My company wants to sell products on our website, do we need to create a privacy policy?
What is Privacy Policy?
A privacy policy is a policy for protecting personal information. If you run a business, you cannot avoid handling the personal information of your customers and employees. Due to the requirements of the Privacy Act, it is a well-established practice for businesses to create and publish a privacy policy.
Public Announcement of Purpose of Use
Japan’s Personal Information Protection Law stipulates that when a business acquires personal information of a specific person, it must promptly notify the person of the purpose of use or publicly announce the purpose of use, except in cases where the purpose of use has been publicly announced in advance.
Therefore, it is common for businesses that handle personal information to create a privacy policy that specifies the purposes for which personal information will be used, etc., and to widely publicize the policy on their website.
Publication of Procedures for Disclosure, Correction, Suspension of Use, and Deletion
In addition, companies holding personal data are required to establish procedures for responding to requests for disclosure, correction, suspension of use, and deletion, and to make these procedures available to the individual.
A company may notify the individual of the procedures as soon as it receives a request from the individual. However, since it may be difficult to respond immediately, it is advisable to disclose this procedure in the privacy policy.
How to Create a Privacy Policy?
Identifying Personal Information in the Company
The first step is to identify the personal information in your company. If you do not know what information you have, you will not be able to handle it appropriately in accordance with the Personal Information Protection Law.
Personal information includes not only customer information, but also that of business partners, employees, and job applicants.
Clarification of the purpose of use of personal information
As mentioned above, when personal information is acquired, the purpose of its use must be notified to the individual or publicly announced, except in cases where it has been publicly announced in advance. Therefore, after identifying the personal information to be stored within the company, the purpose of its use must be determined.
The purpose of use must be specifically stated in the privacy policy. The expression “for use in marketing activities” is too abstract. This does not clarify the purpose of use of personal information. For example, the following statement will be recognized as sufficiently clarifying the purpose of use: “We will analyze information such as browsing history and purchase history that we have collected and use it to advertise new products and services that match your interests and preferences.We will analyze the information we collect, such as browsing history and purchase history, and use it to advertise new products and services that match your tastes and preferences.”We will analyze information such as browsing history and purchase history to advertise new products and services that match your interests and preferences.”
What else must be stipulated?
In addition to the purpose of use, the privacy policy must stipulate, at a minimum, the following items:
- Your company’s measures for the safe management of personal information
- Disclosure of Personal Information to Third Parties
- Joint use of personal information
- Procedures for disclosure, correction, suspension of use, etc. of personal data
- Contact for consultations and complaints regarding the handling of personal information
Each of the above items must be stipulated in accordance with the Personal Information Protection Law. In addition, there may be more requirements than these, depending on the type of personal information to be managed and how it is handled.
Should we hire a lawyer to make a Privacy Policy?
Privacy policies must be constantly updated to keep up with changes in the law. It is possible to create a privacy policy by referring to the privacy policies of other web services.
However, if you want to ensure that your privacy policy is legal, we recommend that you consult with an attorney who has experience in corporate legal matters.
Ashita no Shishi Legal Office can create Privacy Policy for your company or review the draft of Privacy Policy you prepared.
Cost of Making a Privacy Policy by Ashita no Shishi Legal Office
From 33,000 yen to 55,000 yen (including tax)