A "How Do We Collect Your Information" clause is an essential clause for any website, app, or company that collects the information of its consumers online.
This clause should be part of your Privacy Policy.
While this clause can sometimes be combined with other clauses in your policy, it's recommended that you keep this as a separate clause since it covers very important information.
This article will break down what this clause is, what it accomplishes, and how you can draft your own with some practical examples from other businesses.
In addition to disclosing what type of data is collected and why, it's important to inform customers of how the information is collected.
Under the GDPR and other privacy laws, it is a requirement that companies disclose the "source" from where they collect customer data.
No matter if you are a smaller or larger company, it's important to remember that certain laws apply to certain companies. If you have consumers from across the world, you may be subject to multiple privacy laws.
Second, how the information is collected is very important to customers. The collection and storage of personal information has become at the forefront of online privacy issues. Your customers will want to know your practices and processes for how you collect their information and at what points.
Third, having this clause, along with the disclosure of your other practices, can create goodwill with your customers. Being transparent with your Privacy Policy can create trust between your customers and your company. This means customers may be more likely to return to your website or recommend it to others.
Finally, the clause can be a way to protect your website from potential liability. If there are any issues regarding the disclosure of your collection processes and you don't include this clause in your policy, it could be a possible issue later on.
Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.
- Click on the "Free Privacy Policy Generator" button, located at the top of the website.
- Select where your Privacy Policy will be used:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- Continue with building your Privacy Policy while answering on questions from our wizard:
-
Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.
That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
How to Draft Your How Do We Collect Your Information Clause
As mentioned above, privacy laws require that websites disclose in their Privacy Policies how they collect the information of their customers. This disclosure must be in a way that your customers can easily understand.
The GDPR requires that it be done in a "concise, transparent, intelligible and easily accessible way." In other words, you need to make sure this clause is clear and simple. Using big and confusing words will make it hard for consumers to understand and could mean you may violate many privacy laws.
Also, if the clause isn't easy to understand, it could lead to potential issues down the road regarding whether customers were made aware about how their information was collected.
Keeping that in mind, you can construct your clause in any way that fits your company. You can choose your own style, but there are a few common formats companies use.
These include:
- Paragraphs
- Combining the disclosure with other clauses
- Bullet points
Paragraphs are commonly used by many websites. However, if you use large, wordy paragraphs it may confuse the consumer and they may get lost in the legalese of your policy.
If you decide to use paragraphs, keep them short and use simple language to explain how you collect the information. Also, break up the paragraphs with plenty of white space or graphics to keep it easy to read.
TikTok's clause is an example of a paragraph format:
Another way you can draft the clause is by combining it with other clauses in your Privacy Policy. In your policy you are required to disclose what information is collected. Many companies include how they collect information with what information they collect.
Doing this can help connect consumers with what categories of information are collected with the when and how. This is key because not all information is collected at the same time and place.
See how Fossil combines its statements on how it collects data with the data that is collected:
Bullet points are one of the most popular formats for this clause. Considering how many different ways websites or apps may collect data, this clause can be quite extensive. Bullet points help keep that information organized and concise.
Kohl's uses bullet points to state all of the different ways it collects the data from its customers with short and simple sentences:
Now that you have an idea of some good formatting and structuring ideas, let's look deeper at the specific content you should include in your How Do We Collect Your Information Clause.
Different Clauses for Different Businesses
Like with other clauses in your Privacy Policy, your How Do We Collect Your Information clause should be constructed to fit your website and the goods and services you provide. Not every website will collect the data in the same way.
An example of this is that most websites will collect the data from third parties to help run their websites, but not every website may use social media to collect data. These types of collection points may then not be included in the clause.
Even though you can format the clause anyway you choose, a thing to consider is breaking out the different ways you collect the data and go into further detail with a paragraph, bullet points, etc.
Some of the common ways websites collect information can be:
- Automatically
- Directly
- Through publicly accessible information
- From log data
- Partnering with third parties
- Using cookies
- By social media
Collected Automatically
This type of collection will be in almost every website's clause. This is because websites or apps will automatically collect the data from its consumers oftentimes just by users accessing the website.
Even though this may be automatic and most customers will know that websites will know their IP address or if they are accessing the website by a phone or computer, it is still required to be disclosed.
Other automatic ways websites may collect data can be through mobile carriers, location data, and clicking on links on the website.
To see how to disclose the many different types of ways your website may collect data automatically, Society6 is a good example to check out:
TikTok offers another version of this statement by using a short paragraphs to detail the information it collects automatically from its users:
Collected Directly From Users
Data that is collected directly typically includes data that is actively provided by a customer or user. It is when they are intentionally providing their information to interact with your website.
These are usually when a user is doing something like the following:
- Creating an account
- Providing payment information when purchasing
- Communicating with technical support
- Participating in a promotion or sweepstakes
- Signing into the website or app
- Making a return
DreamHost includes some of these direct collection points in its Privacy Policy:
Public Information
This section in your clause is extremely important as many people may not think that websites will be able to access their personal information from public sources.
Even though most people offer their information to public sources, it's not always thought that the website where you buy your favorite shoes will use information that was provided to a local newspaper.
If you do collect your customer's information from public sources, you need to disclose it.
Google's Privacy Policy includes an example of how it collects information from public sources:
Log Data
Log data is a type of collection that can be either active or passive. Some websites will include a disclosure about log data in the earlier sections mentioned while others will include it as its own. Whichever way will be decided by your own company's services and whether it is a major way you collect data.
An example of a larger section about log data is Twitter's "Log Data" clause in its Privacy Policy. As Twitter is a social media website and users can interact with the website in many different ways, it has included a separate section in addition to the other parts of its clause:
Third Parties
It's almost impossible for websites to not use third parties in some way to function. Websites use third parties to help run their website, run analytics, and create a better user experience for customers. This often means that consumer information is often exchanged or shared between the websites, acting as another behind-the-scenes way of gathering data.
Examples of ways websites collect data through third parties can be for payment services, bookings, and analytics.
Booking.com's "Other Sources" section is one way of doing this:
Cookies
Like third parties, websites use cookies as a way to help a website run.
Cookies are little bits of technology that help store information such as previous searches or purchases that help customers when they return to the website. Websites use the cookies as a way to track interaction between customers and their websites which they use to improve functions.
It is one of the major ways websites collect data and is often included in the "how" disclosure in a Privacy Policy, but will often be a separate disclosure as well.
Booking.com lets users know that it uses marketing cookies to gather certain types of data:
Social Media
Not every website will use social media as a way to collect information. However, it is becoming one of the most common ways of "how" websites collect data due to the popularity and accessibility of social media.
The different ways a website may collect data from social media is when a user interacts with the company for technical support or shares a post from the website's social media platform. When users do this, websites then have access to the public information that users provide with their social media account. This can include photo, name, user ID, birthdate, gender, etc.
Disclosing this in your Privacy Policy is extremely important because what people often share on their social media can be private information. It's key that if you do collect customers' information from social media, you need to disclose that in your clause.
Here's how WarnerMedia does this:
Summary
Remember, a How Do We Collect Your Information clause is important to include in your Privacy Policy. It's a statement by your website or app to your customers about how you collect their information. This can be either automatically, directly, from third parties, and even through social media.
Full disclosure of this is required by privacy laws to create transparency between your company and your customers.
When drafting your clause, make sure you keep the clause clean, simple, and easily understandable to make sure that anyone reading it will understand your practices.