What is a Privacy Policy?
A Privacy Policy is a statement or a legal document that states how a company or website collects, handles and processes data of its customers and visitors.
It is a document informing the users about the use, process and disclosure of their personal information collected through a Website or also a Mobile Application. Any types of industry including healthcare, finance, e-commerce, transportation, etc. can use this document. It can be used for either a Website or Mobile Application.
Applicable laws
There is no exclusive data protection law in India. The privacy and data protection is mandated under Section 43A of Information Technology Act, 2000. It is read along with Information Technology (reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
It is mandatory for every Website/Application in India who collect and process personal information to have a Privacy Policy. As per the IT Act, 2000, you must notify and get the consent of users before collecting and processing their information. Thus the policy has to be visible and understandable to the users.
The Sensitive Personal Data in India constitutes the following categories of the data: passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious belief, political affiliation or any other category of data specified by the concerned authority.
Why do you Need a Privacy Policy?
- Required by the law
- If your website reaches users around the world, regardless of where you’re located or headquartered, you will need to follow privacy laws in all those applicable countries. While data protection and privacy laws differ from region to region, the policy must comprehensively inform its users about how their data will be used.
- For instance, the California Online Privacy Protection Act (CalOPPA) and the California Consumer Privacy Act (CCPA) is followed in countries like the US.
- If your users are located in the European Economic Area (EEA), then you’re subject to comply with the General Data Protection Regulation (GDPR).
- Required by third party services
- Many websites and apps use in-page/in-app advertising by third parties to generate revenue. As these ads also collect user data, third parties require the websites or apps to ask their users’ permission for sharing their personal data.
- Increases transparency
- Additionally, A clear and comprehensive Policy agreement tells users exactly what information the company collects and what it does with that information inspires confidence in a business. As a result, It gives users a sense of security knowing how much control they have over their personal data under the conditions they sign up for.
Contents of a Privacy Policy
- Collection of Information
- This is a disclosure of what data you collect from users such as Personal data, Derivative data, Financial data, Third-party data etc.
- Usage of Information
- This informs your customers how you use their data and for what purposes. For example, you use data to increase efficiency, for communicating with the customer, to prevent fraudulent acts etc.
- Storage and Retention of Information
- You can explain the different ways you store and retain information and state your reasons for storing the same. Mostly companies store data to comply with applicable laws and for tax purposes for a limited period of time.
- Information Security
- This informs your customers the measures you have taken to protect their information.
- Use of cookies
- The cookies clause states that the website uses cookies, why it uses them, and how users can disable cookies on their devices.
- How a user can opt out of data collection/usage
- You must inform your customers about their right to opt out of certain aspects or services offered by a website.
- Grievance Policy
- Any complaints, abuse or concerns must be addressed to your grievance officer.
FAQs
Yes, you need this policy on your website. If you collect personal information from users, then many laws require you to include a privacy policy.
No, you don’t need a lawyer to write this policy. However when creating your policy you must ensure it meets legal requirements.
1. Write or download our policy template (if you don’t have one already).
2. Subsequently, Log in to the backend of your website.
3. Create a new page for your privacy policy, then paste the policy text in the body of the page.
4. Publish the privacy policy page.
5. Additionally, Add a link to your privacy policy in places such as your website footer and terms and conditions.
A Privacy Policy is not only the legally required document to disclose your practices on protecting personal information, but it’s also a great way to show users that you can be trusted, and that you have procedures in place to handle their personal information with care.