Privacy Policy
1. General Settings
1.1 Clarification on Consent:
It’s worth clarifying how the visitor’s consent is obtained before the processing of personal data. You might want to specify that by continuing to use the website, the visitor is also providing consent to the use of cookies and similar technologies. Including a reference to a cookie policy here could be helpful if you have one.
You may want to include that when changes are made to the policy, visitors will be informed explicitly (such as through email or a banner on the website) rather than just passive agreement by continuing to use the website.
2. Data Collected by 188eshop.com:
2.1 Clarification on Sensitive Data:
Your policy does not mention whether you collect any sensitive personal data (such as data related to health, ethnicity, or payment card information). You should specify whether such data is collected, and if so, how it is protected (e.g., through encryption).
2.2 Payment Information:
It would be useful to explicitly state how payment information is handled. For instance, do you use a third-party payment provider to process transactions? If so, mention that the payment provider may collect payment details, and you don’t store them directly on your systems.
3. Recipients:
3.1 Third-Party Processors:
Clarify whether you use third-party services such as hosting providers, marketing services, or analytics tools (e.g., Google Analytics). If so, it’s essential to note how data is shared with these providers and how you ensure these providers comply with privacy regulations (e.g., through Data Processing Agreements).
3.2 Third-Party Links:
You mention hyperlinks to third-party websites. You might also add a note about cookies or trackers from third-party services (such as social media buttons, Google Ads, etc.) that may gather visitor data.
4. Use of Visitor Information:
4.1 Data Retention Period:
It is recommended to include the retention periods for personal data. For example, you could state how long data such as customer orders, accounts, or marketing data is kept before it is deleted.
4.2 Visitor Rights (GDPR/CCPA):
If you serve customers in the European Union or California, you should explicitly mention their rights under GDPR (General Data Protection Regulation) and/or CCPA (California Consumer Privacy Act), such as the right to access, rectify, delete their data, and withdraw consent.
4.3 Profiling and Automated Decision-Making:
If you use any form of automated decision-making or profiling (such as for personalized product recommendations or marketing), this should be explicitly mentioned, and visitors should be able to opt out.
5. Security:
5.1 Encryption and Data Protection Practices:
Consider adding more specific information about how data is secured. For instance, if you use SSL/TLS encryption for all data transmitted between the visitor and the website or if any personal data is encrypted at rest, this should be mentioned.
5.2 Data Breach Policy:
It’s important to add a section on your data breach policy, outlining how you will notify visitors if there is a data breach that affects their personal data. For example, this could include informing relevant authorities and individuals within 72 hours, in compliance with GDPR.
5.3 Data Sharing with Third Countries:
If any personal data is transferred to countries outside the EU/EEA or other regions with less stringent data protection laws, this should be explained along with the safeguards in place (e.g., standard contractual clauses).
6. Children’s Data:
Data from Minors:
Since you already mention restricting minors from certain areas of the site, you might expand on how you verify a user’s age and what actions are taken if data from minors is inadvertently collected. This is important to comply with laws such as COPPA (Children’s Online Privacy Protection Act) if you have users from the U.S.
7. Cookies and Tracking Technologies:
Cookie Policy Reference:
You might want to include a reference to your cookie policy here or a brief section outlining the types of cookies and tracking technologies you use (such as analytics, performance, or advertising cookies) and how users can opt out or manage cookie preferences.
8. User Rights and Contact Information:
8.1 Data Subject Requests:
It would be beneficial to add a section about how data subjects can exercise their rights, such as accessing their data, rectifying inaccurate information, deleting their data, or restricting processing. Include contact information for such requests, such as a Data Protection Officer (DPO) email address.
8.2 Dispute Resolution:
Mention how users can lodge a complaint if they feel their data is not being processed correctly (e.g., contacting the relevant data protection authority in Lithuania or the EU).
Example Additions:
User Rights (GDPR Section)
Visitors have the following rights regarding their personal data:
• Right to access and receive a copy of your personal data.
• Right to rectify any inaccurate personal data.
• Right to delete your personal data (“right to be forgotten”).
• Right to restrict processing of your personal data.
• Right to data portability.
• Right to object to the processing of your personal data.
• Right to withdraw consent for the use of your data for marketing purposes at any time.
Cookie Policy Overview:
We use cookies and similar tracking technologies on our website to improve the user experience and analyze website traffic. You can manage your cookie preferences at any time by adjusting your browser settings or through our cookie management tool. For more information, please refer to our full Cookie Policy.
These additions should help you ensure that your privacy policy complies with current regulations and provides users with clear and comprehensive information on how their data is handled.