A privacy policy is one of the most important documents on any website. It details your company's views and procedures on the information collected from visitors.
Although a privacy policy is technically a legal document, great effort should be made to craft a document that is both accurate and easy to understand, obscuring hidden clauses in reams of text is not acceptable.
The main sections are as follows:
Introduction: This section can tell your visitor a little about your organization, and any special information or functions that your website has. If your website has special conditions for collecting information from children (under 16 etc), you should state them clearly in this section.
Information Collected: Visitors have a right to know what information you are collecting. It may be obvious that you are collecting personal details by asking them to complete a form, but you should make it clear. You should also include information logged by your servers, such as hostnames and IP addresses.
Method of Collection: This details the methods you use to collect the information. Is it all automated? Do the forms visitors fill in collect other information, such as the original referrer? All of these questions will help you build a detailed description of how you collect information.
Storage of Information: How is the information stored? If you store information in a database and are located in the UK you may need to register with the government regarding the data protection act. If your servers are in the EU you will need to ask permission to transmit data outside the union, even if it stays within your company. Visitors have a right to know that you will make every effort to store their personal information in a safe and secure environment.
Contact details: Its important to be as transparent as possible, and allow users to contact you if they have a query. You should feature both an email address (or online form), as well as a real world address where a user can write to.
Example of Privacy Policy Document: Privacy Trust
At PrivacyTrust we are committed to protecting the privacy of your personal data. Any personal data that you share with us will be kept safe and secure. We want to be clear about how and when we collect data from you and how and why we use it. Our Privacy Notice explains in detail the types of data we may collect about you and how we will use and store your personal data.
PrivacyTrust is International Charter Ltd, we provide services related to data privacy. 1st Floor North, St Georges House, Knoll Road, Camberley GU15 3SY
When you contact us we collect:
Cookies are small text files on your computer, smart phone, tablet or other device. They are made by your web-browser when you visit a website. Every time you go back to that website, your browser will send the cookie file back to the websites server. Cookies do lots of different jobs, like letting you navigate between pages efficiently, remembering your preferences and generally improving the user experience.
We use cookies for functional reasons and analytics; you have the option to opt out of analytics.
Non-Personally Identifiable InformationThis website also collects and uses information in aggregate form to track the total number of visitors to our site, the number of visitors to each page of our site, the domain names of our visitors' Internet service providers, and other such technical information. This is technical information that does not by itself identify a specific individual. No personally identifiable information is available in this process and referred to as "non-personally identifiable information". We use this data to better target our marketing efforts.
We use your information to:
Legitimate Interest: is used when it is necessary for our legitimate interests and your interests and fundamental rights do not override those.
It allows personal data to be collected and used if it is reasonably necessary for our legitimate interests, without this the site would not work.
We will use legitimate interests to:
We don't currently run any marketing newsletters
We keep your information for 12 months after your initial enquiry.
Unless you become a client, at which time we retain your information for 7 years (due to regulatory requirements) after you cease to be a client.
We do not share or swap your data with any other organisation. There may be a need to disclose your personal data upon request to regulatory and government bodies as well as law enforcement agencies.
Although we are not responsible for determining the age of website visitors, gdpr.org is primarily designed and meant to be used by individuals over 16 years of age. If you are younger than this then please review the terms of this privacy notice with a parent or guardian.
We want to ensure that your rights are upheld when we use and store the information you give to us.
Accessing the information that we hold on you – Subject Access Request
You can request a copy of the information that we have on you, this will be free of charge in most cases, please let us have details of the personal data you want to see and proof of your identity, please use the contact form at https://www.privacytrust.com/about/contact.php or by writing to us at Data Access Request, PrivacyTrust, 1st Floor North, St Georges House, Knoll Road, Camberley GU15 3SY
Correcting the information that we hold on you
If your personal information is out of data or is incorrect, we will correct it for you
You wish your personal data to be erased from our records
Simply let us know and we will delete you from our database, this will mean that all records of you will be erased from our database, please note for legal reasons we may not always be able to do this.
You can restrict the processing that we do
You may object to our use of your personal data. We aim to update your record within 5 days.
You wish to take your information away from us
We will provide you (or a third party you nominate) with your personal data in a structured, commonly used and machine-readable format.
If you feel that your data is not being managed in an appropriate manner, you can raise a concern with the ICO, we are registered under International Charter Ltd
You can also find general information from the ICO
https://ico.org.uk/for-the-public
As an organisation we are totally committed to keeping your data safe. Your personal data is stored in secure servers based in the EU. We regularly monitor our systems for vulnerabilities. Access to your data is closely monitored; it is only accessible by staff and contractors who are bound by appropriate policies and procedures to protect your information.
If you have a problem and wish to contact us please use: datamanager@privacytrust.org, we will aim to answer your query within 5 days.
By post: Data Manager, PrivacyTrust, 1st Floor North, St Georges House, Knoll Road, Camberley GU15 3SY
If you are an EU citizen or located in the EU, your data will not be transferred out of the EU
We would suggest that you read this Privacy Notice carefully to ensure that you are well informed about and understand our practices. We may from time to time update this notice, so please do take the time to check it regularly. If we are in regular contact with you and there are significant updates we will inform you.
Privacy Contact InformationYou can contact PrivacyTrust regarding privacy matters via email at help@aivara.in
Change of Privacy PolicyIf we are going to use your personally identifiable information in a manner different from that stated at the time of collection through this Web site, we will notify you via email. You will have a choice as to whether or not we use your information in this different manner. In addition, if we make any material changes in our privacy practices that do not affect user information already collected through our site, we will post a prominent notice on our web site notifying users of the change.
SecurityWe take careful measures to prevent the loss, misuse, and alteration of your information. We use Secure Sockets Layer (SSL) technology supporting 128-bit encryption when we collect information from you during the certification application process.
In the event of a merger all data will be transferred to the new entity.
In the event of PrivacyTrust ceasing operations entirely all personal data will be destroyed within 28 days.
ChildrenWe do not intentionally collect information from persons under the age of 16.
Third Party Links and AdvertisementAs a convenience to our visitors, PrivacyTrust sites currently contain links to a number of sites that we believe may offer useful information. The privacy policies and procedures described here do not apply to those sites. We suggest contacting those sites directly for information on their data collection and distribution policies.
On occassion we run awareness campaigns using advertising networks, we do not install their tracking cookies on our site