But this isn’t something that should slide through the cracks.
Let’s do this.
- Privacy Is a Good Policy
- Want to Learn More?
Start selling online now with ShopifyStart your free trial
The information covered in your policy should detail all private data that you collect through your site, like the user’s:
- Phone number
- Credit card info
- IP address
- Web-browsing data
GDPR, CalOPPA, and COPPA
GDPR: If your website collects data from any person who lives in the European Union (EU), General Data Protection Regulation (GDPR) guidelines apply to you.
According to the EU, failure to meet GDPR guidelines – and violation of your users’ privacy, as the law phrases it – can result in fines of up to 4 percent of your revenue or a whopping €20 million, whichever figure is higher.
CalOPPA: If your website collects data from any person who lives in California, the California Online Privacy Protection Act (CalOPPA) applies to you.
The U.S. operates a bit differently than most countries in that privacy decisions are left to individual states instead of enacted on the federal level.
COPPA: You might also want to comply with the United States’s Children’s Online Privacy Protection Rule (COPPA), which places restrictions on websites that are geared toward children age 13 or younger.
It’s simple to meet these requirements, so don’t take any risks!
Before it’s ready to publish on your website, you’ll first need to read through it and replace or delete the placeholders that denote spots for more information. These placeholders are easy to identify because the text is written in all caps and placed inside a double bracket.
[[LIKE THIS, SEE?]]
According to the website, building yours should take about 15 minutes.
That’s because there are several steps, each asking a series of questions to make your policy specific and comprehensive.
The basic policy only asks for a few key details. It won’t meet international standards, but it’s another option for a quick fix while you develop a more comprehensive policy.
- The types of personal information your site asks for
- How you use the information you collect
- Which third-party services you disclose user data to
- The types of cookies on your website
Read through the options carefully, and unselect the ones that don’t apply to your website.
In addition, there are some other options that will incur extra costs, like if you want your policy to be GDPR or CalOPPA compliant.
The policy is self-updating and allows you to add more than 650 clauses that are specific to your company’s circumstances and operations.
It’s up-to-date with the latest international laws, including GDPR and CalOPPA compliance. You can also generate your policy in eight different languages, which is super handy if you publish your website in different languages based on region.
For each service you select, a small piece of policy from iubenda’s team is added to your final product.
If you’re in a pinch and need something up quick, this is a good option. But keep in mind that it’s by no means comprehensive.
At the end of the day, you’ll likely want to include more robust details that meet GDPR requirements and other pertinent laws that might affect your business.
However, there are several options that charge a fee, like if your site:
- Asks users for their location
- Allows users to make purchases through the site
- Might be sold in the future
- Wants to include measures for GDPR or CalOPPA compliance
While it’s not free for businesses, it offers a step-by-step process that’s worth the cost to ensure that all your bases are covered.
If your website is on WordPress, you can download and install the WP AutoTerms plugin. With high ratings and more than 100,000 active installations, it’s clear that plenty of people are happy with it.
The basic version is free, but if you want to include GDPR wording, a banner that informs visitors that you’re using cookies, or notification that you’re using affiliate links, you’ll need to download the Premium Version.
The Premium Version costs $39 per website for one to two sites.
Another thing to keep in mind is that the template says that your website is hosted by 3dcart. If your website isn’t, be sure to change that!
If you’ve created a mobile app that collects personal information from people, you can download and use Firebase.
Overall, it’s a simple tool that instantly generates privacy policies for apps without even requiring email confirmation.
Personal Data Your Website Collects and How It’s Collected
Tell your visitors which information you’re collecting, like account info, data through third-party services like Facebook or Google, email communications, and the data that your website’s cookies collect.
Include how that data is collected. Was it automatically collected from the user’s browser or mobile device, directly and voluntarily from the customer, or through a third party?
Here’s an example from Shopify store Brilliant, which has a robust section on this information.
How That Data Is Used
If you have a dropshipping store, you’re obviously using personal data to provide your service by collecting payment and sending products.
But it doesn’t stop there. For example, you’re providing a customer’s personal information to your supplier to send the items. If you send newsletters, you’re providing their email to the third-party service provider you use, like MailChimp or Gmail.
And there’s usually a lot more to consider.
Integration and Data Sharing With Third-Party Services
Tell your users how and why you’re affiliated with these services, and how their data is used.
Here’s an example from Shopify store Quad Lock, which also includes links to the privacy policies of those third-party services.
Rights of Your Users
To be compliant, you must be transparent about the rights your users have to access, modify, and delete the personal data you’re storing about them.
In this section, it’s a good idea to provide contact information, like an email address where they can email you to make their data requests.
Shopify store 49th Parallel Roasters has a direct and easy-to-read rights section that includes the data points that users can access and what their choices are for making amendments to the data.
Privacy Is a Good Policy
As we hurdle into the 21st century, data security is a huge deal. It’s critical that we have rules and guidelines in place for what companies can do with people’s private data.
It’s also important that we empower those people with the ability to know what’s happening with their data. And as GDPR sets a good example, many agree that people should have some level of control over the personal information companies are keeping and what they’re doing with it.
You’re also giving them a level of empowerment through transparency, which will ultimately help to build their trust and inspire loyalty for your brand.
Start selling online now with ShopifyStart your free trial