The policy needs to be written in clear, easy-to-understand language, while also being detailed enough that users can provide informed consent for you to process their personal data.
Personal data is any information that may identify an individual.
This includes but isn't limited to the following:
The purpose of data protection laws is to ensure transparency when it comes to personal information. An individual has the right to be notified that an organization intends to collect and use their data and make an informed decision as to whether they consent to this. Individuals also have the right to refuse to provide their data and not complete their purchase or registration.
Let's look at these in more detail.
You must clearly set out the kind of personal data your SaaS may collect from users. This can be done by listing the various types with examples. The more detailed this is, the better. It's also important to explain exactly how this data is collected.
It's important to be specific about the types of data you collect so users clearly understand what they are consenting to share with you.
Users must be aware of how their personal data may be shared with third parties. A SaaS may share users' personal data for several reasons.
For example, the SaaS may outsource functions such as analytics or customer support and need to share user data to do so. A SaaS may also be required to provide personal data to government departments or law enforcement in certain circumstances.
This clause addresses issues such as:
WhatsApp takes a passive approach to this clause, making it the responsibility of users to visit the website for updates:
Include all the relevant sections and make sure to display it properly, while getting clickwrap consent from your users.