onlinebridgelessons.com The
TRUSTe Model Privacy Statement
Developing your
company’s privacy statement is a critical stage in understanding and
articulating your corporate policies. For many companies, drafting a privacy
statement kick starts a corporate-wide understanding of how individual data is
used and, more importantly, initiates a conversation about how to build trust
with consumers.
Unfortunately, there
is no single “ideal” privacy statement – by definition, they vary from company
to company and must be tailored to highlight specific practices. That being
said, TRUSTe has identified several common themes that, in our experience, have
emerged as “best practices” for a privacy statement.
The following Model
Privacy Statement serves as a template, prompting you to consider important
points in your information gathering policy and practices. Before we begin,
keep in mind a couple of key points:
1.Say what you do; Do what you say – The Golden Rule
in privacy statements is “Do Not Lie.” The only thing worse than not posting a
privacy statement is to fraudulently claim a certain business practice. State
and federal governments do not look kindly on companies that claim one set of
practices, and follow another.
1.Tailor the Model Privacy Statement – The following
model will provide you with resources to begin developing your own privacy
statement, but you should be sure not to simply cut and paste. Use it as a
starting point to create a statement tailored to your specific practices.
1.Privacy Statements are not Disclaimers – The
communication of your company’s privacy practices should express what is
actually happening on the site, not what may happen, has happened
or is planned for the future. In some cases, informing your users of the
information gathering your company’s site does not practice may be more
effective.
1.Re-visit your privacy statement frequently – A
privacy statement is a living document, designed to clearly communicate your
company’s privacy practices, which, for many companies, change over time. Make
sure you revisit your posted privacy statement to make sure it truly reflects
your current practices.
1.Communicate your privacy practices to your entire company
– In order to avoid information spills it is important to make sure that your
entire company is aware of the policies within your privacy statement.
Throughout this model privacy statement TRUSTe uses
[bracketed] language in order to provoke thought on a specific privacy practice
or present language options that will help you ensure your privacy statement
matches your business model and actual practices.
Creating a clear and
accurate statement helps your company in its efforts to build loyal relationships
with its users by providing your customers with the information they need to
trust you with their personal information. We hope you find this Model Privacy
Statement useful in your quest to build trust with your customers. If you have
any specific questions, do not hesitate to contact us by email at businessdevelopment@truste.orgbizdev@truste.org.
Additional Steps for
Protecting Children Online
There are additional
requirements and elements needed beyond a model privacy statement, in order to address
children’s online privacy issues. Please visit the Children’s Privacy Seal
section of our Web site for more information on how to make your Web site safer
for kids and compliant with the Children’s Online Privacy Protection Act.Privacy
Statement
Clear Gifs Web
Beacons Web Bugs /
Correcting/Updating/Deleting/Deactivating
Personal Information
MODEL
PRIVACY STATEMENT
[NAME OF
COMPANY/SITE] is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent,
non-profit organization whose mission is to enable individuals and
organizations to establish trusting relationships based on respect for personal
identity and information by promoting the use of fair information practices. This privacy statement covers the site
[WWW.URL OFSITE.COM]. Because this Web site wants to demonstrate its
commitment to our users’ privacy, it has agreed to disclose its information
practices and have its privacy practices reviewed for compliance by
TRUSTe.
1. What personally identifiable information [NAME
OF COMPANY] collects.
2. What personally identifiable information third
parties collect through the Web site.
3. What organization collects the information.
4. How [NAME OF COMPANY] uses the information.
5. With whom [NAME OF COMPANY] may share user
information.
6. What choices are available to users regarding
collection, use and distribution of the information.
7. What types of security procedures are in place
to protect the loss, misuse or alteration of information under [NAME OF
COMPANY] control.
8. How users can correct any inaccuracies in the
information.
If users have
questions or concerns regarding this statement, they should first contact [NAME
OF INDIVIDUAL, DEPARTMENT OR GROUP RESPONSIBLE FOR INQUIRIES] by [CONTACT
INFORMATION: EMAIL, PHONE, POSTAL MAIL] If they do not receive acknowledgment
of their inquiry or their inquiry is not satisfactorily addressed, they should
then contact TRUSTe through the TRUSTe Watchdog
Dispute Resolution Process
(http://www.truste.org/users/users_watchdog_intro.html).
TRUSTe will serve as a liaison with the Web site to resolve users concerns.
[Include this Software
Disclaimer as the last sentence in the TRUSTe opening statement if the site has
a downloadable software application or applet:
The TRUSTe program covers only information that is collected through this Web
site, and does not cover information that may be collected through software
downloaded from the site. By displaying the TRUSTe trustmark, [NAME OF SITE]
has agreed to notify users of:]
[NAME OF COMPANY]onlinebridgelessons.com
is the sole owner of the information collected on [NAME OF SITE]WWW.onlinebridgelessons.com.
[NAME OF COMPANY]onlinebridgelessons.com
collects information from our users at several different points on our Web
site.
In order to use this Web site, a user must first
complete the registration form. During
registration a user [is required to] giveprovide[s]
contact information (such as name and
email address). We use this information to contact the user
about services on our site for which he has expressed interestcreate an account for
the user to play the games contained on this site. It is optional for
the user to provide demographic information (such as income level and gender),
and unique identifiers (such as, username and password), but encouraged so we
can provide a more personalized experience on our site. We also require a user’s social security
number to provide [include service type here.]
[TRUSTe recommends you only collect a social
security number when it is a required identifier for performing the site’s
service.]
We request
information from the user on our order form. A user must provide contact
information (such as name, email, and shipping address) and financial
information (such as credit card number, expiration date). This information is used for billing
purposes and to fill customer’s orders.
If we have trouble processing an order, the information is used to
contact the user.
Information via
cookies and IP logging is also obtained as a user browses the site or plays
the games contained on the site.
[This
paragraph should elaborate on the actual ‘use’ of the information. For instance, the service the site performs
should be incorporated here. Also, a discussion
of the use of aggregate information should be disclosed here as well. Be as specific as possible, without being
contingent. Avoid ‘we may do this’ ‘we
might do that’ type of language.]
We store information that we collect through cookies,
log files, clear gifs, and/or third parties to create a profile of our
users. A profile is stored information
that we keep on individual users that details their viewing preferences. Consequently, collected information is tied
to the users personally identifiable information to provide offers and improve
the content of the site for the user. This profile is used to tailor a user’s
visit to our Web site, and to direct pertinent marketing promotions to
them. We [do not] share your profile
with other third parties. [Your profile
is shared in aggregate form only.] [Your profile is shared together with your
personally identifiable information.]
A cookie is a piece of data stored on the user’s computer
tied to information about the user. [Usage
of a cookie is in no way linked to any personally identifiable information
while on our site.] We use
[both]
session ID cookies [ and]
persistent cookies. For the session ID
cookie, once users close the browser, the cookie simply terminates. A persistent cookie is a small text file
stored on the user’s hard drive for an extended period of time. Persistent
cookies can be removed by following Internet browser help file directions. [Provide
a link to information on cookies.]
[Explain how cookies are used on your Web site.] By
setting a cookie on our site, users would not have to log in a password more
than once, thereby saving time while on our site. If users reject the cookie, they may still use our site. The only drawback to this is that the user
will be limited in some areas of our site.
For example, [the user will not be able to participate in any of our
sweepstakes, contests or monthly drawings that take place.] Persistent cookies
enable us to track and target the interests of our users to enhance the
experience on our site. See the
“Profile” sectionUse of cookies is an integral part of the games on
this site, they will not function without. cookies enabled
Some of our business
partners use cookies on our site (for example, advertisers). However, we have no access to or control
over these cookies, once we have given permission for them to set cookies for
advertising.
Third Party Advertising We use MaxOnline and other third-party advertising companies to serve ads when you visit our Web site. These companies may use information (not including your name, address, email address or telephone number) about your visits to this and other Web sites in order to provide advertisements on this site and other sites about goods and services that may be of interest to you. If you would like more information about this practice and to know your choices about not having this information used by these companies, please click here
Like most standard Web site servers we use log
files. This includes internet protocol
(IP) addresses, browser type, internet service provider (ISP), referring/exit
pages, platform type, date/time stamp, and number of clicks to analyze trends,
administer the site, track user’s movement in the aggregate, and gather broad
demographic information for aggregate use.
IP addresses, etc. are not linked to personally identifiable information. [IP
addresses are tied to personally identifiable information to enable our
Web-based service., and enable us to identify users who abuse our
terms of service
or online forums.] [We use a tracking utility called [XXXX]
that uses log files to analyze user movement.][Webtrendslive users may have
further obligations of particular language per their license with
Webtrendslive. See your license agreement.] [See the Profile section
below.]
We
employ [Ouor our third
party advertising company companies may employs]
a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that
help us better manage content on our site by informing us what content is
effective. Clear gifs are tiny graphics
with a unique identifier, similar in function to cookies, and are used to track
the online movements of Web users. The main difference between the two is that
clear gifs are invisible on the page and are much smaller, about the size of
the period at the end of this sentence. [Clear gifs are tied
to users’ personally identifiable information.] [Clear gifs are
not tied to users’ personally identifiable information.
]
From time-to-time our
site requests information from users via surveys or contests. Participation in these surveys or contests
is completely voluntary and the user therefore has a choice whether or not to
disclose this information. The
requested information typically includes contact information (such as name and
email address), Contact information will be to notify the winners and award
prizes. Survey information will be used for purposes of monitoring or improving
the use and satisfaction of this site.
Users’ personally identifiable information is not shared with third
parties unless we give prior notice and choice. Though we may use an
intermediary to conduct these surveys or contests, they may not use users’
personally identifiable information for any secondary purposes.
If a user elects to use our referral service for
informing a friend about our site, we ask them for the friend’s name and email
address. onlinebridgelessons.com will
automatically send the friend a one-time email inviting them to visit the site. onlinebridgelessons.com does not store this
information once the email has been sent.
Though we make every effort to preserve user privacy, we may need to disclose personal information when required by law wherein we have a good-faith belief that such action is necessary to comply with a current judicial proceeding, a court order or legal process served on our Web site.
We
share aggregated demographic information with our partners and
advertisers. [Describe
the sharing practices of what your site
does, but be specific in your relationship with these third parties.]
This is not linked to any personally identifiable information.
[NAME
OF COMPANY]onlinebridgelessons.com shares Web site usage
information about users with a reputable third party parties [NAME
OF THIRD PARTY] for the purpose of targeting our Internet banner
advertisements on this site and other sites.
For example, [NAME OF COMPANY]onlinebridgelessons.com
uses cookies and clear GIFs on this site, which allow them to recognize a
user's cookie when a user visits this site. The information they we collect and
share through this technology is not personally identifiable. For more information about our third-party
advertiser or for choices about not having this anonymous information used
please click here [LINK TO: ADSERVER PRIVACY POLICY/OPT OUT].
These are the instances in which we will share users’
personal information:
[We
Share Personal Information][We DO NOT Share Personal Information
with Third Parties
unless required to by legal proceedings, court order or legal process.]
[Specifically
describe any sharing of personally identifiable information. For example,
describe actual practices where the site is sharing personally identifiable
information. Include sharing scenarios where the partner can dispose of the
information either in the manner that they see fit, or where the partner can
use the personal information for a limited circumstance or series of limited
circumstances. Another example might include sharing with parent
companies, subsidiaries or affiliated companies for reasons other than
corporate record keeping purposes. Typically these kinds of sharing
arrangements occur when the third party will then own or control the customer
relationship. Below are some examples of the different types of
relationships or situations involving sharing personal information with third
parties that may exist. Keep in mind that sharing personally identifiable
information for secondary purposes, must incorporate an opt-out prior to the
sharing.]
We
use an outside shipping company to ship orders, and a credit card processing
company to bill users for goods and services. These companies do not retain,
share, store or use personally identifiable information for any secondary
purposes.
We
partner with other third parties [ANOTHER PARTY’S NAME] to provide specific
services. [For example, XXXX] When the
user signs up for these particular services, we share names, or other contact information
[specify what information is being shared with the third party service
provider] that is necessary for the third party to provide these services. These third parties are not allowed to use
personally identifiable information except for the purpose of providing these
services.
In the event [NAME OF COMPANY]onlinebridgelessons.com
goes through a business transition, such as a merger, being acquired by another
company, or selling a portion of its assets, users’ personal information will,
in most instances, be part of the assets transferred. Users will be notified via [email] [prominent
notice on our Web site for 30 days] prior
to a change of ownership or control of their personal information. If as a
result of the business transition, the users’ personally identifiable
information will be used in a manner different from that stated at the time of
collection they will be given choice consistent with our notification of
changes section.
If a user’s
personally identifiable information changes (such as zip code, phone, email or
postal address), or if a user no longer desires our service, we provide a way
to correct, update or delete/deactivate users’ personally identifiable
information. This can usually be done at the [member information page] or by emailing our Customer Support at
[EMAIL ADDRESS]. [Or, contact us by telephone or postal mail
at the contact information listed below].
We send all new
members a welcoming email to verify password and username and provide accouint
activation code.
Established members
will occasionally receive information on upcoming games, and new game additions.
Users may not opt out of either of these email services.
On rare occasions it
is necessary to send out a strictly service related announcement. For instance, if our service is temporarily
suspended for maintenance we might send users an email. Generally, users may not opt-out of these
communications, though they can deactivate their account. However, these communications are not
promotional in nature
Our users are given the opportunity to ‘opt-out’ of
having their information used for purposes not directly related to our site at
the point where we ask for information. For example, our order form has an ‘opt-out’
mechanism so users who buy a product from us, but don’t want any marketing
material, can keep their email address off of our lists.
Users
who no longer wish to receive our newsletter and promotional communications may
opt-out of receiving these communications by replying to unsubscribe in the
subject line in the email or email us at [EMAIL ADDRESS] [We also offer an opt-out mechanism on the
[MEMBER INFORMATION PAGES] or the user may contact us at [PHONE] [EMAIL] or
[POSTAL MAIL] to opt-out.]
Users do not have the
opportunity to opt out at any stage of providing the information required to
play the games contained on this site, or required by our advertising partners.
Users
of our site are always notified when their information is being collected by
any outside parties. We do this so our
users can make an informed choice as to whether or not they should proceed with
services that require an outside party.
This
Web site contains links to other sites. Please be aware that we, [NAME
OF COMPANY]onlinebridgelessons.com, are not responsible for the
privacy practices of such other sites. We
encourage our users to be aware when they leave our site and to read the
privacy statements of each and every Web site that collects personally
identifiable information. This privacy
statement applies solely to information collected by this Web site. [Discuss
co-branding and/or framing relations where the user may not know who is
collecting the information].
[From
time-to-time] our site requests
information from users via surveys or contests. Participation in these surveys or contests is completely
voluntary and the user therefore has a choice whether or not to disclose this
information. The requested information
typically includes contact information (such as name and shipping
address), and demographic
information (such as zip code). Contact
information will be used [shared with the
contest [survey] sponsors] to notify the winners
and award prizes.
[Anonymous] Survey information
will be used for purposes of monitoring or improving the use and satisfaction
of this site. Users’ personally
identifiable information is not shared with third parties unless we give prior
notice and choice. Though we may use an intermediary to conduct these surveys
or contests, they may not use users’ personally identifiable information for
any secondary purposes.
If
a user elects to use our referral service for informing a friend about our
site, we ask them for the friend’s name and email address. [NAME OF COMPANY]
will automatically send the friend a one-time email inviting them to visit the
site. [NAME OF COMPANY] stores
[or does not store]
this information for the sole purpose
of sending this one-time email [and tracking the success of our referral
program]. The
friend may contact [NAME OF COMPANY] at
[INSERT URL OR EMAIL ADDRESS] to request the removal of this information from
our database.
This Web site takes every precaution to protect our
users’ informationinformation and their
accounts. When users submit
sensitive information via the Web site, their information is protected both
online and off-line.
When our registration/order form asks users to
enter sensitive information (such as credit card number and/or social security
number), that information is encrypted and is protected with the best encryption
software in the industry - SSL. While
on a secure page, such as our order form, the lock icon on the bottom of Web
browsers such as Netscape Navigator and Microsoft Internet Explorer becomes
locked, as opposed to un-locked, or open, when users are just ‘surfing’. [To learn more about SSL, follow this link
[INSERT LINK].]
While we use SSL encryption to protect sensitive
information online, we also do everything in our power to protect
user-information off-line. All of our
users’ information, not just the sensitive information mentioned above, is
restricted in our offices. Only
employees who need the information to perform a specific job (for example, our
billing clerk or a customer service representative) are granted access to
personally identifiable information.
Our employees must use password-protected screen-savers when they leave
their desk. When they return, they must
re-enter their password to re-gain access to user information. Furthermore, ALL employees are kept
up-to-date on our security and privacy practices. Every [quarter], as well as any time new policies are added, our
employees are notified and/or reminded about the importance we place on
privacy, and what they can do to ensure our users’ information is
protected. Finally, the servers that
store personally identifiable information are in a secure environment, [behind
a locked cage][in a locked facility]. [Be sure that your
actual practices are reflected in this section. For example, if your employees
are updated on privacy every 6 months, then state that, rather than a statement
that is false. Another example, must employees use
password-protected screensavers?]
If users have any questions about the security at
our Web site, users can send an email to [EMAIL ADDRESS.]
In order for this Web site to properly fulfill its
obligation to users it is necessary for us to supplement the information we
receive with information from 3rd party sources.
For example, to determine if users qualify for one
of our credit cards, we use their name and social security number to request a
credit report. Once we determine a
user’s credit-worthiness, this document is destroyed.
We
use [THIRD PARTY/THIRD PARTY SOFTWARE] to verify a user’s [identity][address]
to [state why it is necessary to verify the user’s
identity or address].
In order for this Web site to enhance its ability
to tailor the site to a user’s preference, we combine information about the purchasing
habits of users with similar information from our partners, [COMPANY Y &
COMPANY Z], to create a personalized user profile. When a user makes a purchase from either of these two companies,
the companies [we] collect [and share] personal [and demographic] information
back with us.
We purchase third party marketing data and add it
to our existing user database to better target our advertising and provide
pertinent offers we think our users would be interested in. We use this information to enhance or overlay
the ‘profile’ of individual users. This aggregate marketing data is therefore
tied to the users’ personally identifiable information. See also the “Profile.”
If
a user’s personally identifiable information changes (such as zip code, phone,
email or postal address), or if a user no longer desires our service, we
provide a way to correct, update or delete/deactivate users’ personally
identifiable information. This can usually be done at the [member information
page] or
by emailing our Customer Support at [EMAIL ADDRESS]. [Or, contact us by telephone or postal mail
at the contact information listed below].
If we decide to change our privacy policy,or use the information gathered in a manner different from that’s stated at the time of collection we will post those changes to this privacy statement, the homepage, and other places we deem appropriate so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We will use information in accordance with the privacy policy under which the information was collected.
If,
however, we are going to use users’ personally identifiable information in a
manner different from that stated at the time of collection we will notify
users via email. Users will have a choice as to whether or not we use their
information in this different manner.
However, if users have opted out of all communication with the site, or
deleted/deactivated their account, then they will not be contacted, nor will
their personal information be used in this new manner. In addition, if we make any material changes
in our privacy practices that do not affect user information already stored in
our database, we will post a prominent notice on our Web site notifying users
of the change. In some cases where we post a notice we will also email users,
who have opted to receive communications from us, notifying them of the changes
in our privacy practices.
If
users have any questions or suggestions regarding our privacy policy, please
contact us at:
Phone
Fax
Email yodercm@earthlink.net
Web
site URL [HELP DESK OR CUSTOMER SUPPORT OR PRIVACY OFFICER]