Table of Contents
It is required by law if you collect personal information (also called personal data or personally identifiable information), which is defined as any kind of information that can be used to identify an individual, including an email address, first and last name, or billing information.
- Privacy Notice
- Privacy Statement
- Privacy Clause
- Privacy Agreement
- Privacy Page
- Privacy Information
- Data Privacy Agreement
- GDPR Policy Statement
- Notice of Collection: what personal information is collected
- Method of Collection: how and where personal information is collected (including through tracking technologies such as cookies)
- Reason for Collection: for what purposes the information is collected
- Use of Personal Information: how is personal information being used
- Third Parties: how and why is personal information being shared with third parties or sold to third parties, if applicable
- Security Measures: how is the personal information being transferred and protected
- Rights: what rights do users have over their personal information
- Choices: what choices can users exercise over their personal information
- Contact Information: what is the contact information for the website
- E-commerce shops
- Blogs, including WordPress blogs
- Mobile apps
- Facebook apps, pages, groups, and events
- Digital products
- Using Google Adsense
- Desktop apps
If you have any users or visitors from the European Economic Area (EEA), which includes all of the European Union (EU) member states, you are required to comply with the General Data Protection Regulation (GDPR).
The GDPR went into effect in May of 2018 and has had a wide impact on businesses and websites across the world, as these businesses and websites now must comply with the stringent regulations imposed by the GDPR.
In the U.S., privacy laws may differ from state to state. These privacy laws include:
If you collect information from residents of California, you are required to comply with the California Consumer Privacy Act (CCPA). CCPA went into effect on January 1, 2020 and is the most robust data privacy law in the U.S. It is designed to protect the privacy rights of residents of California, and governs use of their personal information.
In Canada, you are required to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) if you collect, use or disclose personal information in the course of running your business.
PIPEDA is a federal privacy law that went into effect on January 1, 2004. Among other things, it requires that you have policies in place outlining how you manage personal information and implement procedures to secure that personal information.
This is far from an exhaustive list, as there are hundreds of Privacy Laws across the world, with new regulations coming out each year.
- Facebook Page
- Facebook Group
- Facebook Event
Collecting Data From Users
If you collect content and information directly from users, your Page, Group or Event must make it clear that you (and not Facebook) are collecting it, and must provide notice about and obtain user content for your use of the content and information that you collect. Regardless of how you obtain content and information from users, you are responsible for securing all necessary permissions to reuse their content and information.
- That you are transparent about your use of their personal data
- That you are protecting their personal data
- That you are complying with Privacy Laws
- That you understand and respect the rights they have to their personal data
What Personal Information You Collect
While you do not need to enumerate every piece of personal information, under both the GDPR and CCPA, you need to be specific about what categories of personal information you collect. As examples, categories of personal information that you collect may include:
- Personal Data (such as first and last name, email address, or physical address)
- Financial Data (such as credit score or credit card billing information)
- Derivative Data (such as browser type and language or IP address)
- Mobile Data (such as mobile manufacturer or operating system and version)
- Social Network Data (such as Instagram log-in username and password)
- Third Party Data (such as social media profile picture)
- Data from Cookies (such as how long they are on your website)
Why You Collect Personal Information?
Some examples for reasons you would collect personal information may include:
- To send customized offers about products or services
- To process and deliver any orders
- To analyze trends to improve site performance
- To delivered targeted advertising
Who You Share Personal Information With
Some examples of third parties that you would share personal information with may include:
- Analytics providers such as Google Analytics
- Payment processors such as Stripe or PayPal
- Email marketing providers such as MailChimp
- Advertising companies to provide targeted advertising
In addition to stating the category of third party that you share personal information with, you should also state why you need to share that personal information. For example, if you share personal information with analytics providers such as Google Analytics, a reason why you might share that information is to improve site performance.
Affiliate Partners. We may share your information with affiliate partners to generate traffic or leads or for other business purposes.
Rights Users Can Exercise
How Users Can Contact You
Links to Other Policies
In practice, one of the best ways to do this is through requiring the user to check a box agreeing to the Website Policies before proceeding to the next step.
As you can see, this is the method that Ahrefs uses. Before clicking continue, you must affirmatively check a box to accept their hyperlinked Terms and Conditions.
If you attempt to move forward without affirmatively checking the box to accept their Terms and Conditions, you will receive a message that you must accept the Terms and Conditions before moving forward.
What Ahrefs does is an example of the clickwrap method, which is the most effective method.
While less effective than requiring the user to check a box, another method is to include hyperlinks to the relevant Website Policies, with a statement that by continuing forward, the user is agreeing to the hyperlinked Website Policies.
As you can see, this is the method that LinkedIn uses.