Written by Paige Griffith, J.D. of The Legal Paige
Although no explicit federal law states you must have one, you are likely subject to these other laws in some way: Children’s Online Privacy Protection Act (COPPA), European GDPR, Canadian Personal Information Protection and Electronic Documents Act (PIPEDA), and the California Online Privacy Protection Act (CalOPPA)).
Now that you have established what data is collected, you need to explain how it is handled and processed. This is a big one, potentially more important than what type of data is collected. Users want to know who is seeing their data.
These are all questions that need to be addressed in your policy. Further, you need to understand that not all users will be comfortable with data collection and storage. You can either provide users a way to opt-out of having their data set in the policy OR clearly state in the policy that it is non-negotiable.
Terms and conditions are exactly like they sound, they are the conditions of the people and users using your website. Just because you are a small business doesn’t mean you don’t need terms and conditions on your website. Your terms and conditions need to include letting consumers know about your return/exchange/refund policies, age requirements, consents, communication policies, intellectual property ownership, affiliate links, and other business policies you have put into place. This way no consumer or website user can come back to you stating that they didn’t know the rules of your business practices.