Privacy Notice

Privacy and Website Guidance Document

  1. Email Notification of Updates: We recommend—once the updates are finalized—sending out an email notice (to those users with accounts / that are on the company’s email lists) providing them notice of the updated policies and noting that their continued use / access to the website or services post XX date constitutes their acceptance of the updates. This would just need to be an informative email and would not require any action by the consumer / user.
  1. Chat Bots and Messaging: There has been increased litigation in the US with respect to the use and provision of live chat features (AI or otherwise) on websites. On this front we generally recommend the following type of disclosure in the chat feature prior to a user submitting text:
    • By messaging us via chat, you agree to our Privacy Policy and Terms of Use, and that we and/or our vendor may retain a copy of all chat communications.
  1. Data Subject Rights Requests: Applicable U.S. state data protection laws require that businesses with websites offer users a webform functionality to submit privacy right request (e.g., access, correction, deletion, etc.). The Instructions Document we’ve provided gives an overview of how that form should be structured and what content it should include / request from the user. The webform only needs to live as a link within / out of the privacy policy itself, it does not need to be a standalone link in the footer of the website. It is common for consumer-facing entities to leverage third party vendors on this front such as OneTrust, DataGrail, Osano, Exterro, or Trust Arc, other business create a separate, but privacy focused, “Contact Us” style form and landing page.
  1. Your Privacy Choices / DO NOT SELL: We’ve provided a sample “Your Privacy Choices” webpage to assist Company in complying with targeted advertising opt outs. The Company needs to provide an optout for users to opt out of: (1) targeted advertising (e.g., Google Ads, Meta Pixel); and (2) the sharing of their information with other affiliates. This requires Company to provide users the ability to opt out of such data collection / use via a separate and distinct webpage titled Your Privacy Choices. A draft Your Privacy Choices page has been provided. However, the exact verbiage on how to direct a user to actually opt out of the targeted advertising (e.g., Google Ads) will depend on the cookie consent management settings that the company chooses to utilize. To link to the page the company can use the phrase “Your Privacy Choices” to be the hyperlinked in the footer of the website, so long as, to the left of that phrase, the attached privacy choices icon. Below is an example of how it should look and here is a downloadable version of that image. 
  1. Global Privacy Control: U.S. state data protection laws require businesses engaged in targeted advertising to configure their websites to listen for, accept, and adhere to “Global Privacy Controls”. The website/tech team will therefore need to configure the websites to receive and abide by what are called Global Privacy Controls. This typically entails pulling in some additional code into the back end of the website, but the team can follow the following specific instructions / specifications to make sure they are implemented and that the website is compliant: Global Privacy Control (GPC) (privacycg.github.io). Another helpful resource can be found here: https://globalprivacycontrol.org/implementation. Many third-party providers in the privacy space (e.g. OneTrust, Osano, DataGrail, TrustArc, Exterro, etc.) provide features to assist complying with this requirement.
  1. SMS Opt-In Language: With respect to obtaining consent from users to use their telephone numbers for SMS marketing, we’d recommend the below language be used:
    • By providing your number and checking this box, you consent to receive recurring informational and marketing calls and text messages, including by automated and/or prerecorded calls means, from or on behalf [Company] at the number provided. Consent is not a condition of purchase. Message & data rates may apply.  Reply STOP to stop and HELP for help.  By providing your number and checking this box, you also agree to our Terms of Use and Privacy Policy for more information.
  1. Sharing Telephone Numbers Between Affiliates: Each affiliated business will need to obtain their own, separate opt in consent for SMS and other text message marketing. The FCC has updated their regulations to state that consent cannot be combined for multiple entities when using SMS for marketing—even where those entities are affiliates. It is less risky and easier to share emails for marketing purposes (assuming that any and all users who have previously opted out are not included in such shared databases).
  1. Email Listserv Disclosures: Generally, we recommend putting in place disclosures near or in any field through which users input their email address (where Company will use the email for marketing) that specifically call out the website’s terms and privacy notice and to bolster implied consent defenses. The disclosure can be akin to the below. The same disclosure should also be used in the checkout process as well prior to a user submitting their information.
  1. By signing up for email, you agree to Great Day Improvement’s Terms of Use and Privacy Policy.
  1. Cookie Notice Banner: