Typical considerations:
- [ ] What the privacy policy should cover (e.g., personal information collected from website only, personal information collected from products and services, all personal information collected by the Company, etc.).
- [ ] With respect to the personal information that the privacy policy should cover:
- Who does the personal information concern?
- Describe the relationship between the Company and the individuals who the personal information concerns. Is this personal information generally collected in a consumer context or in a business context?
- How does the Company collect or receive the personal information?
- For what purposes is the personal information collected, used, and shared?
- Please list all categories of personal information that the Company collects.
- [ ] Does the Company receive any personal information from its business customers to process on their behalf (e.g., as a service provider)? If so, please describe the types of personal information received in this context, how the Company receives this information, and what the Company does with this information.
- [ ] Will the Company be aggregating or anonymizing any personal information and using it for purposes outside of the product or service? If so, please describe.
- [ ] Will the Company be using any personal information for R&D purposes? If so, please describe.
- [ ] Does the Company have a mobile application?
- [ ] Does the Company collect information other third party sources? This may include public records, data providers (e.g., data brokers), affiliate partners, and marketing partners.
- [ ] Does the Company allow users to log into the service or platform through social media credentials (e.g., Facebook or Google authentication)?
- [ ] Does the Company utilize (i) cookies (and if so, whether these are first party or third party cookies), (ii) local storage technologies, (iii) web beacons, and/or (iv) session replay technologies? If so, please describe.
- [ ] Please confirm if users of the service can refer friends or other contacts to the service. If so, please describe the categories of personal information that are collected for this purpose.
- [ ] Does the Company engage in email marketing? If so, how may users opt-out?
- [ ] Does the Company engage in text-based marketing or otherwise send text messages to individuals? If so, how does it obtain consent?
- [ ] Does the Company engage in interest-based advertising on its website?
- [ ] Please provide a list of categories of third parties with whom the Company may share personal information and the purposes for such sharing.
- [ ] Will customers be able to make purchases via the website?
- If so, will the Company be using a payment processor?
- [ ] Please describe what rights users are generally provided, if any (e.g., access their information, update their information, delete their information).
- If rights are provided, are these rights only provided to certain individuals (e.g., California residents) or to all individuals?
- [ ] Is the website directed at children? Does the Company otherwise knowingly collect information from children under the age of 16? Please describe.
- [ ] Please confirm if the Company is subject to the CCPA.
- [ ] Is the company governed by GDPR? Consider employee base, customer base, and target market.