Privacy Policy Pages and New Online Requirements
There has been a lot happening in the online world over the last few months. There have been constant changes and new requirements through out the world. One of the big ones are the changes in the EU. Even if you are a small company located in the United States you could still be impacted by these laws. If you have any customers or potential customers in the EU, it is important that you start with at least the minimum requirements. In fact they aren’t bad to have no matter what. Today I want to start with a Privacy Policy.
What is a privacy policy?
A privacy policy is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. It fulfills a legal requirement to protect a customer or client’s privacy. (wikipedia)
Essentially you are telling anyone that goes to your website what you will do with the information you collect when they are on your site.
Why is the new law in the EU important?
There are many wonderful things about the new law. Its goal is to protect people online and give users greater control over how and when their information is collected. It gives users the right to find out who has their information and request that they get rid of it.
You can find full information of the new EU laws that went into effect in May 2018 and also here.
How it affects small businesses in the United States?
The new regulations are not U.S. Laws but they could potentially affect you if you have customers in the EU or potential customers begin visiting your website from that area. By posting a well-written privacy policy you are one step closer to following their regulations. If in the future the U.S. places similar laws into effect you are one step ahead of many others.
Also if you have Google Analytics installed, there is the terms and conditions you check off when you sign up…well they require you to post your privacy policy. Most of us just ignore all that fine print. You can read again here.
Where does the Privacy Policy go?
The most common place to put it is in the footer of your website so that it shows up on the bottom of every single page. This makes it easy to find.
What information to put in a Privacy Policy?
If you use WordPress they have helped you get started. In the last update you might have noticed a message on the top of your dashboard. If you closed it and didn’t read it, you can back to it by going to SETTINGS>PRIVACY.
You can select an existing page if you have a page already create or CREATE A NEW PAGE.
WordPress auto-fills some of the information for you, to get you started. You will need to complete the information. Please note that I am not a lawyer and it might be best if you have the page reviewed by a lawyer so that you know the information is written properly and follows all requirements.
This is what shows up on the WordPress auto-generated page
This will change based on which plugins you have installed on your site. Some areas just have a title and you need to fill in the data. I made some notes in italics.
Who we are
Our website address is: Your web address goes here.
What personal data we collect and why we collect it
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Contact forms
There is nothing here, you need to add what you do with peoples information when they use your contact form
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Analytics
This could include Google Analytics. Google has posted limited information online that you can use for reference. Here is the information.
Who we share your data with
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Your contact information
Additional information
How we protect your data
What data breach procedures we have in place
What third parties we receive data from
What automated decision making and/or profiling we do with user data
Industry regulatory disclosure requirements
Plugin: Appointments
When visitors book an appointment on the site we collect the data shown in the appointments form to allow future contact with a client.
All collected data is not shown publicly but we can send it to our workers or contractors who will perform ordered services.
Once your Policy is Created
Add it to the footer of your site. Each theme is different but most likely you can add a link in one of two places. 1) Go to APPEARANCE>CUSTOMIZE. Look for the area that mentions FOOTER. You can then paste text similar to this, editing the domain with your own. <a href=” https://www.klaconceptsllc.com/privacy-policy/ “> Privacy Policy</a>.
If you do not have access to your FOOTER then your other option is to go to APPEARANCE>WIDGET> Add a text box to your footer widget and paste in the code. Make sure you paste the code into the TEXT and NOT VISUAL AREA of the box. See my example below.
Privacy Policy Wrap Up
I hope this helps you get started with the Privacy Policy for your own site. Take your time and fill things out the best you can. Don’t worry if it takes you a few days to get it done. In the long run it is best that you take care of it and not ignore getting it done.