The Privacy Policy is a document informing the users about the use, process and disclosure of their personal information collected through a Website or Mobile Application. This document can be used for any type of industries including healthcare, finance, e-commerce, transportation, etc...
This Privacy Policy can be used for either Website or Mobile Application. It is mandatory for every Website/Application in India who collects and process personal information to have a Privacy Policy. Any Website/App that gathers any data about its users, even if it is simply through tracking their location, is required to have a Privacy Policy.
It is mandatory under the IT Act, 2000 to notify and get the consent of users before collecting and processing their information. Thus the Privacy Policy has to be visible and understandable to the users.
The Sensitive Personal Data in India constitutes the following categories of the data: passwords, financial data, health data, official identifier, sex life, sexual orientation, biometric data, genetic data, transgender status, intersex status, caste or tribe, religious belief, political affiliation or any other category of data specified by the concerned authority.
How to use this document
This document is drafted as per the Indian laws and rules. It should be noted that this document only includes a Privacy Policy. Other related documents like Website Terms and Conditions and Cookies Policy need to be drafted separately. Terms and Conditions and Privacy Policy are separate documents.
Terms and Conditions define how the user can use the Website/Application and what are the obligations of the Users and the owners of the Website/Application. Terms and Conditions also include details about how the business works, delivery and return policy, the geographical location of the business, age restrictions, dispute resolution and so on. On the other hand, Privacy Policy is a detailed document explaining how the owner of the Website/Application deals with the personal information of the users such as the details about the uses of information, how the information is collected, what information is collected, retention and deletion of information, age restrictions, security methods adopted, etc...
This document specifies the following mandatory fields:
Type of personal and sensitive personal data or information collected;
Purpose of collection and usage of such information;
Disclosure of information to the third parties;
The minimum age requirement to use the Website/App;
Reasonable security practices and procedures adopted.
Once the Privacy Policy is created it has to be published on the Website/App and need to make sure it is visible/accessible for the users. It is better to have a pop-up window asking the consent of the users to this policy.
Applicable laws
Although there is no exclusive data protection law in India, the privacy and data protection is mandated under Section 43A of Information Technology Act, 2000 read with Information Technology (reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.