The TRUSTe Model
Privacy Statement
Developing
your company’s privacy statement is a critical stage in understanding and
articulating your corporate policies. For many companies, drafting a privacy
statement kick starts a corporate-wide understanding of how individual data is
used and, more importantly, initiates a conversation about how to build trust
with consumers.
Unfortunately,
there is no single “ideal” privacy statement – by definition, they vary from
company to company and must be tailored to highlight specific practices. That
being said, TRUSTe has identified several common themes that, in our
experience, have emerged as “best practices” for a privacy statement.
The
following Model Privacy Statement serves as a template, prompting you to
consider important points in your information gathering policy and practices.
Before we begin, keep in mind a couple of key points:
1.Say what you do;
Do what you say – The Golden Rule in privacy statements is “Do Not Lie.” The
only thing worse than not posting a privacy statement is to fraudulently claim
a certain business practice. State and federal governments do not look kindly
on companies that claim one set of practices, and follow another.
1.Tailor the Model
Privacy Statement – The following model will provide you with resources to
begin developing your own privacy statement, but you should be sure not to
simply cut and paste. Use it as a starting point to create a statement tailored
to your specific practices.
1.Privacy
Statements are not Disclaimers – The communication of your company’s privacy
practices should express what is actually happening on the site, not what may
happen, has happened or is planned for the future. In some cases, informing
your users of the information gathering your company’s site does not practice
may be more effective.
1.Re-visit your
privacy statement frequently – A privacy statement is a living document,
designed to clearly communicate your company’s privacy practices, which, for
many companies, change over time. Make sure you revisit your posted privacy
statement to make sure it truly reflects your current practices.
1.Communicate your
privacy practices to your entire company – In order to avoid information spills
it is important to make sure that your entire company is aware of the policies
within your privacy statement.
Throughout this
model privacy statement TRUSTe uses [bracketed] language in order to provoke
thought on a specific privacy practice or present language options that will
help you ensure your privacy statement matches your business model and actual
practices.
Creating
a clear and accurate statement helps your company in its efforts to build loyal
relationships with its users by providing your customers with the information
they need to trust you with their personal information. We hope you find this
Model Privacy Statement useful in your quest to build trust with your
customers. If you have any specific questions, do not hesitate to contact us by
email at businessdevelopment@truste.orgbizdev@truste.org.
Additional
Steps for Protecting Children Online
There
are additional requirements and elements needed beyond a model privacy
statement, in order to address children’s online privacy issues. Please visit
the Children’s Privacy Seal
section of our Web site for more information on how to make your Web site safer
for kids and compliant with the Children’s Online Privacy Protection Act.
MODEL PRIVACY
STATEMENT
[NAME
OF COMPANY/SITE] is a licensee of the TRUSTe Privacy Program. TRUSTe is an
independent, non-profit organization whose mission is to enable individuals and
organizations to establish trusting relationships based on respect for personal
identity and information by promoting the use of fair information
practices. This
privacy statement covers the site [WWW.URL
OFSITE.COM]. Because
this Web site wants to demonstrate its commitment to our users' privacy, it has
agreed to disclose its information practices and have its privacy practices
reviewed for compliance by TRUSTe.
Your privacy is very important to us, and we will
treat your data with care and respect.
We know that you care how information and data about you is collected,
used and shared. This Privacy Statement
describes our privacy policy and details how we collect, use, and/or
disseminate the information you provide. We reserve the right change this Statement
at any time and urge you to review our Statment regulary to familiarize yourself
with any changes.
By visiting our
website, using our online products/services, and/or by voluntarily submitting
information to us via online forms, advertisement responses, and/or electronic
mail, you are accepting the practices described in this Privacy Statement.
Who We Are
Create My Future has developed and licenses a system software product
called Create My Future which allows Network Marketers to promote a legal
and ethical network marketing opportunity and/or Client program and/or
opportunities or programs of their choice. The Create My Future
system is designed to be used exclusively to promote the products and
Services offered by the system. However, due to the fact that each Create My Future account is
controlled by an independent representative, we cannot guarantee how the system and privacy information
will be managed by these representatives.
Create My Future operates and manages the Create My Future System to
assist network marketers in the building of their business on the Web.
Individuals that subscribe to the Create My Future System do so in
one of two forms: prospects (sometimes referred to as Pre-Enrollees), and Members. Individual
subscriptions to the Create My Future System are referred to as a "Member" in
the Create My Future System.
To cater to both you (the Customer) and our Members, we may be
required to collect, use, and share certain information. The type of information we collect, together
with a description of how we use and/or share it, is described below.
1. What personally identifiable information [NAME
OF COMPANY] collects.
2. What personally identifiable information third
parties collect through the Web site.
3. What organization collects the information.
4. How [NAME OF COMPANY] uses the information.
5. With whom [NAME OF COMPANY] may share user
information.
6. What choices are available to users regarding
collection, use and distribution of the information.
7. What types of security procedures are in place
to protect the loss, misuse or alteration of information under [NAME OF
COMPANY] control.
8. How users can correct any inaccuracies in the
information.
If users have
questions or concerns regarding this statement, they should first contact [NAME
OF INDIVIDUAL, DEPARTMENT OR GROUP RESPONSIBLE FOR INQUIRIES] by [CONTACT
INFORMATION: EMAIL, PHONE, POSTAL MAIL] If they do not receive acknowledgment
of their inquiry or their inquiry is not satisfactorily addressed, they should
then contact TRUSTe through the TRUSTe Watchdog Dispute
Resolution Process (http://www.truste.org/users/users_watchdog.phphttp://www.truste.org/users/users_watchdog_intro.html).
TRUSTe will serve as a liaison with the Web site to resolve users concerns.
[Include this
Software Disclaimer as the last sentence in the TRUSTe opening statement if the
site has a downloadable software application or applet:
The TRUSTe program covers only information that is collected through this Web
site, and does not cover information that may be collected through software
downloaded from the site. By displaying the TRUSTe trustmark, [NAME OF SITE]
has agreed to notify users of:]
Create My Future, our partners, and the independent representative who are Members are the owners of the information collected on createmyfuture.com.
In order
to use this Web site, a user MAY first complete the registration form. During registration a user [is
required to] give[s]
contact information (such as name and email address). We use this information
to contact the user about services on our site for which he has expressed
interest. It is optional optional for
the user to provide demographic information (such as income level and gender),
and unique identifiers (such as, username and password), but encouraged so we
can provide a more personalized experience on our site. If a person or company chooses to enroll in
our network marketing business opportunity, we are require to collect the
persons/user's social security number and if a company, we are required to
collect their EIN number. These numbers
are required to comply with IRS requirements and to provide this information
to our associated network marketing business. [include
service type here.] [TRUSTe
recommends you only collect a social security number when it is a required
identifier for performing the site’s service.]
We request information from the user on our
order form. A user must provide contact information (such as name, email, and
shipping address) and financial information (such as credit card number,
expiration date). This information is
used for billing purposes and to fill customer's orders. In addition, this information is given to
the network marketing company for the purpose of enrollment and processing
orders. If we have trouble
processing an order, the information is used to contact the user.
[This paragraph
should elaborate on the actual ‘use’ of the information. For instance, the service the site performs
should be incorporated here. Also, a
discussion of the use of aggregate information should be disclosed here as
well. Be as specific as possible, without
being contingent. Avoid ‘we may do
this’ ‘we might do that’ type of language.]
We will use
personal information that we gather about you to provide the services that you
have requested. In
addition, if you have a free trial account with Create My Future, then we will
use the information gathered about you to share more information about our
business in an attempt to convince you to make a purchase
from us or our associated companies. Create My Future and the
person/affiliate who sent you to this site will be granted access to your
personal contact (name, phone number, and email) information so that they can communicate with
you in an attempt to "sell" various products, services, and memberships to you.
We store information that we collect through cookies,
log files, clear gifs, and/or third parties to create a profile of our
users. A profile is stored information
that we keep on individual users that details their viewing preferences. Consequently, collected information is tied
to the users personally identifiable information to provide offers and improve
the content of the site for the user. This profile is used to tailor a user's
visit to our Web site, and to direct pertinent marketing promotions to
them. We [do
not] share your profile with other
third parties. [Your
profile is shared in aggregate form only.] [Your profile is shared
together with your personally identifiable information. YOUR PAYMENT INFORMATION, SOCIAL SECURITY OR
EIN NUMBER IS NEVER SHARED FOR ANY REASON WITH ANY OUTSIDE THIRD PARTY UNLESS
REQUIRED BY LAW, EXCEPT FOR THE PURPOSE OF ENROLLMENT IN OUR MLM OPPORTUNITES.]
A
cookie is a piece of data stored on the user's computer tied to information
about the user. [Usage of a
cookie is in no way linked to any personally identifiable information while on
our site.] We use [both]
session ID cookies [and] and persistent
cookies. For the session ID cookie,
once users close the browser, the cookie simply terminates. A persistent cookie is a small text file
stored on the user's hard drive for an extended period of time. Persistent
cookies can be removed by following Internet browser help file directions. [Provide
a link to information on cookies.]
[Explain
how cookies are used on your Web site.] By setting a cookie on our
site, users would not have to log in a password more than once, thereby saving
time while on our site. If users reject
the cookie, they may still use our site.
The only drawback to this is that the user will be limited in some areas
of our site. For example,
[the user will not be able to participate in any of our sweepstakes, contests
or monthly drawings that take place.] Persistent cookies enable us
to track and target the interests of our users to enhance the experience on our
site. See the "Profile" section.
Some
of our business partners use cookies on our site (for example,
advertisers). However, we have no
access to or control over these cookies, once we have given permission for them
to set cookies for advertising.
The
ads appearing on this Web site are delivered to users by [THIRD PARTY AD SERVER
NAME], our Web advertising partner. Information about users' visit to this
site, such as number of times they have viewed an ad (but not user name,
address, or other personal information), is used to serve ads to users on this
site. For more information
about [THIRD PARTY AD SERVER NAME], cookies, and how to "opt-out",
please click here
[LINK TO: THIRD
PARTY AD SERVER PRIVACY STATEMENT].
This privacy
statement covers the use of cookies by [NAME OF SITE] only and does not cover
the use of cookies by any advertisers.
Like most
standard Web site servers we use log files.
This includes internet protocol (IP) addresses, browser type, internet
service provider (ISP), referring/exit pages, platform type, date/time stamp,
and number of clicks to analyze trends, administer the site, track user's
movement in the aggregate, and gather broad demographic information for
aggregate use. IP addresses, etc. are
not linked to personally identifiable information. [ IP
addresses are tied to personally identifiable information to enable our
Web-based service.] [We use
a tracking utility called [XXXX] that uses log files to analyze user
movement.][Webtrendslive users may have further obligations of particular
language per their license with Webtrendslive. See your license agreement.]
[See the Profile section below.]
We employ [or
our third party advertising company employs] a
software technology called clear gifs (a.k.a. Web Beacons/Web Bugs), that help
us better manage content on our site by informing us what content is
effective. Clear gifs are tiny graphics
with a unique identifier, similar in function to cookies, and are used to track
the online movements of Web users. The main difference between the two is that
clear gifs are invisible on the page and are much smaller, about the size of
the period at the end of this sentence. [Clear
gifs are tied to users' personally identifiable information.] [Clear
gifs are not tied to users' personally identifiable information.]
Clear Gifs can "work
with" existing cookies on a computer if they are both from the same Web
site or advertising company. That
means, for example, that if a person visited "www.companyX.com", which uses an
advertising company's clear gif, the Web site [or
advertising company] would match the clear gif's
identifier and the advertising company's cookie ID number, to show the past
online behavior for that computer. This collected information would then be
given to the advertising company [or
Web site].
To learn more about our advertising company’s use
of clear gifs, please go to [NAME OF ADVERTISER’S SITE.]
In addition, we use clear
gifs in our HTML-based emails to let us know which emails have been opened by
the recipients. This allows us to gauge
the effectiveness of certain communications and the effectiveness of our
marketing campaigns. If users would
like to opt-out of these emails, please see the Opt-out section.
Communications from the Site
We
send all new members a welcoming email to verify password and username.
Established members will occasionally receive information on products,
services, special deals, and a newsletter. Out of respect
for the privacy of our users we present the option to not receive these types
of communications. Please see the Choice and Opt-out sections.
If
a user wishes to subscribe to our newsletter, we ask for contact information
such as name and email address. Out of
respect for our users privacy we provide a way to opt-out of these communications. Please see the Choice and Opt-out sections.
On
rare occasions it is necessary to send out a strictly service related
announcement. For instance, if our
service is temporarily suspended for maintenance we might send users an
email. Generally, users may not opt-out
of these communications, though they can deactivate their account. However, these communications are not
promotional in nature. [Users
may opt-out of these communications. Please see our Choice and Opt-out
section.]
We communicate with users on a regular basis to provide requested services and in regards to issues relating to their account we reply via email or phone, in accordance with the users wishes.
Sharing
Though
we make every effort to preserve user privacy, we may need to disclose personal
information when required by law wherein we have a good-faith belief that such
action is necessary to comply with a current judicial proceeding, a court order
or legal process served on our Web site.
We
share aggregated demographic information with our partners and
advertisers. [Describe
the sharing practices of what your
site does, but be specific in your relationship with these third parties.]
This is not linked to any personally identifiable information.
We use the information you have voluntarily
provided to cause information, offers, products, and/or services that appear to
us to be consistent with your expressed interests to be directed to you. This is typically accomplished by using your
information to direct to you information, offers, products, and/or services
from us and/or one of our affiliated companies. Your information may, therefore, ultimately be used for marketing
purposes by us, our affiliated companies, and/or any one or more the associated
businesses with which we work.
We cannot ensure that all of your private
communications and other personally identifiable information will never be
disclosed in ways not otherwise described in this Privacy Statement. For
example, we may be forced to disclose information to the government or third
parties under certain circumstances, or third parties may unlawfully intercept
or access transmissions or private communications. We can (and you authorize us
to) disclose any information about you to law enforcement or other government
officials as we, in our sole discretion, believe necessary or appropriate.
After we share your information with our affiliated
companies and/or any of the several businesses with which we work, we lose
control over how they will use, collect, and/or disseminate your
information. Accordingly, we recommend
that you review the Privacy Statements of the corresponding affiliated
companies with whom we have shared your information in order to acquaint
yourself with their information collection, use, and/or sharing policies.
You understand and agree that Create My Future is not
responsible for the privacy practices or the content of these other websites,
and you agree that Create My Future is not responsible for how such information is
ultimately used.
[NAME OF
COMPANY] shares Web site usage information about users with a reputable third
party [NAME
OF THIRD PARTY] for the purpose
of targeting our Internet banner advertisements on this site and other
sites. For example, [NAME OF COMPANY]
uses cookies and clear GIFs on this site, which allow them to recognize a
user's cookie when a user visits this site. The information they collect and
share through this technology is not personally identifiable. For more information about our third-party
advertiser or for choices about not having this anonymous information used
please click here [LINK TO: ADSERVER PRIVACY POLICY/OPT OUT].
These are the instances in which we will share users'
personal information:
[We
Share Personal Contact Information with third parties. If you want to ensure that your information is never shared
with any third party, you must request to be unsubscribed or cancelled from our
service. Failure to unsubscribe or
cancel your service will imply that you are interested in having your personal
information shared with various third parties.
][We DO NOT
Share Personal Information with Third Parties]
[Specifically
describe any sharing of personally identifiable information. For example,
describe actual practices where the site is sharing personally identifiable
information. Include sharing scenarios where the partner can dispose of the
information either in the manner that they see fit, or where the partner can
use the personal information for a limited circumstance or series of limited
circumstances. Another example might include sharing with parent
companies, subsidiaries or affiliated companies for reasons other than
corporate record keeping purposes. Typically these kinds of sharing
arrangements occur when the third party will then own or control the customer
relationship. Below are some examples of the different types of
relationships or situations involving sharing personal information with third
parties that may exist. Keep in mind that sharing personally identifiable
information for secondary purposes, must incorporate an opt-out prior to the
sharing.]
We
use an outside shipping company to ship orders, and a credit card processing
company to bill users for goods and services. These companies do not retain,
share, store or use personally identifiable information for any secondary
purposes.
We
partner with other third parties [ANOTHER PARTY’S
NAME]to provide specific services. [For example, XXXX] When the user
signs up for these particular services, we share names, or other contact
information [specify what information is being shared with the
third party service provider] that is necessary for the third
party to provide these services. These
third parties are not allowed to use personally identifiable information except
for the purpose of providing these services and for purposes referenced in their privacy policies.
We allow carefully-screened Approved Lead Vendors to be listed in your back office. Under certain circumstances, we may share your contact information with one or more of these Approved Lead Vendors. They may use this information to contact you via telephone, email or direct mail to inform you about an upcoming lead special, conference call or other promotional opportunity which could potentially benefit you.
In
the event [NAME OF COMPANY]Create My Future goes
through a business transition, such as a merger, being acquired by another
company, or selling a portion of its assets, users' personal information will,
in most instances, be part of the assets transferred. Users will be notified via email [email]
[prominent notice on our Web site for 30 days] prior to a change
of ownership or control of their personal information. If as a result of the
business transition, the users' personally identifiable information will be
used in a manner different from that stated at the time of collection they will
be given choice consistent with our notification of changes section.
Our users are
given the opportunity to 'opt-out' of having their information used for
purposes not directly related to our site only by completely opting-out of our service and/or canceling a paid
subscription to our service.
Our
users are given the opportunity to 'opt-out' of having their information used
for purposes not directly related to our site at the point where we ask for
information. For example, our order
form has an 'opt-out' mechanism so users who buy a product from us, but don’t
want any marketing material, can keep their email address off of our
lists.
Users
who no longer wish to receive our newsletter and promotional communications may
opt-out of receiving these communications by following the
unsubscribe instructions sent with every email. replying to
unsubscribe in the subject line in the email or email us at [EMAIL
ADDRESS] [We also offer an opt-out
mechanism on the [MEMBER INFORMATION PAGES] or the user may contact us at
[PHONE] [EMAIL] or [POSTAL MAIL] to opt-out.]
Users
of our site are always notified when their information is being collected by
any outside parties. We do this so our
users can make an informed choice as to whether or not they should proceed with
services that require an outside party.
This
Web site contains links to other sites. Please be aware that we, Create My Future[NAME
OF COMPANY], are not responsible for the privacy practices of such
other sites. We encourage our users to
be aware when they leave our site and to read the privacy statements of each
and every Web site that collects personally identifiable information. This privacy statement applies solely to information
collected by this Web site. [Discuss
co-branding and/or framing relations where the user may not know who is
collecting the information].
[From
time-to-time] our site requests information from users via surveys or
contests. Participation in these
surveys or contests is completely voluntary and the user therefore has a choice
whether or not to disclose this information.
The requested information typically includes contact information (such
as name and shipping address), and demographic information (such as zip code). Contact information will be used [shared
with the contest [survey] sponsors] to notify the winners and award
prizes. [Anonymous] Survey information
will be used for purposes of monitoring or improving the use and satisfaction
of this site. users' personally
identifiable information is not shared with third parties unless we give prior
notice and choice. Though we may use an intermediary to conduct these surveys
or contests, they may not use users' personally identifiable information for
any secondary purposes.
If a user
elects to use our referral service for informing a friend about our site, we
ask them for the friend's name and email address. [NAME OF COMPANY]Create My Future will
automatically send the friend a one-time email inviting them to visit the
site. [NAME OF
COMPANY]Create My Future stores [or does not
store] this information for the sole purpose of sending this
one-time email [and tracking the success of our
referral program].
The friend may contact Create My Future[NAME OF COMPANY]
at www.createmyfuture.com/unsubscribe[INSERT
URL OR EMAIL ADDRESS] to request the removal of this information
from our database.
Protecting the privacy of the young is important to us. Therefore, you cannot use this site if you are not 18 years old. If you are not 18 years old you are not permitted to access this website for any reason. Because of this, we never knowingly collect or maintain information at our website from those we actually know are under 18, and no part of our website is structured to attract anyone under the age of 18.
Protecting the privacy of your telecommunications information is important to us. When members or prospects make phone calls to telecommunication services provided by us, we may track information about the name, phone number, and other information about the calling party. In addition, we may gather information about telecommunication services used by our members. By contacting us via telephone you are allowing us to contact you even if your phone number is on any legal DNC (do not call) lists.
This Web site takes every precaution to protect our users' information. When users submit sensitive information via the Web site, we strive to ensure that their information is protected both online and off-line. However, please be aware that no data transmission over the Internet or information storage technology can be guaranteed to be 100% secure.
When our registration/order form asks users to enter
sensitive information (such as credit card number and/or social security
number), that information is encrypted and is protected with the best
encryption software in the industry - SSL.
While on a secure page, such as our order form, the lock icon on the
bottom of Web browsers such as Netscape Navigator and Microsoft Internet
Explorer becomes locked, as opposed to un-locked, or open, when users are just
'surfing'. [To learn more
about SSL, follow this link [INSERT LINK].]
While we use SSL encryption to protect sensitive
information online, we also do everything in our power to protect
user-information off-line. All of our
users' information, not just the sensitive information mentioned above, is
restricted in our offices. Only
employees who need the information to perform a specific job (for example, our
billing clerk or a customer service representative) are granted access to
personally identifiable information.
Our employees must use password-protected screen-savers when they leave
their desk. When they return, they must
re-enter their password to re-gain access to user information. Furthermore, ALL employees are kept
up-to-date on our security and privacy practices. Every [quarter],
as well as any time new policies are added, our employees are notified and/or
reminded about the importance we place on privacy, and what they can do to
ensure our users' information is protected.
Finally, the servers that store personally identifiable information are
in a secure environment, [behind a locked
cage][in a secure locked facility].
[Be sure that
your actual practices are reflected in this section. For example, if your
employees are updated on privacy every 6 months, then state that, rather than a
statement that is false. Another example, must employees use
password-protected screensavers?]
If users have any questions about the security at our
Web site, users can send an email to support@createmyfuture.com.[EMAIL
ADDRESS.]
In order for this Web site to properly fulfill its
obligation to users it is necessary for us to supplement the information we
receive with information from 3rd party sources.
We purchase third party marketing data and add it to our
existing user database to better target our advertising and provide pertinent
offers we think our users would be interested in. We use this information to enhance or overlay the 'profile' of
individual users. This aggregate marketing data is therefore tied to the users'
personally identifiable information.
See also the "Profile."
If a user's personally identifiable information changes (such as zip code, phone, email or postal address), or if a user no longer desires our service, they may contact us at support@cmfteam.com to correct, update or delete/deactivate users' personally identifiable information.
If we decide to change our privacy policy, we will post those changes to this privacy statement in places that we deem appropriate. We will use information in accordance with the privacy policy under which the information was collected.
If, however, we are going to use users' personally identifiable information in a manner different from that stated at the time of collection we will notify users via email. Users will have a choice as to whether or not we use their information in this different manner. However, if users have opted out of all communication with the site, or deleted/deactivated their account, then they will not be contacted, nor will their personal information be used in this new manner. In addition, if we make any material changes in our privacy practices that do not affect user information already stored in our database, we will post a prominent notice on our Web site notifying users of the change. In some cases where we post a notice we will also email users, who have opted to receive communications from us, notifying them of the changes in our privacy practices.
If
users have any questions or suggestions regarding our privacy policy, please
contact us at:
support@cmfteam.com
www.createmyfuture.com