Users value their privacy, and want to know what information of theirs you are collecting and sharing with other parties. Being explicit about this is a transparent move that internet users appreciate. Additionally, it gives you a legal footing in a rare legal case.
- Figure out what information you collect first! You may be surprised or unfamiliar with information your website collects from users. Talk with your IT team and any online vendors to ensure you have an up-to-date and complete list.
- Document what you do with your users’ information. Is their information ever shared with third-party partners or applications or is it all kept in house? If you collect information for one purpose (like event registration), could it be used for another purpose (like future marketing campaigns)? Add this to your list.
- How you collect users’ information – most websites collect information voluntarily from their users. Voluntarily collected information includes contact forms, newsletter subscriptions, and signing up for services.
- How you use that information – often users’ information is just used internally, but be sure to mention if you sell, share, or rent this information with any third party.
- Email communications – most websites have a form where people enter their email. Use your policy to be clear about what you do with users’ emails. It’s a great place to be clear about what types of emails users can expect to get from you. Also, clearly detail how someone can unsubscribe or opt-out of email notifications. (If you collect and use phone numbers, include that, too!)
- External link information – if your site links to a different domain, it’s good to remind people that you’re not responsible for any content or privacy practices on those other websites. Essentially, you’re pointing out that while you may be linking offsite, you aren’t endorsing those websites outright.
- Legal information – when a legal investigation is involved, you might be compelled by a court to provide information about your users. Sometimes it can be good to point out that is one situation where you might need to share information you normally wouldn’t share outside your organization.