Privacy Policy

Privacy Policy Requirements

Requirements of the PrivacyTrust Standard Privacy Certification.


1. Personally Identifiable Information – “Personally identifiable information” is information that we can use to identify you as an individual. Personally identifiable information includes your name, address, telephone number and any other information that is connected with you personally.

2 . “Site(s)” means the website for which the PrivacyTrust is endorsing the privacy policy.

General Privacy Requirements

 1. Treat all Personally Identified Information gathered on the site in accordance with the privacy policy.

2. A user of the site must be given the option of not giving their personally identifiable information if the information collected is not related to the primary purpose for which the information was collected or the personally identified information was disclosed to third parties.

3. The user’s choice about personally identifiable information being disclosed to third parties must be honoured. The user must also have the means to change their choice.

4. You may use third party personally identifiable information to send a one-time email message to the person to whom the information concerns to solicit their consent to using their Personally Identifiable Information.

5. All newsletters and promotional email messages that are sent to users, apart from the messages the user has agreed to receive as a condition of using your service, must include an unsubscribe link.

6. If the user has stated that he/she is under 13 years of age you should not collect any personally identifiable information on your site without the knowledge and permission of their parent or guardian. If there are certain web pages within your Site that require users to be at least 13 years of age, anyone under the age of 13 should be restricted from participating in such web page activities.

7. You must take reasonable steps when collecting, creating, maintaining, using and disclosing Personally Identifiable Information, to assure that the data are accurate, complete and timely for the purposes for which they are to be used; and you also implement reasonable security procedures, such as encryption, to protect Personally Identifiable Information.

8. You must provide a link to the Privacy Policy from the home page or any page collecting Personally Identified Information.

Privacy Policy Requirements

1. Full description of how users of the site can contact the licensee.

2. Full description of how users of the site can contact PrivacyTrust regarding licensee’s privacy policy.

3. Information about how personally identifiable information collected by the site.

4. Inform the user about any third parties, either on your behalf or for themselves, that are collecting personally identified information through the site. In some cases, depending on the nature of information, these third parties will also need to have an PrivacyTrust privacy certification.

5. Inform the user how the personally identifiable information collected through the site is used.

6. What tracking technology, if any, (e.g. cookies) is used on the site.

7. Inform the user how to access and change the Personally Identifiable Information provided by them to you.

8. Inform the user that all personally identifiable information gathered can be disclosed to judicial or other government agencies subject to warrants, subpoenas or other governmental orders.

9. Inform users that personally identifiable information posted by them in online bulletin boards, chat rooms, news groups or other public forums may be displayed publicly.

11. Inform users of the notification procedures with respect to any changes in privacy policy and use of the user’s personally identifiable information. Also, the means by which the user can take appropriate action concerning this change.

12. The date the privacy policy became effective.

13. If any personally identifiable information is disclosed to third parties to facilitate the primary purpose it should be declared in the privacy policy.

14. If payment information is collected by the site the details of this, and how it is secured should be stated. If no payment information is collected best practice is to state this.

15. Detail the ownership transfer or data destruction that will occur in the event of a merger, likewise in the event that the business declares bankruptcy or ceases trading.

Helping your business exceed the compliance standard.

Our team of experienced privacy attorneys & certified privacy professionals have a proven track record of delivering privacy frameworks and data privacy solutions, tailored to your business needs.