You must make sure it is easy to find on your website
You must make sure that it is easy to read
You must make sure that it comprehensively explains all the details of your online information practices
This will then enable all online visitors to your website to make informed decisions concerning the collection and use of their information.
Consequently you must put careful consideration into the creation of your policy to ensure that it accurately reflects the information practices which may be unique to your business ensuring that you can guarantee a faithful adherence to it provisions.
As all privacy policies may differ depending upon the nature of the website then the following provisions can only be relied on as standard provisions. They will however, apply to most business which use personal information for the standard purposes contained below. If you feel that your business uses personal information in a way which separates it from other business it may be wise to seek the advice of a solicitor when putting together the policy.
Accordingly the provisions which deal with the following issues should be contained within all standard website privacy policies:
Commitment to privacy
What information is collected
How the information is used
Access to the information
Commitment to Privacy
This section should detail the fact that you have provided this notice which explains all your online practices in order for the customer to make a choice about the way their information is collected and used.
In order to fully show your commitment to the privacy of your customers you should make the notice easy to find. If it is located on the homepage of your website then those customers wishing to find it will be able to do so immediately.
Information which is collected
Credit or Debit Card Information
How the Information is used
If your website it using the information obtained in relation to the customer placing the order it is usual to state that the information will only be used as is necessary to fully complete that order. This means that the information will only be passed to third parties in order to ensure the order is completed.
If you collect email address from your customer you should state that the only purpose for which you have that email address is to answer any email which you may receive. You must ensure that you state that the email address is not used for any other purpose and will not be passed on to any other third parties.
Data Protection Provisions
If you collect and process personal information online you must adhere to the provisions of the Data Protection Act 1998. Accordingly you must register your company with the Information Commissioner specifying the ways which you will use the information.
Access to the Information
You must also state that a customer can correct any factual errors made in relation to their personally identifiable information by sending a request that credibly shows the error. It would then be prudent to qualify this by stating that in order to protect their privacy you will undertake reasonable steps in order to verify that person’s identity before granting access or making corrections.