Marketing automation systems collect information from individuals that open your emails or visit your website and therefore companies that implement systems such as HubSpot, Pardot and SharpSpring should be aware of consumer privacy regulations such as CalOPPA, CCPA and GDPR. A central part of complying with these regulations is implementing a Privacy Policy.
Even if your company doesn’t fall under some of these regulations, having a Privacy Policy in place for your users demonstrates that you value their privacy. Consumer confidence is woven into many laws that require you to write your Privacy Policy in simple terms the typical site visitor can understand, as well as to make your Privacy Policy easy to find on your website.
A well-written and legally compliant Privacy Policy provides your users with important information to educate them about their privacy rights and your use of their personal data.
- Include a Privacy Statement on your website. This should cover the core tenets of consent, access and data erasure.
- Provide consent mechanisms. We recommend implementing a pop-up cookie notification system on the website for European visitors. It will notify them that information is being collected and direct them to the Privacy Statement. The Privacy Statement page should have links to: (1) unsubscribe from marketing emails, (2) request a copy of personal data held in your marketing automation system, (3) request erasure of personal data in your marketing automation system.
- Enable access to personal data upon request. Set up a simple request mechanism for email and website contacts to request access to the data collected by your marketing automation system. The mechanism can simply be a form or dedicated email address to send data requests.
- Enable erasure of personal data upon request. As with enabling access, a simple mechanism for contacts to request erasure from your system should be implemented.