Do you know what a privacy policy is and why its development is so important to organizations? For a long time, this document was ignored on websites, applications and platforms. However, with the new General Data Protection Law , the term gained greater prominence and importance to ensure more transparency to users. Privacy policy of a company
But after all, how to prepare this document and what information cannot be missing? Solids explains everything about the subject in this post. Check out!
What is a privacy policy?
Privacy Policy , also called Security Terms and Conditions, is a document that explains the practices and processes adopted by a website, application or provider in relation to the privacy and security of its users.
When a person browses the internet, he is constantly providing personal data such as documents, addresses and browsing history. These data are very important for companies and can help to maintain a relationship with the customer, identify habits and behaviors of consumption and interaction , among other things.
However, it is important to keep in mind that personal data are sensitive elements, so they need to be handled responsibly and transparently.
In this way, the privacy policy works as an agreement between the company and the user . Thus, the document provides information on how the organization obtains, uses, stores, disposes and protects the personal data it collects, in order to offer more transparency to the user.
Therefore, the function of the privacy policy is to clarify how this data will be used and for what purpose , informing the rights and duties of the company and guaranteeing the acceptance of the terms by the user. Privacy policy of a company
How important is the privacy policy?
The privacy policy works as a transparency tool between the company and the user . In this way, organizations that make the document available generate more credibility and trust. Furthermore, preparing it has other advantages for the organization, as we will see below.
Compliance with rules and regulations
In addition to being an ethical issue, there are legal obligations regarding the transparency of data use . The Consumer Defense Code already provides, since 1990, the special treatment of companies on customer information, prohibiting, for example, the transfer of information between companies.
In 2014, with the Marco Civil da Internet , the legislation gained a specific regulation aimed at the virtual world, in which it establishes rights and guarantees for the user, in addition to responsibility rules for organizations .
Thus, it was determined that the information could only be used for purposes that justify its collection and that are not prohibited by law.
The new General Data Protection Law (LGPD) , enacted in 2018, reinforces what was already provided for in the Marco Civil and establishes the Principle of Transparency , which determines that companies provide data subjects with clear, accurate and easily accessible information about the operations and practices carried out with the information.
Users’ perception of security
Having a privacy policy is also a strategic measure to ensure a competitive edge in the market. After all, it’s a way to show that the organization is trustworthy. Privacy policy of a company
To better understand this factor, just remember some recent instances of security breaches and data leaks. After this type of exposure, the user is much more apprehensive about trusting websites, platforms and apps that do not have an adequate information protection policy.
Thus, in an increasingly competitive market, in which many businesses take place virtually, the privacy policy changes the user’s perception and ensures more trust to the company.
Information leakage prevention
From the moment that companies turn their attention to the creation of terms and conditions of privacy, they also end up generating internal rules that regulate these relationships .
In this sense, if there is a document that determines the rights and duties of each party, it is necessary to take the necessary measures to put it into practice.
In this way, the implementation of the policy ends up reflecting more security in the protocols , confidentiality in contracts and respect for the rights of users, which helps to prevent information leaks.
How to set up a privacy policy?
So far, we understand what a privacy policy is, but after all, how to set up yours and guarantee more transparency to users? Here are some important tips that are worth checking out.
Understand your business model
It’s no use just copying a privacy policy from another site if that information doesn’t make sense for your business. An e-commerce, a social network and a recruitment and selection platform, for example, collect completely different information. Thus, it is necessary to write a policy consistent with the type of information exchanged .
Respect the legislation in your sector
In addition to the Consumer Defense Code and the Marco Civil da Internet, there are other legislations that regulate data collection. In the case of the financial sector, for example, it is necessary to keep an eye on what the Central Bank says. So, don’t forget to check if there are specific standards in your industry . Privacy policy of a company
Use simple and accessible language
One of the main rules when writing a privacy policy is to keep language that is easy for all audiences to understand . Therefore, avoid, for example, complicated legal terms and try to be as objective, clear and transparent as possible.
Know your users’ concerns
A good way to determine what information will be used in the policy is to understand users’ key concerns. By knowing your audience well, it’s easier to establish policies and inform them correctly.
Collect and save only what is needed
As we have seen, the Marco Civil da Internet establishes that obtaining data that exceeds the need may be considered inappropriate . Therefore, ideally, you should collect and store only the information that will be really useful.
So keep in mind that the more data you have, the more responsibility you have should a security breach occur.
What points should be included in the privacy policy?
When writing the document, it is important to establish some main points, informing how the data collection and storage of each of them will be. Below, we list the main aspects that need to be included in the document, if they apply to your business.
Personally identifiable information
Identification data is not limited to the user’s first and last name . Today, with platforms becoming more connected, there are several important data that need to be treated with care and confidentiality. Among them are: Privacy policy of a company
- identity document;
- CPF;
- email;
- telephone;
- username;
- personal image;
- IP (internet protocol) number.
Address
Another piece of data that needs attention is the user’s address. This type of information is not only collected by online stores, but also by companies that provide services and need to issue tax documents .
Bank data
Other information collected by online stores, websites and apps is bank details, such as credit card and account information for automatic debit. Today, bank details are one of the most sensitive user information , so they need to be included in the privacy policy.
Navigation patterns and cookies
Cookies are a kind of browsing history that allow a refinement of advertising suggested to the user. Through them, it is possible to identify interests and offer the public exactly what they are looking for.
How does the privacy policy relate to the LGPD?
As we have seen, the LGPD came to reinforce the Marco Civil information and established as a norm that companies should provide information on the use of collected and stored data .
Thus, it made it mandatory to create a clear and complete privacy policy, as well as the implementation of other adjustments. But having this document on your website is not enough, it needs to be easily accessible and in accordance with the transparency requirements of the new law. Privacy policy of a company
Implementing the LGPD is extremely important for companies that rely on websites, applications and social networks. The deadline for regularization was January 2021, however, the penalties for those who do not comply with the new law will start to apply from August .
What is the relationship between privacy policy and HR?
Many people believe that the privacy policy and the LGPD only relate to online stores, but that’s not quite the case. All areas end up collecting important information about people, including HR .
In this context, think of all the information collected from candidates during a recruitment and selection process or the amount of information the department has about the company’s employees, for example.
All this data must be treated with responsibility and confidentiality . Therefore, drawing up a privacy policy is essential to give more credibility and security to professionals, maintaining a transparent relationship .
In conclusion, the privacy policy is an important document to inform users about practices and uses of data collected on a website, application or platform. Therefore, this term must be drafted carefully and in a clear and accessible way to report transparently.
