If you are a typical nonprofit organization, you are likely to collect a large chunk of confidential information from your users, albeit in the form of IP addresses collected by your website’s statistics package. With the many updates on Facebook and the billions of users whose data was potentially compromised, online users are becoming more fearful than ever to disclose personal information to organizations and businesses.
In this era of data-centric marketing, it is more crucial than ever to place yourself as a trusted and secure organization. Your Privacy and Legal Notice Webpage cannot be a last-minute matter anymore but must be a prominent feature on your entire website and be composed of words that the average user can comprehend without the need for a lawyer.
Why is a Nonprofit Privacy and Legal Notice Webpage so crucial?
- It proves you’re trustworthy and transparent.
- Aids in planning ahead.
- It offers basic legal protection.
- It addresses the General Data Protection Regulation (GDPR) law.
Guidelines to Create a Privacy and Legal Notice Webpage
Step 1. Identify Your Nonprofits Data Collection Practices
The first step is to identify your nonprofit’s data collection practices by answering the following questions:
- What sensitive data do we gather?
- How do we gather them?
- Why do we collect them?
- How is the data used?
- Identify people who have access to the information.
- Are we sharing the data we collect?
- If yes, with whom and on what terms?
- How long do we retain or keep personal information?
Working out these niceties may require a meeting between website administrators, board members, volunteer coordinators, and marketing staff – it may be as straightforward as a discussion between a few co-workers in a smaller organization.
Whatever the case, make sure you have a clear idea of the present situation (and any possible changes that may arise in the short and medium-term)
Step 2. Draft a written statement of your Privacy and Legal Notice Webpage.
Publish your privacy and legal notice webpage in simple English.
Leave the legal jargon and write your privacy policies and rules so that the average user can understand them. Once you have drafted it, it’s a good idea to have a lawyer read it. However, you can be frank and candid in saying that you don’t want to fill it with legalese that the average user doesn’t understand. It’s wise to have it checked to make sure something important hasn’t been omitted.
Make it complete.
Make your Privacy and Legal Notice Webpage public.
You can place it at the bottom of every page of your site so visitors don’t have to search for it. You can also place it high on your homepage or included it on your donation pages. While most visitors will never read the policies, it’s still vital that you show them clearly that you’re not trying to hide anything.
Be aware of specific laws.
There can be outside laws that are applicable to you even if your nonprofit organization is not active in a particular industry. For instance, if you address health-related queries, laws such as the Health Insurance Portability and Accountability Act (HIPAA) may apply to the way you gather and keep data. SEC laws may apply when it comes to financial matters.
You can avoid needless fines by ensuring that you comply with all rules and regulations. Do not disregard the State Laws or FTC that set minimum standards.
Make it yours.
If you find another Privacy and Legal Notice Webpage, don’t copy and paste from another website. The risk of sanctions is serious and this is not the moment for a cookie-cutting solution. Your policy has to be yours and should reflect the unique characteristics of your organization and website.
Lastly, what you need to include.
After determining precisely what data you will collect (cookies, email, credit card, subscription information, age, gender, login, etc.) and stating your legitimate reason for collecting this data, you should clearly identify what you intend to do with the information.
- Explain clearly the data you are collecting and whether it is anonymous, identifying, or both.
- It doesn’t need to be long and detailed, but you should explain how the data is collected: log information, click links, log files, cookies, search terms, or other methods.
- If you are going to share data with other websites or associated organizations, be honest. The first concern of most consumers is who else will be getting their personal information.
- Simply explain that if you are required by law to disclose confidential information, then you will have to obey such orders.
- Give visitors the option of correcting, verifying, modifying, or deleting personal registration information. It can be achieved through a confirmation email once a visitor has successfully registered on your website.
- Provide a means for users to opt out of receiving future mailings. If a user wants to be unsubscribed or removed, make it easy for them. You obviously do not want to be penalized for sending spam to people.
This guest post was authored by Raviraj Hegde. Raviraj is the director of growth at Donorbox. He is a digital strategist with over 5 years of experience. He is passionate about helping nonprofits with online fundraising. He enjoys playing badminton and travels the world when he’s not at work.