Mobile app version of vmapp.org
Login or Join
Shakeerah822

: How can I make my website compliant with various data protection and spamming laws? On our website we collect an awful lot of personal information. People upload their CVs, and when they use

@Shakeerah822

Posted in: #Data #Legal #Privacy #PrivacyPolicy

On our website we collect an awful lot of personal information. People upload their CVs, and when they use their social networks to log in, we collect information from there too.

We use this information for marketing, and may sell access to this data to 3rd parties.

These are covered in the T&C's of our website. We say that if you sign up, you accept the T&C's (no checkbox, it just says that). That's it.

What's the best way on making sure everything is done legitimately?

10.03% popularity Vote Up Vote Down


Login to follow query

More posts by @Shakeerah822

3 Comments

Sorted by latest first Latest Oldest Best

 

@Shakeerah822

Just to add to the other points here. If you're in the EU and you have any check-boxes that ask the user if they would like to receive a newsletter/revieve offers from your partners/etc., these must be Opt-In, rather than Opt-Out. (Ie. no 'Uncheck this box if you don't want to recieve...')

10% popularity Vote Up Vote Down


 

@Candy875

I find this resource from the Information Commissioners Office useful for wording these sort of things: www.ico.gov.uk/for_organisations/data_protection/topic_guides/privacy_notices.aspx
You may find the small business checklist useful: www.ico.gov.uk/for_organisations/data_protection/topic_guides/online.aspx
For the whole subject of Data Protection I often refer to this document: www.ico.gov.uk/upload/documents/library/data_protection/practical_application/the_guide_to_data_protection.pdf
As for spamming laws, they fall under the Privacy and Electronic Communications regulations. In particular you can't send marketing emails to domestic subscribers (i.e. people at their non-work emails) without prior consent unless relevant to a recent purchase.

10% popularity Vote Up Vote Down


 

@Pope3001725

1) Clearly state in your privacy policy that you collect personal data from their account and social networks and may sell this information to third parties. Write this in plain english.

2) Clearly state in your TOS that by using your website that the user allows you to access and sell their personal information.

Those two steps should cover your butt legally. (I am not a lawyer and as always you should consult an actual attorney for a professional opinion).

The following steps are good netiquette and should help avoid complaints and controversies.

3) Put a copy of your TOS in your registration page. Don't just link to it, put the actual content there so it is impossible to miss/avoid. (I put it in a textarea so it does't take up a lot of space and scrolls but this can be accomplished other ways as well).

4) Whenever you update your privacy policy notify members via email and their control panel that it has been updated. Posting a note in the footer of your website is also a good idea.

5) Allow members to opt out of your service and delete all of their information. This includes no longer selling their information to third parties.

6) If you are in the US, become a member of the Better Business Bureau.

10% popularity Vote Up Vote Down


Back to top | Use Dark Theme