By Will Elton, Last updated: 2021-06-24 (originally published on 2018-06-22)
1. What information will you be collecting from your visitors?
2. Will you use the collected information in another country?
You have to state explicitly all the countries and/or territories in which you will be storing or using the data.
Note: Be extra careful if your server is located overseas or if you are a using a hosting service provider with overseas servers. You may be subject to additional provisions that restrict transfers of personal information.
3. How will you use the data you collected?
There are different types of cookies. Some identify users and track website performance in order to provide a more personalised experience for visitors. Others help analyse the effectiveness of website content. The four most common types of cookies are:
Strictly necessary cookies are cookies that are required for the operation of your website. They include, for example, cookies that enable the user to log into secure areas of your website, use a shopping cart or make use of e-billing services.
Analytical/performance cookies allow you to recognise and count the number of visitors and to see how visitors move around your website when they are using it. This helps you to improve the way your website works, for example by ensuring that users are finding what they are looking for easily.
Functionality cookies are used to recognise the user when the user returns to your website. This enables you to personalise your content for the user, greet the user by name, and remember the user’s preferences (for example the user’s choice of language or region).
Targeting cookies are cookies that record the user’s visit to your website, the pages the user has visited, and the links the user has followed.
It is critical that you specify what type of cookies your website uses and explain what kind of information these cookies will collect.
Not technically-savvy? Me neither! That’s why the Zegal app provides helpful and clear definitions that guide you through drafting each agreement.
6. Can customers make payments online via your website? If so, what kind of encryption do you use for web payments?
If you allow customers to make online payments on your website and use technology to encrypt the transactions, you should specify what security technology you use. The most common type of encryption is Secure Sockets Layer (SSL).
7. Who can users get in touch with if they want to access the data?
Remember: Under the law, individuals have the right to check whether you hold personal data about them, the right to access that data, the right to require that inaccurate data is corrected, and the right to request removal or deletion of the data. Therefore, it is essential that you provide a contact person and full contact details (including name, address, telephone number, fax number & email address) that users can get in touch with should they want to assess or correct the data they have provided.
Under the PDPA, organisations in Singapore are required to designate at least one individual, known as the Data Protection Officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.
Appointment of a DPO is also implicitly required in Hong Kong under Data Protection Principle 1.
Last but not least….
Now, preview your document:
And you’re done!
Running a business may be challenging, but with the right processes and documents in place, you can build prudent legal protections and ensure you stay compliant.
Ready to get started?
No commitment, no credit card required.