SaaS Customers often ask or expect SaaS supplier’s to provide them with a privacy policy for use in conjunction with their SaaS products. SaaS suppliers should firmly refuse such requests. Firstly, as they could face liability claims from the customer if the privacy policy is in appropriate and secondly while you will have no adequate knowledge of the issues set out below, which will need to be covered in the privacy policy.
Personal Data Practices
The customer’s privacy statement should reflect its personal data practices. For example, it should include details of:
- The type of data being collected;
- Why the data is collected;
- How the data is used and why;
- If and why personal data will be disclosed to third parties;
- How and where data is stored;
- How complaints or queries about personal data will be dealt with.
Compliance with Applicable Laws
SaaS customers will also need to review their compliance with any applicable laws relating to the collection and use of personal data. The laws that apply will depend upon a number of factors. If the SaaS customer is selling or providing services to people under the age of 18 additional laws applicable to the protection of children will apply.
The type of products or services being sold and the countries in which they are being sold will also be relevant – as this will determine whether national, EU and/or international laws will apply. Depending on the business sector in which your SaaS customer is operating, the rules of self-regulatory schemes may also apply. For example, if your customer is providing email marketing services they will need to comply with applicable email marketing and advertising rules.
Where on a Website should the Privacy Policy Appear
This will usually be on your SaaS customer’s home page and/or at the point that they obtain consent to collection of the data. It is also advisable to have links between the privacy policy and all references made to it on the customer website. For example, if your SaaS customer is providing online recruitment services they should place their privacy policy on their home page. Also, when users register to use services there should be a link to the privacy policy and a process for users to accept the terms of the privacy policy.
Practical Issues
If your SaaS customer insists on you assisting in the creation of a privacy policy you should charge for this additional service, as this is a consultancy service. In addition you should try to limit your assistance to simply providing a template for your customer to customise and adapt. You should always limit your liability for any omissions or errors in the template and state that the template is provided on an “as is” basis.
Help
Irene Bodle is an IT lawyer specialising in SaaS agreements with over 10 years experience in the IT sector. If you require assistance with any SaaS, ASP, software on demand contracts or any other IT legal issues contact me:
irene.bodle@bodlelaw.com
www.bodlelaw.com
To register for my newsletter click here
______________________________________________________
Other related articles:
- SaaS Agreements – Essential Elements
- SaaS Agreements – Essential Elements – SLAs Explained
- SaaS Agreements – Data Protection – Recent ICO Fines
- SaaS Agreements – Data Protection – The Patriot Act
- SaaS Agreements – Data Protection – Data Commissioner – UK Fines
- SaaS Agreements – Data Protection – Sub-Contractors, Model Clauses
- SaaS Agreements – Data Protection – Liability for Loss of Backup Tapes
- SaaS Agreements – Data Protection – Anonymising Data
- SaaS Agreements – Data Protection – Transfer of Data Outside the EEA
- SaaS Agreements – Data Protection – Policies and Procedures
- SaaS Agreements – Data Protection – German Customers and Data Processing Agreements
- SaaS Agreements – Data Protection – Safe Harbor, German Customers
- SaaS Agreements – Data Protection – Customer Privacy Policies
- SaaS Agreements – Data Protection – New Proposed EU Rules Part 2
- SaaS Agreements – Data Protection – New Proposed EU Rules Part 1
- SaaS Agreements – FAQs – Security
- SaaS Agreements – FAQs – Software Licence
- SaaS Agreements – FAQs – Source Code and Object Code
- SaaS Agreements – FAQs – Escrow
- SaaS Agreements – FAQs – Hosting
- SaaS Agreements – FAQs – Confidential Information
- SaaS Agreements – FAQs – Data Protection
- SaaS Agreements – SaaS, Software on Demand, Confused?
- SaaS Agreements – Cloud Computing and the Legal Cloud
- SaaS Agreements – Cloud based Technology and Services
- SaaS Agreements – Need for an NDA Prior to Signing a SaaS Agreement