Building trust with website visitors is very important for any site, but for an e-commerce store, it’s even more crucial.
Including a Privacy Policy not only builds trust with your customers, but it also ensures that you stay in line with your legal obligations.
So while you may not think your e-commerce store needs a Privacy Policy, it most definitely does.
First, we’ll go through the law that you need to comply with, then look at how you can comply.
What’s the law?
If you are based in the US, there is no general privacy law or data protection law for e-commerce stores or websites. However, the California Online Privacy Protection Act of 2003 (CalOPPA) requires that operators of commercial websites are required to display a Privacy Policy.
This legal agreement must detail:
- The kinds of information gathered (by your website)
- How the information may be shared or disclosed
- The process your customers can follow to review and change the information you have on them
- The policy’s effective date and a description of any changes since then
If you are based in the US, it’s highly likely that you have Californian customers, so it’s important to comply with the Californian state law.
In the EU, the strict GDPR requires any entity that collects or processes personal information from an individual located in an EU member state provides a Privacy Policy with some specific clauses and content.
This far-reaching law has a global reach. What matters isn’t where your business is located, but rather where your users are located.
The GDPR also ups the requirements for obtaining consent to use personal information in some ways. Websites that use cookies must include a cookie consent notice and get consent before placing most cookies. Cookies are common with ecommerce stores since they’ll help store shopping cart information while people shop.
If you sell to people in the EU, you’re going to need a Privacy Policy and a cookie consent notice.
Canadian law is also similar, with their laws contained in the Personal Information Protection and Electronic Documents Act 2000> (PIPEDA). PIPEDA requires organizations to:
- Obtain consent when they collect, use or disclose customer personal information
- Supply customers with a product or a service even if they refuse consent for the collection, use or disclosure of personal information, unless that information is essential to the transaction
- Collect information by fair and lawful means
- Have personal information policies that are clear, understandable and readily available
Not only do laws around the world require Privacy Policies, but a lot of ecommerce platforms require a Privacy Policy be included in its stores, such as Shopify’s requirements.
Now let’s look at what types of information you may be collecting, and how you can comply with the above laws.
