data being collected? What is the Legal basis for the collection? For which specific purposes are the data collected? Email Marketing? You can read more about that here. Which third parties will have access to the information?