- a statement explaining what kind of information you collect about your users, how you use it, and with whom (if anyone) you intend to share it;
- a statement reminding users that data is collected through a server access log when a user browses, reads, or downloads information from the site;
- a statement reminding users that the website operators may have to disclose user information in response to warrants, subpoenas, or other valid legal process;
- a description of the process through which users can request changes to any of the personally identifying information collected and/or stored (you can provide an email address for notifying the website operator of changes);
- an opt-out procedure for users to request that their information not be shared with third parties, or that their contact information not be used to send unsolicited correspondence (again, this can be done with an email address);
- a statement identifying the effective date of the policy.
This website's content is intended for adults and we will not knowingly collect personal information from children under 13 years of age. If you are a parent or legal guardian of a child under age 13 who you believe has submitted personal information to this site, please contact us immediately.
There are also rules about collecting medical information and information about criminal records. Unless it is important to the purpose of your website, you should not gather this type of information. If you plan to gather this type of information, you should consult a lawyer about your data collection strategy.
What Should You Avoid?
It is common to see the following statement in website privacy policies: "[Name of website] will not collect any personal information about you except when you specifically and knowingly provide such information." While this kind of statement may sound reassuring for your users, it is not true in most cases. When a user visits a website, he or she provides personal information to the website operator simply by virtue of browsing, reading, and downloading material. This information includes IP address, user configuration settings, and what website referred the user to the site, among other things. It is better to tell users that this type of information is being collected automatically on standard web server access logs.