Step 1(Un, Een, Uno):
Tell the website user exactly WHAT information you plan to collect. This means everything, not just a general summary. If you collect their first name for a email signup form, be very specific about what fields you are wanting information about (first name, last name, Phone, email address, shoe size, etc.). If you are collecting credit card information for customers to buy a product or service, you NEED to mention whether or not you are storing their data for later use.
If you’re using visitor tracking technology on your website it gets even deeper because, some websites need to store a digital cookie on the person’s PC in order to see who they are and what their previous information was. If you use these types of tools, you need to mention this to your website visitors. This digital file (cookie) is stored in their browser and it records information about what you are doing on the website. Otherwise, it looks like you are invading their privacy and might be putting a virus on their machine. Be up front, so they know exactly what has happened and what DID NOT happen.
Step 2 (Zwei, Dy, De):
You should always be transparent and tell your website visitors HOW their information will be used. If you are going to put them on your email list, then tell them that they will be on your email newsletter list (duh).
If you intend to sell their information to the highest bidder, then at least notify them that by giving you information, they are authorizing you to pass that information on if you want to (you obviously do).
Telling someone you are about to pimp their data isn’t likely to garner any friends, but at least if you notify them that it might happen, then they were warned. Let them make their own decisions.
Step 3 (Tre, Kolm, Tri):
Dont’ forget about your underage visitors. You should ALWAYS include a paragraph about minors. This means any person under the age of 18 (not pick-axe wielding dwarves). That’s a big legal hurdle, because minors get a lot of automatic protections regardless of what they are doing on your website. There needs to be something along the lines of “…only with the permission of a parent or legal guardian.”
Especially if your website sells products or online services, then you NEED to have a caveat in there that the website does not sell to minors. Selling to adults responsible for the minor is far different than someone thinking that you are actually selling a product to a minor.
Step 4 (Vier, Quattro, Cetri):
Make sure you write up something about not being responsible for Third Party Content (remember, I’m not a lawyer). If you have an ad on your site, or a network that rotates ads on your site, then you want to make sure that you are not held responsible for the user clicking on an ad and visiting someone else’s website. If the user gets a virus or 80 popups for porn sites, you don’t want to be legally responsible for that. You don’t know what the other website owner did to his site or if the other website has been hacked, so don’t leave it to chance.
Step 5 (Cinci, Pat, Tano):
Having an address on the website promotes the fact that you are a legitimate business (whether you are or not).
Step 6 (Sesi, Anim, Seks):
If it is mandatory to notify every single person on the interwebs each time you change a policy, then that really sucks. Of course, you can always do what Apple does anytime someone tries to buy an app and hit them with the policy again :)
be sure to include a section that covers specific situations or legal circumstances that apply to your particular geography. If you have users in California, I pity you, because California laws pretty much permit anyone to dance on your mother’s grave.
P.S. If you want a real professional Legal Policy, then you’ll have to pay a real professional.