Privacy Notice–what is it?
The privacy notice is a document you present to people who visit your website, download, and use your mobile apps, install your applications, subscribe to your products and services, use your portals, etc. This is the document used to explain to your audience how you collect their information and how they can opt-out. Most data privacy laws, acts, regulations, and directives require organizations (data controllers or processors) to provide a privacy notice.
The privacy notice tells your customers, regulators, and other stakeholders what your organization does with personal information. It answers questions about the types of personal data processed, the lawful basis for processing personal data, and the data being transferred to third parties. A privacy notice must also tell users how long the organization will store their data, the user’s rights to data collected, and the privacy team’s contact information. A privacy notice is sometimes referred to as a privacy statement or a fair processing statement.
Your Personal Responsibility.
It is important to actively seek to always protect your privacy. Before you give any personal or identifiable information out, you need to learn and understand how the organization will use your personal information. It is a good personal practice to read an organization’s privacy notice before you fill out a form, install an app, subscribe to their service, use their products, or continue to browse their website. If you are unhappy with the privacy notice’s terms – or if you are told there is no written privacy notice, your best option is to STOP. At this point, it is best you consider looking for an alternate service provider that respects its customers enough to explain how it handles and protects their personal information.
Q1: What personal information is collected?
What kinds of personal information does the organization collect from you? The mere statement that they collect personal data is not enough–you need to go in more depth. Another important thing to look out for when you read a privacy notice is the exact types of personal data that the organization collects or processes.
We request the processing of personal data of visitors, such as IP address, a cookie identifier, and email address (but only if visitors request information be sent by email). We also collect non-personal data to learn how visitors found our website, what kind of device they are using, how long they stayed, which pages they visited, etc. This non-personal data is tied to a temporary identifier that is removed after the end of each browsing session.
Q2: How is the information collected?
Q3: Why is the information collected?
Does the personal information asked for seem appropriate to the transaction? For example, your name, home address, phone number, and credit card number may be necessary for making and shipping your purchase. Your household income and hobbies are not. Pay attention if a business asks for information beyond what is needed for the transaction. The purpose of the extra information should be clearly stated. Look for an opportunity to opt-out of, or say no to, giving the extra information. Consider going somewhere else if you can’t complete the transaction without giving up personal information you think is unnecessary.
Q4: How is the information used?
A privacy notice should explain how the organization collecting the personal information intends to use it. Will it be used just to complete the transaction you requested? If additional uses are intended, you should be given the opportunity to opt-out of them. For example, if the company plans to use your information to market to you, you should be given an easy way to say no to this. You should get this opportunity right up front before you receive any unwanted email ads, telemarketing calls, or mail offers.
Q5: Who will have access to the information?
Q6: What choices do you have?
Look for opportunities to opt-out of the use of your information for marketing and the sharing of your information with others. There should be an easy way to opt out, such as by calling a toll-free phone number or emailing.
Q7: Can you review or correct your personal information?
An organization may give you the opportunity to review or request changes to the personal information that it has collected from you. Look for instructions on how to do this. Many organizations allow a customer to review and request changes in the customer’s own personal information. A company that collects personal information on its consumers must describe its process for giving consumers access to their own personal information, if it has such a process, in the privacy notice posted on the site.
Q8: What security measures are used to protect your personal information?
The privacy notice should give a general description of the security measures the organization uses to keep customers’ and visitors’ personal information safe. It should also cover security safeguards that the organization requires its business partners and vendors to use.
Websites requesting personal information should use Secure Socket Layers (SSL), the industry standard for protecting private information sent over the Internet. Good security also means using strong security measures, such as encryption, to protect personal information when it’s stored on company computers. It includes technology and procedures to limit access to customers’ personal information to only those who need it to perform their duties.
Q10: Who is accountable for the organization’s privacy practices?
Author: Emmanuel K. Gadasu
(Data Protection Officer, IIPGH and Data Privacy Consultant and Practitioner at Information Governance Solutions)
For comments, contact author firstname.lastname@example.org or Mobile: +233-243913077