We'll delve into the following:
Some people in conversations call it a privacy statement, privacy page, or a policy page.
Every data protection law explicitly requires businesses to present users with a specific set of information about their data processing activities.
- The categories of personal data you collect
- How you collect data
- Why do you collect data
- With whom do you share data and the purposes for sharing
- Data subject rights and how to exercise them
- Data retention information
- Data transfer information
- Information on children’s data, if applicable
- Information about the Data Protection Officer, if any
- Your contact information
If you want to comply with both laws at once, you need to include everything required for all the laws. In many cases, the information overlaps.
Data Controller Details
Legal basis for collecting and processing your personal information
Our legal basis for obtaining and utilizing your personal information, as this policy outlines, depends on the context in which it is collected.
We may collect your personal data because:
- [legal basis 1]
- [legal basis 2]
- [legal basis 3]
Explanation: You must inform users on what legal bases you rely on to process their data. Legal bases include consent, legitimate interests, execution of a contract, vital interests, public interests, or compliance with the laws. List all the lawful bases applicable to you.
Why we process personal data
We process personal data for the following purposes:
- [purpose 1]
- [purpose 2]
- [purpose 3]
When you subscribe to our services, third-party providers will be authorized to process your payment information. In these situations, we do not have access to your payment details. Instead, Stripe, the third-party processor responsible for your payment, will have access to your data.
Explanation: List all your processing purposes, such as providing products or services, providing customer support, marketing, website analytics, or whatever other processing purpose you have.
Categories of personal data we collect
We process the following categories of personal data:
- [Data category 1]
- [Data category 2]
- [Data category 3]
- [Data category 4]
- [Data category 5]
Explanation: Personal names, email addresses, home addresses, browsing behavior, IP addresses, financial data - these are all data categories. Include every single personal data category that you collect.
How we collect your personal data
There are two ways in which we collect data:
- Data provided directly by you
- Data collected through third-party services
We collect data directly from you during your communication with us regarding our services, such as technical support threads. This is the data that you provide to us.
You can manage your permissions by clicking our Trust Badge below:
With whom we share the collected personal information
Please note that these service providers only have access to your personal information to perform the tasks we have assigned to them, and they are obligated not to disclose or use it for any other purpose.
Some of these third-party service providers may track your online behavior over time and across different internet websites or online services. However, we do not have control over their data collection practices or the use of your personal information. Therefore, we encourage you to review their privacy policies before consenting to the use of their services on our website.
We share or disclose your personal information with the following third-party service providers:
We use a 3rd party analytical software to gather statistical information about our website visitors. The services we use include:
- Google Analytics
We use third-party services to personalize content and serve you with relevant ads. These services may share content you provide to 3rd party. These include:
- Google Ads
Explanation: Almost all businesses share data with third parties. This includes, but is not limited to servers and software tools. The GDPR, and some other laws, explicitly require you to tell data subjects who else can access their data.
The duration for which we retain each specific category of personal data depends on the processing purpose for which it was collected. We will store your personal data only for as long as it is necessary to fulfill the specific processing purpose for that category of data.
What are your rights as the owner of personal information
You have the following data protection rights:
- The right to access your data
- The right to update or correct your data
- The right to object to the use of your data
- The right to restrict the use of your data
- The right to transfer your data to another data controller
- The right to the erasure of your data
- The right to withdraw consent
- The right to lodge a complaint to the relevant data protection authority
How can you exercise your rights as the owner of personal information
If you would like to exercise your rights under the GDPR, you may submit your requests to us through the following channels:
- Email: [where to send requests over email]
Please note that we may ask you to verify your identity before responding to your request to protect the security of your personal information.
You also have the right to file a complaint with a Data Protection Authority regarding our collection and use of your personal information. For more information on this, please contact your local data protection authority.
Explanation: We have listed all the GDPR rules above, except one - not to be subject to automated decision-making. Make sure you list all the GDPR rights your users have and inform them how they can exercise the rights.
Location and transfer of your personal information
We utilize several third-party service providers, including Google Ads, Google Analytics, Dynatrace, and Hotjar. These providers are considered our data processors and are contractually bound to keep your personal information secure and confidential. They may only use your data for the purposes outlined in our agreement with them.
We store your data in the European Union. However, some of these third-party service providers may be located in third countries outside of the European Union. In such cases, we ensure that your data is transferred based on appropriate safeguards, such as adequacy decisions, standard contract clauses, or another transfer tool.
We take all reasonable steps to ensure that your data is treated securely and that no transfer of your personal data will take place to an organization or a country unless adequate controls are in place to safeguard your data and other personal information. We are committed to maintaining the security of your personal information and protecting your privacy rights.
Explanation: The section above informs users that the data may be transferred to third countries. In some cases that may pose a risk to their rights and freedoms, therefore whenever you transfer their data outside of the EU, you must tell them about that.
Security of your personal information
We recommend that you use a strong and unique password, keep it confidential, and log out of your account on shared computers to safeguard the security of your personal information. At our company, we take the security and privacy of your data seriously and work hard to keep it safe.
Explanation: Data security is an essential part of GDPR compliance and you need to give at least some basic information to users about it. You don't have to go too much into details or be too technical about it, but ensure to give some information on how you secure their personal data.
Protecting your child’s privacy
Our Service does not address anyone under 16 ('Children'). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Children have provided us with personal data, please contact us. If we become aware that we have collected personal data from children without verification of parental consent, we take steps to remove that information from our servers.
Explanation: If you run a website that collects children's data, be transparent about it. If your website does not collect such data, add this section to clarify how you handle children's online privacy.
If you have any questions about our Privacy Practices or this Policy, please contact us at
- Email: email@example.com
- Website: secureprivacy.ai
Explanation: Finally, provide users with your contact information. This may be included in the introductory part, too.
EU Digital Markets Act (DMA): What Businesses Must Know
Explore the European Union's Digital Markets Act (DMA) and its impact on tech giants, gatekeepers, and SMEs. Uncover key provisions, designated companies, and the relevance of compliance for small to medium-sized enterprises.
- Europe GDPR
- Data Protection
The Complete Guide to WordPress GDPR Compliance: Make Your Wordpress Site is Compliant
Learn about the General Data Protection Regulation (GDPR) and its significance for WordPress websites. Discover essential steps, potential consequences of non-compliance, and effective cookie management strategies to ensure GDPR compliance.
- Europe GDPR
Understanding the Utah Consumer Privacy Act (UCPA): A Comprehensive Overview of the New Consumer Privacy Law
Learn about the Utah Consumer Privacy Act (UCPA), its impact on businesses operating in Utah or targeting Utah customers, compliance requirements, consumer rights, data security measures, and penalties for non-compliance.