Over the past few years, new sets of rules and regulations were established in order to increase transparency in the use of cookies. The largest of these regulations is the General Data Protection Regulation (GDPR), a regulation in EU law that addresses the transfer of personal data outside EU areas. There are also Federal Trade Commission (FTC) requirements for third-party cookies and privacy policy requirements for several countries, including the United States, the UK, Australia, and the EU. Basically, to stay in compliance you must abide by the following guidelines:
- If you are targeting EU consumers, you must give them acknowledgment that your site uses cookies.
- If you allow paid advertisements or affiliate links on your site, you must disclose this information.
- If you track user activity or collect user data, you must provide a comprehensive privacy policy explaining how the data is gathered and used.
Privacy Policy
A clear privacy policy is your first step toward gaining the trust of your user. In many countries including the US, privacy policies are mandated by law, so this is one area you can’t ignore if you collect personal information like email or physical addresses, account, or credit details. Your privacy page needs to include:
- What user information you collect, including IP/email addresses and financial information
- How you obtain this information
- The reason you’re asking for personal information
- How you store and protect user information
- How you update your policy and how you update users about these changes
- Who has access to your information, which could include newsletter services and any third-party tools
You can use services such as Rocket Lawyer or TermsFeed to create free customized privacy policies for your site. These tools allow you to tailor your policy to meet a varying degree of regulatory frameworks, such as GDPR, CalOPPA, CCPA, and more.
Cookie Policy
Some website owners combine their privacy and cookie policies, which is legal in the US but potentially violates EU law. In 2011, the European Union adopted the Cookies Directive, which requires sites to alert users of the use of cookies and allow users to refuse or accept cookie placement on their devices. It also requires that site owners create a separate cookie policy apart from the site’s privacy policy.
Under US law, the Federal Trade Commission (FTC) enforces privacy and data security laws and regulations, but does not require a separate cookie policy.
There are a few tools available to set up cookie consent platforms, such as CookieFirst and Osano, which is open source. Tools like these ensure that you stay on the right side of the law regarding your cookie usage inside and outside the US.
Privacy Shield
Privacy Shield is a voluntary security agreement allowing for the safe transfer of personal data traveling in and out of the EU. While it’s not required for sites to be certified by Privacy Shield, it does show your users how seriously you take your security, especially if you do business with the EU. You can learn about Privacy Shield and apply for certification here.
Return Policies
If you deal in e-commerce, one of the most important tasks will be designing a clear return policy. With the rise of Amazon, consumers increasingly expect hassle-free returns with clear expectations. If users can’t quickly grasp your return policy, they’ll find somewhere else to shop. According to a 2019 survey by UPS, 73% of shoppers said the overall returns experience impacted how likely they were to purchase from a retailer again.
Offering a clear return policy shows that you have confidence in your product, which translates to trust for the user. Here are some best practices for creating a return/refund policy:
- Set clear procedures for return or exchange, including postage, packaging, and order slip information.
- Clarify whether you offer credit or refunds on returns.
- Avoid terms like “you must,” “you are required,” and “we are not responsible for.”
- Post your return policy in an easy-to-find area.
- Have a contingency plan in case something goes wrong (something will go wrong).
- Don’t copy and paste. Customize the policy to your business.
You can find return/refund policy templates on sites like TermsFeed, which allows you to customize your policy as needed.
