These are frequently asked questions when it comes to elaborating the “Do I need a privacy policy” for my site/application/mobile app (we keep adding to this list)?
The article has 3 sections:
- You’ll find frequently asked questions here
- You’ll find frequently asked questions about iubenda here
- You’ll find a list of resources here
Can you explain third-party cookies? What are they? Why do they present a privacy issue?
Cookies (also referred to as HTTP cookie, web cookie, browser cookie) are small pieces of data sent from a website and stored in your browser while browsing that website. They were designed to help websites remember or discover certain information about the visiting user. Essentially, it allows site owners and third parties to track the user’s activity across the web.
This is also the root of the main privacy concerns. So called tracking cookies, or especially their subset, third-party tracking cookies are used to compile long-term records of individuals’ browsing histories. These cookies allow for a rather complete profile by tracking user behavior on multiple sites. An example is Google AdSense and Analytics that are able to serve personalized advertising and searches.
This cookie characteristic effectively makes it personal data that is able to track you as an individual. Most countries’ laws require cookies to be mentioned in a privacy policy.
If I have a mobile app, what’s a good practice for a privacy policy?
It’s generally considered to be good practice to link to your privacy policy from within the app AND from the app store “download page”. The reason for this is that the users should be able to see the data collection practices before they actually happen. A third place where your privacy policy link can’t hurt is on your promotional website/page for the app.
- Read this post “How to Link that Privacy Policy in Your App” for a great overview
For full legal insights you may want to read a paper like this one by Article 29.
If I have a US-based website with traffic that is primarily from the US, do I need to worry about EU privacy laws? If so, which ones?
No, as a rule of thumb you have to worry about the users you target. EU privacy laws are none of your concern in that case. BUT WAIT: There’s one thing in the US that forces you to respect the same concepts. The state of California has a very advanced privacy law sector and a section known as CalOPPA (California Online Privacy Protection Act).
This act is applicable to any individual or entity that owns a commercial web page or an online service that collects and uses personal information from an individual living in California. It is very likely that your websites are used by Californians which is why this act extends to you as an operator of that website.
If I run a small non-commercial, non-ecommerce, US-based site, do I need a privacy policy?
Let me make a distinction here. Non-ecommerce is not necessarily the same thing as non-commercial. If your site is commercial, it helps you make money in a way (you offer your services), then it falls under CalOPPA and therefore has to follow its rules.
However if you do operate a non-commercial site, then CalOPPA is none of your concern.
One more thing though. Be aware of the fact that many third-party services require you to have a privacy policy no matter what. Let us think of a very common example: you have Google Analytics on your blog (no commercial background or connection). Google requires you to post a privacy policy in order to use their service.
Should my email newsletters (using services like MailChimp) contain a privacy policy?
Yes. Email newsletters should contain a reference to your privacy policy.
Don’t forget that the other important part is to show a link to your privacy policy when the user subscribes to your newsletter in order to inform the user about your data collection/use practices.
Additionally to the privacy policy reference though, there is one thing you must not forget: you need to follow the CAN-SPAM legislation when you send out newsletters. It requires you to provide things like an unsubscribe link.
Do I need a privacy policy for a simple Facebook Page for my non-profit organization?
No, a simple Facebook Page doesn’t require a privacy policy for a non-profit.
However if you started to to collect information about your users, Facebook requires you to disclose that:
If you collect content and information directly from users, you will make it clear that you (and not Facebook) are collecting it, and you will provide notice about and obtain user consent for your use of the content and information that you collect. Regardless of how you obtain content and information from users, you are responsible for securing all necessary permissions to reuse their content and information.
Frequently Asked Questions about iubenda
What do I get with a free license?
Each account comes with a free license that includes many of the clauses available, like
- ☑ Google Analytics
- ☑ Mailchimp
- ☑ Twitter integration
- ☑ Facebook integration
- ☑ Google+ integration
- ☑ and much, much more
What do I get with a paid license?
The paid license removes the restrictions that you’ll find with the free license:
- ☑ Access to all clauses
- ☑ Include unlimited clauses (more than 4) per policy
- ☑ Embedding/Styling options unlocked
- ☑ Privacy policies for mobile apps
What does a paid license cover?
Each license covers a privacy policy (for one website, app or facebook app) in one language. Each additional language takes a new license.
Which countries do you cover?
One of our greatest efforts is toward covering every country’s law by adopting the strictest information rules required in each country.
Can I trust you?
The service is run and backed by real lawyers from around the world.
Why is it a monthly/yearly subscription? After getting it, why should I pay each month/year?
The yearly/monthly subscription pricing is our way of keeping your costs low, while giving you access to attorney-level quality. Instead of paying a one-off attorney fee up to thousands of Dollars (it starts to get expensive when you need a couple of translations), we offer a convenient yearly/monthly payment option.
This is also the reason for what we believe are our best features: we keep improving the privacy policy for you behind the scenes automatically, we keep adding new clauses, and we keep adapting the privacy policy to current legislation. That’s where iubenda’s solution really shines.
Can I switch between pay-as-you-go and monthly payments whenever I want?
Yes. Switch in between our options anytime as your needs change.
If I already own pay-as-you-go licenses, do I have a bonus when moving to monthly charge?
You will be credited the unused amount of your payment towards your new monthly payment plan.
Example: You have used 6 months on your 27$/year policy and then move to a monthly plan. This means you have 13.50$ credited towards your new payment option.
Mobile Apps: Privacy Policy for iOS, Android, Windows Phone & BlackBerry?
Privacy policies in mobile apps:
Our guides to making privacy policies in apps
- Privacy Policy for iOS Apps
- Privacy Policy for Android Apps
- Privacy Policy for Windows Phone Apps
- Privacy Policy for BlackBerry Apps
Privacy Policy for Web Services?
iubenda offers a wide range of clauses that you need when you integrate third party services on your site/app. If you need one that isn’t covered, feel free to get in touch.
- Privacy Policy for AdWords
- Privacy Policy for Google AdSense
- Privacy Policy for Google Analytics
- Privacy Policy for MailChimp
Privacy Policy in my Country?
The international situation for privacy policies.