If you’re running an eCommerce store, it’s likely that you’ll be collecting customer information via your website. This is commonly done, both to collect marketing and advertising information, and also to complete sales transactions and send items to your customers. As you’re collecting this information, however, it’s good to keep the best practice privacy principles in mind.
ECommerce stores need to be careful of what private information they collect from customers. There are numerous pieces of privacy legislation around the world that require you to notify your customers of certain things when you collect their information. Let’s take a look.
Privacy in the US and EU
First, let’s look at two of the main jurisdictions that you may be in if you’re using the PinnacleCart solution for your eCommerce store.
- The kinds of information your website or online marketing tactics collect;
- How the information may be shared;
- The process your customers can follow to review and change the information you have on them;
- How you respond to “do not track” requests; and
- The policy’s effective date and a description of any changes since then.
The EU is significantly stricter, and covers data protection in its EU Data Protection Directive. This Directive requires that any businesses based in the EU can only process “personal data” of customers if consent has been given for the processing of that data, or the processing is necessary for fulfilling a contract or legal obligation that the person is party to. For eCommerce stores, you would need to get consent.
“Personal data” can include:
- Identity of the data subject; and
- Credit card and banking data.
For example, when a person purchases something from an eCommerce store, the store will require that person’s name, address, phone number, email address, and credit card details.
- Your identity;
- The purpose or purposes for which you are collecting the data;
- The recipients or categories of recipients of the data,
- The existence of your customer’s right of access to and the right to rectify the data
- That you guarantee fair data processing in respect of the data subject.
The EU also has a new law coming into place, the EU Data Protection Regulation (the Regulation). The Regulation will cover the whole EU region in a more cohesive manner than the Directive, and will mean that individual states do not need to implement their own laws for it to take effect. It will also apply to anyone dealing with the personal data of EU citizens, and you won’t need to be a business based in the EU for it to apply to you.
- Who you are (the company collecting the information);
- What types of information you will be collecting for your eCommerce store;
- How you will protect and store the information;
- What you will do with that information and when you may share it with others;
- How the customer can review the information you hold;
- How the customer can change that information;
- How you respond to “do not track” requests;
- The policy’s effective date and a description of any changes since then; and
- Dispute resolution information.
There are two main ways that most eCommerce stores display their Privacy Policies, one is good, and one is bad. The bad method is called browsewrap, while the good method is called clickwrap.
Here’s another example, from The Weather Channel, with a check-box:
Remember that setting up these best practice privacy principles for your eCommerce store is easy to do. In just a few small steps, your eCommerce store will be in line with the law and ready to meet your privacy obligations.
Have questions on the best practice privacy principles in your area? We’d love to help you so leave a comment below!
Back to the Pinnacle Cart Homepage