If you've ever tried in vain to find a way to directly contact a business only to discover that they have no contact information listed on their website, then you know how frustrating the experience can be.
It is considered a general customer service best practice for every online business to provide easy-to-access contact details for customers and clients. However, this is not the only reason you should post your business's contact details.
When it comes to online privacy, some contact information is required by law to be listed in your Privacy Policy.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
You'll be able to instantly access and download your new Privacy Policy.
Although not every international privacy regulation requires public contact details, the laws that do exist will likely apply to your business.
Any business in the world that collects personal information from people in the EU (even if it's just an IP address) will be required to comply with the following General Data Protection Regulation (GDPR) Privacy Policy stipulations:
Let's take a look at each stipulation and how to satisfy it.
1. List the physical location where consumer data is being stored and processed
EU residents, often referred to as data subjects, have the right to be informed of where their personal information is being stored and processed. For this reason, it is required that you include the name and physical location of your business in your Privacy Policy.
This is usually disclosed at the very top of the policy, as demonstrated by Workable:
2. State the contact details of both the data controller and the data processors, if applicable
The data controller and the data processor could be one and the same entity or, in most cases, two different companies. For example, if your business collects personal information directly from customers and uses that same data to send its own marketing messages and advertising, then you are both the data controller and the data processor.
In this case it is only necessary to publish your own contact information as the data controller, as does Workable in this example:
Note that the contact details aren't in this sentence, but because they're in the previous paragraph in Workable's Privacy Policy (as seen in the earlier example screenshot), this will be sufficient.
On the other hand, many businesses use third-party services like Google Adwords or Facebook Ads that process customer information in order to provide analytical and advertising services. If this is the case, then you would also be required to list the names and locations of the third-party organizations you contract to process your user data.
You can see a simple way to fulfill this requirement within the Celonis Privacy Policy:
In this paragraph, Celonis lists Facebook as a data processor. It make sure to state Facebook's postal address as well as a link to Facebook's Privacy Policy so that data subjects understand who, where, and how their data is being processed.
3. Post the contact details of the Data Protection Officer, if applicable.
If your business requires the appointment of a Data Protection Officer (DPO), you'll need to include their contact information within the Privacy Policy. This could be as simple as an email address, such as in the Mailchimp Privacy Policy:
Other entities, like Nestlé, prefer to include a physical mailing address as well:
4. Post the contact details of your European Representative, if applicable
For businesses located outside of the European Union, a European Representative may need to be appointed as a point of contact for EU data subjects and supervisory authorities. This is another requirement that may not apply to every non-EU based business.
In general, if your business only does occasional processing of EU user data, and doesn't deal with sensitive or crime-related categories of data, your business probably won't need one.
However, as always when dealing with the GDPR, it is better to be safe than sorry. In the case that you do appoint an EU-based representative, you will need to list their information in your Privacy Policy as a point-of-contact for EU residents.
Here's how Product Hunt lists both a physical and email address for its EU representative:
Like the GDPR, Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) applies to any company that processes the personal information of Canadian residents. In regard to business contact information, PIPEDA only dictates two requirements.
Businesses must make the following items publicly available in their Privacy Policy:
In most cases, the contact for these two items will be the same job title and address, as you can see in Osler's Privacy Policy:
The California Online Privacy Protection Act (CalOPPA) is a California state law that applies to any company that collects personal information from California residents. Since most companies that do business in the United States have at least a few California residents as customers, this law will apply to most companies.
The only requirement that CalOPPA designates regarding contact information is the following:
Businesses must post a clear explanation of how users can request amendments to any personal data that is collected.
This can be achieved by providing users with an online portal to view, change, or delete their personal information, or by providing an email address or contact form to make such requests.
As you can see, Apple provides both an online portal so users can access their personal information, as well as a link to a privacy contact form to make direct requests.
So long as you have a process in place for accepting user requests and inform your users how to make the requests, you can choose to use forms, email addresses, user account interfaces or any other method of contact.
Living Clean meets legal and consumer expectations by posting all of the required contact information in its Privacy Policy. First, its physical address is listed at the beginning of the policy:
Customers are informed about how they may access, change, or delete their personal information:
Next, Living Clean details which data processors it uses and provides a physical address as well as a web link for those processors:
Finally, Living Clean posts contact information for its US-based privacy officer. Since this is a small company that does not process large quantities of EU consumer data or sensitive categories of data, it isn't required to appoint a DPO or EU Representative.
The German-based vehicle manufacturer Audi provides a thorough Privacy Policy for consumers. It begins by stating the name and location of the company as a data controller:
The contact information of the DPO is also listed at the beginning of the policy:
In order to give consumers full access to their personal data, a link to a dedicated contact form is provided:
Finally, Audi lists out each of its data processors, along with links to opt-out or obtain more information:
Geocaching.com, owned by Groundspeak, Inc., manages geocaching programs across the world. For this reason, its Privacy Policy must carefully comply with regulations in all of the countries where its participants live.
Location and contact details are included in the policy in a clearly-labeled clause:
The Privacy Policy lists several different methods for users to gain or request access to personal information. First, a link to the account settings section is provided:
Contact information is provided for exercising data subject rights by way of an email address, mailing address and dedicated contact form:
In compliance with the GDPR, Groundspeak supplies full contact information for both their Data Protection Officer and EU Representative:
Although technically a location for data processors should also be provided, Groundspeak does provide a list of data processors as well as links to their respective websites:
By taking the simple steps outlined above, you can meet both legal requirements regarding privacy contact information as well as consumer expectations. The easier you make it for your customers to contact you regarding privacy complaints or requests, the easier it will be to resolve any potential privacy problems before they escalate into legal issues.
Comply with the law with our agreements, policies, and consent banners. Everything is included.
Disclaimer
This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.
Last updated on
Appears in
Related articles
When working toward compliance with the GDPR, one of your first tasks will probably be to update your Privacy Policy document to meet the new standards. If you currently have a Privacy Policy that is compliant with Data Protection Directive 95/46/EC, you will need to make a few changes to become.
If you run a blog on the Blogger (Blogspot) platform, you need to have a Privacy Policy. This is because global privacy laws require this, third party blog services require this, and the public expects to see one. This article will explain why you need a Privacy Policy, and help you.
You almost certainly need a Privacy Policy whether you're creating a website or an app. But what if you're creating both? Do you need a separate Privacy Policy for each? In this article, we're going to briefly talk you through whether you need a Privacy Policy for your website and app, and.
Comply with the law with our agreements, policies, tools and cookie consent banners. Everything you need is included.
Disclaimer: Legal information is not legal advice, read the disclaimer. The information provided on this site is not legal advice, does not constitute a lawyer referral service, and no attorney-client or confidential relationship is or will be formed by use of the site.
Copyright © 2012 - 2024 TermsFeed ® . All rights reserved.
