Last Updated: March 11, 2022
Privacy policies are legally required by privacy laws to protect information. But when customers purchase products—e.g., from a website—businesses can collect your personal data and information, including:
- Dates of birth
- IP addresses
- Phone numbers
- Screen names and usernames
- National IDs
- Credit card numbers
|NOTE: 65% of Americans have stated that the privacy of their data and online information is a serious issue facing society.|
- EEA GDPR: European Economic Area General Data Protection Regulation
- CCPA: California Consumer Privacy Act
- PIPEDA: [Canada’s] Personal Information Protection and Electronic Documents Act
|NOTE: An average data breach for a US company can cost up to $8.19 million.|
|Sharing user information without their knowledge could infringe local laws.|
|Mishandling or breach of data can have serious legal consequences.|
|The European Economic Area, California, and Canada mandate privacy policies.|
Most privacy policies start with an explanation of what data and information are collected by the user. Then, describe in detail what information you will collect and how. Note the following example from an eCommerce store.
Here are the types of personal information we collect:
- Information You Give Us
We receive and store any information you provide in relation to Amazon Services. Click here to see examples of what we collect. You can choose not to provide certain information, but then you might not be able to take advantage of many of our Amazon Services.
- Automatic Information
We automatically collect and store certain types of information about your use of Amazon Services, including information about your interaction with content and services available through Amazon Services. Like many websites, we use “cookies” and other unique identifiers, and we obtain certain types of information when your web browser or device accesses Amazon Services and other content served by or on behalf of Amazon on other websites. Click here to see examples of what we collect.
- Information From Other Sources
We might receive information about you from other sources, such as updated delivery and address information from our carriers, which we use to correct our records and deliver your next purchase more easily. Click here to see additional examples of the information we receive.
We collect two basic types of information – personal information (as defined in this policy) and anonymous information (as defined in this policy) – and we may use personal and anonymous information to create a third type of information, aggregate information (also defined in this policy). In particular, we collect:
- The registration information you provide when you create an account, enter a promotion, or link your profile on a third-party site or platform with your registration accounts, such as your first name and surname, country of residence, gender, date of birth, email address, username, and password;
- Transaction information you provide when you request information, contact Guest Services, or purchase, return, request, or exchange a product or service from us, such as your postal address, telephone number, and payment information;
- Information you provide in public forums on our sites and applications, such as your public posts;
- Information sent either one-to-one or within a limited group using our message, chat, post, or similar functionality, where we are permitted by the applicable law to collect this information;
- Information we obtain from a third party, such as a site or platform provider, about the use of our applications on third-party platforms or devices;
- Location information, including location information provided by a mobile or other device interacting with one of our sites, applications, or physical properties (including through beacon technologies), or associated with your IP address or other online or device identifier, where we are permitted by law to process this information;
- Activity information about your use, and the use by any person(s) you authorize through your account, of our sites and applications, such as the content you view or post, how often you use our services, and your preferences;
- Usage, viewing, technical, and device data when you visit our sites, use our applications on third-party sites or platforms, or open emails we send, or connect with our wireless Internet access services and other similar technologies, including your browser or device type, unique device identifier, and IP address;
- Still or video images captured by cameras or readers on or around our physical properties;
- Call recordings when you call our reservation centers or other guest services phone numbers.
As per the following example, an in-depth explanation should be given about how information is used, managed, or shared.
Trust is the foundation of the Shopify platform and includes trusting us to do the right thing with your information. Three main values guide us as we develop our products and services. These values should help you better understand how we think about your information and privacy.
- Your information belongs to you
We carefully analyze what types of information we need to provide our services, and we try to limit the information we collect to only what we really need. Where possible, we delete or anonymize this information when we no longer need it. When building and improving our products, our engineers work closely with our privacy and security teams to build with privacy in mind. In all of this work, our guiding principle is that your information belongs to you, and we aim to only use your information to your benefit.
- We protect your information from others
If a third party requests your personal information, we will refuse to share it unless you give us permission or we are legally required. When we are legally required to share your personal information, we will tell you in advance, unless we are legally forbidden.
- We help merchants and partners meet their privacy obligations
Many of the merchants and partners using Shopify do not have the benefit of a dedicated privacy team, and it is important to us to help them meet their privacy obligations. To do this, we try to build our products and services so they can easily be used in a privacy-friendly way. We also provide detailed FAQs, documentation, and whitepapers covering the most important privacy topics, and respond to privacy-related questions we receive.
As per the example below, businesses should allow users to opt-out if they don’t wish to disclose their information and the opportunity to unsubscribe from marketing materials, notifications, or surveys—giving users peace of mind and control over their data.
- Control of Your Information
Section Overview: You have a variety of rights regarding the use and control of your user information.
Upon a verifiable request, Forbes will provide you with information about whether we hold any of your user information. Registered users may change the information stored in their member profile such as image, name, password, location, country, and the topics and contributors they are following at any time by visiting their member profile page at blogs.forbes.
All users may elect to stop receiving marketing material from Forbes or on behalf of external third-party business partners by following instructions at the end of any such email received. Your rights and controls with respect to the user information that may be collected, used, or shared in connection with cookies are outlined above.
You may request to delete or modify your personal account and/or any user information you may have voluntarily submitted to us (e.g., information that you provide to register for a Forbes event) if you wish to do so, provided we are able to verify your identity in accordance with applicable law.
You may also ask to opt-out of marketing communications from Forbes or on behalf of external third-party business partners by following the unsubscribe instructions at the end of the email received.
Contact Information and Disputes
- HOW TO EXERCISE YOUR PRIVACY RIGHTS
To submit a privacy-related request, please write to us at Skullcandy, 6301 N. Landmark Dr., Park City, UT 84098, Attn: Legal Department, or submit your request to email@example.com.
Please allow up to 45 days for Skullcandy to complete your request. Please note, this Privacy
Rights are subject to exceptions, and in certain cases, Skullcandy may decline your request (see Exceptions to Deletion Request) as permitted by law or if applicable, extend your request another 45 days. However, if this is necessary, we will notify you of this extension in time.
Other information and subheadings that you should include are the security measures used to protect information. For example, most sites use Secure Socket Layers (SSL) or 256-bit encryption for optimal security. Small business owners can also inform users how long they’re going to store their information.
|NOTE: 97% of Americans say they’re always asked to approve privacy policies, yet only 9% read privacy policies before agreeing to it. This percentage, however, is increasing as more Americans are becoming aware of their online security.|
Use plain language to describe your policy to users. When you use vague terms or complex language, it might raise some red flags, deterring them from doing business with you.
Adapt to Your Business and Demographic
If your audience or customers are worldwide, certain members will have additional privacy rights. For example, California, the UK, the EU, and Brazil residents fall under specific privacy policies, not the universal one that gives them extra legal protection.
Only Necessary Information
Avoid asking for a long list of unnecessary information. For example, if the business transaction doesn’t require information on the user’s date of birth or marital status, don’t ask for it.