Data Privacy Policies are some of the most important documents on any website. It details your company's views and procedures on the information collected from visitors. It’s important to be as transparent as possible with your users.
- Go to 'Dashboard'.
- Open the 'Pages App' and go to 'System Pages'.
- Insert the code provided by iubenda.
Below you will find more information on why it is important to make your webpage legally compliant and how to do it easily through iubenda.
For better understanding, you need to start from identifying your laws of reference.
Identify your Laws of Reference
The laws of the country in which you base your operations, as well as those of the country your site targets typically apply.
For example, if you’re based in the EU, and also have site visitors from California, you’ll need to comply with EU laws like the GDPR and extend its protections to both your EU and your non-EU site visitors where necessary under the law. You may also need to comply with Californian laws like CalOPPA and the CCPA.
Any legal documents on your site (eg. privacy & cookie policies or terms and conditions) must be written in the same language as your site so your users can understand them. If your site is available in multiple languages, then you should make your documents available in those languages, too.
A couple of words on GDPR! When it comes to consent, the first question you should ask yourself is, “where are my site visitors based?”
If you have EU-based page visitors:
- The ePrivacy (Cookie Law) mandates that informed, freely given consent should be collected before cookies or similar trackers are run by your site. Cookies are small pieces of data that are sent from a website or app and are often stored on a visitor’s computer via their web browser. Cookies can either be produced by your website (first party) or they can be produced by third-party services you run on your site like widgets, analytics programs, social logins, scripts etc. (third-party). Before user consent is collected, cookie scripts must be blocked from running.
- Under the GDPR, if you have data collection forms on your website (e.g. contact or newsletter forms), you must be sure to collect informed, verifiable, freely given consent before adding users to your mailing list, and you must keep valid records or proofs of each consent – failure to keep valid consent proofs can make your collected consents invalid in the eyes of the law.
For US-based page visitors:
- The Federal CAN-SPAM Act is a regulation that sets the rules for commercial messages, including email. While opt-in consent is not required under the Act, you must provide a visible opt-out or unsubscribe option in all such communications. Furthermore, CAN-SPAM rules state that you must provide valid identification information and mark promotional emails as an ad.
At their most basic, privacy policies should include:
- Identity details of the site owner (whether a person or legal company).
- What data you’re collecting and why.
- The intended use of the data.
- How the data is stored.
- Who the data is shared with (third-parties, sub-contractors etc.).
- The rights of the user (this can differ depending on your law of reference).
- The legal basis for processing user data (mainly EU users).
If you have any questions or concerns, contact us directly via the live chat box, located in the lower right corner. Our Support Team will provide you with top-notch quality support, 24/7.