Generally, data and privacy laws apply to any service targeting residents of a region, which effectively means that a law may apply to your business whether it’s located in the region or not.
- Who is the site/app owner?
- What data is being collected? How is that data being collected?
- What is the Legal basis for the collection? (e.g consent, necessary for your service, legal obligation etc.) -This is more specifically related to the GDPR and EU Law, however, even if you fall outside of GDPR obligations, it’s likely that under many other legislations, you’ll still need to say why you’re processing the personal data of users.
- For which specific purposes are the data collected? Analytics? Email Marketing?
- Which third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. facebook connect)?
- Where applicable, details relating to cross-border/ overseas data transfer and which measures were put into place to facilitate this in a safe and compliant way. (This disclosure is explicitly required under EU and Australian Laws in particular. Furthermore, there are additional requirements to be met for cross-border transfers in regards to both the EU’s GDPR and Australia’s APPs)
- What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data? (under European regulations most of this is mandatory)
See our own policy here for an example of how these elements come together.
How iubenda helps you with this
iubenda generates privacy policies that work within the best-practices of various jurisdictions. With hundreds of available clauses, our privacy policies contain the all elements commonly required across many regions and services, while applying the strictest standards by default – giving you the option to fully customize as needed.
You can read full policy generator features here or simply start generating your policy now.