The
TRUSTe Model Privacy Statement
Developing
your company’s privacy statement is a critical stage in understanding and
articulating your corporate policies. For many companies, drafting a privacy
statement kick starts a corporate-wide understanding of how individual data is
used and, more importantly, initiates a conversation about how to build trust
with consumers.
Unfortunately,
there is no single “ideal” privacy statement – by definition, they vary from
company to company and must be tailored to highlight specific practices. That
being said, TRUSTe has identified several common themes that, in our
experience, have emerged as “best practices” for a privacy statement.
The
following Model Privacy Statement serves as a template, prompting you to
consider important points in your information gathering policy and practices.
Before we begin, keep in mind a couple of key points:
1.
Say what you do; Do
what you say – The Golden Rule in privacy statements is “Do Not Lie.” The only
thing worse than not posting a privacy statement is to fraudulently claim a
certain business practice. State and federal governments do not look kindly on
companies that claim one set of practices, and follow another.
1.
Tailor the Model
Privacy Statement – The following model will provide you with resources to
begin developing your own privacy statement, but you should be sure not to
simply cut and paste. Use it as a starting point to create a statement tailored
to your specific practices.
1.
Privacy Statements are
not Disclaimers – The communication of your company’s privacy practices should
express what is actually happening on the site, not what may happen, has happened
or is planned for the future. In some cases, informing your users of the
information gathering your company’s site does not practice may be more
effective.
1.
Re-visit your privacy
statement frequently – A privacy statement is a living document, designed to
clearly communicate your company’s privacy practices, which, for many
companies, change over time. Make sure you revisit your posted privacy
statement to make sure it truly reflects your current practices.
1.
Communicate your
privacy practices to your entire company – In order to avoid information spills
it is important to make sure that your entire company is aware of the policies
within your privacy statement.
Throughout this model privacy
statement TRUSTe uses [bracketed] language in order to provoke thought on a
specific privacy practice or present language options that will help you ensure
your privacy statement matches your business model and actual practices.
Creating
a clear and accurate statement helps your company in its efforts to build loyal
relationships with its users by providing your customers with the information
they need to trust you with their personal information. We hope you find this
Model Privacy Statement useful in your quest to build trust with your
customers. If you have any specific questions, do not hesitate to contact us by
email at
businessdevelopment@truste.org
bizdev@truste.org
.
Additional Steps for
Protecting Children Online
There
are additional requirements and elements needed beyond a model privacy
statement, in order to address children’s online privacy issues. Please visit
the
Children’s Privacy Seal
section
of our Web site for more information on how to make your Web site safer for
kids and compliant with the Children’s Online Privacy Protection Act.
MODEL
PRIVACY STATEMENT
[
Electronic Commerce ASNAME
OF COMPANY/SITE
]
(Ltd.) is a
licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit
organization whose mission is to enable individuals and organizations to
establish trusting relationships based on respect for personal identity and
information by promoting the use of fair information practices. This
privacy statement covers the site
[
wwwWWW
.InternetMarketPortalURL
OFSITE
.comCOM]
. Because this Web site wants to demonstrate its commitment to our
users’ privacy, it has agreed to disclose its information practices and have
its privacy practices reviewed for compliance by TRUSTe.
1. What
personally identifiable information
[NAME
OF COMPANY
Electronic Commerce AS]
collects.
2. What personally identifiable information third parties collect through the Web site.
3. What organization collects the information.
4. How
Electronic
Commerce AS [
NAME OF COMPANY
]
uses the information.
5. With
whom
Electronic
Commerce AS [NAME OF COMPANY]
may share user information.
6. What choices are available to users regarding collection, use and distribution of the information.
7. What
types of security procedures are in place to protect the loss, misuse or
alteration of information under
Electronic Commerce AS
[NAME OF COMPANY]
control.
8. How
users can correct any inaccuracies in the information.
If users have questions or concerns
regarding this statement, they should first contact [Mr. T. SaetherNAME
OF INDIVIDUAL
,
Customer SupportDEPARTMENT
OR GROUP RESPONSIBLE FOR INQUIRIES
]
by
[CONTACT INFORMATION:
email e.com@mail.comEMAIL
. ,
PHONE, POSTAL MAIL]
If they do not receive acknowledgment of their inquiry or their inquiry
is not satisfactorily addressed, they should then contact TRUSTe through the
TRUSTe
Watchdog Dispute Resolution Process (http://www.truste.org/users/users_watchdog.php
http://www.truste.org/users/users_watchdog_intro.html
). TRUSTe will serve as a liaison with the Web site
to resolve users concerns.
[
Include
this Software Disclaimer as the last sentence in the TRUSTe opening statement
if the site has a downloadable software application or applet:
The
TRUSTe program covers only information that is collected through this Web site,
and does not cover information that may be collected through software
downloaded from the site. By displaying the TRUSTe trustmark, [NAME OF SITE]
has agreed to notify users of:]
Information
Collection and Use
Information Collection
Electronic Commerce AS
[NAME
OF COMPANY]
is the sole owner of the information collected on www.InternetMarketPortal.com
[NAME
OF SITE]
. Electronic Commerce AS
[NAME OF COMPANY]
collects information from our users at several different points on our Web
site.
Registration
In order to use
“my favorite Site facilities” ofthis
Web site, a user must first complete the registration form. During registration a user
[
is required to]
give[s]
contact information (such as name and email address). We use this information
to contact the user about services on our site for which he has expressed
interest. UIt
is optional for the user to provide demographic information (such as income
level and gender), and u
nique identifiers (such as, username and password) must be
, but encouraged so we can
provide
to give a
more personalized experience on our site. We also require a user’s soci
al
security number to provide [include service type here.] [
TRUSTe recommends you only collect a social
security number when it is a required identifier for performing the site’s
service.
]
Order
We request information from the user on our order form. A user must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date). This information is used for billing purposes and to fill customer’s orders. If we have trouble processing an order, the information is used to contact the user.
Information Use
[
This paragraph should
elaborate on the actual ‘use’ of the information. For instance, the service the site performs should be
incorporated here. Also, a discussion
of the use of aggregate information should be disclosed here as well. Be as specific as possible, without being
contingent. Avoid ‘we may do this’ ‘we
might do that’ type of language
.]
Profile
We store information that we collect through cookies,
log files, clear gifs, and/or third parties to create a profile of our
users. A profile is stored information
that we keep on individual users that details their viewing preferences. Consequently, collected information is tied
to the users personally identifiable information to provide offers and improve
the content of the site for the user. This profile is used to tailor a user’s visit
to our Web site, and to direct pertinent marketing promotions to them. We
[
do not
]
share your profile with other third parties.
[Your profile is shared in aggregate form
only.] [Your profile is shared together with your personally identifiable
information.]
Cookies
A cookie
is a piece of data stored on the user’s computer tied to information about the
user.
[
Usage of
a cookie is in no way linked to any personally identifiable information while
on our site.
]
We use
[
both
]
session ID cookies
[
and
]
persistent cookies. For the session ID
cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file
stored on the user’s hard drive for an extended period of time. Persistent
cookies can be removed by following Internet browser help file directions.
[Provide a link to information on cookies.]
[Explain
how cookies are used on your Web site.]
By setting a cookie on our
site, users would not have to log in a password more than once, thereby saving
time while on our site. If users reject
the cookie, they may still use our site
. The only drawback to this is that the user
will be limited in some areas of our site.
For example, [the user will not be able to participate in any of our
sweepstakes, contests or monthly drawings that take place.] Persistent cookies
enable us to track and target the interests of our users to enhance the
experience on our site. See the
“Profile” section.
Some
of our business partners use cookies on our site (for example,
advertisers). However, we have no
access to or control over these cookies, once we have given permission for them
to set cookies for advertising.
Third Party
Advertising
The ads appearing
on this Web site are delivered to users by [THIRD PARTY AD
SERVER NAME],
our Web advertising
partners and advertisers.
Information about users’ visit to this site, such as number of times they have
viewed an ad (but not user name, address, or other personal information), is
used to serve ads to users on this site.
For more information
about [THIRD PARTY AD SERVER NAME], cookies, and how to "opt-out",
please
click here
[LINK TO: THIRD PARTY AD SERVER PRIVACY STATEMENT].
This privacy statement
covers the use of cookies by [
Internet Market Portal
NAME OF SITE
]
(this site) only
and does not cover the use of cookies by any advertisers.
Log Files
Like most standard Web site
servers we use log files.
This includes internet protocol (IP) addresses, browser type, internet service provider
(ISP), referring/exit pages, platform type, date/time stamp, and number of
clicks to analyze trends, administer the site, track user’s movement in the
aggregate, and gather broad demographic information for aggregate use. IP
addresses, etc. are not linked to personally identifiable information. [IP addresses are tied to personally
identifiable information to enable our Web-based service.]
[We use a tracking
utility called [XXXX] that uses log files to analyze user
movement.][Webtrendslive users may have further obligations of particular
language per their license with Webtrendslive. See your license agreement.]
[See the Profil
e section below.]
Clear Gifs (Web Beacons/Web Bugs)
We employ [or our
third party advertising company employs] a software technology called clear gifs
(a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site
by informing us what content is effective.
Clear gifs are tiny graphics with a unique identifier, similar in
function to cookies, and are used to track the online movements of Web users.
The main difference between the two is that clear gifs are invisible on the
page and are much smaller, about the size of the period at the end of this
sentence. [Clear gifs are tied to users’ personally identifiable information.]
[Clear gifs are not tied to users’ personally identifiable information.]
Clear Gifs can
"work with" existing cookies on a computer if they are both from the
same Web site or advertising company.
That means, for example, that if a person visited “www.companyX.com”, which
uses an advertising company's clear gif, the Web site [or advertising company]
would match the clear gif's identifier and the advertising company's cookie ID
number, to show the past online behavior for that computer. This collected
information would then be given to the advertising company [or Web site]. To learn more about our advertising
company’s use of clear gifs, please go to [NAME OF ADVERTISER’S SITE.]
In addition, we use
clear gifs in our HTML-based emails to let us know which emails have been
opened by the recipients. This allows
us to gauge the effectiveness of certain communications and the effectiveness
of our marketing campaigns. If users
would like to opt-out of these emails, please see the Opt-out section.
Communications from the Site
Special
Offers and Updates
We
send all new members a welcoming email to verify password and username.
Established members will occasionally receive information on products,
services, special deals, and a newsletter. Out of respect for the privacy of our
users we present the option to not receive these types of communications.
Please see the Choice and Opt-out sections.
Newsletter
If
a user wishes to subscribe to our newsletter, we ask for contact information
such as name and email address. Out of
respect for our users privacy we provide a way to opt-out of these
communications. Please see the Choice
and Opt-out sections.
Service
Announcements
On
rare occasions it is necessary to send out a strictly service related
announcement. For instance, if our
service is temporarily suspended for maintenance we might send users an
email. Generally, users may not opt-out
of these communications, though they can deactivate their account. However, these communications are not
promotional in nature.
[Users may
opt-out of these communications. Please see our Choice and Opt-out section.]
Customer
Service
We communicate with users on a
regular basis to provide requested services and in regards to issues relating
to their account we reply via email. or
phone, in accordance with the users wishes.
Sharing
Legal
Disclaimer
Though
we make every effort to preserve user privacy, we may need to disclose personal
information when required by law wherein we have a good-faith belief that such
action is necessary to comply with a current judicial proceeding, a court order
or legal process served on our Web site.
Aggregate
Information (non-personally identifiable)
We do not share
aggregated demographic information with our partners and advertisers.
[
Describe the sharing practices of what
your
site does, but be specific in your relationship with these third parties.
]
This is not linked to any personally identifiable information.
Third
Party Advertisers
[NAME OF COMPANY] shares
Web site usage information about users with a reputable third party [NAME OF
THIRD PARTY] for the purpose of targeting our Internet banner advertisements on
this site and other sites. For example,
[NAME OF COMPANY] uses cookies and clear GIFs on this site, which allow them to
recognize a user's cookie when a user visits this site. The information they
collect and share through this technology is not personally identifiable. For more information about our third-party
advertiser or for choices about not having this anonymous information used
please
click here
[LINK TO: ADSERVER PRIVACY POLICY/OPT OUT].
These are the instances in
which we will share users’ personal information:
[We Share Personal
Information][
We DO NOT Share Personal Information with Third
Parties.
]
[
Specifically describe
any sharing of personally identifiable information. For example, describe
actual practices where the site is sharing personally identifiable information.
Include sharing scenarios where the partner can dispose of the information
either in the manner that they see fit, or where the partner can use the
personal information for a limited circumstance or series of limited
circumstances. Another example might include sharing with parent
companies, subsidiaries or affiliated companies for reasons other than
corporate record keeping purposes. Typically these kinds of sharing
arrangements occur when the third party will then own or control the customer
relationship. Below are some examples of the different types of relationships
or situations involving sharing personal information with third parties that
may exist. Keep in mind that sharing personally identifiable information for
secondary purposes, must incorporate an opt-out prior to the sharing.
]
Third
Party Intermediaries
We
use an outside shipping company to ship orders, and a credit card processing
company to bill users for goods and services. These companies do not retain,
share, store or use personally identifiable information for any secondary
purposes.
Service
Providers
We
partner with other third parties [ANOTHER PARTY’S NAME]
to provide specific
services. [For example, XXXX] When the
user signs up for these particular services, we share names, or other contact
information [specify what information is being shared with the third party
service provider] that is necessary for the third party to provide these
services. These third parties are not
allowed to use personally identifiable information except for the purpose of
providing these services.
Business
Transitions
In
the event Electronic
Commerce AS
[NAME OF COMPANY]
goes through a
business transition, such as a merger, being acquired by another company, or
selling a portion of its assets, users’ personal information will, in most
instances, be part of the assets transferred.
Users will be notified via
[
email
]
[
prominent
notice on our Web site for 30 days
]
prior
to a change of ownership or control of their personal information. If as a
result of the business transition, the users’ personally identifiable information
will be used in a manner different from that stated at the time of collection
they will be given choice consistent with our notification of changes section.
Choice/Opt-out
Our
users are given the opportunity to ‘opt-out’ of having their information used
for purposes not directly related to our site at the point where we ask for
information. For example, our order
form has an ‘opt-out’ mechanism so users who buy a product from us, but don’t
want any marketing material, can keep their email address off of our
lists.
Users
who no longer wish to receive our newsletter and promotional communications may
opt-out of receiving these communications by replying to unsubscribe in the
subject line in the email or email us at e.com@mail.com.
[EMAIL ADDRESS] [We also offer an opt-out mechanism on the
[MEMBER INFORMATION
PAGES] or the user
may contact us at [PHONE] [EMAIL] or [POSTAL MAIL] to opt-out.]
Users
of our site are always notified when their information is being collected by
any outside parties. We do this so our
users can make an informed choice as to whether or not they should proceed with
services that require an outside party.
Links
This
Web site contains links to other sites. Please be aware that we, Electronic Commerce AS
[NAME
OF COMPANY]
, are not responsible for the privacy practices of such
other sites. We encourage our users to
be aware when they leave our site and to read the privacy statements of each
and every Web site that collects personally identifiable information. This privacy statement applies solely to
information collected by this Web site.
[
Discuss co-branding
and/or framing relations where the user may not know who is collecting the
information
].
Surveys [&
Contests]
[
From
time-to-time
]
our site requests information from users
via surveys or contests. Participation
in these surveys or contests is completely voluntary and the user therefore has
a choice whether or not to disclose this information. The requested information typically includes contact information
(such as name and shipping address), and demographic information (such as zip
code). Contact information will be used
[shared with the contest [survey] sponsors]
to notify the winners
and award prizes.
[Anonymous]
Survey information will be used for purposes of monitoring or
improving the use and satisfaction of this site. Users’ personally identifiable information is not shared with
third parties unless we give prior notice and choice. Though we may use an
intermediary to conduct these surveys or contests, they may not use users’
personally identifiable information for any secondary purposes.
Tell-A-Friend
If a user elects to use our
referral service for informing a friend about our site, we ask them for the
friend’s name and email address. Electronic
Commerce AS[NAME OF COMPANY]
will automatically send the friend a one-time email inviting them to visit the
site. Electronic Commerce AS[NAME OF COMPANY]
stores
[or
does not store]
this information for the sole purpose of sending this one-time email [and tracking the success of
our referral program]
. The friend may contact
Electronic
Commerce AS[NAME OF COMPANY]
at
e.com@mail.com[INSERT
URL OR EMAIL ADDRESS]
to request the removal of this information from our database.
Security
This Web site takes every precaution to protect our
users’ information. When users submit
sensitive information via the Web site, their information is protected both
online and off-line.
When our registration/order form asks users to enter
sensitive information (such as credit card number and/or social
security number
), that information is encrypted and is protected
with the best encryption software in the industry - SSL. While on a secure page, such as our order
form, the lock icon on the bottom of Web browsers such as Netscape Navigator
and Microsoft Internet Explorer becomes locked, as opposed to un-locked, or
open, when users are just ‘surfing’.
[To learn more about SSL, follow this link
[INSERT LINK].]
While we use SSL encryption to protect sensitive
information online, we also do everything in our power to protect
user-information off-line. All of our
users’ information, not just the sensitive information mentioned above, is
restricted in our offices. Only
employees who need the information to perform a specific job (for example, our
billing clerk or a customer service representative) are granted access to
personally identifiable information.
Our employees must use password-protected screen-savers when they leave
their desk. When they return, they must
re-enter their password to re-gain access to user information. Furthermore, ALL employees are kept
up-to-date on our security and privacy practices. Every 6 months
[quarter]
,
as well as any time new policies are added, our employees are notified and/or
reminded about the importance we place on privacy, and what they can do to
ensure our users’ information is protected.
Finally, the servers that store personally identifiable information are
in a secure environment,
[
behind a locked cage
]
[
in
a locked facility
]
.
[
Be sure that your
actual practices are reflected in this section. For example, if your employees
are updated on privacy every 6 months, then state that, rather than a statement
that is false. Another example,
must
employees use
password-protected screensavers?
]
If users have any questions about the security at our
Web site, users can send an email to e.com@mail.com
[EMAIL ADDRESS.]
Supplementation of Information
In order for this Web site to properly fulfill its
obligation to users it is necessary for us to supplement the information we
receive with information from 3rd party sources.
Credit
Check
For example, to determine if users qualify for one of
our credit cards, we use their name and social security
number
to request a credit report. Once we determine a user’s credit-worthiness, this document is
destroyed.
ID
[Address] Verification
We
use [THIRD PARTY/THIRD PARTY SOFTWARE] to verify a user’s [identity][address]
to [
state why it is
necessary to verify the user’s identity or address
].
Purchasing
History
In order for this Web site to enhance its ability
to tailor the site to a user’s preference, we combine information about the
purchasing habits of users with similar information from our partners, [COMPANY
Y & COMPANY Z], to create a personalized user profile. When a user makes a purchase from either of
these two companies, the companies [we] collect [and share] personal [and
demographic] information back with us.
Enhancement
of Marketing Profile
We purchase third party marketing data and add it
to our existing user database to better target our advertising and provide
pertinent offers we think our users would be interested in. We use this information to enhance or
overlay the ‘profile’ of individual users. This aggregate marketing data is
therefore tied to the users’ personally identifiable information. See also the “Profile.”
Correcting/Updating/Deleting/Deactivating Personal Information
If a
user’s personally identifiable information changes (such as zip code, phone,
email or postal address), or if a user no longer desires our service, we
provide a way to correct, update or delete/deactivate users’ personally
identifiable information. Update and corrections
This
can
usually
be done at the
[
member information page
]
and delete/deactivate
or
by emailing our Customer Support at
e.com@mail.com
[EMAIL ADDRESS]
.
[Or, contact us by telephone or postal mail at the contact
information listed below].
Notification of Changes
If we decide to change our privacy policy, we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected.
If, however, we are going to use users’ personally identifiable information in a manner different from that stated at the time of collection we will notify users via email. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site, or deleted/deactivated their account, then they will not be contacted, nor will their personal information be used in this new manner. In addition, if we make any material changes in our privacy practices that do not affect user information already stored in our database, we will post a prominent notice on our Web site notifying users of the change. In some cases where we post a notice we will also email users, who have opted to receive communications from us, notifying them of the changes in our privacy practices.
Contact Information
If
users have any questions or suggestions regarding our privacy policy, please
contact us at:
Phone
Fax: +47-32832731
Email:
e.com@mail.com
Copyright 2002
ă
Electronic Commerce AS (Ltd.)
.
All rights reserved.
Postal
Address
Web
site URL [HELP DESK OR CUSTOMER SUPPORT OR PRIVACY OFFICER]