- Write your own using examples
- Data Collection
- Data Use (Processing)
- Data Storage
- Data Sharing
- Data Control
Identification: Include Company & Contact Information
Your customers should also be able to contact your business with questions or concerns about privacy and personal data.
Here is an example contact information paragraph. It describes several of the reasons a customer might want to contact your business about privacy then provides both an email address and a physical address shoppers can use to contact your company.
Questions and Contact Information
If you would like to: access, correct, amend or delete any personal information we have about you, register a complaint, or simply want more information contact our Data Protection Officer at firstname.lastname@example.org or by mail at Your Company, 123 Your Address Road, Your City, Your State 10000.
Data Collection, Use & Storage
When you purchase something from our store, as part of the buying and selling process, we collect the personal information you give us such as your name, address and email address. Data collected during a transaction is stored securely for 36 months.
When you browse our store, we also automatically receive your computer Internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system. Browsing data is keep for up to 90 days from the date of your last visit.
Email marketing (if applicable):
With your permission, we may send you emails about our store, new products and other updates.
Your ecommerce business should also describe what payment information is collected during a transaction and how it is shared with payment processors.
The example below makes this clear to customers. Notice that it describes what information is collected, "your credit card data," and how long it is stored.
If you choose a direct payment gateway to complete your purchase, the online store transmits your credit card data. The store data is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.
Oh, and don't forget about cookies. In addition to displaying a cookie notice to visitors, you'll want to include specific language about cookie use and tracking.
Our website uses “Cookies” as data files that are placed on your device or computer and often include an anonymous unique identifier. For more information about cookies, and how to disable cookies, visit https://www.allaboutcookies.org.
Please note that we do not alter our Site’s data collection and use practices when we see a Do Not Track signal from your browser.
If you are a European resident, you have the right to access personal information we hold about you and to ask that your personal information be corrected, updated, or deleted. If you would like to exercise this right, please contact us through the contact information below.
Additionally, if you are a European resident we note that we are processing your information in order to fulfill contracts we might have with you (for example if you make an order through the Site), or otherwise to pursue our legitimate business interests listed above. Additionally, please note that your information will be transferred outside of Europe, including to Canada and the United States.
To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.
If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.
Include a paragraph or list that enumerates each of the third-parties your business shares data with, what data is shared, and why it is shared.
We participate in affiliate marketing programs set up by Supermarkets and run on their behalf by Awin
The GDPR gives users specific rights to control personal data. For example, a user on your website can request access to the personal data you have collected about them, correct any errors in the personal data you have collected, or require you to permanently delete the personal data you have collected in certain circumstances.
Want more information on Privacy Policies and how to set up your website for GDPR compliance? Download our free toolkit below.