Privacy policy
Here we will explain you about the Privacy policy of a company its importance setting up and its major points.
Privacy Policy , also called Security Terms and Conditions, is a document that explains the practices and processes adopted by a website, application or provider in relation to the privacy and security of its users.
When a person browses the internet, he is constantly providing personal data such as documents, addresses and browsing history. These data are very important for companies and can help to maintain a relationship with the customer, identify habits and behaviors of consumption and interaction , among other things.
However, it is important to keep in mind that personal data are sensitive elements, so they need to be handled responsibly and transparently.
In this way, the privacy policy works as an agreement between the company and the user . Thus, the document provides information on how the organization obtains, uses, stores, disposes and protects the personal data it collects, in order to offer more transparency to the user.
Therefore, the function of the privacy policy is to clarify how this data will be used and for what purpose , informing the rights and duties of the company and guaranteeing the acceptance of the terms by the user.
How important is the privacy policy?
The privacy policy works as a transparency tool between the company and the user . In this way, organizations that make the document available generate more credibility and trust. Furthermore, preparing it has other advantages for the organization, as we will see below.
1-Compliance with rules and regulations
In addition to being an ethical issue, there are legal obligations regarding the transparency of data use . The Consumer Defense Code already provides, since 1990, the special treatment of companies on customer information, prohibiting, for example, the transfer of information between companies.
In 2014, with the Marco Civil da Internet , the legislation gained a specific regulation aimed at the virtual world, in which it establishes rights and guarantees for the user, in addition to responsibility rules for organizations .
Thus, it was determined that the information could only be used for purposes that justify its collection and that are not prohibited by law.
The new General Data Protection Law (LGPD) , enacted in 2018, reinforces what was already provided for in the Marco Civil and establishes the Principle of Transparency , which determines that companies provide data subjects with clear, accurate and easily accessible information about the operations and practices carried out with the information.
2-Users’ perception of security
Having a privacy policy is also a strategic measure to ensure a competitive edge in the market. After all, it’s a way to show that the organization is trustworthy. Privacy policy of a company
To better understand this factor, just remember some recent instances of security breaches and data leaks. After this type of exposure, the user is much more apprehensive about trusting websites, platforms and apps that do not have an adequate information protection policy.
Thus, in an increasingly competitive market, in which many businesses take place virtually, the privacy policy changes the user’s perception and ensures more trust to the company.
3-Information leakage prevention
From the moment that companies turn their attention to the creation of terms and conditions of privacy, they also end up generating internal rules that regulate these relationships .
In this sense, if there is a document that determines the rights and duties of each party, it is necessary to take the necessary measures to put it into practice.
In this way, the implementation of the policy ends up reflecting more security in the protocols , confidentiality in contracts and respect for the rights of users, which helps to prevent information leaks.
How to set up a privacy policy?
So far, we understand what a privacy policy is, but after all, how to set up yours and guarantee more transparency to users? Here are some important tips that are worth checking out.
1-Understand your business model
It’s no use just copying a privacy policy from another site if that information doesn’t make sense for your business. An e-commerce, a social network and a recruitment and selection platform, for example, collect completely different information. Thus, it is necessary to write a policy consistent with the type of information exchanged .
2-Respect the legislation in your sector
In addition to the Consumer Defense Code and the Marco Civil da Internet, there are other legislations that regulate data collection. In the case of the financial sector, for example, it is necessary to keep an eye on what the Central Bank says. So, don’t forget to check if there are specific standards in your industry .
3-Use simple and accessible language
One of the main rules when writing a privacy policy is to keep language that is easy for all audiences to understand . Therefore, avoid, for example, complicated legal terms and try to be as human language. The objective, clear and transparent as possible.
4-Know your users’ concerns
A good way to determine what information will be used in the policy is to understand users’ key concerns. By knowing your audience well, it’s easier to establish policies and inform them correctly.
5-Collect and save only what is needed
As we have seen, the Marco Civil da Internet establishes that obtaining data that exceeds the need may be considered inappropriate . Therefore, ideally, you should collect and store only the information that will be really useful.
So keep in mind that the more data you have, the more responsibility you have should a security breach occur.
What major points should be included in the privacy policy?
When writing the document, it is important to establish some main points, informing how the data collection and storage of each of them will be. Below, we list the main aspects that need to be included in the document, if they apply to your business.
1-Personally identifiable information
Identification data is not limited to the user’s first and last name . Today, with platforms becoming more connected, there are several important data that need to be treated with care and confidentiality. Among them are:
- identity document;
- CPF;
- email;
- telephone;
- username;
- personal image;
- IP (internet protocol) number.
2-Address
Another piece of data that needs attention is the user’s address. This type of information is not only collected by online stores, but also by companies that provide services and need to issue tax documents .
3-Bank data
Other information collected by online stores, websites and apps is bank details, such as credit card and account information for automatic debit. Today, bank details are one of the most sensitive user information , so they need to be included in the privacy policy.
4-Navigation patterns and cookies
Cookies are a kind of browsing history that allow a refinement of advertising suggested to the user. Through them, it is possible to identify interests and offer the public exactly what they are looking for.