But what's the difference between the two?
- Terms & Conditions set out what's expected from both you and your users. The agreement can be used to manage your users' activity and expectations, and to protect your company from legal issues.
- 1. Privacy Policies
- 1.1.1. European Union (EU) Law
- 1.1.2. United States (US) Law
- 1.2.1. Website Software/Hosting Services
- 1.2.2. eCommerce Services
- 1.3.1. Who Your Users Can Contact About Their Data
- 1.3.2. Types of Personal Data You Process
- 1.3.3. How You Process Personal Data
- 1.3.4. Information About Third Parties
- 3. Terms & Conditions
- 3.1. Key Benefits and Features of a Terms & Conditions Agreement
- 3.1.1. Setting Out Your Rules
- 3.1.2. Protecting Your Company from Legal Action
- 3.1.3. Explaining the Reasons You Can Terminate Service
- 3.1.4. Establishing Your Intellectual Property Rights
European Union (EU) Law
The EU's General Data Protection Regulation (GDPR) privacy law is notoriously rigorous and applies to any individual or organization which is:
- Engaged in economic activity, and
- Processing the personal data of EU citizens
These are the only two conditions required for you to fall under the GDPR. Your company doesn't need to be based in the EU - you just need to be dealing with citizens of EU Member States. This includes Germany, France, Sweden - even the UK will remain compliant with the GDPR upon leaving the EU.
In case you're wondering whether your company "processes personal data":
- "Personal data," defined at Article 4(1) of the GDPR, means anything that could conceivably be used to "identify an individual" - including a person's name, and even their browser cookies.
- "Processing," defined at Article 4(2) of the GDPR, means doing just about anything with that data - keeping a record of a person's name, having your website store your users' browser cookies.
United States (US) Law
"that collects personally identifiable information through the Internet about individual consumers residing in California who use or visit its commercial Web site or online service"
Website Software/Hosting Services
Who Your Users Can Contact About Their Data
Types of Personal Data You Process
Article 12(1) of the GDPR requires that companies supply information about any data they are processing "in a concise, transparent, intelligible and easily accessible form, using clear and plain language."
A good place to start is by explaining to your users what type of personal data you'll be collecting from them.
Even if your company isn't asking your users to actively supply personal data, you'll need to inform them about your use of browser information such as cookies.
CalOPPA requires you to inform California residents of how your website responds to Do Not Track (DNT) signals. This is a feature of some web browsers which asks websites to disable tracking mechanisms such as cookies.
Here's how Land Rover USA complies with this:
Note that CalOPPA doesn't require your website to honor DNT requests - but it does require transparency.
How You Process Personal Data
Here's part of how Apple explains this:
Information About Third Parties
There are a number of reasons that you might need to pass your users' information onto third parties. Under Article 4(8) of the GDPR, an organization that processes data on the data controller's behalf is known as a "data processor." A data processor might be:
- An eCommerce platform which takes payments on your company's behalf
- A database software company which stores customer details on your behalf
- A survey company which gathers feedback on your behalf
Here's an example of the UK Government's website GOV.UK does this:
- Answer a few questions about your business:
- Add your website or app information:
- Answer a few questions about what information you collect from your users:
- Select options for how your users can contact you:
Terms & Conditions
However, having a clear set of Terms & Conditions is highly beneficial for any company:
- Terms & Conditions are an agreement between you can your users about what they can and cannot do when using your service.
- Terms & Conditions can protect or limit the damage that can be caused to your company through legal action.
- Terms & Conditions can allow you to fairly withdraw or suspend service.
Key Benefits and Features of a Terms & Conditions Agreement
What you include in your Terms & Conditions largely depends on the nature of your company and your online presence. These are some of the general and universal benefits of having a Terms & Conditions agreement:
Setting Out Your Rules
Terms & Conditions help you regulate the activities of you users. This can help you to avoid potential legal issues with, for example, User Generated Content. If your Terms & Conditions agreement makes the rules of your website or service clear from the outset, your company is less likely to spend time dealing with inappropriate content.
There are a number of options when it comes to setting these rules out in your Terms & Conditions. Some companies choose to have a separate document called "Community Standards" or "Acceptable Use Policy." This is fine, but you must be sure to incorporate this into your main Terms & Conditions.
Take a look at how Facebook handles this:
You can see that Facebook states in its Terms & Conditions that users may not breach its Community Standards. By mentioning its Community Standards in its Terms & Conditions, Facebook has ensured that its Community Standards have the same binding status as its main Terms & Conditions.
Here's a small excerpt from the Community Standards, which you can see elaborates on what's included in the Terms & Conditions:
Protecting Your Company from Legal Action
When properly constructed and agreed to, Terms & Conditions are legally binding on your users. This means that your company can use them to defend against legal action brought by its users. Your company's users might, in some circumstances, be able to rely on your Terms & Conditions in court, too - but remember that it's your company that calls the shots as to what goes into your Terms & Conditions.
Your company's Terms & Conditions might, for example, contain an indemnity clause protecting it from any legal issues caused by User Generated Content.
Here's how the Washington Post handles this in its Terms & Conditions:
Washington Post uses the phrase "hold harmless" here - an indemnity clause is sometimes known as a Hold Harmless clause. The effect of such a clause would be to render the user legally responsible for any costs associated with illegal activity they commit on your company's site.
For example, if a user makes defamatory comments on your website and the defamed person sues you, the user would be responsible for covering any legal costs or damages you are required to pay out as a result of their defamatory activity.
Explaining the Reasons You Can Terminate Service
If your company's website or app offers users the option of creating an account for the purposes of making comments or submitting other User Generated Content, you need to have the option to suspend or terminate these accounts.
By including this in your company's Terms & Conditions, you remain in control over who may submit content to your pages.
Here's how LinkedIn explains this to its users:
Here's how Fox News approaches the issue of account termination. You'll notice that Fox News grants itself a lot more discretion than LinkedIn in this regard:
Establishing Your Intellectual Property Rights
You can use your Terms & Conditions as a way to ensure that you retain the rights over the content on your site. You can refer to this clause if any of your users violate your copyright or trademark rights.
Here's how not-for-profit FinTech North establish its Intellectual Property rights in its Terms & Conditions:
- Provides information about your company's data protection and privacy practices.
Is required by law, for example by:
- The EU's GDPR
- California's CalOPPA
- Canada's Personal Information Protection and Electronic Documents Act (the PIPEDA privacy law)
Is required by many third parties, including:
- Website development software companies
- eCommerce store software companies
- Analytics and advertising services
Should contain information about:
- Contact details for your company
- The types of personal data your company processes
- The reasons you need to process this personal data
- The ways in which you process personal data
- Any third parties with whom you share your users' personal data
Terms & Conditions:
- Set out the rules of your company's website or service and help you deal with any legal issues that might come up.
- Are not required by law, but are likely to prevent or mitigate against legal problems.
Can contain clauses that:
- Set out the rules that users of your website or service have to obey.
- Exclude or limit legal liability for the activities of users on your website.
- Explain the grounds on which you can terminate or suspend your users' use of your website or service.
- Establish that the content on your company's website is your company's Intellectual Property.