Last updated: July 8th, 2020 12:59 PM

Privacy Policy Template

Website privacy policy is a statement or a legal document that discloses some or all of the ways a party (the website) gathers, uses, discloses and manages a customer or client's data. In India, the Information Technology Rules require a body corporate to provide a privacy policy for handling of or dealing in personal information, making the privacy policy a must-have for all websites.  

Displaying Website Privacy Policy

This website privacy policy can be used by any website or blog or e-commerce store that collects limited customer or user information. Website Privacy Policy can be displayed on the website in a prominent place at the footer of the website along with the date the privacy policy was last updated. It indicates to all users the confidence they can have that any information they have provided to the owners of the website will not under any circumstances be disclosed to others, as provided for in the particulars described in the privacy policy.

Sensitive Information as per Information Technology Rules

According to the Information Technology Rules, the following types of data are considered sensitive personal data to which the rules of Information Technology Act apply:

• Password
• Financial information such as Bank account or credit card or debit card or other payment instrument details
• Physical, physiological and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information

However, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force cannot be considered sensitive personal data.

Requirement for Privacy Policy

According to the Information Technology Rules, any body corporate or person who collects, receives, possess, stores, deals or handle information should provide a privacy policy. Further, the privacy policy should be published on website of the body corporate or person with the following details:

• Clear and easily accessible statements of its practices and policies
• Type of personal or sensitive personal data or information collected
• Purpose of collection and usage of such information
• Disclosure of information including sensitive personal data or information
• Reasonable security practices and procedures adopted

Privacy Policy Grievance Officer

The Information Technology Rules require for all body corporates to address any discrepancies and grievances of the provider of information with respect to processing of information in a time bound manner. For this purpose, the body corporate is required to designate a Grievance Officer and publish his name and contact details on its website. The Grievance Officer would then be responsible for addressing the grievances of information providers in an expeditiously manner within one month from the date of receipt of grievance. [caption id="attachment_108304" align="aligncenter" width="1116"] Privacy-Policy-Template