Almost every business has a possibility of one day transferring to another entity due to a sale, merger or restructuring.
- 1.1.1. United States
- 1.1.2. United Kingdom
- 1.1.3. European Union
- 1.1.4. Australia
- 1.1.5. Canada
- 2. Business Transfer Clause
- 2.1. Where to Include a Business Transfer Clause
- 2.2. When to Use a Separate Business Transfer Clause
- 2.3. Allow Users to Opt Out
- 3. Remember
As people have become more and more concerned about their privacy and the handling and use of their personal information, privacy laws in countries around the world have been created and enhanced to protect consumers.
You'll need to be aware of laws not only of where you're located, but also the laws of areas where you do business. For example, the GDPR from the EU applies not only to EU businesses, but also to businesses located anywhere in the world that deal with personal information from individuals located in the EU.
In the United States, privacy matters are regulated under the following acts:
- The Cable Communications Policy Act of 1984
- The Americans With Disability Act
- The Computer Fraud and Abuse Act of 1986
- The Children's Internet Protection Act of 2001 (updated 2013)
- The Computer Security Act of 1997
- The Consumer Credit Reporting Control Act
- The Children's Online Privacy Protection Rule (COPPA)
As of May of 2018, the EU General Data Protection Regulation (GDPR) governs Privacy Policies for websites and apps attracting EU residents.
Business Transfer Clause
Typically, when a business is sold, the user data held by that business will be transferred to the new owner as part of the sale.
Additionally, if the business stipulates specific occasions when it might or can sell user data to third parties, then it is bound to those provisions.
Where to Include a Business Transfer Clause
Some organizations simply opt for integrating this information into another clause within their Policy.
However, since limiting liability is a goal, it is a good idea to create a dedicated Business Transfer clause if there is any likelihood of a future merger or transfer.
When to Use a Separate Business Transfer Clause
Including a separate Business Transfer Clause is ideal when:
- Trademarks, copyrighted material, trade secrets or highly confidential user data may be impacted.
- The website handles user data that could be personally identifiable, including names, home addresses, telephone numbers, passport numbers, etc.
- A merger or sale of the business or its assets is highly likely.
A separate Business Transfer clause also is ideal when a merger or sale of the business or its assets is highly likely.
In its Business Transfers clause, Chartbeat explains that user information is regarded as a business asset and can be transferred to a new entity should the company be sold in part or in totality.
Yelp informs their users that information will be passed to a new owner in the event that the company is sold. They state that the new owner will assume all rights and obligations with respect to that information.
Allow Users to Opt Out
Users may not wish to allow the new business owner to use their personal data, or they may not wish to continue doing business with them. Therefore, before any transfer of ownership of personal user data can take place, it is necessary to allow users the opportunity to opt out and delete all of their data from the app or site.
500px achieves this by informing their users that they can opt out by changing their user profile. There is also a note reminding users that they can opt out of cookies at any time via their web browser.
The Business Transfer clause can appear:
- As a stand-alone clause with a bold heading
The Business Transfer clause should explain that ownership of personal information will automatically pass to any new owners on completion of the transfer, unless users choose to opt out.
Users must be given prior notice of any impending sale or merger, with clear information about how the new owner will use their data.
Additionally, users must be provided with instructions for opting out of the transfer of or ongoing use of their personal information.
By following these guidelines, an online business can position itself to comply with applicable privacy laws, establish a good rapport with users and limit potential liability.