Privacy Policy Questionnaire "*" indicates required fields Step 1 of 59 1% Privacy PolicyPrivacy Policy UsesWhat will this Privacy Policy be used for?*Select where the policy will be used WebsiteWhat is a privacy policy? A privacy policy (also referred to as a privacy notice) is a statement or legal document that describes how a company, website, or app collects, uses, maintains, and shares information collected from or about its users. Most countries require any website that collects personal information from its users to have a written privacy policy posted on the website. Does this Privacy Policy Generator cover all privacy laws? This Privacy Policy Generator is designed to help you comply with the following regions: United States California (CCPA, CPRA, and CalOPPA) Colorado (CPA) Connecticut (CTDPA) Delaware (DPDPA) Florida (FDBR) Indiana (ICDPA) Iowa (ICDPA) Kentucky (KCDPA) Montana (MCDPA) New Hampshire (SB 225) New Jersey (NJDPA) Oregon (OCPA) Tennessee (TIPA) Texas (TDPSA) Utah (UCPA) Virginia (VCDPA) Other Regions EU (GDPP) UK (UK GDPR) Canada (PIPEDA) Quebec (Law 25) Australia (Privacy Act 1988) New Zealand (Privacy Act 2020) South Africa (POPIA) Switzerland (FADP) In many cases, this Privacy Policy questionnaire could help you comply with other privacy laws. However, we recommend consulting with a local attorney for any laws not yet specifically included in our offerings. Mobile application Facebook application What is a privacy policy? A privacy policy (also referred to as a privacy notice) is a statement or legal document that describes how a company, website, or app collects, uses, maintains, and shares information collected from or about its users. Most countries require any website that collects personal information from its users to have a written privacy policy posted on the website.Does this Privacy Policy questionnaire cover all privacy laws? This Privacy Policy questionnaire is designed to help you comply with the following regions: United States California (CCPA, CPRA, and CalOPPA) Colorado (CPA) Connecticut (CTDPA) Delaware (DPDPA) Florida (FDBR) Indiana (ICDPA) Iowa (ICDPA) Kentucky (KCDPA) Montana (MCDPA) New Hampshire (SB 225) New Jersey (NJDPA) Oregon (OCPA) Tennessee (TIPA) Texas (TDPSA) Utah (UCPA) Virginia (VCDPA) Other Regions EU (GDPP) UK (UK GDPR) Canada (PIPEDA) Quebec (Law 25) Australia (Privacy Act 1988) New Zealand (Privacy Act 2020) South Africa (POPIA) Switzerland (FADP)In many cases, this Privacy Policy questionnaire could guide you in complying with other privacy laws. We recommend consulting with a local attorney for any laws not yet specifically included in our offerings. WebsiteWhat is the URL address of your website?*Enter the URL of the website for which you are making this Privacy Policy.Enter the URL of the website for which you are making this Privacy Policy. English PreferenceWhat type of English spelling do you want to be used in this Privacy Policy?* American English British English What is the difference between American English and British English spelling? Certain words will be spelled differently depending on if you are using American English or British English. For example, words that end in –or in American English, typically end in –our in British English. There are several words used in the Privacy Policy that would be spelled differently (e.g., behavior – behaviour; personalized – personalised; fulfill – fulfil). Use and DescriptionDo you want to include a description about your product or service?*Why should I include a description? If you offer services or products on your website and/or app, you can provide a comprehensive description so your customers have no reservations about what they are. Yes No Enter the name of your product or service: Enter a description of your product or service: User LocationDo you have users in the United States? YesWho must comply with US state data privacy laws? Visit this US State-by-State Tracker to check if your business must comply with US state data privacy laws. The following states have already passed their own privacy laws: California Colorado Connecticut Delaware Florida Indiana Iowa Kentucky Montana New Hampshire New Jersey Oregon Tennessee Texas Utah Virginia No Do you have users in Canada? YesWhat is the difference between the EU and EEA? The European Economic Area (EEA) includes European Union (EU) countries plus Iceland, Liechtenstein, and Norway. HOWEVER, to simplify we use the term "EU" throughout to mean all EEA countries. If you have users in Iceland, Liechtenstein, or Norway, please read all FAQs that have special notes about the EU. No Do you have users in the EU, UK, Switzerland, Iceland, Liechtenstein, or Norway? Yes No What are users? Users are individuals that visit your website or app. They can be external or internal. External users include individuals who: Browse your website Interact with your website Use your software/program/platform Purchase goods or services through your website Internal users include: Employees Managers Internal auditors User AccountsCan users create an account or register with your website or app? YesNote If your users can create an account or register with your website or app, we will include the following processing activity by default under the HOW DO WE USE YOUR INFORMATION? section in your privacy policy: We may process your information so you can create and log-in to your account, as well as keep your account in working order. No How would you like to instruct users to update or delete their accounts?Please select all that apply. Log in to your account settings and update your user account. Contact us using the contact information provided. Others Add your own Add Remove User AgeDo you target users under the age of 18? Yes No We suggest you consult with an attorney if you have products that are potentially harmful to children.The Children’s Online Privacy Protection Act (COPPA) has complicated requirements, and non-compliance can result in serious penalties. We suggest you consult with an attorney to ensure you understand you obligations.The majority of users do not need to change these settings. By interacting with this section, you understand that you should carefully review the resulting policy text and consult with a lawyer before making any changes.Advanced Options (Not recommended for most users)The majority of users do not need to change these settings. By interacting with this section, you understand that you should carefully review the resulting policy text and consult with a lawyer before making any changes. Add custom language regarding minorsCustom languageWhat does "target" mean? "Targeting" a group of people means trying to reach that group with your marketing efforts because they are most likely to be interested in your product or services. Personal Information Collected DirectlyPlease select the personal information you intend to collect directly from the user:"Collect directly" means the user directly provides you with this information. For example, a user may give you their name and email address when signing up for an account on your site. Names Phone numbers Email addresses Mailing Addresses Job titles Usernames Passwords Contact preferences Contact or authentication data Billing addresses Debit/credit card numbers Sensitive Personal Information CollectedDo you collect sensitive information?If you are not sure, select "Yes" to see examples on sensitive information. Yes No Please select the sensitive personal information you collect:Generally, personal information categorized as sensitive must be treated with more care and caution. Health data Financial data Genetic data Biometric data Data about a person's sex life or sexual orientation Information revealing race or ethnic origin Information revealing political opinions Information revealing religious or philosophical beliefs Information revealing trade union membership Credit worthiness data Student data Social security numbers or other government identifiers Add your own Add RemoveSensitive categories of personal information must be treated with additional care because of the risk imposed on the data subject. Personal Information from Social MediaCan users register for your website or app using Facebook, Google, or other social media accounts? Yes No Personal Information Collected Automatically (Derivative Data)Will you be collecting any derivative data from your users?If you use tracking and analytics services such as Google Analytics, you are likely collecting derivative data. Yes No Please select each category of derivative data that you intend to collect: Log and usage data. Log and usage data is service-related, diagnostic, usage and performance information. Examples include, Internet Protocol (IP) address, browser type and settings, and information about user activity in your website or app. Device data. Device data is information about the user's computer, phone, tablet or other device used to access your website or app. Examples include device and application identification numbers, location, and hardware model Internet service provider or mobile carrier. Location data. Location data is information about the user's device location. Examples include geolocation data that shows the user's current location (based on the user's IP address). Do you want to add your own category? Yes No ListType of Derivative DataDescription Add Remove Personal Information from Google APIDo you use Google API Services? Yes No Personal Information from Other SourcesAre you collecting personal information about your users from other sources? Yes No Under the EU GDPR and the UK GDPR, when you obtain personal information indirectly (e.g., public records, internet, email lists), you must: (1) Notify the individuals that you have their information, and provide them with a privacy notice (do this as soon as possible, as the legal deadline for notice is one month after you obtain the individual's information). (2) Notify the individuals immediately upon using their personal information or sharing that information with another party.Under the EU GDPR and the UK GDPR, when you obtain personal information indirectly (e.g., public records, internet, email lists), you must: (1) Notify the individuals that you have their information, and provide them with a privacy notice (do this as soon as possible, as the legal deadline for notice is one month after you obtain the individual's information). (2) Notify the individuals immediately upon using their personal information or sharing that information with another party. Yes, I understand and acknowledge the above.Under Canadian privacy law, you can only use personal information you obtained from other sources for data mapping if you have the user's consent. For example, data mapping includes using data from other sources to update your records and enhance your ability to provide relevant marketing, offers, and services.Under Canadian privacy law, you can only use personal information you obtained from other sources for data mapping if you have the user's consent. For example, data mapping includes using data from other sources to update your records and enhance your ability to provide relevant marketing, offers, and services. Yes, I understand and acknowledge the above. EU/UK Legal Bases for ProcessingWhen it is necessary to process a user's personal information you must have a reason, known as a legal basis. Legal bases can vary under different privacy laws. Under the EU and UK's GDPR, you need a valid reason to use personal information — this is called a "lawful basis." There are six lawful bases for processing under the GDPR: Consent, Performance of a Contract, Legitimate Interests, Legal Obligation, Vital Interests, or Public Tasks. In addition to needing lawful basis, you must also notify your users about why you use their personal information (Article 13).By default, your privacy policy will list five of the most common legal bases that apply to most companies: 1) Consent (2) Performance of a Contract (3) Legitimate Interests (4) Legal Obligation (5) Vital Interests. We will not list the sixth legal basis, "Public Tasks," as it will not apply to the majority of Termly customers. Please reach out to Termly customer service if you would like to add it to your privacy policy.* Yes, I understand that these five legal bases by default will automatically be listed in my privacy policy. Legal Basis: Provision of Services / Performance of a ContractDo you use personal information to provide your Services or fulfill contractual obligations with your users? Yes No When providing your Services or fulfilling contractual obligations with your users, in what ways do you need to use their personal information? To deliver and facilitate the delivery of services to the user To enable user-to-user communications To fulfill and manage users' orders To respond to user inquiries To send administrative information to users Do you want to add other ways you use the personal information? Yes No Please enter why you are using the user's personal information and a short description for that use.Use of InformationDescription Add Remove Legal Basis: Legitimate InterestsAre there any other important reasons you use your users' information?Select "Yes" to see examples of other important reasons. Yes No When you cannot rely on any other legal bases to use your users' information, and the use of information is important to you and fair to your users, then you are likely able to rely on the legal basis called "legitimate interest." When you rely on legitimate interests to use information about your users, you must list the reason you use the information AND why it is important that you do so. Below are examples of commonly applicable uses and their reasons (in italics). However, in most cases you will also need to use the "add your own" for any uses and reasons that are unique to your business.When you cannot rely on any other legal bases to use your users' information, and the use of information is important to you and fair to your users, then you are likely able to rely on the legal basis called "legitimate interest." When you rely on legitimate interests to use information about your users, you must list the reason you use the information AND why it is important that you do so. Below are examples of commonly applicable uses and their reasons (in italics). However, in most cases you will also need to use the "add your own" for any uses and reasons that are unique to your business. To deliver targeted advertising to users. In order to develop and display personalized and relevant advertising content for your users. To determine the effectiveness of promotional campaigns. In order to support your marketing activities. To identify usage trends. In order to analyze how your services are used so you can improve them to engage and retain users. To protect your Services. In order to diagnose problems and/or prevent fraudulent activities. To request feedback. In order to understand how your users use your products and services so you can improve your user experience. To send users marketing and promotional communications. In order to send users information about special offers and discounts on your products and services. Do you want to add your own important reason to use your users' information? Yes No Please enter the reason for using the information, a short description of the reason, and what your legitimate interest is for that reason.Reason for InformationDescriptionLegitimate Interest (In order to) Add Remove Marketing and Promotional CommunicationsDo you send marketing or promotional communications to your users?If yes, make sure you have selected "To send marketing and promotional communications" as a reason for using your users' personal information (on previous page). Yes No How can users unsubscribe to marketing and promotional communications? Clicking the unsubscribe link at the bottom of our marketing emails Texting “STOP” or “UNSUBSCRIBE” Add your own Add Remove Third PartiesDo you disclose or sell/share users' personal information to third parties?If you use third-party services like Google Analytics, you may be sharing information. If you disclose certain users' personal information to business partners, you are most likely selling/sharing information. Disclose only Disclose and sell/share No, I do not disclose or sell/share personal information How do you want to list the third parties that you disclose information with? List the types of companies only List each company by name Do you have data processing agreements in place with your third-party service providers?If a third-party service provider is processing your EU or UK users' personal information, they need to provide you with a data processing agreement in order for you to comply with the GDPR. This agreement can usually be found in the third-party service provider's terms of service, or they may have a separate data processing agreement. Ask your third-party service providers for their data processing agreements if you're unable to locate them. Yes No This step is crucial for GDPR and US state privacy law compliance and we suggest that you contact your third-party service providers and ask them to sign a Data Processing Agreement with you. Yes, I understand and acknowledge the above.By default, the privacy policy generated includes language about sharing personal information in the case of ‘Business Transfers’, meaning when your business needs to share personal information in connection with, or during negotiations of, any merger, sale of company assets, financing, or acquisition of all or a portion of your business to another company. Please note, some laws, require more than just including this language in your privacy policy and may contain provisions that should be followed in these circumstances. If you are not sure about such obligations please consult with an attorney. I understand that I may be subject to additional obligations when sharing data to third parties in the case of a business transfer, and will consult with an attorney if necessary. Disclosure to Third PartiesThe most common third-party services have been organized by their purposes below. Use the dropdown menu to select all that apply. If you cannot find a third-party service on the list, you can manually add it under the appropriate purpose. If you use a third-party service for a purpose that isn’t listed here, you can add that purpose and the third-party service using the field at the bottom.Advertising, Direct Marketing, & Lead Generationex. Bing Ads, Chitika, Google AdSense.Affiliate Marketing Programsex. Amazon Affiliation, eBay Partner Network, iTunes Affiliation.AI Platformsex. OpenAI, Google Cloud AI, Microsoft Azure AiAllow Users to Connect to Their Third-Party Accountsex. Facebook account, Google account, Instagram account.Cloud Computing Servicesex. Microsoft Azure, Google Cloud PlatformCommunicate & Chat with Usersex. Customerly, Facebook Customer Chat, LiveChat.Content Optimizationex. Google Site Search, TripAdvisor widget, YouTube video embed.Data Backup & Securityex. Dropbox Backup, Google Drive Backup, Vaultpress.Functionality & Infrastructure Optimizationex. Cloud Firestore, Firebase Legacy, Termly.io.Invoicing & Billingex. Apple Pay, PayPal, Stripe.Retargeting Platformsex. AdRoll, Facebook Custom Audience, Google Ads Remarketing.Social Media Sharing & Advertisingex. Facebook advertising, Google+ social plugins, Reddit plugins.User Account Registration & Authenticationex. Facebook Login, GitHub OAuth, Google Sign-In.User Commenting & Forumsex. Disqus, Facebook Comments, Muut.Website Hostingex. Shopify, Tumblr, WordPress.com.Web & Mobile Analyticsex. Crazy Egg, Google Analytics, Heap Analytics.Website Performance Monitoringex. Crashlytics, Firebase Crash Reporting, Sentry.Website Testingex. Google Play Console, Optimizely, TestFlight.OthersPurposeService Add Remove Artificial IntelligenceDoes your website or app offer AI-based services? YesAccording to the EU AI Act, AI (or an AI System) is "a machine-based system that is designed to operate with varying levels of autonomy and that may exhibit adaptiveness after deployment, and that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments." No What are the functions of your AI-based service?AI applicationsAI automationAI botsAI deploymentAI developmentAI document generationAI insightsAI predictive analyticsAI researchAI searchAI translationBlockchainImage analysisImage generationIoTMachine learning modelsNatural language processingText analysisVideo analysisVideo generationWhich AI platform(s) do you use?Skip this question if you use your own AI technologyAdobe SenseiAlibaba Cloud AIAmazon Web Services (AWS) AIAnthropicGoogle Cloud AIIBM WatsonMicrosoft Azure AINVIDIA AIOpenAIOracle AISalesforce EinsteinSAP LeonardoTencent AI LabDo you want to include details on how users can opt out of processing personal information when using your AI-based service? Yes No How can users opt out? Log in to your account settings and update your user account Contact us using the contact information provided Add your own Add Remove Online PaymentsDoes your website/app accept payments online?Can a user make purchases or complete a payment on your website/app? Yes No Paste a link to your payment vendors' privacy policies:Copy and paste their privacy policy URL belowVendor NamePrivacy Policy URL Add RemoveDo you want to include additional details? Yes No Enter additional details about online payments here Online PostingCan users upload or post content on your website?This includes comments, articles, photos, audio, videos, user profile images, etc. Yes No Interactions with Other UsersWhen users interact, can they see other users' personal information? Yes No Third-Party AdvertisersDoes your website or app contain advertisements from third parties that are not affiliated with you? Yes No Business AffiliatesWill you disclose any of your users' personal information to business affiliates?Business affiliates include your parent company, subsidiaries, and joint venture partners. Yes No Business PartnersWill you disclose any collected information to business partners? Yes No What is a "business partner"? A business partner is any entity — including advertisers, publishers, affiliate agencies, ad tech vendors, and industry organizations — that you collaborate with on a business-to-business basis. Unlike business affiliates, you do not share control of your website or company with business partners. Retention of InformationDo you want to specify how long will you keep the information that you've collected from your users? Yes No How long will you keep the information that you've collected from your users? 90 days 6 months 1 year 2 years Other Security MeasuresDo you have appropriate security measures in place that protect your users’ personal information?If "Yes," this document will include a general clause about security measures in your privacy policy. Yes No Please ensure that you are keeping personal information safe. We recommend consulting with an information security expert and and updating your policy once you are confident you can protect your users’ privacy. Yes, I understand and acknowledge the above.If your business is victim to a security incident in which information may have been accessed, collected, used, or disclosed without authorization, certain laws and regulations require you to notify, within a specific timeframe (e.g. within 72 hours in the EU and UK), the relevant data protection authorities. You may also need to notify impacted individuals of the security incident depending on the circumstances. The timeframe, content, and recipients of the notification(s) vary depending on the country. You should consult legal counsel for advice in such an event. I understand my legal obligation. Tracking TechnologiesWhich of the following does your website or app use or plan to use? Cookies and/or web beacons Google Maps APIs Both Neither Google AnalyticsDo you use Google Analytics? Yes No List the Google Analytics Advertising Features you have enabled:Remarketing with Google AnalyticsGoogle Display Network Impressions ReportingGoogle Analytics Demographics and Interests Reporting US State LawsDo you want your policy to cover all state laws?By selecting “Yes,” you will be opting in to adding coverage for all currently enacted and future state laws (see tooltip for complete list). Yes No, let me choose Select each state you would like to be covered in your policy:Select at least one California (CCPA + CPRA) Colorado (CPA) Connecticut (CTDPA) Delaware (DPDPA) Florida (FDBR) Indiana (ICDPA) Iowa (ICDPA) Kentucky (KCDPA) Montana (MCDPA) New Hampshire (SB 225) New Jersey (NJDPA) Oregon (OCPA) Tennessee (TIPA) Texas (TDPSA) Utah (UCPA) Virginia (VCDPA) Sale / Disclosure of InfoPlease specify services that are used for selling or disclosing personal information:If you use non-essential tracking technologies to share a user's personal information to another entity for valuable consideration, this is considered "selling." If these trackers do not receive valuable compensation, then it is considered "disclosing." Targeting cookies / marketing cookies Social media cookies Beacons / pixels / tags Click redirects Social media plugins Add your own Add RemoveSpecify the click redirect(s)Example: Amazon affiliate link Add RemoveWhat are some examples of social media plugins? Examples include: "Facebook-I-Like" operated by Facebook Inc. "Twitter” operated by Twitter, Inc.Specify the social media plugin(s) Add Remove California Customer Records Personal InformationName Signature Social security number Physical characteristics or description Address Telephone number Passport number Driver's license or state identification card number Insurance policy number Education or employment history Bank account number, credit card, debit card number, or any other financial information Medical and health insurance informationHave you collected or disclosed any personal information listed above in the last 12 months? Collected Disclosed How long will you keep any of the personal information listed above? 6 months 1 year As long as the user has an account with us Other IdentifiersHave you collected or disclosed personal identifiers in the last 12 months?This is unique information that allows the identification of the person in question, such as an email address or social security number. Collected Disclosed How long will you keep personal identifiers? 6 months 1 year As long as the user has an account with us Other CharacteristicsHave you collected or disclosed information related to a user's characteristics in the last 12 months?This is information that describes a person or a feature that distinguishes a person, such as their gender or age. Collected Disclosed How long will you keep personal identifiers? 6 months 1 year As long as the user has an account with us Other Consumer DataHave you collected or disclosed information related to a user's purchasing history or tendencies in the last 12 months?This is a record of what products or services a person has purchased or considered purchasing, consumption patterns, or even personal property. Collected Disclosed How long will you keep consumer data? 6 months 1 year As long as the user has an account with us Other Biometric DataHave you collected or disclosed biometric information in the last 12 months?This is information that can be used to digitally identify a person, such as the iPhone's fingerprint and facial recognition technology. Collected Disclosed How long will you keep a user's internet activity? 6 months 1 year As long as the user has an account with us Other Internet ActivityHave you collected or disclosed information regarding a user's internet activity in the last 12 months?This is any tracking or compiling of a person's online activity, for example, to personalize content or advertisements that you want the user to see. Collected Disclosed How long will you keep a user's internet activity? 6 months 1 year As long as the user has an account with us Other Geolocation DataHave you collected or disclosed information regarding a user's location in the last 12 months?This is a person's physical location or movements through an Internet-connected device, such as a browser, computer, or mobile device. Collected Disclosed How long will you keep geolocation data? 6 months 1 year As long as the user has an account with us Other Sensory DataHave you collected or disclosed audio, visual, thermal, electronic, or olfactory recordings/data in the last 12 months?This is information that is recorded or detected by the senses, such as a recording of a person's conversation, or temperature detected by a thermal camera. Collected Disclosed How long will you keep sensory data? 6 months 1 year As long as the user has an account with us Other Professional and Employment DataHave you collected or disclosed professional- or employment-related information in the last 12 months?This is information about a person's professional experience, such as work history or a job evaluation. Collected Disclosed How long will you keep professional and employment data? 6 months 1 year As long as the user has an account with us Other Education InformationHave you collected or disclosed student education records in the last 12 months?These are records that are directly related to a student and maintained by an educational agency or institution, such as grades or class schedules. Collected Disclosed How long will you keep education information? 6 months 1 year As long as the user has an account with us Other InferencesDo you create consumer profiles based on inferences or conclusions you make from users' personal information? Yes No Have you disclosed the information about the inferences you made to a third party? Yes No How long will you keep information about inferences? 6 months 1 year As long as the user has an account with us Other Sensitive Personal Information Under State LawsPlease select the sensitive personal information that you collect:Skip this question if you do not collect any. Account login information Biometric data Citizenship or immigration status Contents of email or text messages Debit or credit card numbers Debit or credit card numbers Financial information including account access details Genetic data Health data National origin Passport numbers Personal data from a known child Precise geolocation Racial or ethnic origin Religious or philosophical beliefs Sex life or sexual orientation Social security numbers State ID card numbers Status as transgender or nonbinary Union membership Have you disclosed sensitive personal information in the last 12 months? Yes No How long will you keep the sensitive personal information? 6 months 1 year As long as the user has an account with us Other Inferring Characteristics (Does not apply to most people) I use sensitive personal information to infer characteristics about my users. CCPA MetricsDo you process the personal information of 10 million or more California residents annually? Yes No Under the CCPA, if your business processes the personal information of 10 million or more California residents annually, you are required to disclose metrics about data subject access requests form California residents for the previous calendar year. Please enter the URL where your metrics are disclosed.Enter the URL that reports the metrics Financial IncentivesWill you provide financial incentives to users in exchange for their personal information?Applicable to California and/or Colorado residents only Yes No InquiriesHow can users contact you regarding US privacy-related questions? Email address Toll-free phone number Contact form Other EEA & UK RepresentativeDo you have an European Economic Area (EEA) and/or a UK representative? EEA representative UK representative Both Neither International TransfersWill you be transferring EU or UK users' personal information to anyone outside the EU or UK? Yes No Where are your servers located (this includes server locations where you send personal information to)?AfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCabo VerdeCambodiaCameroonCanadaCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaComorosCongoCongo, Democratic Republic of theCook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzechiaCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHoly SeeHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea, Democratic People's Republic ofKorea, Republic ofKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth MacedoniaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestine, State ofPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussian FederationRwandaRéunionSaint BarthélemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyria Arab RepublicTaiwanTajikistanTanzania, the United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkmenistanTurks and Caicos IslandsTuvaluTürkiyeUS Minor Outlying IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUruguayUzbekistanVanuatuVenezuelaViet NamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland IslandsWhen you disclose personal information to third parties, in which countries are the third parties located?AfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCabo VerdeCambodiaCameroonCanadaCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaComorosCongoCongo, Democratic Republic of theCook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzechiaCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHoly SeeHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea, Democratic People's Republic ofKorea, Republic ofKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth MacedoniaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestine, State ofPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussian FederationRwandaRéunionSaint BarthélemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyria Arab RepublicTaiwanTajikistanTanzania, the United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkmenistanTurks and Caicos IslandsTuvaluTürkiyeUS Minor Outlying IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUruguayUzbekistanVanuatuVenezuelaViet NamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland IslandsWhich set(s) of rules do you adhere to when transferring personal information internationally?Check all that apply. You must adhere to at least one. European Commission's Standard Contractual Clauses Binding corporate rules Can you provide a link to your company's Data Processing Agreement which contains Standard Contractual Clauses? Yes, the link can be provided now No Please provide a link to your company's Data Processing Agreement which contains Standard Contractual Clauses. Please provide a link to your binding corporate rules. Data Privacy FrameworkImportant: The U.S. Department of Commerce’s International Trade Administration (ITA) must first approve that your policy is Data Privacy Framework-compliant before you can publish it.Do you adhere or plan to adhere to the Data Privacy Framework (DPF)? YesWhat is the Data Privacy Framework (DPF)? The DPF was designed by the U.S. Department of Commerce, the European Commission, the UK Government, and the Swiss Federal Administration. As of July 10, 2023, the DPF is a recognized mechanism for transferring personal information to the U.S. from the EU/EEA, the UK, and Switzerland. No Which DPF are you registered to? EU-U.S. DPF Swiss-U.S. DPF Both Are you also registered to the UK Extension to the EU-U.S. DPF? First Choice Second Choice Third Choice Are you also registered to the UK Extension to the EU-U.S. DPF? Yes No Please list any of your entities or subsidiaries that adhere to the DPF Principles Enter the URL address to your DPF listing Which "independent recourse mechanism" do you offer for privacy-related complaints from EU, UK, and/or Swiss users? Independent dispute resolution provider (U.S. based) Independent dispute resolution provider (EU based) Independent dispute resolution provider (UK based) Independent dispute resolution provider (Switzerland based) EU data protection authorities, UK Information Commissioner's Office, and/or Swiss Federal Data Protection and Information Commissioner Enter the name of your independent dispute resolution provider Enter the dispute resolution website Which enforcement authority is your business subject to?You must select at least one Federal Trade Commission (FTC) U.S. Department of Transportation (DOT) Add your own Add RemoveDo you want to include any additional information about your DPF certification? Yes No Additional information Data Protection Officer (DPO)Have you, or will you, appoint a data protection officer (DPO)?A data protection officer (DPO) oversees the company's compliance with US, EU and/or UK privacy laws. If you are targeting EU or UK users, you may be required to have a DPO. If you only target US users, we still highly recommend having a DPO or another individual responsible for all privacy issues at your company. Yes No What is the DPO's email? DPO's phone numberDoes the data protection officer have the same physical address as the company? Yes No What is the email address users should contact in case they have questions about your policy?Please enter the email address of the person responsible for your privacy notice. Data Subject Access RequestDo you provide a service that allows users to send a request to view/edit/delete their personal information stored on your website and/or app?This type of service could be an online request form, contact form, or a dedicated email address. Yes No, I will use another service Please enter the URL to access this service Users may request access to their personal information: If their country’s privacy law grants the right to access (Recommended for most users) Always Global Privacy ControlDoes your website have Global Privacy Control (GPC) enabled? Yes No Review Your Policy CoverageSelect any other regions you do business in and wish to add to your policy: POPIA (South Africa) Privacy Act (Australia) The Privacy Act 2020 (New Zealand) Additional ClauseDo you want to add your own clause to this Privacy Policy? Yes No This additional clause section is intended for customization only after consultation with an attorney. By including an additional clause, you understand that you are solely responsible for maintaining the information in this clause as required under applicable law.This additional clause section is intended for customization only after consultation with an attorney. By including an additional clause, you understand that you are solely responsible for maintaining the information in this clause as required under applicable law.How many additional clauses do you want to add?12345678910 CompanyFull legal name of companyInclude corporate ending if applicable: Inc., LLC, etc. Are you doing business under a short form or trade name (also known as a DBA)? Yes No What is the short form or trade name of your company?e.g., Apple Inc is simply called Apple Please provide an email address for privacy-related inquiries, (e.g., data subject access requests or questions related to this Privacy Policy) Can users use the same email to exercise their right to appeal? Yes No Email for appeal process Phone numberInclude your office phone number or your personal phone number. Corporate AddressAddress Street Address Address Line 2 City State / Province / Region ZIP / Postal Code AfghanistanAlbaniaAlgeriaAmerican SamoaAndorraAngolaAnguillaAntarcticaAntigua and BarbudaArgentinaArmeniaArubaAustraliaAustriaAzerbaijanBahamasBahrainBangladeshBarbadosBelarusBelgiumBelizeBeninBermudaBhutanBoliviaBonaire, Sint Eustatius and SabaBosnia and HerzegovinaBotswanaBouvet IslandBrazilBritish Indian Ocean TerritoryBrunei DarussalamBulgariaBurkina FasoBurundiCabo VerdeCambodiaCameroonCanadaCayman IslandsCentral African RepublicChadChileChinaChristmas IslandCocos IslandsColombiaComorosCongoCongo, Democratic Republic of theCook IslandsCosta RicaCroatiaCubaCuraçaoCyprusCzechiaCôte d'IvoireDenmarkDjiboutiDominicaDominican RepublicEcuadorEgyptEl SalvadorEquatorial GuineaEritreaEstoniaEswatiniEthiopiaFalkland IslandsFaroe IslandsFijiFinlandFranceFrench GuianaFrench PolynesiaFrench Southern TerritoriesGabonGambiaGeorgiaGermanyGhanaGibraltarGreeceGreenlandGrenadaGuadeloupeGuamGuatemalaGuernseyGuineaGuinea-BissauGuyanaHaitiHeard Island and McDonald IslandsHoly SeeHondurasHong KongHungaryIcelandIndiaIndonesiaIranIraqIrelandIsle of ManIsraelItalyJamaicaJapanJerseyJordanKazakhstanKenyaKiribatiKorea, Democratic People's Republic ofKorea, Republic ofKuwaitKyrgyzstanLao People's Democratic RepublicLatviaLebanonLesothoLiberiaLibyaLiechtensteinLithuaniaLuxembourgMacaoMadagascarMalawiMalaysiaMaldivesMaliMaltaMarshall IslandsMartiniqueMauritaniaMauritiusMayotteMexicoMicronesiaMoldovaMonacoMongoliaMontenegroMontserratMoroccoMozambiqueMyanmarNamibiaNauruNepalNetherlandsNew CaledoniaNew ZealandNicaraguaNigerNigeriaNiueNorfolk IslandNorth MacedoniaNorthern Mariana IslandsNorwayOmanPakistanPalauPalestine, State ofPanamaPapua New GuineaParaguayPeruPhilippinesPitcairnPolandPortugalPuerto RicoQatarRomaniaRussian FederationRwandaRéunionSaint BarthélemySaint Helena, Ascension and Tristan da CunhaSaint Kitts and NevisSaint LuciaSaint MartinSaint Pierre and MiquelonSaint Vincent and the GrenadinesSamoaSan MarinoSao Tome and PrincipeSaudi ArabiaSenegalSerbiaSeychellesSierra LeoneSingaporeSint MaartenSlovakiaSloveniaSolomon IslandsSomaliaSouth AfricaSouth Georgia and the South Sandwich IslandsSouth SudanSpainSri LankaSudanSurinameSvalbard and Jan MayenSwedenSwitzerlandSyria Arab RepublicTaiwanTajikistanTanzania, the United Republic ofThailandTimor-LesteTogoTokelauTongaTrinidad and TobagoTunisiaTurkmenistanTurks and Caicos IslandsTuvaluTürkiyeUS Minor Outlying IslandsUgandaUkraineUnited Arab EmiratesUnited KingdomUnited StatesUruguayUzbekistanVanuatuVenezuelaViet NamVirgin Islands, BritishVirgin Islands, U.S.Wallis and FutunaWestern SaharaYemenZambiaZimbabweÅland Islands Country Name Your PolicyWhat do you want to call your policy?This will be the title shown on the policy. Privacy Policy Privacy Notice I don't want to include a title Other Version DateWhat is the effective date for this Privacy Policy?The effective date on your Privacy Policy informs your users of when your Privacy Policy was originally published or last updated. When you make an update to your Privacy Policy that requires notifying your users, make sure the effective date is the same date you indicated in your notice communications. MM slash DD slash YYYY NameThis field is for validation purposes and should be left unchanged.
