Website Policies Required For Compliance
Its your responsibility
As a website owner or operator in the UK, you are required to comply with certain policies and regulations to protect the privacy and rights of your users. Here are some of the essential policies you should have on your website:
- Privacy Policy: A privacy policy outlines how you collect, use, and share personal information of your website visitors. It should also explain the purpose for which the information is collected and how users can exercise their rights to access, delete, or modify their data.
- Cookies Policy: A cookies policy explains how you use cookies on your website, and how users can control or delete them. This policy should also comply with the GDPR (General Data Protection Regulation) and ePrivacy Directive.
- Terms and Conditions: The terms and conditions set out the rules for using your website and the rights and responsibilities of the website owner and users. It should include important details such as intellectual property rights, disclaimers, and liability limitations.
- Accessibility Statement: An accessibility statement explains how your website is designed to be accessible to users with disabilities. It should outline the features and tools you have in place to make your website more accessible, and how users can contact you for help.
- Cookie Consent Banner: A cookie consent banner is a pop-up message that appears on your website, asking users for their consent to use cookies. It should also provide a link to your cookies policy.
- GDPR Compliance: If your website is accessible to users in the European Union, you must comply with the GDPR regulations. This includes obtaining user consent, providing access to their data, and ensuring their data is processed securely.
- Copyright Policy: A copyright policy outlines how you deal with copyright infringement on your website. It should provide clear instructions on how to report infringement, and the consequences of violating copyright laws.
Having these policies and compliance measures in place can help protect your website users and your business.
When a website is being developed unfortunately one of the last elements to be considered are the companies website policies. However the following are all required to be shown if a company is to be compliant.
Cookie Policy – to protect the privacy and rights of website users, and to ensure compliance with relevant laws and regulations
The purpose of a cookie policy is to inform website visitors about the use of cookies on your website. A cookie is a small text file that a website saves on a user’s device when they visit the site. Cookies are used for various purposes such as personalizing website content, tracking user behavior, and improving website performance.
A cookie policy outlines the types of cookies used on a website, their purpose, and the duration for which they are stored. It also explains how users can control or delete cookies, and provides information on third-party cookies used on the website.
In addition, a cookie policy should comply with privacy laws such as the GDPR (General Data Protection Regulation) and ePrivacy Directive. These laws require websites to obtain user consent for non-essential cookies, and provide clear and concise information about the use of cookies on their website.
Acceptable Use Policy – Governs the behaviour of the person using the site
- This is most relevant where interactive services are provided within the site
- Prevents
- unauthorised reproduction of materials (text / images / video etc)
- unacceptable user behaviour e.g. hacking or creating viruses etc
- Allows – the website owner to remove offending material (i.e. perhaps you allow visitors to comment on posts etc) or suspend a users right to access the site
- For any breach of standards there should be contractual remedies in place
Privacy Policy – this links back directly to the Data Protection Act
2 key considerations
- Why you are collecting any data
- Data includes information about users online behaviour i.e. The IP Address from which they are accessing your website. So even though you may not be collecting names / payment details you may need a privacy policy
- That the data you are collecting will be stored and processed legally and fairly
- Policy should inform users on how data will be collected, stored and used
- Allows controller to obtain an individuals implied consent to processing activities. So explicit consent is needed for sensitive data such as racial information
As is implied by many of these policies the person should have the chance to read these terms before submitting data. In an ideal world a pop up of Privacy policy in a real world a link to them near the requisite submit button.
Terms Of Use Policy
Covers what the website is for and if there are any costs involved
- Is not related to terms and conditions, Terms of Use governs the actual access to the website
- Details the fees payable for access to the website (if there are any)
- In a perfect world a visitor to the site would be greeted by the Terms Of Use and agree to them before being allowed to view the site. We dont live in a perfect world from a legal perspective, so common practice is to display a link to the Terms Of Use prominently on each page
- In light of web based security issues they will probably cover the prevention of unauthorised use / disclosure of passwords
Website Policies Required For Compliance
For more information on marketing, sales and business related topics click here. To talk to a marketing and sales professional click here
On Line Data Protection Key Principles
The Key Thrust To Data protection
1: Tell people what you are going to do with their data before you gather it
2: Within your organisation you need to identify who is the Data Controller
3: If you are capturing and storing names, emails etc you need to have a Data Protection Licence
Data Protection Key Principles
- Personal data includes
- Names
- Addresses
- Telephone numbers
- Processing includes
- How the data is obtained
- The approach / techniques used to record the data
- How the data is retained / held within the organisation
- How the data will be used
- Disclosing and erasing of the data
- Data subject: This is the individual about whom personal data is processed
- Any data obtained must be processed fairly and lawfully
- An organisation needs to identify who is assigned to be the Data Controller
- The data controller equals the person who determines the purpose for which and the manner for which personal data is to be processed
- The data controller to notify the Information Commissioners Office (ICO) before processing and failure to notify is a criminal offence. There is a wealth of information on the ICO website
Data Protection Make Sure You Stay Legal
-
- If you have a website and on that website you have a contact us enquiry form box in which a person adds their personal details and submits a request you need to have a data protection licence.
- If you have been collecting business cards from an exhibition, trade event, networking event etc and are building a database of prospects even if it is a simple spreadsheet you need to comply with data protection.
- If you have purchased (or acquired) a list of prospective customers that you have now stored on your customer relationship management system (Workbooks, Salesforce, Act etc) you need to comply with data protection
- If you have a website which has a data capture form whereby information is fed directly into a Mailchimp list – you need to make sure you comply with data protection.
Terms & Conditions ( Terms of Service)
It is generally recommended to have terms and conditions (also known as terms of service or terms of use) on a website. Terms and conditions serve as a legal agreement between the website owner and the users or visitors of the website. They outline the rules, rights, and obligations that apply to anyone accessing and using the website.
Here are a few reasons why having terms and conditions is important:
- Legal protection: Terms and conditions can help protect your rights as a website owner and clarify the expectations and limitations for users. They can establish the rules for using the website and protect your intellectual property rights, such as copyrights or trademarks.
- User agreement: By accessing or using the website, users agree to be bound by the terms and conditions. This agreement can help you enforce certain policies or restrictions, such as prohibiting unauthorized use, content sharing, or abusive behavior.
- Dispute resolution: Terms and conditions can include provisions for dispute resolution, such as specifying the jurisdiction or method of resolving legal conflicts. This can help protect your interests and provide guidelines for addressing any potential disputes that may arise.
- Liability limitations: Including disclaimers and liability limitations in your terms and conditions can help protect you from certain legal claims and reduce potential liability for the content or services provided on your website.
While it is advisable to consult with a legal professional to ensure that your terms and conditions comply with relevant laws and regulations in your jurisdiction, having them in place can provide legal protection and set clear expectations for users interacting with your website.