A "How Do We Collect Your Information" clause is an essential clause for any website, app, or company that collects the information of its consumers online.
While this clause can sometimes be combined with other clauses in your policy, it's recommended that you keep this as a separate clause since it covers very important information.
This article will break down what this clause is, what it accomplishes, and how you can draft your own with some practical examples from other businesses.
In addition to disclosing what type of data is collected and why, it's important to inform customers of how the information is collected.
Under the GDPR and other privacy laws, it is a requirement that companies disclose the "source" from where they collect customer data.
No matter if you are a smaller or larger company, it's important to remember that certain laws apply to certain companies. If you have consumers from across the world, you may be subject to multiple privacy laws.
Second, how the information is collected is very important to customers. The collection and storage of personal information has become at the forefront of online privacy issues. Your customers will want to know your practices and processes for how you collect their information and at what points.
Finally, the clause can be a way to protect your website from potential liability. If there are any issues regarding the disclosure of your collection processes and you don't include this clause in your policy, it could be a possible issue later on.
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
How to Draft Your How Do We Collect Your Information Clause
As mentioned above, privacy laws require that websites disclose in their Privacy Policies how they collect the information of their customers. This disclosure must be in a way that your customers can easily understand.
The GDPR requires that it be done in a "concise, transparent, intelligible and easily accessible way." In other words, you need to make sure this clause is clear and simple. Using big and confusing words will make it hard for consumers to understand and could mean you may violate many privacy laws.
Also, if the clause isn't easy to understand, it could lead to potential issues down the road regarding whether customers were made aware about how their information was collected.
Keeping that in mind, you can construct your clause in any way that fits your company. You can choose your own style, but there are a few common formats companies use.
- Combining the disclosure with other clauses
- Bullet points
Paragraphs are commonly used by many websites. However, if you use large, wordy paragraphs it may confuse the consumer and they may get lost in the legalese of your policy.
If you decide to use paragraphs, keep them short and use simple language to explain how you collect the information. Also, break up the paragraphs with plenty of white space or graphics to keep it easy to read.
TikTok's clause is an example of a paragraph format:
Doing this can help connect consumers with what categories of information are collected with the when and how. This is key because not all information is collected at the same time and place.
See how Fossil combines its statements on how it collects data with the data that is collected:
Bullet points are one of the most popular formats for this clause. Considering how many different ways websites or apps may collect data, this clause can be quite extensive. Bullet points help keep that information organized and concise.
Kohl's uses bullet points to state all of the different ways it collects the data from its customers with short and simple sentences:
Now that you have an idea of some good formatting and structuring ideas, let's look deeper at the specific content you should include in your How Do We Collect Your Information Clause.
Different Clauses for Different Businesses
An example of this is that most websites will collect the data from third parties to help run their websites, but not every website may use social media to collect data. These types of collection points may then not be included in the clause.
Even though you can format the clause anyway you choose, a thing to consider is breaking out the different ways you collect the data and go into further detail with a paragraph, bullet points, etc.
Some of the common ways websites collect information can be:
- Through publicly accessible information
- From log data
- Partnering with third parties
- Using cookies
- By social media
This type of collection will be in almost every website's clause. This is because websites or apps will automatically collect the data from its consumers oftentimes just by users accessing the website.
Even though this may be automatic and most customers will know that websites will know their IP address or if they are accessing the website by a phone or computer, it is still required to be disclosed.
Other automatic ways websites may collect data can be through mobile carriers, location data, and clicking on links on the website.
To see how to disclose the many different types of ways your website may collect data automatically, Society6 is a good example to check out:
TikTok offers another version of this statement by using a short paragraphs to detail the information it collects automatically from its users:
Collected Directly From Users
Data that is collected directly typically includes data that is actively provided by a customer or user. It is when they are intentionally providing their information to interact with your website.
These are usually when a user is doing something like the following:
- Creating an account
- Providing payment information when purchasing
- Communicating with technical support
- Participating in a promotion or sweepstakes
- Signing into the website or app
- Making a return
This section in your clause is extremely important as many people may not think that websites will be able to access their personal information from public sources.
Even though most people offer their information to public sources, it's not always thought that the website where you buy your favorite shoes will use information that was provided to a local newspaper.
If you do collect your customer's information from public sources, you need to disclose it.
Log data is a type of collection that can be either active or passive. Some websites will include a disclosure about log data in the earlier sections mentioned while others will include it as its own. Whichever way will be decided by your own company's services and whether it is a major way you collect data.
It's almost impossible for websites to not use third parties in some way to function. Websites use third parties to help run their website, run analytics, and create a better user experience for customers. This often means that consumer information is often exchanged or shared between the websites, acting as another behind-the-scenes way of gathering data.
Examples of ways websites collect data through third parties can be for payment services, bookings, and analytics.
Booking.com's "Other Sources" section is one way of doing this:
Cookies are little bits of technology that help store information such as previous searches or purchases that help customers when they return to the website. Websites use the cookies as a way to track interaction between customers and their websites which they use to improve functions.
Booking.com lets users know that it uses marketing cookies to gather certain types of data:
Not every website will use social media as a way to collect information. However, it is becoming one of the most common ways of "how" websites collect data due to the popularity and accessibility of social media.
The different ways a website may collect data from social media is when a user interacts with the company for technical support or shares a post from the website's social media platform. When users do this, websites then have access to the public information that users provide with their social media account. This can include photo, name, user ID, birthdate, gender, etc.
Here's how WarnerMedia does this:
Full disclosure of this is required by privacy laws to create transparency between your company and your customers.
When drafting your clause, make sure you keep the clause clean, simple, and easily understandable to make sure that anyone reading it will understand your practices.