Crafting a Privacy Policy

I am helping craft our online privacy policy. Here are the components I am considering. Any other suggestions for what to include?

  1. Our Data Privacy Principles (Example:
  2. Your privacy rights
    1. How will you be notified if the privacy policy changes?
    2. Communication opt out/opt in policies
    3. Rights regarding your ability to review/update/delete personal information
    4. Who can I speak to if I have questions?
  3. What, why, and how and when our organizations collects/tracks personal data (not just the online mechanisms)
    1. What cookies and or web beacons do we use and where?
    2. How do we handle submitted prayer requests?
  4. Security Approach – how do we protect data and who sees it (i.e. staff, contractors, volunteers)
    1. Link to our confidentiality policy signed by staff and volunteers
  5. List of sites the policy applies to
  6. List of major software partners outside the policy
    1. Links to their privacy policy
    2. Description of our partnership with them
  7. Do we rent or sell data to anyone?
  8. Definitions
    1. What is Personal Data?
      1. Examples:
        2. The GDPR definition of personal data is – deliberately – a very broad one. In principle, it covers any information that relates to an identifiable, living individual.
      2. Cookies
      3. Web Beacons
      4. Additional definitions as needed
    2. Date the policy was last updated
    3. Links to previous policies
More Content