As an ecommerce business owner, you know that selling online opens up the opportunity for huge earnings as you reach more and more customers. However, as you make more sales, you also collect a massive amount of customer data that you’re responsible for protecting.
Online stores almost always collect personal details from their customers, so essentially every store needs a policy. This document will act like a contract between your website users and your business that states your role and sets expectations.
Then there are laws at the state level. For example, the CalOPPA (California Online Privacy Protection Act) law protects personal data that a website collects from residents of California. Since most businesses hope to sell to Californians, they must comply with this law, which means people from other states reap the benefits.
Your policy will be unique to your business depending on the customers you serve, what you sell, how you obtain payment information, how you process payments, how you advertise, and more. Below are key elements that you should include.
1. Type of Information Collected
First, state what kind of information you gather from your website’s visitors and customers. Be specific and state exactly what you collect. For example:
- Physical address
- Credit card details
- Social security number
- Website login information
- IP address
2. Why and How You Collect Data
It’s important to discuss why and how you gather details from your customers. For example, you can note that you collect information when the customer gives it to you themselves to create an account. Or, you may also note that you get it from a third party to improve the personalization of your service.
You should also explain why you collect the information and how you use it. For example, you might say that you collect customer emails for communication purposes.
3. Circumstances in Which You May Release Data
4. Cases Where You Share or Sell Data
For example, if you use Google AdSense, you’re allowing a third party to collect and use your customer’s information. You must clearly identify these third parties and what they do with user data.
5. Cookie Policies
6. Protection of Data
Customers often read privacy policies to ensure that your business is properly protecting their information. Be sure to include a description of what security measures you’ve put in place to protect against data breaches.
7. Options to View or Modify Information
8. Age Limits
9. Business Transfers
10. Contact Information
You may also utilize a DIY template, like the one we provide below. This can help you organize each section, find the proper wording, and avoid missing any key elements. With templates, you just need to plug in your information and double-check that you’re not missing any sections that are unique to your business.
Last updated: [ADD DATE]
COLLECTION OF INFORMATION
We may collect your information in several ways. Information we may collect includes:
Personally identifiable information, such as your name:
- Shipping address
- Email address
- Telephone number
We may collect this data when you give it to us voluntarily by registering on the Site and when you partake in activities related to the Site. You are not required to give us any personal information, but your refusal to do so may limit certain features of the Site.
Our servers automatically gather some information when you access the Site, such as your access times, IP address, browser type, operating system, and the webpages you view directly before and after accessing the Site.
Data From Social Networks
We may collect user information from social networking sites, such as [SOCIAL NETWORKING SITE NAMES], including your name, profile picture, username, gender, location, birth date, public data for contacts, and email address if you choose to connect your account to such social networks.
Mobile Device Data
If you access our Site via a mobile device, we may collect device information, including your mobile device ID, model, manufacturer, and device location information.
If you connect your account to a third party and grant the Site permission to access this information, we may collect personal data from the third party.
Collecting your information allows us to provide you with an efficient and personalized experience. We may use information collected about you to:
- Create and manage your account.
- Email you regarding your order or account.
- Provide promotions and contests.
- Offer products, services, and/or suggestions to you.
- Assist law enforcement and respond to subpoenas.
- Gather anonymous statistical data for analysis internally or with third parties.
- Deliver targeted advertising, newsletters, or other information regarding promotions and the Site to you.
- Enable user-to-user communications.
- Fulfill and manage purchases, payments, and transactions via the Site.
- Develop a personal profile to personalize your future visits to the Site.
- Increase the efficiency and operation of the Site.
- Notify you of updates to the Site.
- Perform other business activities as needed.
- Prevent fraudulent transactions, theft, and criminal activity.
We may share your information in certain cases. We may disclose your data as follows:
By Law or to Protect Rights
If the release of information about you is required to respond to legal process, investigate or correct potential violations of our policies, or protect the rights and safety of others, we may release your information as permitted or required by any relevant law or regulation. This includes sharing information with other entities for credit risk reduction and fraud protection.
Third-Party Service Providers
We may disclose your information with third parties that perform services for us, including payment processing, marketing services, data analysis, hosting services, and customer service.
Interactions with Other Users
If you interact with other Site users, they may see your name, profile photo, and descriptions of your activity.
When you post comments or other content to the Site, all users may view your comments. We may publicly distribute your comments outside the Site.
We may use third-party advertisers to provide ads when you visit the Site. These companies may use information about your visits that are contained in web cookies to deliver customized advertisements to you.
We may disclose your information with business partners to offer you promotions, products, or services.
Other Third Parties
We may share your data with advertisers or investors to conduct general business analysis.
Sale or Bankruptcy
Cookies and Web Beacons
We may use [COOKIES, WEB BEACONS, TRACKING PIXELS, OTHER TRACKING TECHNOLOGIES] on the Site to improve your experience. Most browsers accept cookies by default settings. You can reject or remove cookies. Such action could affect the functionality of the Site. You cannot decline web beacons, but you can make them ineffective by declining all cookies or changing your browser settings to notify you when a cookie is tendered so that you can accept or decline cookies individually.
We may also work with selected vendors such as [VENDOR NAMES], to use tracking technologies and remarketing services on the Site through first-party cookies and third-party cookies to analyze the use of the Site, study the popularity of the content, and better understand online activity. By accessing the Site, you consent to third-party vendor collection and use of your data. We encourage you to read their privacy policies and contact them if you have questions.
SECURITY OF YOUR INFORMATION
We use administrative, physical, and technical security measures to safeguard your personal information. While we have taken appropriate action to secure your personal data, no security efforts or methods of data transmission are flawless or completely impenetrable. Any information you share online can potentially be collected and misused by unauthorized parties. We cannot guarantee absolute security.
POLICY FOR CHILDREN
We do not deliberately request data from or market to children who are under the age of 13. If you are aware of any information we collected from a child under the age of 13, please contact us using the information below.
CONTROLS FOR DO-NOT-TRACK FEATURES
OPTIONS REGARDING YOUR INFORMATION
You may review or modify the information in your account or delete your account at any time by:
- Logging into your account and updating your settings
- Contacting us via the contact information below
Emails and Communications
If you wish to stop receiving emails or other communications from us, you may opt out by:
- Contacting us via the contact information below
- Logging into your account and updating your preferences in your account settings.
CALIFORNIA PRIVACY RIGHTS
California Civil Code Section 1798.83, also referred to as the “Shine The Light” law, allows users who are residents of California to request and receive information about categories of personal data (if any) we shared with third parties for direct marketing purposes, as well as the names and addresses of third parties with which we disclosed personal data in the previous calendar year. If you would like to make a request and are a California resident, please submit a written request using the contact information below. You may make this request once per year, free of charge.
If you reside in California, are under 18 years old, and have an account with the Site, you have the right to ask for the removal of unwanted data that you publicly posted. To request removal, please contact us using our contact information below. Be sure to include your account’s associated email address and state that you reside in California. We will ensure the information is not publicly displayed on the Site, but the information may not be entirely removed from our systems.
- By visiting this webapge: [CONTACT PAGE URL]
- By sending us an email: [CONTACT EMAILl]
- By calling us [PHONE NUMBER]
The Benefits of Working with Pay.com as Your Payment Service Provider
With Pay.com, privacy and security are a top priority. That’s why our system tokenizes all credit card details in transit, meaning that we never store the credit card numbers themselves on our servers. So, in the unlikely event that hackers get into our servers, they wouldn’t be able to access customer credit card numbers since just they’re not there.
Pay.com also has Level 1 PCI DSS compliance, which is the highest level of security that involves regular independent audits. We also support 3D Secure 2.0 (3DS2), which adds another layer of authentication to ensure that the person entering the credit card details is the actual cardholder.
Security aside, Pay.com makes getting paid easy. You can select from a wide variety of payment methods, including credit cards, digital wallets, payment apps, and more. You can set up a customized checkout page that looks and feels like your website, or request payments by sending direct Pay Links to your customers.
The Bottom Line
Choosing the right payment service provider is another key way you can protect sensitive customer details. By choosing Pay.com, your transactions get all of our security measures, including Level 1 DSS compliance and credit card tokenization in transit. Plus, Pay.com makes online payments simple and hassle-free. Click here to get started now!