So generally, once you have a privacy policy (which so many of us don’t, but oughta), you just make it its own page and call it a day. But you need a way for your visitors to find it. There are considered to be two different methods – browsewrap and clickwrap. From the irrepressible folks at Dash Farrow:
Browse-wrap Agreements
A Browse-wrap agreement is one where the terms of an agreement are located on a website, but are often connected to the main web page of the product by a hyperlink to another web page that contains the contracts terms and conditions. Normally there is no affirmative manifestation of assent necessary to agree with the terms located on the linked web page. The customer must also affirmatively click the hyperlink to even access and become aware of the terms of the agreement.
Clickwrap Agreements
By contrast a Clickwrap Agreement is one where the website requires the customer or user to affirmatively review the terms of an agreement through a series of pop-up windows that ask for the customers to click a button showing that they agree to the conditions. Under a Clickwrap Agreement the website puts the terms of the agreement directly in front of the user and requires them to show that they affirmatively accept the terms by clicking a button.
They go on to say, by going the clickwrap way you are doing more to have your visitor or customer actively assent to your privacy policy for their information by forcing them to agree to it, and therefore are more in compliance with the law.
What that means is that you probably should have
- a separate page with your privacy policy on it
- link on your footer to that page (which would usually therefore be visible on every page of your site)
- a check box on any contact form or CTA pop-up form that is required before your visitor can submit the form (ie, they can’t give you their information until they’ve clicked the box saying they agree to your privacy policy and/or terms of use)
What are you doing for your site’s privacy policy? How have you found the best way to handle this? And…how soon do you think the GDPR will come to our shores? I think 3 years.
Leave a Reply