(San Francisco-based tech blogger and vpn convert)
Any website or service that collects data from users,tracking users with analytics, or displays ads needs one.
Why are these policies necessary?
- What information you gather
- How you collect the information
- How you store and protect the information
Is there a difference in the types of information collected?
Yes. Most policies separate personally identifiable information from non-private data.
The National Institute of Standards and Technology (NIST) defines personally identifiable information as:
“Any information about an individual maintained by an agency, including (1) any information that can be used to distinguish or trace an individual’s identity, such as name, social security number, date and place of birth, mother’s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information.”
Non-private data is defined as:
“Information that may correspond to a particular person, account or profile, but is not sufficient to identify, contact, or locate the person to whom such information pertains.”
- Browser type
- Browser plug-in details
- Local time zone
- Date and time of each visitor request (i.e. arrival, exit on each web page)
- Language preference
- Referring site
- Device type (i.e. desktop, laptop, or smartphone)
- Screen size, screen color depth, and system fonts
Many users concerned with sharing this non-private data employ browser extensions to mask its availability. Also, VPNs help avoid sharing certain types of non-private data. For instance, a VPN can mask the time of the site visit as well as the user’s local time zone.
Yes. Collecting data without detailing the activity to users is punishable by law. You are also at risk if you violate the terms of your policy by collecting more than what you state or otherwise change the data collection/use without updating the policy.
Thanks to their length and complexity, most online privacy policies go unread. In fact, one study found they are so cumbersome that it would take the average person about 30 full working days to actually read the privacy policies of the websites they visit in a year.
Point #1: Information Collection
Every policy should explicitly describe what information the site collects and its’ collection methods.
Point #2: Information Use
Companies – and their websites – who take your data security seriously:
- Never sell personally identifiable information to 3rd parties
- Anonymize and/or encrypt the data to protect against breaches
- Only store the data for a short period of time
Point #3: E-Commerce Considerations
For e-commerce sites, the policy should detail the safeguards for a user’s private financial information collected to process transactions. This includes credit card numbers, social security numbers, or bank account information.
Point #4: 3rd Party Information Disclosures
There should be clear language about the website’s relationship(s) with 3rd parties. Ideally, your site will not sell or share personally identifiable information unless there is a legally compelling reason. It should also detail what your company does with non-private data.
Point #5: Information Security and Tracking
Today’s best privacy policies highlight their information security and detail cookie use.
Point #6: Unsubscribe Methods
Point #7: Consent
Below you can find a full template for you to use
We collect information from you when you register on our site, sign in to your account, make a purchase, enter a contest, and/or when you sign out. The collected information includes your name, email address, phone number, and/or credit card.
In addition, we automatically receive and record information from your computer and browser, including your IP address, software and hardware attributes, and the page you request.
2. Information Use
Any of the information we collect from you may be used to:
- Personalize your experience and respond to your individual needs
- Provide customized advertising content
- Improve our website
- Improve customer service and your support needs
- Contact you via email
- Administer a contest, promotion, or survey
3. E-Commerce Privacy
We are the sole owners of the information collected on this site. Your personally identifiable information will not be sold, exchanged, transferred, or given to any other company for any reason whatsoever, without your consent, other than as necessary to fulfill a request and/or transaction, e.g. to ship an order.
4. Third Party Disclosure
We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information. This does not include trusted 3rd parties who assist us in operating our website or conducting our business, so long as the parties agree to keep this information confidential.
Non-private information, however, may be provided to other parties for marketing, advertising, or other uses.
5. Information Protection
We implement a variety of security measures to maintain the safety of your personal information. We use state-of-the-art encryption to protect sensitive information transmitted online. VpnMentor also protects your information offline. Only employees who need to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers used to store personally identifiable information are kept in a secure environment.
Yes. Our cookies improve access to our site and identify repeat visitors. Furthermore, our cookies enhance a user’s experience by tracking and targeting his/her interests. This cookie use, however, is in no way linked to any personally identifiable information on our site.
We use the email address you provide to send you information and updates pertaining to your order, occasional company news, related product information, etc. If at any time you would like to unsubscribe from receiving future emails, we include detailed unsubscribe instructions at the bottom of each email.
The template language provided in this post should be a starting point only. Every website has different methods and intentions and the best privacy policies reflect a high level of customization. To ensure the effectiveness of your policy, consult with privacy lawyers and research other policies from companies similar to yours. Most of all, keep checking www.vpnmentor.com for more information on policy language and privacy issues.