ARTICLE
18 July 2024

Privacy Policy Cheat Sheet For E-Commerce Websites

EPDG Business Law

Contributor

EPDG Business Law logo
Explore
By now, you know that you need a Privacy Policy. But you've probably copied/pasted it from another site or competitor and think you're fine, right? WRONG! Every website is different.
United States Privacy
Photo of Silvino E. Diaz
Authors
To print this article, all you need is to be registered or login on Mondaq.com.

By now, you know that you need a Privacy Policy. But you've probably copied/pasted it from another site or competitor and think you're fine, right? WRONG! Every website is different. Some allow uploads, some have message boards, and some sell subscriptions. Depending on what your site or app does, is what you collect, and you need to alert your users and get protection for it. So what should you look out for?

Here's a basic privacy policy cheat sheet:

  1. Name of the entity: Be sure to specify the name of your company and any affiliates bound by the agreement.
  2. Types of data collected: Be specific as to what you'll be collecting. Examples include names, email addresses, IP addresses, credit card numbers, and others.
  3. Method of collection: Identify how you will collect user's data; whether via forms, cookies, server logs, or others.
  4. Reason for collecting data: This can be either for order processing, applications, memberships, or others.
  5. Intended use: How does your website employ the information it receives from customers? Is it to provide services, improve the site, or send newsletters?
  6. Legal Basis: Explain how you are legally able to use the information. It may be because your users consent to it, for contract performance, or a legitimate interest such as data privacy.
  7. Get consent from users: Also outline the procedure for users withdrawing their consent. This includes informing of Users' rights regarding their data such as access, rectification, deletion, and portability.
  8. Implement Security measures: Have protocols in place to protect personal data, which means having an Incident Response Plan, assigning officers to security roles, hiring cybersecurity companies, getting insurance for attacks, and others.
  9. Use of data: How are you going to use the information you collect, for how long, and will anyone else be able to access it. This includes informing the users about data retention, and procedures for secure deletion; as well as your policies for sharing Information with Third Parties, and any safeguards required from them to protect user's data.
  10. Changes to Policy: How will you inform users about amendments to the policy? Information for Minors: Policies about processing data and obtaining parental consent

Do you have questions about your site or app? Reach out to us for a consultation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Silvino E. Diaz
Silvino E. Diaz
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More