Why Do You Require A Privacy Policy And Terms And Conditions For Your Website?
When you are starting your business or launching a tech startup, you need to take a lot of steps to make sure that you successfully get your business off the ground and set it on a path that will bring you profit and help you meet the needs of your future customers.
One of the most essential steps to take when launching a website or a mobile app is creating privacy policy and terms and conditions agreements.
These legal agreements are extremely valuable for both you and your customers or clients, because not only do they inform people about everything that they are agreeing to when they start using your services, but they also protect your company against certain legal claims.
Though, many business owners with websites and mobile app services generally don't realize the difference between terms and conditions and privacy policy agreements and neither they know how to draft them, therefore they end up making their business vulnerable.
Both Privacy Policy and Terms and Condition agreements have different purposes, you need to make sure that you fully understand what each of them is and why you really need them, so read on.
What is a Privacy Policy?
A privacy policy agreement is a legal document that informs your users about the collection, storage, sharing and use of their personal information. This is required by law, so you should never skip this step before you actually launch your website or mobile app.
For example, all websites collect data about their visitors in one way or another. This is even more applicable in the case of an e-commerce store. E-commerce sites typically collect personal data like names, email address, IP addresses, session activity and payment details, to name a few. For this reason, a privacy policy is vital as it protects website and mobile app owners and customers alike, while also ensuring that your website or mobile app complies with all the legal obligations.
If you collect, store and use any kind of personal information from your website or mobile app users, you must create a proper privacy policy agreement in order to let them know that you will collect and use that information.
It should be provided to them through your website or the app before they actually start using them.
What exactly is meant by "personal information"?
Personal information includes your users' names, addresses, email addresses, IP addresses, date of birth and credit card information and anything by which your users can be identified.
A privacy policy should not only merely inform your users of the fact that their personal information will be collected and used when they start using your services, but it also needs to let them know exactly what information will be collected and how, as well as how and for what purposes it will be used.
For instance, you may collect their email addresses, so that you can send updates about your products or services.
Your privacy policy also needs to let your users know whether or not all the collected information will be shared with some third parties, as well as whether or not using your website or mobile app will result in some data being stored on your users' computers or mobile devices.
It is very important to note that you should still have a privacy policy agreement in place even if you collect only non-personal information from your users.
That kind of information includes their zip codes, the pages that they visit on your website, the web browsers, and devices they are using to visit your site and anything that cannot be used to identify your users.
Why is a privacy policy so important? Why do you need it?
At this point, it’s clear that a privacy policy is very much important for any business with a website or a mobile app.
This means that if you have a website and you intend to have people visit that website, then it’s important that you include a privacy policy.
The law requires you to inform users about what data you collect, how it’s used, stored and protected. As a matter of fact, under the new EU GDPR legislation and US’s CCPA legislations, it’s also necessary that your privacy policy inform users of their rights in regards to their data. The disclosures should be transparent, easily understandable, comprehensive and up-to-date. Failure to meet regulatory requirements can result in hefty fines in certain countries where it is mandatory to create privacy policy for your websites and mobiles apps. These regulations apply to all organizations (including non-profits) that access data or offer goods or services to people in the EU. The GDPR applies whether your organization is located in the EU or not.
Not only is a privacy policy crucial to ensuring that legal requirements are met and customer trust is maintained, but many third-party apps and services require it. One example, is Google? In order to access certain services and tools (for example, AdSense, Google Analytics, etc.), Google requires that you have a comprehensive and up-to-date privacy policy in place on your website.
Apart from being required by law (although not in all countries, still highly recommended), a privacy policy comes down to the question of privacy, obviously.
You need to show your website or mobile app users that they can trust you and that you will handle all of the collected and stored information of them with the utmost care and protection.
Hence, the main purpose of this legal document is protecting you and your company against any kind of legal liability and claims. Even if you don't collect any kind of information, your users need to know that, because you certainly want them to feel safe and secure when using any of your services.
If you don't collect any information at first, but choose to start doing it after a while, make sure that you update your privacy policy and let your users know in a timely manner.
Therefore, this means that you need to inform your users about the updated privacy policy in advance so that they can decide whether or not they want to continue using your services.
Protects Your Company Against Legal Implications
If one of your website’s visitors suffers identity theft as a result of a data leak and sues your company, your privacy policy may be able to serve as a defence to show that you took reasonable care of your visitors’ personal data, as you cannot be expected to prevent every possible unforeseeable data leak.
What Should a Privacy Policy Include?
What needs to go into your privacy policy depends on a huge variety of factors. There is no such thing as a one-size-fits-all privacy policy that can be simply copied and pasted.
The most important of these factors is where the visitors to your website are likely to be located. This will determine under what country’s laws you owe privacy obligations to them.
What is a terms and conditions agreement?
A terms and conditions agreement (also known as a "Terms of Use" or "Terms of Service" agreement) is a legal document that sets out the rules, guidelines, and requirements that your users must agree to abide by in order to be able to use your services.
The terms and conditions set forth the conditions, clauses, terms, and requirements related to using the app or website. This legal agreement sets the requirements, rules, and standards of using the website or app. As an example, a section that's common on the terms and conditions section includes account deactivation if a user misuses the app or website, copyright information, billing and subscription information, and other various disclaimers. This agreement isn't required to have by law, but it's highly recommended in order to prevent abuse from happening to the website or mobile app. It also limits the owner's legal liability of the online business.Therefore, in order for people to use your website or mobile app, you need to clearly state what they need to do if they want to use them, as well as what you will do in case of some violations of the rules that you lay out in the agreement. Your terms and conditions agreement should include your copyright details, your billing, and subscription policies (especially important for SaaS companies), potential warranties on your services, potential modifications of your services, and how exactly your users may use your website or mobile app.This agreement should also include what will happen if a user doesn't abide by your rules and guidelines and if they abuse your website or mobile app. For instance, they may be requested to pay a fine, or they may be temporarily or permanently banned from using your services.
You should also make sure that your terms and conditions agreement includes a disclaimer notice that will limit your company's liability. This means stating that you will not be held responsible if someone finds some kind of information on your website or mobile app to be incorrect.
Although this agreement is not required by law, it is highly recommended that you have it, precisely because of limiting your liability, as well as for protecting your company against any potential abuses of your website or mobile app, such as copyright infringement, for instance.
It is very important to protect your intellectual property, such as your logo, your unique web or mobile app design and your content (unless the content is user-generated), which is yet another reason for having a terms and conditions agreement.
Therefore, you should make sure that you include the Intellectual Property clause in your terms and conditions. Also, you should include the Governing Law clause to show that the law of the country that you operate in governs your terms and conditions.
Apart from limiting legal liability and protecting your business against any kind of abuse, this legal document also enables you to build credibility and trust with your users.
You inform them of their rights and responsibilities towards your company and business, as well as yours towards them, which shows that you are a professional who is trustworthy.
Just like with your privacy policy, you need to let your users know about the potential modifications of your terms and conditions.
If you plan on changing anything in your agreement, you need to inform them about the changes in advance and clearly state when they are going to take place.
Whether Privacy Policy and Terms and Conditions are created as a Single agreement or separate agreements?
Some website and mobile app owners combine their privacy policy and terms and conditions into a single agreement. What they usually do is incorporate their privacy policy into their terms and conditions agreement by creating a separate section for it.
This is not recommended because it is simply much easier for their users to take a look at both documents and, thus, fully understand what each of them entails. This is certainly a much smarter option, so you should always keep your terms and conditions and your privacy policy separate.
It is highly recommended to keep your legal agreements separate as, it also lets your users know that each of the documents has a completely different purpose. It also helps them understand and comprehend and retain all of the information easier.
But you need to make sure that the agreements are easy, clear, concise and written in plain language that your users will be able to understand because not everyone will understand various legal and technical terms.
At this point, you certainly realize how crucial it is to have both terms and conditions and privacy policy agreements in place, as well as how essential it is to keep the two separated.
These agreements will help your website or mobile app users feel safe and secure when using your services, so you can easily form meaningful relationships with them and expand your customer base.
Moreover, you will effectively protect your business against any potential legal claims and liabilities by your website visitors or mobile app users and make sure that it stays on the right road to success.
Therefore, make sure that you properly and carefully draft these legal documents and that you make them clearly available and easily accessible by your users.
If Your Website’s Visitors are Located in Singapore
If most of your visitors will be in Singapore, then the law governing their privacy is the Personal Data Protection Act (PDPA).
The PDPA requires that you obtain your visitors’ consent to collect whatever data you are collecting from them, for whatever purposes you need to use it.
For example, if your company’s website uses cookies to collect data from your visitors, consent can be obtained by including a pop-up or banner which requires visitors to accept cookies being stored in order to continue using the website.
If Your Website’s Visitors are Located within the European Union or European Economic Area
If some of your visitors are located within the European Union or the European Economic Area (even if your company is not located within either area), then the applicable law is the General Data Protection Regulation (GDPR).
This law was introduced in May 2018 and grants European residents a wide range of privacy rights. For more information, see our guide on how Singapore companies can comply with the GDPR.
If Your Website’s Visitors are Located in USA
California is the first state to adopt state-wide privacy legislation in the US through the California Consumer Privacy Act (CCPA), which came into effect on January 1, 2020.
The Golden State follows in the footsteps of the major changes done by GDPR to the use of personal information on the Internet. Other states that acted similarly are Maine and Nevada, but which only passed new privacy legislation or amendments to existing law.
The CCPA differs from the GDPR by giving its users full power and responsibility to request businesses to disclose or delete the data they have already collected, or to opt-out completely of third-party data sales.
The CCPA applies to every company in the world if it collects personal data of California residents.
According to the local laws of California, any person who is in California for other than a temporary or transitory purpose or has their domicile within the state borders is a California resident. This definition is available whether they are accessing the internet from inside or outside California.
GDPR and CCPA are at the forefront of the privacy legislation, and both laws have prodded jurisdictions to enact similar data privacy laws. For businesses, their Website policy must be compliant with these regulations. It should collect/process data in harmony with the provisions of these laws.
Engaging a Legal Consultant or a Lawyer to Draft a Privacy Policy
Because of the bespoke nature of privacy policies, it is advisable to engage a lawyer or a legal consultant to draft one for your website rather than trying to draft one yourself.
The pricing by law firms of this service is usually extremely competitive and affordable.
They will sit down with you to figure out how the factors above apply to your company, what your company’s data collection and retention needs actually are and come up with a policy that’s actually usable for your company.
Our team is adept at drafting website policies that adhere to the privacy laws of different jurisdictions. When necessary, we prepare policies specific to users from various jurisdictions. Besides, our team is an expert in formulating app policies of your organization in consonance with the website policies, different third-party app hosting services [Google play and I-store], and payment vendors.
We not only draft website policies but map the risks embedded in the firm’s practices related to data management. Laws are dynamic, and on time updating of policies are required to ensure that the firm is not caught behind the regulatory curve. To address this aspect, we provide policy audits at regular intervals to organizations.
Distinct features of our Service
Questionnaire to understand client requirements
Follow-up clarification on the questionnaire, if required.
Flexible timelines to accommodate client’s need
Discussion after the first draft
Revisions and submission of Final document
Post submission Final document support services