Personal information can be anything that identifies an individual, including but not limited to name, address, date of birth, marital status, contact information, financial records and credit card information.
Even if you don't collect personal information from users, but you have a third party that stores the clients' details to process billings information, you should clearly communicate this.
Intermediaries can be any third parties that receive personal information from your users through you, even if you don't store that personal information yourself on your servers.
We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used.
These third parties have [...]
This kind of clause can cover the intermediaries that your website or mobile app are using to process some of your users' personal information.
The first section should describe why your website doesn't collect data, e.g. that's our business model, all data collect is stored on your computer.
Privacy Policies shouldn't be confusing or too wordy, so be as concise about it as possible.
Here's how Ecquire explained why they don't collect information:
"We physically can't. We have nowhere to store it. We don't even have a server database to store it. So even if Justin Bieber asked nicely to see your data, we wouldn't have anything to show him.
That's why, with Ecquire, what happens on your computer stays on your computer.
Whenever you want to send your data to your CRM or MailChimp or Google Docs, "it only moves when you tell it to, and over their secure connections. No middleman."
The second section should explain that there is a billing party or an intermediary party involved for service to work. You have to let your users known that third parties are needed to gather this data (email address or a license key that's connected to an email address), in order for the service to work.
An email address is considered personal information.
If you're interested in the applicable laws on privacy, a short list is added below. This list is for businesses operating from the United States, but we've covered other countries applicable laws on this blog, such as PIPEDA in Canada, the Privacy Act of 1988 in Australia and the GDPR in the EU.
Website and mobile app developers should let users know of any agreement to which they are to be bound to when signing up to your service.
When placing your legal agreements, use the click-wrap technique> in strategic places such as during registration and log-in.
A click-wrap is the legal agreement to which a user must agree by clicking the "OK", "I Accept" or "I Agree" button on a dialog box before using your service (this can be your website, your mobile app, and so on).
This is a click-wrap agreement, where users are required to check the "I agree" checkbox before they continue:
Click-wrap seeks affirmative action from users to ensure that there is meaningful consent in binding them to an agreement. Should the user reject the terms in click-wrap, the user cannot use the service.