We’ve Updated Our Privacy Policy-You Should Too

New guidelines are coming- are you ready for them?

Recently, you may have noticed your inbox filling with emails with “Updated Privacy Policy” in the subject line.  I sure have!  Here’s an example of an email I received from Twitter about their privacy policy updates:

Twitter Privacy Policy

Well guess what…

We have an updated privacy policy

Many social media and software services are changing their policies, and we did too! Our new policy is now easier to read, and it’s more transparent about the third-party platforms we use and the data that they collect. These services allow Road Warrior Creative to access data from your account on a third-party platform and perform actions with it.  We never access your data without permission, but it is often necessary for us to access it.

For example, when clients hire us to manage their social media presence, that often includes Facebook. If you want us to manage your Facebook page or run Facebook advertisements on behalf of your page, we have to have access to the Facebook page and any information connected to it, including messages, analytics, etc.  It’s common sense, we like to think, but wasn’t previously explicitly outlined in our privacy policy.

Other examples of third-party services we use that have been added to our updated privacy policy include Zendesk (our support platform), Stripe (our credit card processor), MailChimp (our email marketing platform), and a few others.  We never collect information that you do not explicitly provide for the purposes of engaging with us for website development or online marketing services, with the exception of anonymized data that is aggregated into our Google Analytics reports.

We are GDPR compliant

Because we want to be transparent for all of our clients, not just our clients in Europe, our new policy is also GDPR compliant – for all users across the globe. GDPR stands for General Data Protection Regulation. This is a new European Union Legislation that serves to give users more control over their own data. The legislation requires that:

  • Companies can’t use vague language in order to receive consent for data collection.
  • Firms can’t bundle more than one item that requires consent together.
  • Someone with parental responsibility must be used for opt-ins of children under the age of 16.
  • If there is any breach of data, companies must notify their users within 72 hours.
  • Users will be able to access their data that is being held by companies, and find out what it is being used for.
  • Users will also be able to ask for deletion of their data from a company at any time.

For some more information, check out this video from CNBC with some basics of the GDPR:

You can also read the legislation in full, or find some key sections of the guidelines here.

Road Warrior Creative is fully GDPR compliant and will follow GDPR guidelines for all persons.  Want to request a copy of the information we have on you?  Contact us.

We added a cookie notification banner

New cookie notification banner

In our efforts to be more transparent, we also added a cookie notification banner. This helps us with clients and website traffic from European countries. It also makes it easier for users to provide or remove their consent for cookies.

How we use cookies

We use cookies to save browsing preferences and optimize the user’s browsing experience. For example, the language and currency preferences of users, and website statistics that we manage. Cookies also help our website by saving user sessions and carrying out activities that are necessary for the operations of the site, like traffic distribution. You can also read our full cookie policy here.

Cookie notification laws

It’s important to understand how cookies can be used, and if you have website traffic from the European Union, like we do, having a cookie notification banner is a legal requirement. Because we have clients and web visitors from Europe, Road Warrior Creative’s site follows guidelines according to EU legislation. Some of these guidelines are:

  • Inform the user that cookies are being used.
  • Tell users what data is being collected from cookies.
  • The site must ask for the user’s consent before it can start using cookies. (This is why we added the banner.)
  • Consent needs to be informed and freely given in order to be considered valid.

You can also read more on cookie notification laws here.

Privacy Policy on laptop

Why you need an updated privacy policy too

With GDPR going into effect on May 25th, it’s a great time to revisit your privacy policy and cookie policy. This is especially true if you’re unsure whether GDPR and cookie consent laws apply to you. It’s also important for any company not in the European Union to make sure that they are complying with these legislations, if they reasonably expect to have customers or website visitors from the European Union.

Not sure if GDPR and EU cookie laws apply to you?  Read on…

GDPR applies to you if:

  • Your company is located in the EU
  • Goods or services are offered to consumers in the EU
  • Your company’s website receives traffic from the EU
  • You have access to or control data from users in the EU

Cookie notification laws apply to you if:

  • Your or your company is physically located in the EU
  • The company or its website targets consumers in the EU
  • Your website use cookies (all WordPress sites and sites running Google Analytics use cookies)

If you’re not sure whether these laws apply to your specific website, please email our support address and submit a support ticket – we’d be happy to help you identify which if any parts of your website might qualify under these laws.

U.S. Privacy Policy Requirements

So Privacy Policies and Terms of Service agreements aren’t required by federal law. Why, then, do so many websites have them? Well, big market players like Google and Apple require them for their stores and analytics. Some states, like Massachusetts and California, also require Privacy Policies. State laws also regulate Terms of Service agreements. To make sure that the content and language of your Privacy Policies and Terms agreements follow best practices, make sure they include the following:

What are the necessary components of a Privacy Policy

You must have a Privacy Policy if you collect personal information. This policy needs to include:

  • Who you are
  • Why you collect data and what you do with data that you collect
  • How the data achieves what you are using it for
  • Any others, like third-party platforms, that have access to the data that you collect
  • An option to opt-out
  • How you will notify them of any changes, and the date that any changes will go into effect
  • What you will do to notify them if there is a data breach

Overall, your biggest concerns should be to stay in line with your policy, and make sure that your policy is truthful and accurate. Don’t mislead your users in any way, and make sure that they understand their rights and controls. Creating a Privacy Policy helps you to be transparent and continue to be trusted by your users and others who visit your website.

What are the necessary components of a Terms of Service document?

A Terms of Service document, or a Terms of Use, Terms and Conditions, etc., is an agreement between the user and the company that owns the website. This agreement should be written clearly for the user to understand and agree to. Components of these documents include:

  • Opt-in agreement
  • Start date of the agreement
  • The rights granted by agreeing to the terms
  • Grant right of use for access, personal use, and use of data from any features or functions
  • Limits of use, like no copying or downloading, and no reverse engineering
  • Obligations and consequences of the agreement/not agreeing with the terms
  • Liability sections, i.e., warranties

Terms of Service agreements have to comply with state laws on:

  • Truthfulness and accuracy of your agreement
  • The returns policy
  • Auto-pay and pre-pay
  • Any other state specific requirements

You can also add in something inviting users to contact you if they would like to discuss any of the terms you have listed. Like Privacy Policies, a Terms of Service agreement is to make sure that users understand their rights and access. It is important to be transparent to avoid any liability, and to ensure that your users can trust your company and its website.

Don’t forget email marketing compliance

Compliance doesn’t just apply to websites and apps. There are laws for email marketing too! The CAN-SPAM Act sets up rules for businesses who use email marketing to follow. What does the act do? Some of its key points are to:

  • Establish requirements for commercial messages
  • Give recipients the right to unsubscribe from your messages
  • Spell out punishments and fines for violations of the act
Spam emails

Do anti-spam laws apply to me?

If you’re unsure whether anti-spam laws apply to you, read the actual act on the FTC website, and the FAQs on how to follow the guidelines, linked below. Some key information and requirements include:

  • CAN-SPAM doesn’t just apply to bulk emails, it applies to commercial emails as well. Commercial emails are any emails that are sent in order to promote a business, product, or service. The law also applies to business-to-business emails.
  • Make sure your header information is accurate. This means everything from your “reply” to your routing information must identify the person or business from which it originated.
  • Keep the subject in line with the content of your message. Identify your email as an advertisement if that’s what it is.
  • Tell recipients where your physical address is. Whether it’s your office building or a post office box, emails must include an address.
  • Give recipients a clear way to opt of your emails, and honor those opt out decisions quickly. All opt out requests have to be addressed within 10 business days.
  • Even if you hire someone else to take care of your email marketing, you will still be held responsible for making sure your emails follow all guidelines of CAN-SPAM.

Nearly all of our clients do some form of email marketing, so the CAN-SPAM laws apply to just about all of you!  If you want more information, you can get more details and answers to CAN-SPAM FAQs here, you can also contact us and we can help you to enable email marketing practices that are legally compliant.  Not only will following these best practices keep your business safe from fines and legal trouble, but they will also make your customers love you more and will help you to have an email list that is fully engaged and excited to open + click on your email newsletters.

How can I make sure I’m staying compliant?

Okay, so we’re not exactly lawyers here at Road Warrior Creative. While we can’t provide any legal advice, we’re happy to point you in the right direction, and can generally tell you if your current policy and practices seem compliant. However, your best bet to make 100% sure that you’re being compliant is to hire an attorney.

What if my budget doesn’t allow for an attorney?

Check out the Small Business Development Center! The SBDC offers free consultations with attorneys, and low cost classes so that you can learn best practices! For more information, check out their website here.

Try Iubenda! This is what we recommend to all clients, and it’s what we use too! This site will help make sure that your website or app is compliant with any and all laws on privacy and cookies. It can generate policies for you, and help with Terms & Conditions for your site. Some other things that Iubenda offers include:

  • Resources and work quality of an international legal team
  • Policy generation in up to 8 languages
  • Optimization for mobile specific requirements
  • GDPR compliant policies
  • Customizable policies
  • Automatic updates to policies with any law changes

If you want to give iubenda a try, our affiliate link will get you 10% discount on your first year of a paid plan!  iubenda also puts on great webinars that are led by attorneys and are very informative.  We recommend watching both of these webinars: How to easily make your website/app compliant with US law and All you need to know about the GDPR (New EU Privacy Law).

WordPress has tools to help!  WordPress 4.9.6 offers new features that will help with privacy policy and GDPR compliance. The recent update is a privacy and maintenance release, which you can read more about here.  If your WordPress website was updated this week, you already have these features built in!

How we can help

While we’re not attorneys at Road Warrior Creative, we can offer some help with updating your privacy and/or cookie policies. Here are a few ways that we can give you a step up in your policies and practices.

We can:

  • Add a privacy policy or cookie notification to your website. All we need from you is the language!
  • Tell you if the policy language in your MailChimp or Google analytics account is accurate.
  • Make all your forms GDPR-compliant
  • Build new forms that allow visitors to request their personal data and/or its deletion (as required by GDPR)

It’s no secret that these privacy policy and cookie notification laws can be tricky to understand. They can be even trickier if you’re unsure whether they apply to you, or how they apply to you. The best way to make sure that all of your language, policies and practices are compliant is to be informed! Read what you can, watch webinars, leave comments and submit FAQs. There are always resources available to make sure that your website or app is performing to its best for your users. Here at Road Warrior Creative, we believe in being transparent, and we’re glad to help others to do the same.

Thoughts or Questions?

Our blog does not accept comments, but we want to know what you think!  Tag us on Twitter to get the conversation started or contact us.