If you are a typical nonprofit organization, you are likely to collect a large chunk of confidential information from your users, albeit in the form of IP addresses collected by your website’s statistics package. With the many updates on Facebook and the billions of users whose data was potentially compromised, online users are becoming more fearful than ever to disclose personal information to organizations and businesses.
In this era of data-centric marketing, it is more crucial than ever to place yourself as a trusted and secure organization. Your Privacy and Legal Notice Webpage cannot be a last-minute matter anymore but must be a prominent feature on your entire website and be composed of words that the average user can comprehend without the need for a lawyer.
Why is it so crucial?
- It proves you’re trustworthy and transparent.
- Aids in planning ahead.
- It offers basic legal protection.
- It addresses the General Data Protection Regulation (GDPR) law.
Guidelines to Create a Privacy and Legal Notice Webpage
Here is a handy set of general guidelines and best practices on how to create and issue a privacy policy that really matters to your audience.
The first step is to identify your nonprofit’s data collection practices by answering the following questions:
- What sensitive data do we gather?
- How do we gather them?
- Why do we collect them?
- How is the data used?
- Identify people who have access to the information.
- Are we sharing the data we collect?
- If yes, with whom and on what terms?
- How long do we retain or keep personal information?
Working out these niceties may require a meeting between website administrators, board members, volunteer coordinators, and marketing staff – it may be as straightforward as a discussion between a few co-workers in a smaller organization. Whatever the case, make sure you have a clear idea of the present situation (and any possible changes that may arise in the short and medium-term) before going on to draft a written statement of your Privacy and Legal Notice Webpage.
Publish your privacy and legal notice webpage in simple English: Leave the legal jargon and write your privacy policies and rules so that the average user can understand them. Once you have drafted it, it’s a good idea to have a lawyer read it. However, you can be frank and candid in saying that you don’t want to fill it with legalese that the average user doesn’t understand. It’s wise to have it checked to make sure something important hasn’t been omitted.
Make it complete: In short, you want to expose exactly what information is being collected from online users, how it is being collected, and for what use. You should, of course, update your privacy policy if these things change.
Be sincere: If you are planning to use personal information for any marketing goals, or just for sending an occasional update, please clarify this in your privacy policy. Have an opt-out option on your site and provide a link to unsubscribe in each mail sent. This is especially critical if your organization plans or shares information with other companies or organizations.
Make your Privacy and Legal Notice Webpage public: You can place it at the bottom of every page of your site so visitors don’t have to search for it. You can also place it high on your homepage or included on your donation pages. While most visitors will never read the policies, it’s still vital that you show them clearly that you’re not trying to hide anything.
Be aware of specific laws: There can be outside laws that are applicable to you even if your nonprofit organization is not active in a particular industry. For instance, if you address health-related queries, laws such as the Health Insurance Portability and Accountability Act (HIPAA) may apply to the way you gather and keep data. SEC laws may apply when it comes to financial matters. You can avoid needless fines by ensuring that you comply with all rules and regulations. Do not disregard the State Laws or FTC that set minimum standards.
Make it yours: If you find another Privacy and Legal Notice Webpage, don’t copy and paste from another website. The risk of sanctions is serious and this is not the moment for a cookie-cutting solution. Your policy has to be yours and should reflect the unique characteristics of your organization and website.
Lastly, what you need to include.
After determining precisely what data you will collect (cookies, email, credit card, subscription information, age, gender, login, etc.) and stating your legitimate reason for collecting this data, you should clearly identify what you intend to do with the information.
These are some points you should make sure you include in your privacy policy.
- Explain clearly the data you are collecting and whether it is anonymous, identifying, or both.
- It doesn’t need to be long and detailed, but you should explain how the data is collected: log information, click links, log files, cookies, search terms, or other methods.
- If you are going to share data with other websites or associated organizations, be honest. The first concern of most consumers is who else will be getting their personal information.
- Simply explain that if you are required by law to disclose confidential information, then you will have to obey such orders.
- Give visitors the option of correcting, verifying, modifying, or deleting personal registration information. It can be achieved through a confirmation email once a visitor has successfully registered on your website.
- Provide a means for users to opt-out of receiving future mailings. If a user wants to be unsubscribed or removed, make it easy for them. You obviously do not want to be penalized for sending spam to people.
- Indicate that the privacy policy will be regularly updated and how you will notify users of such changes.
This guest post was authored by Raviraj Hegde and originally appeared on the CharityLawyer Blog. Raviraj is the director of growth at Donorbox. He is a digital strategist with over 5 years of experience. He is passionate about helping nonprofits with online fundraising. He enjoys playing badminton and travels the world when he’s not at work.
To view a particularly well-written example of a donor privacy statement, click here. This example is highlighted on the Blandford Nature Donate Page.
Comments on this entry are closed.