Legitimate interest (when the entity processing personal data has a vital interest in processing it, but only if the data has been legally obtained).
Contractual basis (when the data is necessary for the conclusion or performance of a contract).
Data retention and how to erase data
Make sure to inform your users usa consumer email list about how long their data will be stored (and why; try to be specific about this period and its rationale), and what steps they need to take to erase their data. You can make a step-by-step guide, for instance, how to delete their account, and what will be the consequences of such erasure.
The right to opt-out is a mechanism which allows users to decide whether they wish for their data to continue being processed for a certain purpose. Different privacy regulations approach it differently, for instance:
under GDPR, the users have a right to withdraw consent to their processing, at any time, and a right to object to any specific kind processing of their data (e.g. for marketing purposes);under CCPA, users have a right to object to selling their personal data in certain situations.
Information about the disclosure of personal data (data recipients)
Inform the users of your mobile app about all the entities with which you share their data. If you can name them, it is a good practice to make a list containing business details, links to their privacy policies, etc.; however, it is often not possible to trace all service providers, then, it is OK to just mention the categories of data recipients, such as legal advisors or IT services providers.
Transfer of personal data to other countries
Some regulations put emphasis on informing about the transfer of personal data outside the country it was collected in (under GDPR, outside the European Economic Area, etc.). It is a good practice to inform the users of your mobile app about the location in which their data is processed or stored, and why.
Information about profiling
If you use data of users for the purposes of profiling mechanisms, inform the users about it and make sure you have a legal basis for the profiling and that the users are informed about the opt-out right.
Users’ rights regarding their personal data
Make a list of all the rights the users are entitled to and inform the users on how they can exercise their rights (e.g. by contacting you at your e-mail address).
Cookie policy
When it comes to the cookie policy, include information about what cookies are, why you use them and what types of cookies your app uses. Also, make sure to describe to the users in a plain way how they can change their cookie preferences.
Information about third-party service providers
If you use any third-party services, such as Google Analytics or Facebook Retargeting, make sure to check the terms and conditions of such service providers. They may require you to include specific information in your privacy policy. It is a good practice to include a link to their privacy policies in a document intended for the users of your app.
Where to place your mobile app privacy policy?
Now that your privacy policy is ready, where should you place it in your mobile app? Obviously, as we mentioned before, in the data uploaded to app stores. Apart from that, the privacy policy should be easily accessible in your app. For instance, European authorities put emphasis on where the policy is placed, especially whether the user needs to take multiple steps to find it and whether these steps are intuitive. A common yet effective way is to place it:
on the bottom of the app;
near the “Terms & Conditions” or in the legal section;
in the settings. In addition, a link to the privacy policy should be always visible on screens on which the app collects consent from the users and on registration or login screens.
Remember to review your privacy policy at least once a year to make sure it is up-to-date and compliant with the latest regulatory changes.
Conclusion
Drafting a privacy policy may be a challenging task, considering that the building of a mobile app may involve many more aspects that need to be taken care of.
We hope that this article has helped you find useful answers. If you have any questions, you can contact the author at [email protected].
Disclaimer: Please consider that all above-mentioned information shall in no way be considered legal advice.