This agreement is required by law if you collect personal data. Personal data is any kind of data or information that can be considered personal (identifies an individual) such as:
- Email address
- First and last name
- Billing and shipping address
- Credit card information
This agreement can also be known under these names:
- Privacy Statement
- Privacy Notice
- Privacy Information
- Privacy Page
The requirements for Privacy Policies may differ from one country to another depending on the legislation. However, most privacy laws identify the following critical points that a business must comply with when dealing with personal data:
Notice – Data collectors must clearly disclose what they are doing with the personal information from users before collecting it.
Choice – The companies collecting the data must respect the choices of users on what information they choose to provide.
Access – Users should be able to view, update or request the removal of personal data collected by the company.
Security – Companies are entirely responsible for the accuracy and security
(keeping it properly away from unauthorized eyes and hands) of the collected
- Websites - WordPress blogs, or any other platforms: Joomla!, Drupal etc.
- E-commerce stores
In Canada, we have the Personal Information Protection and Electronic Documents Act (PIPEDA) generated by federal privacy laws.
This law established acceptable standards to limit and organize personal data gathering, usage, and disclosure by commercial institutions. This means that organizations may gather, use and disclose that percent of information for purposes that a reasonable person would consider fit in the circumstance.
The Privacy Commissioner of Canada stands for receiving and peacefully taking care of complaints against organizations. Its purpose is to solve privacy matters through compliance, not through enforcement.
What to Include:
Information Collection and Use
This section is the most important section of the entire agreement where you need to inform users what kind of personal information you collect and how you are using that information.
Types of Data Collected
- Personal Data
- Usage Data
- Tracking & Cookies
- Use, Transfer & Disclosure of Data
- Security of Data
- Contact Information
- What kind of personal information do you collect?
- What kind of personal information is collected automatically, e.g. via the web server (Apache, nginx etc.)?
- What kind of third parties are collecting personal information from your users?
- How are you using that personal information?
- Do you send promotional emails (newsletters)? If yes, can users opt-out? If so, how?