Wix is seen as one of the top user-friendly & all-in-one website builders. With a reputation for easy-to-use software and affordable plans, and over 100-million users worldwide, it's no surprise that you chose Wix to build your company website.
Keep reading to find out.
Wix is an online WYSIWYG website creation software that offers basic page-building packages for free, making the brand incredibly popular among users and small business startups.
Even the premium professional packages are affordable when compared to similar website-building services, and although the platform is not open-source, Wix makes up for it in usability and security. No wonder it was voted the most popular.
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- 1. Wix Recommendations Regarding Privacy
- 2. What Does Wix Mean by "Applicable Laws"?
- 3.1. An Introduction
- 4. What Information is Collected
- 4.1. How Consumer Information is Used
- 4.2. Cookies
- 4.3. Third-Party Sharing
- 4.4. User Preferences
- 4.5. Data Retention and Security
- 4.6. European Consumers' Rights
- 4.7. Children Under 13
- 4.8. International Transfers of Data
- 4.9. Do Not Track Signals
Wix Recommendations Regarding Privacy
What Does Wix Mean by "Applicable Laws"?
The pertinent question to ask now is, "Which privacy laws apply to me?" You might be surprised.
Here is a list of national and international privacy regulations that apply to most US-based online businesses:
In regard to Privacy Policies, the GDPR also calls for the following to be included in the Policy:
- The physical location and contact information for your business
- Disclosure of EU users' rights concerning their personal information
- Which personal data you collect, how and why it's obtained, and whether or not the data is shared with third parties
- Disclosure of your legal basis for obtaining EU personal information
- Details about international data transfers, if relevant
The California Online Privacy Protection Act (CalOPPA) - Although this regulation is from California, it applies to any company that collects personal information from California residents.
- What kinds of personal data you obtain as well as which third-parties have access to that information
- A simple, straightforward way for end users to view and revise their personal data
- An account of how your website answers "Do Not Track" signals from web browsers
These might not be the only privacy laws that will apply to your business. Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), for one, applies to most US-based businesses as well.
However, if you follow the statutes outlined above, your business will end up likely being compliant with PIPEDA and most other privacy regulations.
- To maintain transparency with your customers about the way your company handles personal data
- To comply with all relevant privacy laws as laid out in the previous section
You can knock out several requirements with an introductory section. This is where you can state the name, location and contact information for your business, an effective date for the Policy, and what you'll do to update your users about material changes to the Policy.
Including all of these elements helps you meet several stipulations of the GDPR and CALOPPA.
What Information is Collected
It is imperative to be transparent here. Let your users know exactly what information you will be collecting from them and how it will be collected. This includes anonymous information like IP addresses and geolocation data.
A lot of companies separate this section according to the methods by which data is collected. For example, automatically collected data could be one paragraph, and information collected directly from the user would be another section.
Getty Images illustrates a good example of this approach:
Notice how Getty points out that information is collected:
"with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests."
This is Getty's way of naming their legal basis for collecting user data, thereby complying with the GDPR.
How Consumer Information is Used
Next, let consumers know exactly how their data is used. It is important to list out each use of consumer data in detail to prevent possible privacy disputes. Especially if you use consumer data to provide personalized advertising or marketing, you will want to make this clear to your customers.
Getty lays out all the ways it uses consumer data in an organized list format:
Almost every major privacy regulation requires that you inform users if you share their data with third parties.
You can create a separate clause for this topic and make sure you explain why third-party sharing is necessary.
Shutterfly explains why it shares data with third parties in simple, plain language:
If you share consumer data with third parties for purposes of personalized advertising or remarketing, make sure to mention it in this section, as Shutterfly has done here.
More than one international privacy regulation requires that customers be provided with an easy way to opt-out of marketing communications, personalized advertising, and remarketing campaigns.
Adobe handles all of this efficiently with detailed instructions and a preferences link within a clause that's clearly labeled as being about "withdrawing consent":
If you click the link at the end of the clause you're presented with this marketing preferences interface that gives users complete control over advertising and marketing communications:
Data Retention and Security
Consumers want to know how their data is handled. This clause is your chance to explain everything about your data processing practices, such as:
- How data is protected
- How long data is retained
First, a brief but adequate security clause lets users know that Adobe does its best to keep personal information secure, but that no security controls are 100% effective:
Data retention practices are addressed in a separate clause, which covers certain GDPR stipulations:
European Consumers' Rights
The GDPR requires some specific language regarding European Union consumer rights. If you did not cover this in any previous section, it will need its own clause.
This clause should include a list of EU user rights and a method to exercise these rights, as well as contact information for your Data Protection Officer or European Representative, if applicable.
Adobe's users are told what their rights are when it comes to their personal information and how to go about exercising them, including accessing and making changes to the information Adobe holds:
By explaining how customers can access and edit their personal information, Adobe is meeting both GDPR and CALOPPA regulations.
Here's how Sony UK provides multiple contact methods including a web form, standard mail and international phone numbers:
Children Under 13
Whether your content is targeted to children or not, you will need to make it clear that your business respects COPPA regulations. If you do not offer services or content targeted to children, all you have to do is say so, as Shutterfly does here:
A clause like this one will cover you in case a child submits information without your knowledge, since you have plainly stated that you have no intention of collecting information from minors.
If you do offer services that are targeted to children, you will need to follow the strict guidelines set by COPPA in order to collect any personal information at all from children under 13 years old.
International Transfers of Data
If your business transfers data between countries, the GDPR requires that you state which legal framework you use to safely transfer data over international borders.
Getty explains its international transfer mechanisms here (Editor's note: Please note that the Privacy Shield framework has been invalidated. It is being replaced with the EU-U.S. Data Privacy Framework, which is not fully finalized yet.):
Do Not Track Signals
CalOPPA requires that all websites disclose how they respond to browser "Do Not Track" signals.
Even if your website does not recognize DNT signals, it is still necessary to say so, as Apple has done below:
Hubspot demonstrates this clause well:
- Add a new page to your website using the "Menus and Pages" interface:
- Click Add Page at the bottom.
- Next, use the "Text" element to add a new text box to the page. Click Add on the left side of the Editor interface.
- Click Text and drag the text element of your choice to where you want it to be on your page.
- Click Text and drag the text element of your choice to the bottom of the page, as close to the footer as possible.
- Click Move to Footer.
- Click the Link icon.