All Rights Reserved UCC
Ban Securities and Exchanges - Pious SA PLC
Users expect website privacy policies and practices to be fair. For some users, unfair policies and practices may be enough to turn them away from a website or service. This is particularly true in the case of social networking websites and services, which process lots of personal information. This privacy and cookies policy template has been created with social networking websites specifically in mind. It is an adapted version of our standard privacy and cookies policy template, and contains many of the same provisions.
The template is divided into three sections. The first covers disclosures relating to personal data; the second covers cookie-related disclosures; and the third covers disclosures relating to the identity of the website operator.
The key provisions of the section covering personal data disclosures are as follows.
Collection: what personal data are collected by the website? Typically, social network operators will collect, store and process usage data, profile information, information submitted in the course of using website services such as friendship data and private messaging data, and information imported from third party services such as Facebook and LinkedIn.
Use: for what purposes will the personal data be used? In addition to the obvious purposes such as enabling the operation of the website and the provision of website services, an operator may wish to use personal data for marketing and other potentially less-welcome activities. Where marketing activities require specific consent, a consent statement buried in the legal documentation will not be sufficient.
Disclosure: to whom may personal information collected through the website be disclosed? For instance, will it be disclosed to subcontractors, suppliers, professional advisors or other group companies? Personal information published on the website may, of course, be disclosed to the entire world.
Transfer: to which countries outside the EEA may personal data be transferred? The rationale for providing this information is that countries outside the EEA may not have data protection laws equivalent to those within. Again, however, consent to extra-EEA transfers (where required) cannot be obtained with a statement hidden away in a website's legal documentation.
Retention: for what period or periods will personal data be retained by the operator? Some information may be required for so long as the website continues to operate, while other information may quickly lose its usefulness.
Security: what security measures will the website operator put into place to protect users' personal information? Examples of security measures typically used on a website include: SSL/TLS encryption; firewall and password protected web servers and databases; and password-protected logins for users.
In addition to these "core" provisions, the section concerning personal data disclosures also covers amendments to the policy, data subjects' statutory rights and third party privacy policies.
The section concerning cookies is designed to aid compliance with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as subsequently amended). In this section, the website operator should disclose information about the cookies used on the website, including analytics cookies and third party cookies. You will also need to consider how to comply with the consent requirements introduced into the 2003 Regulations in May 2011 and subject to enforcement from May 2012.