Privacy Policies are concerned with preserving your users' privacy rights and data security, whereas Terms of Service are concerned with protecting you, the user. The Terms of Service define the guidelines for users and should specify what activities will result in users losing the ability to access a website or an App.
There is frequently misinformation about what Terms of Service are and how they differ from Privacy Policies. Clients also question what the distinctions are between Terms of Service, User Agreements, and Terms and Conditions. While these agreements are often synonymous, we will refer to this type of agreement as Terms of Service or TOS for the sake of simplicity. The TOS and Privacy Policies, on the other hand, could not be more dissimilar. The way you secure the data that people share with you is governed by your privacy policies. Privacy rules, such as the National Data Protection Regulation (NDPR), demand that you comply.
“Great, I don't have to worry about it because I don't gather user data,” you could think. You'd be mistaken. From cookies to Internet Protocol (IP) addresses, it's practically hard to run a website without collecting data. Even if you're not collecting personal information, you're almost definitely gathering some amount of data automatically. As a result, having a solid privacy policy is critical. While Privacy Policies are concerned with safeguarding your users' privacy and data security, the TOS is concerned with safeguarding you. The TOS lays out the ground rules for users, and they should specify what activities are acceptable (i.e., Intellectual Property infringement, uploading viruses, harassment of other users, etc) will result in users losing the right to use your site or App.
When business owners are developing their websites and realise they need a privacy policy and a Terms of Service, they frequently decide to simply copy one off the internet. Perhaps they go so far as to search up the terms of service and privacy policies of a competitor or other comparable firm and copy and paste such policies onto their own website. This is a tremendous blunder. Take, for example, the e-Naira privacy policy, which was lifted verbatim from a US-based firm. CBN, you did a great job. Not only is this potentially copyright infringement (unless you purchased the same template as another firm), but every TOS and Privacy Policy, no matter how similar one business is to another, must be followed. Furthermore, the TOS and Privacy Policy you copy may be badly drafted, rendering them ineffective for safeguarding you and your company.
It is strongly advised that you consult a lawyer while developing a TOS and Privacy Policy. You may despise the notion of paying a lawyer to develop a customised TOS and Privacy Policy for your company, but you'll despise it even more if you neglect this crucial step and wind yourself in court later because you didn't have a robust TOS and Privacy Policy in place. While you may require a personalised TOS and Privacy Policy, you should be familiar with certain common words included in both TOS and Privacy Policies.
Privacy Policies
The NDPR 2019 is the most well-known privacy law (governing how to treat data obtained from users based in Nigeria). Nearly every state and country has its own privacy regulations, so don't believe you're exempt if you operate a site that caters to customers who aren't from Nigeria.
If your website collects medical information or information from users under the age of 18, you'll need a more complicated privacy policy to ensure compliance with other laws and regulations, such as the National Health Act (NHA 2022), the Data Protection Bill, the National Health Insurance Scheme Act, the Cybercrimes (Prohibition and Prevention Act), or the 1999 Constitution of the Federal Republic of Nigeria, among others. There are numerous laws governing privacy rights, and this is a rapidly evolving area of law that can change dramatically in short span of time, so if your company regularly collects user data other than IP addresses and cookies, such as name, email, age, address, phone number, credit card information, profession, and so on, it is especially important to consult a lawyer adept in Technology Law.
It's also worth noting that there's been a considerable trend away from "legalese" and toward utilising extremely understandable English. Your Privacy Policy should be simple to comprehend so that people who want to know their rights and what data you're utilising that belongs to them aren't overburdened.
Every Privacy Policy should cover at least the following:
Data Collected: The Privacy Policy should clearly explain what type of data is the site collecting from the user. Is it collecting their name, age, sex, mailing address? IP address? Email address? Cookies? Anything else? Any data that the site collects should be clearly identified.
Why it is Collected: Any data you obtain should be accompanied by an explanation of why you are collecting it. Are you collecting email addresses so that you can keep users up to date on special offers or changes to the website? Are you gathering various identifying information about them so that you may display them advertisements that are likely to be relevant to them? You should include it for any purpose. A simple chart, displaying the data obtained on one side and the rationale for collecting it on the other, is becoming a more frequent approach of communicating what data you're gathering and why.
How Users can Erase or Correct their Data on the site: Not only should you make it apparent how to contact the person in control of data on your site, but you should also make it clear that users own their data and have the right to remove, amend, or otherwise modify it at any time.
Consent: Users must have the ability to grant (and withdraw) consent to websites and software that collects their data. In addition, the Privacy Policy must offer information on the remedies accessible to the user if the company does not follow its own Privacy Policy.
Updates: Because privacy laws change so frequently, it's critical to include a language in your Privacy Policy that states that users should check the policy for updates on a regular basis. Any updates you need to make will be uploaded to the page that contains your Privacy Policy and should take effect immediately.
Terms of Service
When developing your TOS, it's best to start with a blank document. Ideally, you should maintain your Privacy Policy separate from your TOS to better illustrate the difference between your rights as the site/App owner and your users' rights as data owners.
You'll almost probably require a customised TOS, but regardless of your specific TOS, you should be familiar with the following phrases, which are essentially common to all Terms of Service:
Prohibited Use: The TOS should be clear on what user actions are prohibited. At the very least, this list should include Intellectual Property infringement, harassment of other users, or uploading any viruses/malware to the site.
Intellectual Property Ownership: It should be explicit that the company that owns the website maintains all of its ownership rights in its intellectual property, and using the site does not transfer any of these ownership rights to the users.
Payment Terms: If you collect payment from your users, your TOS should specify how users should pay and what happens if they don’t pay / if their card doesn’t go through. Are they on a subscription plan? Is it a flat fee? Whatever the details are, they should be laid out clearly here.
Updates: Similar to your Privacy Policy, it is important to include language in your TOS that clarifies the user should frequently check the TOS for updates, as any updates you may need to make will be uploaded to the page that contains your TOS and should be considered effective immediately.
There are several other provisions you should have in your TOS, but these above are the most basic and will help get you started on thinking about what terms you will need.
No comments:
Post a Comment