1. What is your company's overall privacy position?
| a. Do you capture and store any data about your customers that is personally identifiable (is linked to an individual person's identity)?
| ___ Yes
___ No (If your answer is no, you don't need to answer the rest of these questions.)
|
b. What is your company's overall position regarding the importance of your customers' privacy and the safety of their data?
| |
c. What is your company's overall position regarding appropriate uses of customer data and who can access it?
| |
d. What options do your customers have if they are not comfortable with your customer information practices?
| |
e. When was the last time that your privacy policy and/or privacy statement was modified?
| |
2. What do you collect and what do you do with data you collect (Notice)?
| a. What types of data does your company collect from or about your customers?
| Personal identification data:
___ Name
___ Street address
___ Phone (home, work, fax, cell)
___ E-mail
Sensitive data:
___ Credit cards
___ Bank and financial information
___ Social security number
___ Driver's license number
___ Medical data
___ Educational data
Transaction data
___Types of products
___Behavior (online activity, recency and frequency of purchase)
___Interests and preferences
___Feedback and complaints
___Service and support activity
___ Demographics and psychographics
___ Business employment data
___ Product ownership data
___ Credit and financial data
|
b. How do you use the information you collect from your customers? (Check all that apply.)
| ___ Only to complete the transaction itself
___To reach customers in case of recalls or other product/service issues
___To validate the warranty or service contract
___To personalize and improve the customer's experience at our web site
___To monitor and improve our web site performance
|
c. With whom do you share your customers' information? (Check all that apply.)
| ___Authorized individuals with business needs within our company
___Third parties who need the information to complete the transaction (e.g., a shipping company)
___ Third parties who offer products or services that we think would be of interest to the customer
___ We sell and/or lease our database to unrelated third-party organizations.
|
d. Does your company target children?
| ___Yes ___No.
If you answered yes, how do you meet COPPA requirements?
How do you ensure you have parental approval before accepting information from children under the age of 13?
What third-party data do you append to your customer data?
How do you ensure you have parental authorization to take a credit card number online?
|
e. Do you use cookies?
| ___Yes ___No
If you answered yes:
Can a customer turn them off? How?
What will happen to the customer's web site experience or other future interactions if he turns cookies off?
|
2. What kinds of Choice do you give customers about how you use their data?
| ___We don't give our customers any options; we just use the data any way we want to.
___We can't give our customers any guarantee; our data is not consolidated into a single database, and we can't control it all.
___We give a customer an option, and we never contact him for marketing purposes if he answered NO (opt-out).
___We give a customer an option, and we never contact him for marketing purposes unless he explicitly answered YES (opt-in).
___We use opt-in for e-mail, but not for our other types of marketing.
|
3. How to you give customers access to their data and allow them to correct its accuracy?
| a. How do you allow your customer to see what data you have collected?
| ___We allow the customer to review and access his personal information online.
___We send the customer a printed copy of the information we have captured and stored.
___We currently cannot give customers access to their personally identifiable information.
___We only allow access after validating the customer's security information.
|
b. How do you allow changes to be made to the customer's data? (Check all that apply.)
| ___We don't/can't change data in our customer databases.
___We allow the customer to update his information directly online.
___We (the company) make the changes requested by the customer.
___We only allow updates after validating his security information.
|
4. What kind of Security protection do you provide for to protect your customers' data?
| What do you do while data is traveling to your site over the Internet?
| ___ Identification data
___ Sensitive data
___ Transaction data
|
| What have you done to ensure the security of the data once it's inside the company (electronic and physical storage)?
| |
| What management practices have you set up to ensure physical safety and protection from unauthorized users?
| |
5. What is your position on oversight and providing an independent recourse for your customers?
| a. Do you have company contact information? What is it?
| |
| b. Do you monitor the site and respond to concerns? Who is responsible?
| |
| c. Have you received a third-party privacy seal?
| ___Yes ___No
If you answered yes:
Who was it awarded by?
You can contact them at:
|