What do you need to know about the Terms of Use and Privacy Policy

It is difficult to imagine a website or mobile application that does not have the Terms of Use or Privacy Policy. Although the Terms of Use / Terms and Conditions / User Agreement are not required by law, you (your company) are required to have the Privacy Policy in accordance with the European Union's General Data Protection Regulation (GDPR). The GDPR applies to your company if it is registered in the EU or operates in the EU, or gets access to the data of citizens, residents, and other persons located in the EU in the course of its business activities. Why do you need such policies at all? Policies are designed to explain to the user the principles of operation and use of the website/application, to warn and inform about the collection of user’s personal data and, ultimately, to protect the company by including the necessary exemptions. The policies should be written in simple, user-friendly language. The Terms of Use is a contract between you (your) company and the user which sets out your mutual rights and obligations regarding the use of the website/application. What should be written in the Terms of Use?

  1. The unconditional consent of the user with ALL provisions of the Terms of Use in order to use the website or application. That is, the user's use of the website or application is based on his full agreement with your rules: accessed the website / installed the application – the user agrees; the user does not agree – shall leave the website / delete the application.
  2. Information about your company (you) (the company that supports the website or application, if available): legal information, address, contact phone number.
  3. Term of validity and amendment procedure of the Terms of Use: the date of entry into force and the date of the last update must be indicated.
  4. Rules to follow when using the website/application. These may also be age restrictions, the prohibition of profanity or interference with the website/application, etc. and related sanctions – access restriction, account deletion, etc.
  5. Description of functionality, services, and features available to the users. Including the full and detailed information on account registration / purchase of goods / delivery / return / exchange / provision of services; upload / deletion of content by the users, etc.
  6. Pricing and Payment terms – if applicable.
  7. Warnings about the use of third-party services – you are not responsible for their work/problems with the users. For example, these are payment and other aggregators or any websites/services links to which are contained on your website / in your application.
  8. Disclaimer regarding the operation of the website/application/provision of services on an “As Is” and “As Available” basis. It is used to ensure that the user accepted the software and services in their present state and condition and, therefore, should not have any claims concerning the inconsistency of such operation with his/her expectations.
  9. Provisions on granting the user a limited, non-exclusive, revocable, and non-transferable license to access and use the website/application/services/content for non-commercial purposes and on revoking such license (if the user violates terms of the license or other provisions of the Terms of Use).
  10. Intellectual Property rights: All content, logos, designs, images, texts, all services and other materials posted on the website / in the application belong to your company (you) or other relevant rightsholders. Copying, commercial use, modification, or distribution of such materials should be prohibited. Similarly, all content that users upload to your website/application belongs to them, your company (you) may use it on the basis of a license provided by the user (the provisions as for the license must be written separately).
  11. Disclaimers: The company (you) shall not be liable for any damages to users caused by the use of your website/application, especially for misuse; restrictions on the payment of any compensation (usually within the amount paid by the user to the company); force majeure, etc.
  12. The Dispute Resolution regulations are the negotiation clause (contact details of the person/department responsible for resolving such situations on your part), the choice of arbitration, and the prohibition of litigation and group and representative actions or any other restrictions.
  13. Terms of collection and processing of the users’ personal information – it may be a brief statement in the Terms of Use followed by a link to the separate Privacy Policy document.
  14. Termination of the Terms of Use (termination of services, account deletion, restriction of access) between the user and your company (you) due to various reasons, including the violation of conditions by the user.

What should be written in the Privacy Policy?

  1. Contact information of your company or the company that collects and processes the user data for you.
  2. Term of validity and amendment procedure of the Privacy Policy: the effective date or the date of the last update should be indicated.
  3. Legal basis for collecting confidential information: the user agrees with the provisions of the Terms of Use and Privacy Policy when accesses the website/downloads the application / starts using the services/clicks on the "Agree / Accept" button (if such functionality is available). The "Agree / Accept" button is strongly recommended, especially if your company is registered in the EU.
  4. Purpose of collecting confidential information: for the operation of the website/application, for the provision of services, for analytics, etc.
  5. Type of confidential data (name, e-mail address, postal address, phone number, payment information, etc.), as well as other information (IP address, location, type and settings of the browser, device type, operating system, etc.) which is collected, and information on how it is used/processed.
  6. Cookies Information (this may be a separate document or part of the Privacy Policy). Firstly, there must be a definition of Cookies; the specified purpose of their installation; an indication of the types of Cookies that are set, and information on how they are used. Secondly, you (you company) must obtain clear consent from the user – for example, with a help of a banner with a button by clicking on which the user allows or refuses to accept Cookies (such cookies, the absence of which does not interfere with the operation of the website/application).
  7. Whether the confidential information is transferred to third parties (for example, to relevant authorities as prescribed by the law or to the third-party services such as Google Analytics) or to the third countries, if so, what methods of protection are used for such transfer.
  8. The rights that users have in relation to their confidential information, in particular the right to delete such information at their request, the right to revoke their consent to the collection of such information, etc.
  9. Security measures taken to protect confidential information.
  10. The period for which the information is stored and what happens to the information after such period: for example, stored in databases for 6 months, then deleted. So, the Terms of Use and Privacy Policy are designed to make the use of websites/applications / online services easier for the users and, at the same time, to protect the owner of such websites/applications / online services against possible problems, such as lawsuits and claims from the users, fines for violations in the field of collection and processing of the confidential information and related information in accordance with the GDPR (maximum possible fine – 20 million euros or 4% of total turnover for the last financial year). Therefore, the Terms of Use and Privacy Policy are essential for every online business.