- Email address
- Phone number
- Location data
- IP address
- Credit card account information
- Other identifiers, such as cultural or social identity (e.g., social media)
The policy should outline the types of information collected, its use, and any third parties it may be shared with. There are many different ways to collect this data, including:
- Contact forms (or any form, e.g., surveys, registrations, newsletter sign-up)
- Any third-party service (e.g., Website Analytics, CRMs)
General Data Protection Regulation (GDPR)
GDPR is a data privacy law that enforces strict penalties for companies that fail to meet its requirements. It applies to Europe, the European Economic Area (EEA), and foreign companies that do business within this region.
Personal Information Protection and Electronic Documents Act (PIPEDA)
In Canada, PIPEDA regulates how information is used, disclosed, and collected.
Children’s Online Privacy Protection Act (COPPA)
COPPA controls how information is collected online from children under 13 and is enforced by the US Federal Trade Commission.
California Consumer Privacy Act (CCPA)
CCPA addresses privacy rights and consumer protection in California.
California Online Privacy Protection Act (CalOPPA)
It shows your visitors that you are transparent about the information you collect and how you use it. This policy can help build trust and credibility with your visitors.
63% of Internet users believe most companies aren’t transparent about how their data is used, and 48% have stopped shopping with a company because of privacy concerns. (source)
Protection from Liability
It can help protect website owners from liability in a data breach or other legal action related to data protection laws and the collection and use of personal information.
Between January 2021 and January 2022, nearly €1.1 billion in fines were issued for a wide range of GDPR violations. This represents a 594% annual increase in fines. (source)
Adherence to Best Practices
64% of Americans would blame the company, not the hacker, for the loss of personal data. (source)
- Types of personal data collected
- Purposes for which the information is collected
- How the information is collected
- How the information is used and shared
- Third-party sites and service providers with access to the information
- How visitors can access, update, or delete their information
- How you protect visitors’ data (including children under the age of 13)
- Contact information (such as an email and phone number) for inquiries or complaints