Privacy Policy


Do you need to post a privacy policy notice on your website?

Standard 7 of BBB Accreditation Standards requires that you post a privacy policy if you conduct e-commerce on your website by allowing consumers to do either of the following:

  • Submit financial data for the purchase or sale of goods or services - such as credit card or checking account information.

  • Submit personal data for the purpose of applying for or completing commercial transactions - such as social security numbers, names of family members, or income information.


Additionally, the California Online Privacy Protection Act of 2003 requires all websites that collect any personal information from California residents to post a privacy policy. Personal information includes: names, addresses, phone numbers, email addresses, etc. If your website uses a contact form that consumers can fill out to submit or request information, then you must post a privacy policy.

There are also Federal laws that govern privacy policies for specific businesses, including: the Children’s Online Privacy Protection Act, the Gramm-Leach-Bliley Act, and the Health Insurance Portability and Accountability Act.

BBB encourages you to research and seek professional advice to determine which privacy laws may apply to your business.

Privacy policies should be posted either on the homepage or through a link found on the homepage of your website. You may wish to keep copies of earlier privacy notices as well as the dates for which they were effective.

To satisfy Standard 7 of BBB Accreditation Standards, businesses conducting e-commerce must secure sensitive data, and disclose the following on their websites:

  • What information they collect;

  • With whom it is shared;

  • How it can be corrected;

  • How it is secured;

  • How policy changes will be communicated; and

  • How to address concerns over the misuse of personal data.

 

Below is a sample privacy policy, which will attempt to provide some resources you can use in developing your privacy notice. Whatever final notice you develop is up to you and will be your responsibility to maintain, update, and adhere to. BBB does not recommend anyone set of privacy practices, nor any single privacy notice.

 IMPORTANT: Note that there is a place for your company name or URL in the first paragraph, and a place for your phone number and email address in the last paragraph. Please make sure to personalize these. You must also indicate how you will notify users of changes to the privacy policy in the “Notification of Changes” section. DO NOT simply cut-and-paste this notice as is and do not include any provisions you do not intend to follow.

 

SAMPLE PRIVACY POLICY BELOW

Please copy, paste and then customize the content below to fit your business information.

Privacy Notice

Effective Date: DATE HERE

This privacy notice discloses the privacy practices for (website address). This privacy notice applies solely to information collected by this website, except where stated otherwise. It will notify you of the following:

  • What information we collect;

  • With whom it is shared;

  • How it can be corrected;

  • How it is secured;

  • How policy changes will be communicated; and

  • How to address concerns over misuse of personal data.

 

Information Collection, Use, and Sharing 

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g., to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information 

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number provided on our website:

  • See what data we have about you, if any.

  • Change/correct any data we have about you.

  • Have us delete any data we have about you.

  • Express any concern you have about our use of your data.

 

Security 

We take precautions to protect your information. When you submit sensitive information via the website, your information is protected both online and offline.

Wherever we collect sensitive information (such as credit card data), that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a closed lock icon at the bottom of your web browser, or looking for "https" at the beginning of the address of the web page.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (e.g, billing or customer service) are granted access to personally identifiable information. The computers/servers on which we store personally identifiable information are kept in a secure environment.

 Notification of Changes

Whenever material changes are made to the privacy notice specify how you will notify consumers.

Other Provisions as Required by Law

Numerous other provisions and/or practices may be required as a result of laws, international treaties, or industry practices. It is up to you to determine what additional practices must be followed and/or what additional disclosures are required. Please take special notice of the California Online Privacy Protection Act (CalOPPA), which is frequently amended and now includes a disclosure requirement for “Do Not Track” signals.

If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at XXX YYY-ZZZZ or via email.