TRUSTe Guidance on Web Site
PART ONE: Model Disclosures
Unfortunately, there is no single “ideal” privacy statement – by definition, privacy statements vary from company to company and must be tailored to highlight specific practices. TRUSTe has, however, identified several common themes that, in our experience, have emerged as “best practices” for a privacy statement. The Model Disclosures reflect these themes. You should pick and choose among them, as you draft your privacy statement.
As you review the following Model Privacy Disclosures, keep these key points in mind:
1. Say what you do; do what you say – The Golden Rule in privacy statements is “Do Not Lie.” The only thing worse than not posting a privacy statement is fraudulently claiming a certain business practice. State and federal governments do not look kindly on companies that claim one set of practices, and follow another.
2. Tailor the Model Privacy Disclosures – The following models will provide you with resources to begin developing your own privacy statement, but you should be sure not to simply cut and paste. Use them as a starting point to create a privacy statement tailored to your specific practices.
3. Privacy Statements are not Disclaimers – The communication of your company’s privacy practices should express what is actually happening on the site, not what may happen, has happened or is planned for the future. Informing your users of the information-gathering practices your company’s site does not engage in may be as important in building their trust as disclosing how the site collects, uses, and shares personal information.
4. Re-visit your privacy statement frequently – A privacy statement is a living document, designed to clearly communicate your company’s current privacy practices, which, for many companies, change over time. Revisit your posted privacy statement to make sure it truly reflects your current practices.
5. Communicate your privacy practices to your entire company – In order to avoid a “privacy breach,” it is important that all of your employees understand the policies reflected in your privacy statement.
We hope you find these Model Privacy Disclosures useful in your quest to build trust with your customers. If you have any questions, do not hesitate to contact us by email at email@example.com.
Additional Steps for Protecting Children Online
If you must comply with the Children’s Online Privacy Protection Act (COPPA), you are required to meet specific requirements and to make additional disclosures. Please visit the Children’s Privacy Seal section of our Web site for more information on how to make your Web site safer for kids and compliant with the COPPA.
Throughout Part One of this document TRUSTe uses [bracketed] language to provoke thought on a specific privacy practice or to present language options that will help you ensure your privacy statement matches your business model and actual practices. Our commentary is in italics.
In order to use this Web site, you must first complete the registration form [and/or create a user name and password]. During registration you [are required to] give[s] contact information (such as name and email address). We use this information to contact you about the services on our site in which you have expressed interest.
You have the option to provide demographic information (such as income level and gender) to us; we encourage you to submit this information so we can provide you a more personalized experience on our site.
Describe any communications (e.g. newsletters, updates) that users may receive when they register. See “Communications from the Site” section for sample language.
[COMPANY NAME] is the sole owner [or describe other entities, e.g., parent, affiliates, who have an ownership interest]of the information collected on [NAME OF SITE]. [COMPANY NAME] collects personally identifiable information from our users at several different points on our Web site.
If you purchase a product or service from us, we request certain personally identifiable information from you on our order form. You must provide contact information (such as name, email, and shipping address) and financial information (such as credit card number, expiration date).
We use this information for billing purposes and to fill your orders. If we have trouble processing an order, we will use this information to contact you.
Describe any communications (e.g. newsletters, updates) that users may receive when they register. See “Communications from the Site” section for sample language
If you apply for a loan [purchase an insurance policy, other product or service requiring financial information] on our site, we require that you provide certain personally identifiable information, including your name, address, phone number, credit card number [and Social Security number]. This information is necessary to process your application and to contact you.
Describe any communications (e.g. newsletters, updates) that users may receive when they register. See “Communications from the Site” section for sample language
Social Security Numbers
TRUSTe recommends that you collect a social security number ONLY when it is required for performing a service the site provides.
We require your social security number to provide [describe the service you provide here.] When you enter your social security number on our registration [order form, application form], we encrypt it using secure socket layer technology (SSL).
[From time-to-time] we may provide you the opportunity to participate in contests or surveys on our site. If you participate, we will request certain personally identifiable information from you. Participation in these surveys or contests is completely voluntary and you therefore have a choice whether or not to disclose this information. The requested information typically includes contact information (such as name and shipping address), and demographic information (such as zip code).
We use this information [to . . . .] Describe fully how the data collected is to be used, e.g., to notify contest winners and award prizes, to monitor site traffic or personalize the site (in the case of anonymous information collected in surveys), to send participants an email newsletter.
We use [may use] a third party service provider to conduct these surveys or contests; that company is [will be ] prohibited from using our users’ personally identifiable information for any other purpose. [Use the latter disclosure only if your service-provider contracts expressly prohibit this]. We will not share the personally identifiable information you provide through a contest or survey with other third parties unless we give you prior notice and choice.
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will automatically send your friend a one-time email inviting him or her to visit the site. [COMPANY NAME] stores [or does not store] this information for the sole purpose of sending this one-time email [and tracking the success of our referral program].
Your friend may contact us at [INSERT URL OR EMAIL ADDRESS] to request that we remove this information from our database.
[This paragraph should elaborate on how the site itself actually uses the information users submit. The service the site performs should be incorporated here. Also, a discussion of the use of aggregate (i.e.,non-personally identifying) information should be disclosed here as well. Be as specific as possible, without being contingent. Avoid ‘we may do this’ ‘we might do that’ type of language.]
We will occasionally send you information on [products, services, special deals, promotions] [You can sign up for these emails from us on our registration page.]
Out of respect for your privacy, we present the option not to receive these types of communications. Please see the “Choice and Opt-out.”
If you wish to subscribe to our newsletter(s), we will use your name and email address to send the newsletter to you. Out of respect for your privacy, we provide you a way to unsubscribe. Please see the “Choice and Opt-out” section.
We will send you strictly service-related announcements on rare occasions when it is necessary to do so. For instance, if our service is temporarily suspended for maintenance, we might send you an email.
Generally, you may not opt-out of these communications, which are not promotional in nature. If you do not wish to receive them, you have the option to deactivate your account. [You may opt-out of these communications. Please see “Choice and Opt-out.”]
Based upon the personally identifiable information you provide us, we will send you a welcoming email to verify your username and password. We will also communicate with you in response to your inquiries, to provide the services you request, and to manage your account. We will communicate with you by email or telephone, in accordance with your wishes.
We store information that we collect through cookies, log files, clear gifs, [and/or third party sources] to create a “profile” of your preferences. We tie [we do not tie] your personally identifiable information, and [or] your purchasing history, to information in the profile, in order to provide tailored promotions and marketing offers and to improve the content of the site for you.
We share [do not] share your profile with other third parties. [We share your profile in aggregate form only.] [We share your profile together with your personally identifiable information.]
In order to provide certain services [specify] to you, we may on occasion supplement the personal information you submitted to us with information from third party sources. [Use all that apply to your business model.]
To determine if you qualify for one of our credit cards, we use your name and social security number to request a credit report. Once we determine your credit-worthiness, we destroy this document.
We use [THIRD PARTY/THIRD PARTY SOFTWARE] to verify your [identity] [address], in order to [state why it is necessary to verify the user’s identity or address].
We purchase marketing data from third parties and add it to our existing user database, to better target our advertising and to provide pertinent offers in which we think you would be interested. To enrich our Profiles of individual customers, we tie this information to the personally identifiable information they have provided to us.
Information Sharing and Disclosure
We share aggregated demographic information about our user base with our partners and advertisers. This information does not identify individual users. [Describe the sharing practices of what your site does, but be specific in describing your relationship with these third parties. Define terms such as “partner.]
We do not link aggregate user data with personally identifiable information.
Personally identifiable information:
We Share Personally Identifiable Information [We DO NOT Share] Personally Identifiable Information with Third Parties
[Specifically describe any actual practices involving sharing of personally identifiable information. Describe scenarios in which the partner can use the information in any way, and/or where the partner’s use of the information is limited (and explain how limited). Describe sharing with parent companies, subsidiaries or affiliated companies for reasons other than corporate record keeping purposes, where relevant. Typically these kinds of sharing arrangements occur when the third party will own or control the personal information. Below are some examples of relationships or situations involving sharing personal information with third parties.
Keep in mind that if you are sharing personally identifiable information with third parties acting other than as your agents or service providers, you must provide an opt-out prior to the sharing.]
We use an outside shipping company to fulfill orders, and a credit card processing company to bill you for goods and services. These companies do not retain, share, store or use personally identifiable information for any other purposes.
We use other third parties [or OTHER PARTY’S NAME] to provide [describe specific services] on our site. When you sign up for [named service(s)], we will share [specify what information is being shared] as necessary for the third party to provide that service.
These third parties are prohibited from using your personally identifiable information for any other purpose. [Use this disclosure only if your contracts expressly prohibit the provider from using the data for other purposes].
Other Third Parties
[Describe third-party relationships other than agency and service provider relationships; describe what information is shared and for what purpose].
We reserve the right to disclose your personally identifiable information as required by law and when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, or legal process served on our Web site
[Explain all circumstances in which you provide users a choice about how you use or share their personally identifiable information].
We provide you the opportunity to ‘opt-out’ of having your personally identifiable information used for certain purposes, when we ask for this information. For example, if you purchase a product/service but do not wish to receive any additional marketing material from us, you can indicate your preference on our order form.
If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included in each newsletter or communication or by emailing us at [EMAIL ADDRESS] [We offer an opportunity to opt-out of certain communications on our [MEMBER INFORMATION PAGES], or you may contact us at [PHONE] [EMAIL] or [POSTAL MAIL] to opt-out.]
You will be notified when your personal information is collected by any third party that is not our agent/service provider, so you can make an informed choice as to whether or not to share your information with that party.
As is true of most Web sites, we gather certain information automatically and store it in log files. This information includes internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, operating system, date/time stamp, and clickstream data.
We use this information, which does not identify individual users, to analyze trends, to administer the site, to track users’ movements around the site and to gather demographic information about our user base as a whole.
We do [do not] link this automatically-collected data to personally identifiable information. [IP addresses are tied to personally identifiable information to [describe the purpose for which you do this]
A cookie is a small text file that is stored on a user’s computer for record-keeping purposes. [We use] [do not use] cookies on this site. [We do/do not link the information we store in cookies to any personally identifiable information you submit while on our site.]
We use [both] session ID cookies [and/or] persistent cookies. [We use session cookies to make it easier for you to navigate our site.] A session ID cookie expires when you close your browser. A persistent cookie remains on your hard drive for an extended period of time. You can remove persistent cookies by following directions provided in your Internet browser’s “help” file. [Provide a link to information on cookies.]
[Explain how cookies are used on your Web site.] We set a persistent cookie to store your passwords, so you don’t have to enter it more than once. Persistent cookies also enable us to track and target the interests of our users to enhance the experience on our site.
If you reject cookies, you may still use our site, but your ability to use some areas of our site, such as contests or surveys, will be limited. [Describe use of cookie for shopping cart, if appropriate.]
[Webtrendslive users may have further obligations of particular language per their license with Webtrendslive. See your license agreement.] [See the “Profile” section above.]
We employ [or our third party advertising partner employs] a software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help us better manage content on our site by informing us what content is effective. Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages and are about the size of the period at the end of this sentence. We tie [do not tie] the information gathered by clear gifs to our customers’ personally identifiable information.
To learn more about our advertising company’s use of clear gifs, please go to [NAME OF ADVERTISER’S SITE.]
We use clear gifs in our HTML-based emails to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out of these emails, please see “Choice and Opt-out.”
The ads appearing on this Web site are delivered to users by [THIRD PARTY AD SERVER NAME], our advertising partner. We share Web site usage information about users with a reputable third party [NAME OF THIRD PARTY] for the purpose of targeting our Internet banner advertisements on this site.
This Web site contains links to other sites that are not owned or controlled by [COMPANY NAME]. Please be aware that we, [COMPANY NAME], are not responsible for the privacy practices of such other sites.
We encourage you to be aware when you leave our site and to read the privacy statements of each and every Web site that collects personally identifiable information.
This privacy statement applies only to information collected by this Web site.
Bulletin Boards/Chat Rooms
[The TRUSTe program does not govern personal information submitted in bulletin boards, chat rooms, or similar services. If you provide these services on your site, TRUSTe requires that you provide a warning about the potential consequences of posting personally identifiable information there, as a service to customers and other visitors to your site. For example:]
If your personally identifiable information changes, or if you no longer desire our service, you may [correct, update, delete or deactivate it] by making the change on our member information page [or by emailing our Customer Support at EMAIL ADDRESS] or by contacting us by telephone or postal mail at the contact information listed below.
The security of your personal information is important to us. When you enter sensitive information (such as credit card number and/or social security number) on our registration or order forms, we encrypt that information using secure socket layer technology (SSL). [To learn more about SSL, follow this link [INSERT LINK].]
We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. No method of transmission over the Internet, or method of electronic storage, is 100% secure, however. Therefore, while we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
If you have any questions about security on our Web site, you can send an email to us at [EMAIL ADDRESS.]
In the event [COMPANY NAME] goes through a business transition, such as a merger, acquisition by another company, or sale of all or a portion of its assets, your personally identifiable information will likely be among the assets transferred. You will be notified via [email] [prominent notice on our Web site for 30 days] of any such change in ownership or control of your personal information.
We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here, by email, or by means of a notice on our home page.
If you have any questions or suggestions regarding our
address, Web site URL (help desk or customer support or privacy officer)]
PART TWO: Required Disclosures
Statement about TRUSTe Requirements
Once they have been certified by TRUSTe, all Licensees Must Post one of the following Opening Statements at the beginning of their Privacy Statements.
[COMPANY NAME/SITE] is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to enable individuals and organizations to establish trusting relationships based on respect for personal identity and information by promoting the use of fair information practices. This privacy statement covers the site [WWW.URL OFSITE.COM]. Because this Web site wants to demonstrate its commitment to our users’ privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe. By displaying the TRUSTe trustmark, [NAME OF SITE] has agreed to notify users of:
1. What personally identifiable information [COMPANY NAME] collects.
2. What personally identifiable information third parties collect through the Web site.
3. What organization collects the information.
4. How [COMPANY NAME] uses the information.
5. With whom [COMPANY NAME] may share user information.
6. What choices are available to users regarding collection, use and distribution of the information.
7. What measures [COMPANY NAME] takes to protect the information under its control.
users can correct any inaccuracies in the information.
If you have questions or concerns regarding this statement, you should first contact [NAME OF INDIVIDUAL, DEPARTMENT OR GROUP RESPONSIBLE FOR INQUIRIES] by [CONTACT INFORMATION: EMAIL, PHONE, POSTAL MAIL] If you do not receive acknowledgment of your inquiry, or if your inquiry is not satisfactorily addressed, you should then contact TRUSTe through the TRUSTe Watchdog Dispute Resolution Process (http://www.truste.org/watchdog.html). TRUSTe will serve as a liaison with the Web site to resolve your concerns.
If you choose this version of the Opening Statement, we recommend that the disclosures in your Privacy Statement follow the order of the items listed as (1)-(8) above.
Include the following Software Disclaimer as the last sentence in the TRUSTe opening statement if the site has a downloadable software application or applet:
The TRUSTe program covers only information that is collected
through this Web site, and does not cover information that may be collected
through software downloaded from the site.]
[COMPANY NAME] is a licensee of the TRUSTe Privacy Program. TRUSTe is an independent, non-profit organization whose mission is to build users' trust and confidence in the Internet by promoting the use of fair information practices. This privacy statement covers the site [WWW.URL OFSITE.COM]. Because this web site wants to demonstrate its commitment to your privacy, it has agreed to disclose its information practices and have its privacy practices reviewed for compliance by TRUSTe.
If you have questions or concerns regarding this statement, you should first contact [NAME OF INDIVIDUAL, DEPARTMENT OR GROUP RESPONSIBLE FOR INQUIRIES] by [CONTACT INFORMATION: EMAIL, PHONE, POSTAL MAIL]. If you do not receive acknowledgment of your inquiry or your inquiry has not been satisfactorily addressed, you should then contact TRUSTe http://www.truste.org/watchdog.html. TRUSTe will then serve as a liaison with the Web site to resolve your concerns.
The TRUSTe program covers only information that is collected through
this Web site, and does not cover information that may be collected through
software downloaded from the site.]