This list of requirements applies regardless if you design, develop, operate just a landing page or an entire website.
If you are based in the US, it's highly likely that you have Californian users, so it pays to comply with the Californian state law.
In addition, if your business is worldwide or based overseas, UK law, Canadian law, and European law all require that certain data collection rules be followed when collecting private information.
If you don't already have the legal agreement in place, or you want to update your old one, now you're ready to go through the 5 key sections that will make sure you comply with the law and principles above.
The most important section to include and cover thoroughly is what kind of information you will be collecting through your landing page.
On the other hand, if you're using web forms, make sure that the legal agreement covers all of the information that the form is asking about, such as:
You can see that they list out the specific types of information that they collect, and what processes collect them, such as creating an Apple ID, applying for commercial credit, or purchasing products (among other things).
Your users need to feel like they can trust you, and you can show them that you are trustworthy by informing them how you will protect and store their information.
If you have good protection measures in place, this will give your users comfort that you can keep their information safe.
Have a look at this example from Google that lists the protection mechanisms they have in place:
Consider implementing security mechanisms such as SSL to protect your users' information.
Now that you've let your users know what information you are collecting, and how you will keep it secure, it's also crucial to tell them what you plan to use their information for.
Some typical examples of what you might use their information for are:
You can see that Apple talks about keeping their users posted on product announcements, software updates, and events as some of the ways in which they might use their usersâ€™ information.
Apple also mentions that they may use personal information for improving and creating products and services, for preventing fraud, verifying user identity, and for internal processes such as auditing and data analysis.
There may also be some circumstances under which you need to release the information of your users, such as to comply with the law or a Court order, or for anti-fraud and credit risk protection processes.
It's important to thoroughly cover all the situations in which you will (or potentially will) release your users' personal information. If you don't cover these situations, you may leave yourself open to liability if you release information in a situation that you did not notify your users.
Have a look at the example from Amazon below, where you can see how they list the situations in which they may need to release customer information:
Your users may be interested to know what personal information you hold on them, and from time to time they may want to update it or request that it be deleted.
Make sure you remember to cover both aspects of this kind section: access, and the ability to change the information.
Inform users if they have the ability to delete the information, and note, like Google in the example above, your exceptions on keeping the information for legitimate business or legal purposes.
Have a look at this example from Amazon.com:
You can see that Amazon includes a statement noting that their Privacy Notice may change and that they may notify users by way of email.
They also say that users should check Amazon.com for recent changes.
Most landing pages link to the legal agreements in the footer like this example from YouTube: