These days, collecting data associated with your visitors and customers on your website has become a standard marketing practice. Using this data, you can improve the customer experience, refine your marketing strategy and, in some cases, earn extra revenue. Collecting this information, however, comes with a few attached strings: as consumers become more protective of their data, governments increasingly regulate how businesses can gather and use it. For example, the European Union now requires such privacy policies by law, as do some American states.
Many customers worry about data collection and misuse. According to Pew Research, around half of Americans have decided not to use a product or service because of privacy concerns. Business owners can restore the public’s faith with transparent data collection. When you inform users exactly what information your site gathers, how you use it, and why you collect it, you establish trust and build customer loyalty.
At Wix we take our commitment to protecting our users’ websites and their data seriously. To learn more about how we do this visit our Privacy and Security Hub.
- What data you’ll collect and how you’ll use it
- Methods of collection
- Customer communication
- Redress and security information
- Child privacy
- Future changes
- Contact information
01. What data you collect and how you’ll use it
You should list the exact types of data that you collect from users, such as IP addresses and email addresses. This may include a person’s name, age, address, interests, credit card information, banking information and more. Be as specific as possible to avoid any misunderstandings.
In addition to telling people what you collect, you should also tell them why you collect it. Whether you’re using information to recommend new products or tailor promotions to your target audience, be transparent to help put customers at ease. A statement such as “We may use your information to provide you with special offers” is effective and to the point.
02. Methods of collection
03. Customer communication
One of the principal reasons that websites collect data is to communicate with customers. If you’re collecting contact information, a communications clause is necessary.
If, for any reason, users don’t want to have their information collected, they should have the choice to unsubscribe. The communication clause should therefore explain that visitors may opt out of having their information collected at any time. Tell them exactly how to do it by referring them to a link or providing an email address to reach out to. You can, however, mention that when they choose to opt out, it may affect their site experience. For example, products or deals relative to their location or demographic may not be disclosed.
04. Redress and security information
In addition, you should provide information about a customers’ rights related to their personal information. In accordance with privacy regulations around the world, site visitors may have – among other rights – the right to access their data or ‘be forgotten’ (be permanently deleted from your databases). You should provide your users with a list of their rights and the ways on how to exercise them.
You can also let customers know they can report a privacy violation to the U.S. government.
Pro-tip: Websites built on Wix offer around-the-clock-monitoring and use the strongest encryption standard commercially available to safeguard businesses and their clients online. Supported by anti-fraud protection, sites are also compliant with the highest Payment Card Industry Data Standards. Therefore, businesses running on the platform receive enterprise-grade security managed by experts.
05. Child privacy
Due to the Children’s Online Privacy Protection Act (COPPA) in the United States, you need a clause that addresses child privacy. This law states that it is illegal for your site to collect private information from minors without using a specific protocol to do so.
Even if your business caters to adults, it may be necessary to add a brief clause to indemnify you in the event of any accidental violation of COPPA.
For instance, Hormel Foods uses this simple passage:
“Our Website is not intended for children under 18 years of age (or the age of majority in your jurisdiction). We do not knowingly collect, use, or disclose Personal Data from children under 18. If you believe that we have collected, used or disclosed Personal Data of a child under the age of 18 (or the age of majority in your jurisdiction), please contact us using the contact information below so that we can take appropriate action.”
06. Future changes
07. Contact information
Location and data protection laws
Location and data protection laws are a complex and ever-evolving area of law. However, there are some general principles that apply across most jurisdictions.
Location data is any data that can be used to identify a person’s physical location. This includes data from GPS devices, cell phone towers and even social media posts. Location data is increasingly being used by businesses and governments to track people’s movements and to target them with advertising and other services.
Data protection laws are designed to protect individuals’ privacy and to give them control over their personal data. These laws typically require businesses and governments to obtain consent from individuals before collecting or using their data. They also require businesses and governments to take steps to protect the data from unauthorized access or use.
Location data is often considered to be particularly sensitive personal data because it can be used to track people’s movements and to create detailed profiles of their activities. As a result, many data protection laws have specific provisions that apply to the collection and use of location data.
For example, the European Union’s General Data Protection Regulation (GDPR) requires businesses and governments to obtain explicit consent from individuals before collecting or using their location data. The GDPR also requires businesses and governments to take steps to minimize the collection of location data and to anonymize or pseudonymize the data whenever possible.
In the United States, there is no federal law specifically governing the collection and use of location data. However, a number of states have passed their own laws that regulate the collection and use of location data. For example, the California Consumer Privacy Act (CCPA) gives individuals the right to access their location data, to request that their location data be deleted and to opt out of the sale of their location data.
Businesses and governments that collect or use location data should be aware of the applicable data protection laws and should take steps to comply with those laws. This includes obtaining consent from individuals before collecting or using their location data, taking steps to protect the data from unauthorized access or use and minimizing the collection of location data whenever possible.
Individuals should also be aware of the data protection laws that apply to the collection and use of location data. Individuals have the right to control their personal data and to choose how their location data is used.
Eric Goldschein has a decade of experience in digital media and has written for outlets including Business Insider, Startup Nation, BigCommerce, Square, HostGator, Keap and Fundera, covering finance, marketing, entrepreneurship, and small business trends.