There are so many of these emails flying across the internet, that it’s almost laughable…
— Evie the Cat (@HMCabinetCat) May 23, 2018
Well guess what…
Many social media and software services are changing their policies, and we did too! Our new policy is now easier to read, and it’s more transparent about the third-party platforms we use and the data that they collect. These services allow Road Warrior Creative to access data from your account on a third-party platform and perform actions with it. We never access your data without permission, but it is often necessary for us to access it.
We are GDPR compliant
Because we want to be transparent for all of our clients, not just our clients in Europe, our new policy is also GDPR compliant – for all users across the globe. GDPR stands for General Data Protection Regulation. This is a new European Union Legislation that serves to give users more control over their own data. The legislation requires that:
- Companies can’t use vague language in order to receive consent for data collection.
- Firms can’t bundle more than one item that requires consent together.
- Someone with parental responsibility must be used for opt-ins of children under the age of 16.
- If there is any breach of data, companies must notify their users within 72 hours.
- Users will be able to access their data that is being held by companies, and find out what it is being used for.
- Users will also be able to ask for deletion of their data from a company at any time.
For some more information, check out this video from CNBC with some basics of the GDPR:
Road Warrior Creative is fully GDPR compliant and will follow GDPR guidelines for all persons. Want to request a copy of the information we have on you? Contact us.
We added a cookie notification banner
In our efforts to be more transparent, we also added a cookie notification banner. This helps us with clients and website traffic from European countries. It also makes it easier for users to provide or remove their consent for cookies.
Cookie notification laws
It’s important to understand how cookies can be used, and if you have website traffic from the European Union, like we do, having a cookie notification banner is a legal requirement. Because we have clients and web visitors from Europe, Road Warrior Creative’s site follows guidelines according to EU legislation. Some of these guidelines are:
- Inform the user that cookies are being used.
- Tell users what data is being collected from cookies.
- The site must ask for the user’s consent before it can start using cookies. (This is why we added the banner.)
- Consent needs to be informed and freely given in order to be considered valid.
You can also read more on cookie notification laws here.
Not sure if GDPR and EU cookie laws apply to you? Read on…
GDPR applies to you if:
- Your company is located in the EU
- Goods or services are offered to consumers in the EU
- Your company’s website receives traffic from the EU
- You have access to or control data from users in the EU
Cookie notification laws apply to you if:
- Your or your company is physically located in the EU
- The company or its website targets consumers in the EU
If you’re not sure whether these laws apply to your specific website, please email our support address and submit a support ticket – we’d be happy to help you identify which if any parts of your website might qualify under these laws.
So Privacy Policies and Terms of Service agreements aren’t required by federal law. Why, then, do so many websites have them? Well, big market players like Google and Apple require them for their stores and analytics. Some states, like Massachusetts and California, also require Privacy Policies. State laws also regulate Terms of Service agreements. To make sure that the content and language of your Privacy Policies and Terms agreements follow best practices, make sure they include the following:
- Who you are
- Why you collect data and what you do with data that you collect
- How the data achieves what you are using it for
- Any others, like third-party platforms, that have access to the data that you collect
- An option to opt-out
- How you will notify them of any changes, and the date that any changes will go into effect
- What you will do to notify them if there is a data breach
What are the necessary components of a Terms of Service document?
- Opt-in agreement
- Start date of the agreement
- The rights granted by agreeing to the terms
- Grant right of use for access, personal use, and use of data from any features or functions
- Limits of use, like no copying or downloading, and no reverse engineering
- Obligations and consequences of the agreement/not agreeing with the terms
- Liability sections, i.e., warranties
Terms of Service agreements have to comply with state laws on:
- Truthfulness and accuracy of your agreement
- The returns policy
- Auto-pay and pre-pay
- Any other state specific requirements
You can also add in something inviting users to contact you if they would like to discuss any of the terms you have listed. Like Privacy Policies, a Terms of Service agreement is to make sure that users understand their rights and access. It is important to be transparent to avoid any liability, and to ensure that your users can trust your company and its website.
Don’t forget email marketing compliance
Compliancy doesn’t just apply to websites and apps. There are laws for email marketing too! The CAN-SPAM Act sets up rules for businesses who use email marketing to follow. What does the act do? Some of its key points are to:
- Establish requirements for commercial messages
- Give recipients the right to unsubscribe from your messages
- Spell out punishments and fines for violations of the act
Do anti-spam laws apply to me?
If you’re unsure whether anti-spam laws apply to you, read the actual act on the FTC website, and the FAQs on how to follow the guidelines, linked below. Some key information and requirements include:
- CAN-SPAM doesn’t just apply to bulk emails, it applies to commercial emails as well. Commercial emails are any emails that are sent in order to promote a business, product, or service. The law also applies to business-to-business emails.
- Make sure your header information is accurate. This means everything from your “reply” to your routing information must identify the person or business from which it originated.
- Keep the subject in line with the content of your message. Identify your email as an advertisement if that’s what it is.
- Tell recipients where your physical address is. Whether it’s your office building or a post office box, emails must include an address.
- Give recipients a clear way to opt of your emails, and honor those opt out decisions quickly. All opt out requests have to be addressed within 10 business days.
- Even if you hire someone else to take care of your email marketing, you will still be held responsible for making sure your emails follow all guidelines of CAN-SPAM.
Nearly all of our clients do some form of email marketing, so the CAN-SPAM laws apply to just about all of you! If you want more information, you can get more details and answers to CAN-SPAM FAQs here, you can also contact us and we can help you to enable email marketing practices that are legally compliant. Not only will following these best practices keep your business safe from fines and legal trouble, but they will also make your customers love you more and will help you to have an email list that is fully engaged and excited to open + click on your email newsletters.
How can I make sure I’m staying compliant?
Okay, so we’re not exactly lawyers here at Road Warrior Creative. While we can’t provide any legal advice, we’re happy to point you in the right direction, and can generally tell you if your current policy and practices seem compliant. However, your best bet to make 100% sure that you’re being compliant is to hire an attorney.
What if my budget doesn’t allow for an attorney?
Check out the Small Business Development Center! The SBDC offers free consultations with attorneys, and low cost classes so that you can learn best practices! For more information, check out their website here.
Try Iubenda! This is what we recommend to all clients, and it’s what we use too! This site will help make sure that your website or app is compliant with any and all laws on privacy and cookies. It can generate policies for you, and help with Terms & Conditions for your site. Some other things that Iubenda offers include:
- Resources and work quality of an international legal team
- Policy generation in up to 8 languages
- Optimization for mobile specific requirements
- GDPR compliant policies
- Customizable policies
- Automatic updates to policies with any law changes
If you want to give iubenda a try, our affiliate link will get you 10% discount on your first year of a paid plan! iubenda also puts on great webinars that are led by attorneys and are very informative. We recommend watching both of these webinars: How to easily make your website/app compliant with US law and All you need to know about the GDPR (New EU Privacy Law).
How we can help
While we’re not attorneys at Road Warrior Creative, we can offer some help with updating your privacy and/or cookie policies. Here are a few ways that we can give you a step up in your policies and practices.
- Tell you if the policy language in your MailChimp or Google analytics account is accurate.
- Make all your forms GDPR-compliant
- Build new forms that allow visitors to request their personal data and/or its deletion (as required by GDPR)