On Privacy Policies
TLDR: I use Termageddon for Strong Sites’ policies, and I recommend it for your business as well.
Does my website really need a Privacy Policy?
If you are collecting personal information (e.g. name and email on your contact form), you are required to have a Privacy Policy. Currently, the following laws require Privacy Policies for most websites:
General Data Protection Regulation (GDPR);
UK Data Protection Act 2018;
California Online Privacy and Protection Act of 2003 (CalOPPA);
California Privacy Protection Act (CCPA);
Personal Information Protection and Electronic Documents Act (PIPEDA);
Delaware Online Privacy and Protection Act (DOPPA);
Nevada Revised Statutes Chapter 603A;
There are also about a dozen other states that are proposing their own privacy laws that would require most businesses to have a Privacy Policy and would affect how that Privacy Policy is written, requiring you to make changes on a somewhat regular basis. I recommend Termageddon because I think it’s a great way to protect yourself from lawsuits and fines related to your Privacy Policy.
Why do I need Terms of Service?
Terms of Service is a great way to answer frequently asked customer questions and protect yourself from liability. Terms of Service provides the following:
If you sell products and services, it provides information on refunds, order cancellations and returns. This will help answer customer questions and will take them further down the path to actually buying;
It will protect your intellectual property by making sure that everyone who goes onto your website knows that your logo, name, etc. are yours; and
If you have links to third party sites on your website (e.g. social media links), it will help protect you in case the user gets a virus from that third party website.
Do I need a Disclaimer?
You need a Disclaimer if you do any of the following on your website:
Display advertisements;
Display or sell health products (e.g. vitamins and supplements);
Participate in affiliate programs (e.g. Amazon Affiliates);
Provide health and fitness advice or tips; or
Provide any information or tips that could be seen as legal advice.
If you do any of the above, the Disclaimer will help you provide required disclosures, participate in affiliate programs (some programs require you to have a Disclaimer to participate) and will reduce your liability in case something goes wrong.
Do I need an End User License Agreement?
You need an End User License Agreement if you are licensing software that a user can download. An End User License Agreement will help you with the following:
Limit your liability in case a user gets a virus or is otherwise injured by using your software;
Help protect your income stream by making it clear that the software license may not be shared with others; and
Protect your intellectual property by making sure that the user knows that he or she is not allowed to reverse engineer or otherwise copy your software.
Can I write these policies myself?
While theoretically you could write these policies yourself, I don’t recommend it. There are a lot of laws, cases and legal opinions on how to write these policies correctly. If you have not spent years studying law and cases, it’s likely that the policy you write would be incomplete, incorrect and non-compliant.
Also, there are currently a lot of new privacy laws that are being proposed and passed, meaning that you’d have to constantly stay up to date with these laws and amend your Privacy Policy yourself every time. This would take a lot of time and effort on your part and would take you away from your actual business. That’s why I recommend Termageddon
They take care of all of this for you and automatically update your policies so that you do not have to worry about it.
Can I ask my attorney to write these policies for me?
If you have a privacy attorney, you should definitely ask him or her to write this up for you. If you want to ask your outside attorney to draft these for you, that’s a great idea but it may be a bit pricey.
Is my business too small for anyone to care about this?
Some of the laws that are being proposed or passed do not limit enforcement and liability to large companies only so your small business could be liable as well. Also, consumers do not distinguish between small and large businesses when it comes to protecting their privacy and are less likely to buy from companies that do not respect their privacy.
Why is the Termageddon service a recurring fee?
They charge a yearly fee because they automatically updates your policies whenever the law changes. Over the last few years, multiple new privacy laws have gone into effect in states across the US - and there have been some changes in the United Kingdom as well. Also, there are about a dozen other states that are proposing new privacy laws as well. So that’s a lot of research.
Can I just copy and paste someone else’s Privacy Policy?
You could try and copy and paste someone else’s Privacy Policy, rewrite it to fit your website and then paste it onto your website. However, by doing so, you’d be committing copyright infringement, which could get you sued. Also, you don’t know whether that policy is compliant with the current laws and it won’t auto-update for you, meaning that you’ll have to keep track of the changes to the law which are increasing.
Can I use a template?
Using a template that you found online is definitely tempting, especially since there are so many free ones out there. However, when you use a template, you can’t be sure whether it’s correct or even compliant with the legal requirements. Also, a template does not automatically update, meaning that you’ll have to keep track of all of the constantly changing laws, which I’m going to guess is something that you don’t have time for.
How do I know if I’m collecting personal information on my website?
You are collecting personal information on your website if you have a contact form that asks for the user’s name, email, or phone number. Also, you’re collecting personal information if you ask for the user’s email to sign them up for an email newsletter.
My site is pretty secure, does that mean that I don’t need to have a Privacy Policy?
While having a secure site is awesome, it’s not related to the need to have a Privacy Policy. You need to have a Privacy Policy if you collect personal information on your website, regardless of how secure that personal information is once it’s given to you.
There’s currently no privacy laws in my state, does that mean that I don’t need a Privacy Policy?
The laws that are in place and that are proposed protect the residents of that state, not the businesses. As you know, people from California aren’t just going to websites of businesses located in California, they go to websites all over the United States. This means that you need a Privacy Policy if you collect personal information on your website, regardless of where you are physically located.