Security Measures in Place to Protect Data
Perhaps the most crucial clause in a Privacy Policy, website owners should give details of the security safeguards they have in place to keep customers' and visitors' personal information safe.
The industry-standard safety measure for protecting private information is the use of a Secure Socket Layers (SSL) system. With SSLs, information fed into a website by users is automatically encrypted and coded, which prevents a breach during transmission.
You're free to integrate as many security measures as you want as long as malicious parties or unrestricted personnel can't intercept or have access to user information.
Here's how Bath and Body Works explained its security measures in place. It doesn't go too technical on what they do, but its description manages to assure customers that their details are safe:
Rights of the Users
Under the EU's GDPR laws, you should also inform your users of the rights they have with their data. Under these rights, users should be able to request, update, transfer, view or erase their data (where applicable) upon request.
The GDPR outlines explicitly that the user has a right to:
- Know details about their information
- Request access to their information
- Ask you to rectify their information
- Ask you to erase their information
- Request that you refrain from processing their information (where erasure is not possible)
- Request for copies of their data
- Object to data processing
- Object to automated decision-making
How Long You Will Retain Collected Information
As a business owner, you should also let your users know how long you intend to keep their information in your database.
First and foremost, do you have a clause stating when the policy will take effect and how long you will retain personal information? Second, a Privacy Policy must give users the leeway to opt-out, clear instructions on how to do so and what options are available for users who want to opt-out.