There are a lot of discussions these days about privacy and personal data protection laws, but how does that apply to your ecommerce business?
Since the topic has been trending, especially after the creation and enforcement of laws that regulate aspects related to the protection of personal data, such as the European General Data Protection Regulation (GDPR), Brazil’s Lei Geral de Proteção de Dados (LGPD) and the California Consumer Privacy Act (CCPA) in the United States, many consumers have started to pay closer attention to how their data is used by companies.
Therefore, having a complete, transparent and easy-to-understand privacy policy can be seen by your customers as a point in favor of your ecommerce business, as it will create a greater sense of trust.
What is a privacy policy?
A privacy policy is a document through which a company makes available to its clients (and any other person who visits its website) information on how their personal data will be used, the purpose for which this data will be used, whether it will be shared with third parties and other aspects that might be pertinent to reach an adequate level of transparency.
For example, on an ecommerce website, if a seller wants to be able to complete the sale and deliver the products purchased online, they will have to collect and store certain personal data, such as:
- Name;
- Email address;
- Address;
- Identification document;
- Credit card data.
In that sense, the seller’s privacy policy must state that such data is collected from the store’s users and customers so the purchase payments will be approved, the products will be delivered at the correct address and the invoices will be duly issued.
The seller should also inform the legal basis used for processing the customers’ personal data. In that case, the data processing will be deemed imperative for the due fulfillment of the sales agreement executed by the parties, since collecting and using the personal data collected is inherent to the completion of the agreement obligations.
Why is the privacy policy relevant and necessary for an ecommerce business?
The privacy policy plays a super relevant role these days, since not only are consumers more concerned about how their data is being used and stored, but there is also a high risk of personal data misuse due to the intense monitoring carried out by data protection authorities. Fines for GDPR violations, for example, can be as high as €20MM or 4% of the annual turnover of the offending company. It is a serious topic and one that should be handled with due importance by sellers.
A well-written and easy-to-understand privacy policy is also likely to help users accept it willingly, as it ensures visibility over the processing of their data. In addition to providing greater reliability for consumers, a transparent policy can assist the company in its accountability and auditing processes, which is very important for ecommerce businesses.
Goodbye, complicated and hard-to-understand policies!
Gone are the days of long, confusing or complex policies that the consumers had a hard time understanding. Nowadays, the recommendation is that the ecommerce business should provide a policy that:
- Is clear about how users’ and consumers’ personal data is collected, processed and handled;
- Clarifies whether the data is shared with third parties and, if so, for what purposes and who these third parties are;
- Establishes how long the data is kept by the platform, for what reasons and when it will be deleted;
- Clarifies the users’ and consumers’ rights and how to exercise them;
- Applies design techniques to make it easy to read and understand.
The seller should try to understand how the flow of personal data works within the platform, mapping which data is collected, in order to be able to write a policy that corresponds to their internal processes. They should also check with the service providers with whom the personal data is shared how they process such data. Finally, to enable a clear understanding of the policy text, spelling out and even explaining the meaning of some common terms — such as data subjects, controller, processing and processor — may be a good idea.
Here at VTEX, we make much of this information available to our clients on the VTEX Trust Hub, which you can check out here.
Privacy policy: Trust and security
Having a privacy policy regarding the processing of your ecommerce data is important to provide security not only to users and consumers, but also to the company itself. Everyone who visits your platform will realize this topic is relevant to your company and will understand how their data is processed, stored and used, thus bringing greater transparency to your commercial relationships and greater reliability to your ecommerce business.
