Free Privacy Policy Template for Website

Privacy Policy Template

Introduction: With the number of online users increasing, and interest rising around company privacy practices, a privacy policy on your website is essential. Children also have increased access to electronic devices and websites; they are protected in most instances from having personal information collected. This document is a general and broad privacy policy. It does, however, address the European Union’s General Data Protection Regulation (“GDPR”). Many other countries have drafted their privacy policy applicable laws based on GDPR standards. A quick search on social media will illustrate the ramifications of NOT having a privacy policy in place, not following the guidelines, and not ensuring you’re GDPR-compliant if you’re conducting any type of business in the EU. Key Points:

It is imperative – this cannot be over emphasized – that you work very closely with an attorney and/or information technology services to ensure that only the appropriate information is being collected based on location of IP address and other factors. There are very specific rules to be followed in the collection of personal information based on US/state laws and European Union laws – especially in relation to children under 13 years of age.
European Union laws – GDPR – are very similar to some of the US policies but they not the same! They too must be reviewed and in compliance. Again, consult information technology professionals and an attorney to interpret the laws properly. Much of this compliance will be behind the scenes and must be dealt with in specific ways.
Failure to properly protect, collect, and retain this information can result in significant fines.
You’ll want to ensure your business customer support contact information such as phone number, email address, location, and any other relevant information is accessible for inquiries regarding GDPR and stored information as well. They are your legal obligations.
You should work to understand the privacy practices that your service providers and third party services, as well as the advertising, and marketing, and sales partners who you work with and whose services you implement on your website as they are accessing/storing information from users on your site regardless of the web browser/operating system being used in most cases.
Some larger businesses have appointed data protection officers to head up this effort, depending on the scale of their business and breadth of operations. These team members are often in charge of evaluating practices, protection, security vulnerabilities, whether or not PII is being captured and location of information being stored, the retention period of stored data, whether there’s been unauthorized access to that information, and how the company responds to inquiries and requests around things like GDPR.

Helpful Information: In the US, privacy laws are left to each state and industry, not the federal government. This is why the Health Insurance Portability and Accountability Act (HIPAA) that protects the medical information of US citizens is one of the only federal privacy laws out there. Also institutions engaged in the financial sector are required by this the Gramm-Leach-Bliley Act to provide accurate and clear statements about how they share information. The Federal Trade Commission (FTC) applies to business privacy laws and protects US consumers. The FTC does not require privacy policies but including one is highly recommended. The FTC also has strict privacy laws relating to children. The Children’s Online Privacy Protection (COPPA) applies to websites or apps that collect information from children under 13. Such websites are required to have a privacy policy. It can be confusing for US and foreign companies to comply with so many state laws. However, there are a few important ones you should pay close attention to: California has the largest and most robust privacy laws of any state in the US. The California Online Privacy Protection Act (CalOPPA) protects the transmission and collection of the personal data of California residents. CalOPPA’s jurisdiction extends outside of California to the US and any company that collects data from California residents. Along with requiring a privacy policy, CalOPPA also requires:

What data is collected
Why the data is collected
How to update and change preferences in the privacy policy
How companies handle Do Not Track Signals

California recently added to its list of privacy laws by enacting the California Consumer Privacy Act (CCPA). The CCPA created new consumer rights in the collection of data by for-profit businesses. Required updates to privacy policies include the option to opt-out of data collection, a disclosure of the sources of the collected information, and lists of data sold and data disclosed for business purposes in the last 12 months. New York‘s Shield Act protects the private data of New York residents that are collected by New York and foreign companies. The New York act gives companies leeway on how to safeguard personal data, but policies must comply with the Act’s standards. The Shield Act extends to biometric data, emails, and financial accounts. Washington‘s Privacy Act (WPA) has yet to be passed by the state, but if approved the act would have some similar requirements to California’s CCPA. The WPA requires opt-out options, notification of categories of data collected, and large security practices. The Delaware Online Privacy and Protection Act (DOPPA) protects Delaware residents’ privacy rights in their personal information. Like CalOPPA, DOPPA requires posting a privacy policy and protection to children. DOPPA’s reach extends to online companies, apps, and ebooks. Other Business Documents: ApproveMe.com has many contract and business templates available. A secure method to get an agreement signed is online. Online signatures of the parties are legally binding. This is a convenient way to expedite the process and eliminate stress for both you and the client. You can use ApproveMe.com to ensure you have a legally binding signature. Additional: Additional information may be found at the sites below: https://www.natlawreview.com/article/federal-privacy-legislation-update-consumer-data-privacy-and-security-act-2020 https://www.ftc.gov/news-events/media-resources/protecting-consumer-privacy-security https://gdpr.eu/

Your Signing experience is worth celebrating!

ApproveMe is easy document signing for busy people. Built on the belief that every new agreement with a customer or client should be celebrated.

Preview of ApproveMe app, celebrating easy user experience

PRIVACY POLICY

This privacy statement is applicable to ______________ [insert company name] and all its affiliates. The policy is to respect and protect the privacy of our users. The ______________ [insert company name] (hereafter referred to as “Company” or “__________.com”) does not collect personally identifiable information about individuals except when such individuals specifically provide such information on a voluntary basis. For example, such personally identifiable information may be gathered from a contest or sweepstakes registration, the registration process for subscription sites or services and in connection with content submissions, community postings (e.g., chat and message boards), suggestions, voting/polling activities and transactional areas. Personally identifiable information on individual users will not be sold or otherwise transferred to unaffiliated third parties without the approval of the user at the time of collection. At such points of collection, the user will have the opportunity to indicate whether he or she would like to “opt out” of receiving promotional and/or marketing information about other products, services and offerings from the Company and/or any third parties. While the Company does not anticipate a large number of children accessing our website, we are committed to protecting the privacy of children who use our sites and applications. Our Company has established practices compliant with the U.S. Children’s Online Privacy Protection Act (“COPPA”) regarding children’s personal information. _________________.com is sharing personally identifiable information with Google Analytics (acting as its site traffic gathering agent for this limited purpose) for the sole purpose of gathering statistical data on visitors to the site and the pages viewed by those visitors. If you wish to opt out, visit Google Analytics’ privacy center. [insert this information if you are using any kind of analytics for gathering information…and insert the appropriate website/company you are using] Further, notwithstanding any opt out of promotional information by the user, the Company reserves the right to contact a subscriber regarding account status, changes to the subscriber agreement and other matters relevant to the underlying service and/or the information collected. The Company may disclose user information in special cases when we have reason to believe that disclosing this information is necessary to identify, contact or bring legal action against someone who may be causing injury to or interference with (either intentionally or unintentionally) the Company’s rights or property, other Company users, or anyone else that could be harmed by such activities. The Company may disclose user information when we believe in good faith that the law requires it. The Company reserve the right to perform statistical analyses of user behavior and characteristics in order to measure interest in and use of the various areas of the site and to inform advertisers of such information as well as the number of users that have been exposed to or clicked on their advertising banners. The Company will provide only aggregated data from these analyses to third parties. Also, users should be aware that the Company may sometimes permit third parties to offer subscription and/or registration-based services through the Company’s site. The Company are not responsible for any actions or policies of such third parties and users should check the applicable privacy policy of such party when providing personally identifiable information. Additionally, users should be aware that when they voluntarily disclose personally identifiable information (e.g., user name, e-mail address) on the bulletin boards or in the chat areas of the Company’s sites, that information, along with any substantive information disclosed in the user’s communication, can be collected and correlated and used by third parties and may result in unsolicited messages from other posters or third parties. Such activities are beyond the control of the Company. Users also should be aware that non-personal information and data may be automatically collected through the standard operation of the Company’s internet servers or through the use of “cookies.” Cookies are small text files a web site can use to recognize repeat users, facilitate the user’s ongoing access to and use of the site and allow a site to track usage behavior and compile aggregate data that will allow content improvements and targeted advertising. Cookies are not programs that come onto a user’s system and damage files. Generally, cookies work by assigning a unique number to the user that has no meaning outside the assigning site. Users should be aware that the Company cannot or does not control the use of cookies or the resulting information by advertisers or third parties hosting data for the Company. If a user does not want information collected through the use of cookies, there is a simple procedure in most browsers that allows the user to deny or accept the cookie feature; however, users should note that cookies may be necessary to provide the user with certain features (e.g., customized delivery of information) available on the Company’s site. Upon request, the Company will allow any user to “opt out” of further promotional contacts at any time. Additionally upon request, the Company will use reasonable efforts to allow users to update/correct personal information previously submitted which the user states is erroneous to the extent such activities will not compromise privacy or security interests. Also, upon a user’s request, the Company will use commercially reasonable efforts to functionally delete the user and his or her personal information from its database; however, it may be impossible to delete a user’s entry without some residual information because of backups and records of deletions. The foregoing policies are effective as of ________________ [insert effective date]. The Company reserves the right to change this policy at any time by notifying users of the existence of a new privacy statement. This statement and the policies outlined herein are not intended to and do not create any contractual or other legal rights in or on behalf of any party. By using this site, you signify your assent to the Company’s Privacy Policy. If you do not agree to this policy, please do not use our sites. Your continued use of the Company’s sites following the posting of changes to these terms will mean you accept those changes. If you have questions or concerns regarding this Web site’s privacy statement, contact the Company. [insert/create hyperlink to company’s customer service or info email box] As our Company is headquartered in the United States, we adhere most closely with applicable federal and state laws. We do, however, value our non-US users. The Company has implemented policies to adhere to the European Union’s General Data Protection Regulation (“GDPR”) which includes strict data protection principles that organizations must follow in order to protect the personal information they collect about their clients or people who visit their websites. While many rules and actions may be the same in the US and EU, there may be specific instances of policy differences. If you are concerned about how your personal information is being collected in connection with GDPR, please use this contact information and reach out to the Company. [insert/create hyperlink to company’s customer service or info email box].