GENERIC PRIVACY POLICY FOR WEBSITES OFFERING GOODS OR SERVICES ONLINE

 

Copyright Idaho Virtual Incubator 2002

Prepared by Professor Jerry Wegman, University of Idaho

May 7, 2002

 

 

Important:  This privacy policy is provided for your use as a generic model only.  Each website should tailor its policy for its specific needs.  Sites that collect financial or medical information for example should use encryption to safeguard sensitive personal data.  A privacy policy provides assurance to visitors and customers that their information will not be abused.  This should result in increased use by the public.  However, once a website posts its privacy policy, it is legally bound to adhere to it.  There have been lawsuits brought against websites that violated their own stated policies.  Therefore you must consider carefully the promises made in the privacy policy, and have a plan or mechanism for carrying out those promises.  A common method of displaying the privacy policy is to have a link to it prominently displayed on your home page.

 

An excellent adjunct to your privacy policy is having the seal of approval from one of the recognized national “seal” organizations.  If obtained, you will place the organization’s logo in your privacy policy and it will substantially increase your credibility.  The two leading seal organizations are TRUSTe (www.truste.org) and Better Business Bureau Online (www.bbbonline.org).

 

Please see the Notes following the privacy policy.  They contain important warnings.

 

 

*************************************

 

 

MODEL PRIVACY POLICY -  COMMERCIAL WEBSITES

 

We know that you care how your information is used, and we appreciate your trust that we will use it carefully and sensibly. This notice describes our privacy policy. By visiting us, you are accepting the privacy policy described below.

1.  What Personal Information Do We Collect?

  • Information You Provide.  We receive and store information you enter.  For example, when you search for or buy a product or service, or when you supply information such as your address, phone number or credit card. You can choose not to provide certain information, but then you might not be able to take advantage of some of our features.  We use the information that you provide for such purposes as responding to your requests, customizing future shopping for you, improving our website, and communicating with you.  In addition, if you choose, we may share your information with other companies who provide goods or services that you are interested in.  Please see the “opt-in/opt-out” selection in Section 4 of this policy.
  • Cookies. Like many websites, we use "cookies".  Cookies are small programs that we transfer to your hard drive that allow us to recognize you and to provide you with a customized shopping experience.  If you do not want us to use cookies, you can easily disable them by going to the toolbar of your web browser, and clicking on the “help” button.  Follow the instructions that will prevent the browser from accepting cookies, or set the browser to inform you when you receive a new cookie.  In addition, you may visit this and other websites anonymously through the use of utilities provided by other private companies.
  • Other Information: Every computer has an IP (Internet Protocol) address.  IP addresses of computers used to visit this site are noted.  In addition, we automatically collect other information such as email addresses, browser types, operating systems, and the URL addresses of sites clicked to and from this site.
  • Information from Other Sources.  We might receive information about you from other sources and add it to our account information.  This may include updated delivery and address information from our shippers or other sources so that we can correct our records and deliver your next purchase or communication more easily. 

2.  How Do We Use Your Information?

  • Customized Shopping.  We use your information to better serve you by providing a customized shopping experience.  As noted above, you may “opt-out” of this customization, or even visit and shop anonymously.
  • Agents. We employ other companies and individuals to perform functions on our behalf. Examples include delivering packages, sending postal mail and e-mail, and processing credit card payments. They have access to personal information needed to perform their functions, but may not use it for other purposes.
  • Special Offers.  We may send you special offers from time to time, unless you choose to “opt-out” of receiving such offers.  In addition, we may also send you special offers from other companies.  Again, you may “opt-out”.  If we send you offers from other businesses, we do not share your personal information with them.  The offers come directly through us.  Please see the “opt-in/opt-out” selection at the end of this policy. 
  • Business Transfers. As we continue to develop our business, we might sell or buy stores or assets. In such transactions, customer information generally is one of the transferred business assets. Also, in the unlikely event that we are acquired, customer information will be one of the transferred assets.
  • Law Enforcement.   If we receive a lawful court order to release account or other personal information then we will comply with the law.  We will also release information when necessary to protect the life, safety or property of others. This includes exchanging information with other companies and organizations for fraud protection and credit risk reduction.

 

 

3.  How Do We Protect the Security of Your Information?

  • We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) software, which encrypts information you input.
  • We use encryption to protect your information contained in our customer list.
  • We use a firewall to protect against unlawful intrusion.
  • We limit access to your information on a “need to know” basis.
  • We reveal only the last five digits of your credit card numbers when confirming an order. Of course, we transmit the entire credit card number to the appropriate credit card company during order processing.
  • It is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer.
  • No system can guarantee absolute security, just as the finest lock can not guarantee physical security.  However, we take every reasonable precaution to assure that your data is secure.

4.  Your Choice:  Opt-in or Opt-out.

It is your choice whether to receive emails or special offers from us or others.  The following section provides you with this choice.  Please note the default settings.

·        Please send me email or other mail informing me of special offers of your products or services.

·        Please do not send me email or other mail informing me of special offers of your products or services.

·        Please send me email or other mail informing me of special offers of related products or services from other companies.

·        Please do not send me email or other mail informing me of special offers of related products or services from other companies.

5.  Children

 

We do not sell products or services to children. If you are under 18, you may use this site only with involvement of a parent or guardian.

 

6.  Other Websites

 

Various Web sites may be linked to from this site.  If you link to another site, your privacy depends on the policy of that site.  We strongly urge you to check their privacy policy.  Not all sites guarantee that they will not share your personally identifiable information with others.  You may also wish to consult privacy guidelines such as those recommended by the Online Privacy Alliance (www.privacyalliance.org).

 

 

 

 

7.  Contact Us

 

If you would like to learn more about our privacy policy, or to access your personally identifiable information contained on our website, you may contact us at ________.  You will be required to provide identifier information to assure that this information is not released to others.  We reserve the right to modify this policy in the future.  If we do so, notice will be posted on our home page.

 

         

 

*********************************

NOTES

 

Section 1.   Different sites will collect different information.  For example, if you do not collect credit card information, do not include this.  YOUR site must be customized for the data that you collect.  Same with cookies.  If you do not use them, simply state that. 

 

Section 2.  It is highly recommended that you not sell your customer lists or other personally identifiable information to others, e.g. marketing firms or other companies.  It is far better to rent out a one time use of selected customers, where YOU send out the email offers of another company.  That way the information never leaves your premises and is always under your control.  If however you plan to sell or rent the p.i. information of your customers, you should inform them of this possibility and give them an opportunity to opt-out of that action.

 

Section 3.  You must provide the security you promise.  Different levels of security are appropriate for different types of businesses.  You should certainly have a firewall and limited access protection, at a minimum.  Encryption of the customer list is highly recommended, and is getting easier.

 

Section 4.  The opt-in/opt-out section is very important.  The bullets represent clickable choices, that is, circles that can be dotted.  You will want to set the default settings on the choices #1 and #3, that allow you to send special offers from your own site and also from related companies.

 

Section 5.  There are special laws protecting the privacy of children, including the federal Childrens’ Online Privacy Protection Act (COPPA).  It is safest not to sell to or collect information from children.  If your site is specifically directed at children, then you should seek specific legal advice on how to comply with these laws.

 

Section 6.  Privacy guidelines require that visitors be able to access their information.

 

MOST IMPORTANT:  DO NOT MAKE YOUR PRIVACY POLICY STRONGER THAN NECESSARY, AND BE SURE TO FOLLOW IT.  TAILOR THE POLICY TO YOUR SITE.  SEEK THE ADVISE OF LEGAL COUNSEL THAT IS EXPERIENCED IN E-COMMERCE ISSUES.  REMEMBER:  IT IS FAR BETTER TO HAVE NO PRIVACY POLICY THAN ONE WHICH IS VIOLATED.