Update 21 May 2018 – This post hasn’t been refreshed for GDPR and may be outdated. If you’re looking for copywriting services, please visit our home page.
Along with our new website, we recently wrote a new privacy policy. Regarding sharing user data with third parties, our policy originally said:
We will not share your personal information with or sell it to third parties unless we have your permission or the law requires us to.
But since we use MailChimp to process our email newsletter subscribers, that isn’t 100% accurate. MailChimp is a third party and they process data from customers who send us work enquiries or sign up to our email list. Maybe it’s a similar story at your website.
I did a quick Google to see if other companies had run into the same issue. Drupal, the open-source content management framework, had. Their situation was different though, because their privacy policy did not claim user data would never be shared with third parties. Drupal’s solution was to add a note about MailChimp in a section of their policy about service providers and partners.
We decided to take a similar approach and made the following changes:
- We removed the outright claim that we don’t share user data with third parties, and instead specified that we do not share data with third party marketers
- We added a new paragraph stating that we may use named third-party service providers to process and store user data
- We named MailChimp, described what they do for us and linked their own privacy policy
Read our latest privacy policy.
The main lesson for us was this:
Service partners like MailChimp are third parties too — and it’s important to tell users if you’re sharing their data!
Have you run into a similar issue? If you’re still tackling it, I hope the above helps. Or if you found a better approach, please tell us about it in the comments.
Growing your business?
We’ve got bags of creativity and experience and we’d love to help! Click below to see what we offer for small businesses.
The MailChimp logo is the property of MailChimp/The Rocket Science Group, LLC.
Hi Neil, just came across your post. You absolutely should mention MailChimp in your Privacy Policy. In fact you should mention all third-party tools that you are using on your website or app to be on the safe side or in other words legally compliant. Since this can be a lot of work, we have actually come up with a product which keeps your privacy policy up-to-date at all times no matter which tools you are using. You can test the solution for free at http://www.iubenda.com Let me know what you think.
Hi Philip, this looks pretty good – thanks for sharing. Very nice website too.