Wednesday, May 16, 2018

Does your Etsy shop need Privacy Policies?

GDPR laws in EU require privacy policies
Recent events have prompted an interest in privacy policies. The European Union has enacted new rules in that arena called the "General Data Protection Regulation" or GDPR. It takes effect on May 25, 2018.

Do small sellers really have to do this? Here is a hint: basic identity data like names and addresses are included under these new regulations.

Who needs to have a privacy policy in place?


This is what Etsy says:
"If you’re a seller based in the European Union or you offer your listings to buyers there, the GDPR applies to you, which means you’re required to have a privacy policy for your shop. Many other countries have also adopted data protection laws similar to the GDPR, so whether or not you sell to Europe, we recommend that all sellers create a privacy policy."

So privacy policy is recommended for all Etsy sellers.

If you use Etsy's so-called "canned" policies template (I do) your privacy policy will display as a link. For others, it will be a paragraph added.

How to do it


Here is Etsy's guide to crafting your own GDPR-compliant privacy policy. Simply use their template, copy and paste their example to fit your shop.

Here is one very simple sample privacy policy for those who only ship within the USA:
"We only use customer information to fulfill orders. We do not store or use customer information for any other purpose. Information such as name, address, and email address is not stored on our computers. If and when required, we will communicate with you about your order status using the Etsy platform."
Here is a longer one:
"ETSY is an online marketplace made up of over 1 million individual shops. The information you provide to Etsy for transaction purposes is governed and stored by Etsy. As a seller on Etsy, I am bound to their policies. If you have questions relating to the way Etsy uses your information, please refer to the Etsy Privacy Policy here: https://www.etsy.com/legal/privacy. 
"We only use customer information to fulfill orders. Your personal information (name and address) as provided to me by Etsy will only be used by me as needed to provide my services. I may use your information to fulfil your order, to settle disputes, or to provide customer support. I may collect, use, retain, and share your information if I have a good faith belief that it is reasonably necessary to: (a) respond to legal process or to government requests (i.e. taxes) (b) enforce my agreements, terms and policies; (c) prevent, investigate, and address fraud and other illegal activity, security, or technical issues; or (d) protect the rights, property, and safety of my customers or others.
If and when required, we will communicate with you about your order status using the Etsy “convo” platform. 
"I have no access to your payment account details: Etsy Payments and PayPal process your financial information independently of me.  
"Your transaction information will be stored on the Etsy system as long as I have my store on Etsy or until Etsy deletes it. I will not spam you or solicit you using the information provided to me."

Here is another template to consider.

There are some unknowns in this process. For example, the EU law requires that companies provide a "reasonable" level of protection for personal data. But it does not specify exactly what “reasonable” means.

Time will tell how this shakes out. In the mean time, Etsy sellers should consider adopting a written privacy policy as a start. That includes sellers (like myself) who limit their selling to the USA.

Those who sell in the European Union will need privacy policies beyond the scope of this blog post. (Thanks for noting that this blog post is for informational purposes only and is not intended to be legal advice.)

Concerns over privacy policies have changed the landscape of online selling. It is wise for sellers to do their homework.

Have you adopted a privacy policy for your shop?

1 comment:

Does your Etsy shop need Privacy Policies?

Recent events have prompted an interest in privacy policies. The European Union has enacted new rules in that arena called the "Gener...