Privacy Policy
Standard 7 of BBB Accreditation Standards requires that you post a privacy policy if you conduct e-commerce on your website by allowing consumers to do either of the following:
- Submit financial data for the purchase or sale of goods or services – such as credit card or checking account information.
- Submit personal data for the purpose of applying for or completing commercial transactions – such as social security numbers, names of family members, or income information.
Additionally, the California Online Privacy Protection Act of 2003 requires all websites that collect any personal information from California residents to post a privacy policy. Personal information includes: names, addresses, phone numbers, email addresses, etc. If your website uses a contact form that consumers can fill out to submit or request information, then you must post a privacy policy.
There are also Federal laws that govern privacy policies for specific businesses, including: the Children’s Online Privacy Protection Act, the Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act.
BBB encourages you to research and seek professional advice to determine which privacy laws may apply to your business.
Privacy policies should be posted either on the homepage or through a link found on the homepage of your website. You may wish to keep copies of earlier privacy notices as well as the dates for which they were effective.
To satisfy Standard 7 of BBB Accreditation Standards, businesses conducting e-commerce must secure sensitive data, and disclose the following on their websites:
- What information they collect;
- With whom it is shared;
- How it can be corrected;
- How it is secured;
- How policy changes will be communicated; and
- How to address concerns over the misuse of personal data.
Below is a sample privacy policy, which will attempt to provide some resources you can use in developing your privacy notice. Whatever final notice you develop is up to you and will be your responsibility to maintain, update, and adhere to. BBB does not recommend anyone set of privacy practices, nor any single privacy notice.
IMPORTANT: Note that there is a place for your company name or URL in the first paragraph, and a place for your phone number and email address in the last paragraph. Please make sure to personalize these. You must also indicate how you will notify users of changes to the privacy policy in the “Notification of Changes” section. DO NOT simply cut-and-paste this notice as is and do not include any provisions you do not intend to follow.
SAMPLE PRIVACY POLICY BELOW
Please copy, paste and then customize the content below to fit your business information.
Privacy Notice
Effective Date: DATE HERE
This privacy notice discloses the privacy practices for (website address). This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:
- What information we collect;
- With whom it is shared;
- How it can be corrected;
- How it is secured;
- How policy changes will be communicated; and
- How to address concerns over misuse of personal data.
Information Collection, Use, and Sharing
We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.
We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g., to ship an order.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.
Your Access to and Control Over Information
You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number provided on our website:
- See what data we have about you, if any.
- Change/correct any data we have about you.
- Have us delete any data we have about you.
- Express any concern you have about our use of your data.
Security
We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.
Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for “https” at the beginning of the address of the web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g, billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.
Notification of Changes
Whenever material changes are made to the privacy notice specify how you will notify consumers.
Other Provisions as Required by Law
Numerous other provisions and/or practices may be required as a result of laws, international treaties, or industry practices. It is up to you to determine what additional practices must be followed and/or what additional disclosures are required. Please take special notice of the California Online Privacy Protection Act (CalOPPA), which is frequently amended and now includes a disclosure requirement for “Do Not Track” signals.
If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at XXX YYY-ZZZZ or via email.
The above notice probably does not describe your privacy practices exactly. You need to personalize your statement to fit your business practices. Here are some sample clauses that you can use to help describe other specific practices that fit your business model. |
Additional Clauses
If your site has a registration page that customers must complete to do business with you, insert a paragraph like this in your privacy notice:
Registration
In order to use this website, a user must first complete the registration form. During registration a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required.
If you take and fill orders on your site, insert a paragraph like this in your privacy notice:
Orders
We request information from you on our order form. To buy from us, you must provide contact information (like name and shipping address) and financial information (like credit card number, expiration date). This information is used for billing purposes and to fill your orders. If we have trouble processing an order, we’ll use this information to contact you.
If you use cookies or other devices that track site visitors, insert a paragraph like this in your privacy notice:
Cookies
We use “cookies” on this site. A cookie is a piece of data stored on a site visitor’s hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance their experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.
If other organizations use cookies or other devices that track site visitors to your site, insert a paragraph like this in your privacy notice:
Some of our business partners may use cookies on our site (e.g., advertisers). However, we have no access to or control over these cookies.
If you share information collected on your site with other parties, insert one or more of these paragraphs in your privacy notice:
Sharing
We share aggregated demographic information with our partners and advertisers. This is not linked to any personal information that can identify any individual person.
And/or:
We use an outside shipping company to ship orders, and a credit card processing company to bill users for goods and services. These companies do not retain, share, store or use personally identifiable information for any secondary purposes beyond filling your order.
And/or:
We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.
If your site has links to other sites, you might insert a paragraph like this in your privacy notice:
Links
This web site contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.
If you ever collect data through surveys or contests on your site, you might insert a paragraph like this in your privacy notice:
Surveys & Contests
From time-to-time our site requests information via surveys or contests. Participation in these surveys or contests is completely voluntary and you may choose whether or not to participate and therefore disclose this information. Information requested may include contact information (such as name and shipping address), and demographic information (such as zip code, age level). Contact information will be used to notify the winners and award prizes. Survey information will be used for purposes of monitoring or improving the use and satisfaction of this site.
Go Back Home