Q: What privacy laws apply to any “personal information” I receive?
\nA: Although the following language may seem standard, it creates a very high bar for you to meet your contractual obligations:“The Receiving Party will collect,\nuse, store, disclose, dispose of , provide access to and otherwise handle Personal Information received, collected or accessible to the Receiving Party hereunder in\naccordance with all privacy laws applicable to such information.”If some of the information you receive is personal information of an EU citizen, for example, you\nwill then be required to be compliant as per Europe’s General Data Protection Regulation (GDPR), which has famously high standards. The cost of compliance might not\nbe an amount you had originally contemplated.As NDAs are typically signed early on in the contemplation of a business relationship to give parties the confidence\nthey need to proceed with the transaction, this point will usually be negotiated later on in larger agreements that will supersede the NDA (such as a Master\nServices Agreement or MSA).
\nQ: Who is responsible for ensuring compliance with privacy laws?
\nA: There may be a positive obligation placed upon you to preserve personal information and confirm that you are compliant - it may be worthwhile to confirm that\nyour practices are indeed compliant through your own audit. Keep an eye out for language such as the following which may create a right for the counterparty to\naudit your business practices:”[counterparty] or a third party authorized by it may, during normal business hours, from time to time on prior written notice, enter\nupon any premises of Company at which Personal Information is stored or used and audit the procedures, processes and information pertaining to Company’s compliance\nwith this Agreement”.
\nQ: What is my jurisdiction, and what effect will it have on my agreement?
\nA: Most often, you will specify your jurisdiction or “governing law” for the purposes of dispute resolution. In many cases, the laws governing the contract will\nbe those of the jurisdiction in which the contract has been executed. For unilateral documents (i.e. Terms of Use and Privacy Policy), this is typically the place\nwhere the business is headquartered. For example, if you founded your business in Ontario, Canada, your governing law would read similar to the following:
\n“All rights and obligations hereunder will be governed by the laws of the Province of Ontario and the federal laws of Canada applicable therein, without regard to\nconflicts of law provisions of such jurisdictions.”
\nWhen conducting business with parties from out of province or out of the country, it is generally preferable to choose your home jurisdiction if possible. This can\nreduce costs and ensure that your local lawyer is qualified to give you advice on your agreement. Ultimately, this will help parties determine the outcome for\nprocedural matters and legal issues that may arise between them.
\nQ: When should I use a non-EU Privacy Policy, and when should I begin using a EU-compliant Privacy Policy?
\nA: Every website that is accessible to a resident of the EU is, in practice, required to comply with the GDPR. It may also seem simpler to use an EU-compliant\nPrivacy Policy from the outset if you know that your eventual plan is to expand to Europe. However, it is important to note that European law imposes a very heavy\ncompliance burden on businesses through the General Data Protection Regulation (GDPR). Early-stage businesses may struggle to meet GDPR standards, and may be\nopening themselves up to greater liability in the form of fines, and other punishments for non-compliance. If you do not currently have a presence in the EU, the\nrisk of this is minimal.
\nAs an additional note, if your website is purely informational, and does not actually collect, handle, store, or distribute information about users, then your main\nconcern would be to simply inform users that third-parties (e.g. Google) may be using cookies on your site, which you do not have control over.
\nYou may wish toconsult with counsel to determine what the best course of action is for your business.
\nQ: What is a digital distributor and how does it affect my agreement?
\nA: If you are offering your services through an app hosted on a “digital distribution platform” such as the AppStore, Google Play Store, or Microsoft Store (to\nname a few), users will often need to agree to those platforms’ own TOUs and Privacy Policies, which may contain provisions which allow your app to access user data\ncollected by the digital distributor.
\nIn addition, digital distributors may mandate certain clauses be included within the privacy policies and TOUs of apps listed on their platform. These can affect\nthe manner in which user data is collected, handled, stored and distributed.
\nIf you are not, and do not intend to be listed on a digital distribution platform, you may wish to consult counsel to tailor the terms of your agreement to your\nneeds.
\nQ: Can formatting your document increase how enforceable it is?
\nA: There is a case to be made for making your Terms of Use and Privacy Policy as user-friendly as possible. For one, it is harder for a user to argue that they\ndid not know about a term of your agreement if that agreement is easy to read and navigate. Generally, a neat font, a good font size, and plenty of boldface headers\ncan go a long way toward making the agreement reader-friendly.
\nOne of the tools in your formatting arsenal is hyperlinks. Once you have uploaded your Privacy Policy or Terms of Use to your website, you may wish to consider\nincluding hyperlinks every time your agreement makes an internal reference (i.e. to another section of the agreement) so users can jump to that section if they want\nto read more about that clause. For example, think about how annoying it might be for a user to have to scroll from clause 54 to clause 2.
\nAlso consider including hyperlinks when your agreement refers to a different agreement, such as when your Privacy Policy refers to your Terms of Use. Linking to the\nother agreement also makes it easier for users to access information that is pertinent to being able to understand what they’re agreeing to.
","frontmatter":{"title":"Privacy Policy - Frquently Asked Questions","date":"July 30, 2021","description":"In this article, we answer some of the most popular questions regarding privacy policies. This article also answers questions relating to the Eu-compliant Privacy Policy.","author":{"id":"sahil@clausehound.com","first":"Sahil","last":"Kanaya","bio":"As Lead Content Analyst at Clausehound, Sahil puts his passion for research and writing, and his Law and Business major to good use developing easy to understand blog content and other eLearning materials for entrepreneurs, law students, and business students alike.","image":{"childImageSharp":{"fluid":{"base64":"data:image/jpeg;base64,/9j/2wBDABALDA4MChAODQ4SERATGCgaGBYWGDEjJR0oOjM9PDkzODdASFxOQERXRTc4UG1RV19iZ2hnPk1xeXBkeFxlZ2P/2wBDARESEhgVGC8aGi9jQjhCY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2NjY2P/wgARCAAUABQDASIAAhEBAxEB/8QAGAABAAMBAAAAAAAAAAAAAAAAAAIEBQP/xAAWAQEBAQAAAAAAAAAAAAAAAAACAwH/2gAMAwEAAhADEAAAAetW3HFaTUGeAtIUH//EABsQAAMAAgMAAAAAAAAAAAAAAAECAxARBBMx/9oACAEBAAEFArMyru0sWG16wccihQOxVR5//8QAFxEBAQEBAAAAAAAAAAAAAAAAARAhMf/aAAgBAwEBPwEMhyf/xAAYEQACAwAAAAAAAAAAAAAAAAABEAIhMf/aAAgBAgEBPwGRtHQv/8QAHBAAAQQDAQAAAAAAAAAAAAAAAQIQESEAIkEx/9oACAEBAAY/AtPSYwKWZT14u2rEx1v/xAAbEAACAwEBAQAAAAAAAAAAAAAAAREhQTFRYf/aAAgBAQABPyFDhzPh3TOmkCrZp4N96FpBFY36hjteiyP1H//aAAwDAQACAAMAAAAQO8d9/8QAFhEBAQEAAAAAAAAAAAAAAAAAARAx/9oACAEDAQE/EDUs1n//xAAVEQEBAAAAAAAAAAAAAAAAAAABIP/aAAgBAgEBPxBQBC//xAAcEAEAAwEAAwEAAAAAAAAAAAABABEhMUFRYaH/2gAIAQEAAT8QI7SKlltv8gWi0QsXNQGhhrak3pG4ai+R3fbkdSlWetkSWVW+gbR8iujQcn//2Q==","aspectRatio":1,"src":"/static/4edd26b4e7d60d1c6673a5ef7294ae6a/bdd4d/sahil.jpg","srcSet":"/static/4edd26b4e7d60d1c6673a5ef7294ae6a/2b9ee/sahil.jpg 80w,\n/static/4edd26b4e7d60d1c6673a5ef7294ae6a/e5d64/sahil.jpg 160w,\n/static/4edd26b4e7d60d1c6673a5ef7294ae6a/bdd4d/sahil.jpg 320w,\n/static/4edd26b4e7d60d1c6673a5ef7294ae6a/baedc/sahil.jpg 480w,\n/static/4edd26b4e7d60d1c6673a5ef7294ae6a/ea99b/sahil.jpg 640w,\n/static/4edd26b4e7d60d1c6673a5ef7294ae6a/b8f37/sahil.jpg 2118w","sizes":"(max-width: 320px) 100vw, 320px"}}}},"tags":["privacy policy"]}}},"pageContext":{"slug":"/privacy-policy-frequently-asked-questions/","previous":{"fields":{"slug":"/why-edi-instead-of-dei/"},"frontmatter":{"title":"BLog Bite: Why EDI instead of DEI?","tags":["Equity","Diversity"],"author":{"id":"rajah@cobaltcounsel.com","first":"Rajah","last":"Lehal"}}},"next":{"fields":{"slug":"/4-tips-on-integrating-legal-technologyte/"},"frontmatter":{"title":"4 Tips on Integrating Legal Technology","tags":["technology"],"author":{"id":"rajah@cobaltcounsel.com","first":"Rajah","last":"Lehal"}}}}}}