NOTE:
The GDPR applies to any business that does one or both of the following:
- Offers products or services to citizens of the EU
- Collects personal information from citizens of the EU
Note that if you meet either of these criteria, it doesn’t matter where your business is located.
This means that a U.S.-based business that simply collects email addresses from EU citizens will be required to comply with the GDPR
GDPR Becomes Law on the 25th of May 2018.
Sample Privacy Policy
We receive, collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedback, product reviews, recommendations, and personal profile.
OR
When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. Your personal information will be used for the specific reasons stated above only.
State reasons, such as:
We collect such Non-personal and Personal Information for the following purposes:
To provide and operate the Services;
To provide our Users with ongoing customer assistance and technical support;
To be able to contact our Visitors and Users with general or personalized service-related notices and promotional messages;
To create aggregated statistical data and other aggregated and/or inferred Non-personal Information, which we or our business partners may use to provide and improve our respective services;
To comply with any applicable laws and regulations.
How do you communicate with your site visitors?
We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes, we may contact you via email, telephone, text messages, and postal mail.
How can your site visitors withdraw their consent?
If you don’t want us to process your data anymore, please contact us at [your email] or send us mail to: [your physical mailing address].
OH, BY THE WAY…
Because you might be collecting personal information from users, through Facebook’s APIs, you may need to have a Privacy Policy for your Facebook app. I am NOT up to speed with this so I would search out the facts, this could be a good place to start.
Of course, if you do NOT collect ANY data, including Email addresses or take payments or transactions via your site you may not need to do this. (But I bet you do.)
Good luck.
I feel this the first main ‘creep’ step of Governments taking control of the net.
Once we are all familiar with this, and it is accepted as the ‘norm’, the next little step will be taken chipping away the nets independence with outside regulation.
This is generally how Governments apply unpopular control over such entities.
I am sure the ROW shall be doing the same until the powers that be have total jurisdiction over the web.
Call me pessimistic, but history, recent history, is littered with such; much we accept as standard has been moulded by, what would be considered unjust if it were implemented in one foul swoop.
GDPR is an interesting legal change overall. I am curious as to the overall direction the ROW (rest of the world) is going to take in data security.