Personal Data Practices
Your privacy statement should reflect your personal data practices. For example, it should include details of:
- The type of data being collected;
- Why the data is collected;
- How the data is used and why;
- If and why personal data will be disclosed to third parties;
- How and where data is stored;
- How complaints or queries about personal data will be dealt with.
Compliance with other Laws
You will need to consider your compliance with any other applicable laws or rules, which will apply in relation to the collection of a user’s personal data. Which other laws apply will depend upon a number of factors. For example if you are selling or providing services to children (persons under the age of 18) you must have additional safeguards in place on your website. For example, you will need to obtain parental consent before you collect any personal data for children of certain ages. Or if you are providing services to children which include advertising or marketing you will need to comply with the CAP Code.
The type of products or services that you are offering online and the countries in which you are making these available will also be relevant – as this will determine whether national, EU and/or international laws will also apply to your website. Depending on the business sector in which you operate, the rules of self-regulatory schemes may also apply. For example, if you are providing email marketing services to users you will need to comply with applicable email marketing and advertising rules.