Skip to content
Elite 8 Privacy Policies
Share on twitter
Share on linkedin
Share on email

Curious about how companies handle your data, why it’s collected and processed, and how to exercise Right to Know or Right to Say No requests under the CCPA? You might find these answers within a company’s privacy policy.

This article will cover some of the best practices for privacy policies as well as where there is room for improvement in communicating privacy practices and availability of consumer rights within a privacy policy. This is a follow up to our original Sweet Sixteen Privacy Policies post before the CCPA went into effect.

JetBlue - Wikipedia

– January 1, 2020

jetBlue’s privacy policy covers 16 unique topics specifically tailored to typical user concerns regarding data. Last updated January 1, 2020, the policy covers information collected and how it’s processed and shared. jetBlue collects the standard information that users provide, such as contact, billing, and demographic data — as well as service data, device data, and location data. They use this information to provide its services, contact users with marketing information or promotions, and personalize user experiences.

Since we last covered jetBlue privacy policy in 2018, they’ve added a new section, “Notice to Certain U.S. State Residents.” This provides further information on data collection, requests to know and delete, do not sell my personal information, and “shine the light”. jetBlue does not sell information as “sell” is traditionally understood but shares data through analytics and advertising and offers methods to opt out of these technologies — primarily by logging into a TrueBlue account or contacting customer support at 1-801-365-2470.

Under requests to know and delete, jetBlue includes the following categories for users to access their data:

   •   Personal information collected

   •   Sources from which personal information was collected

   •   Personal information about you disclosed for a business purpose or sold

   •   Third parties that personal information was disclosed to for a business purpose or sold

   •   The business or commercial purpose for collecting or selling the personal information

   •   The specific pieces of personal information collected about you

jetBlue has a similar section covering data subject rights and the GDPR for EU data subjects.

File:Dyson logo.svg - Wikimedia Commons

 – November 2019

Dyson takes a different approach to presenting information about their privacy policy. They host an extensive and expandable privacy policy here, but when you first find it’s privacy page, you’ll be looking at more of an infographic that presents the information in a straightforward manner. Dyson covers the basics here, including their commitment to privacy, how they give users control and keep their information secure, and they also cover examples of how certain information is collected. Dyson stands out from the rest with their clear privacy commitment.

In Dyson’s longer form policy, the company covers how personal data is collected, used, and shared with third parties. They also explain in greater detail how “in certain circumstances” users can: 

   •   Object to use of your data for certain purposes

   •   Ask to limit or restrict our use of your data

   •   Ask to correct, remove, or delete personal data about you

   •   Ask to provide your data to a third-party provider of services

Dyson does not make note of any CCPA-specific rights but notes that “If you would like to exercise any of your rights in relation to your data, email privacy@dyson.com or call your local Dyson centre from the Contacts page. We may request that you provide further information related to your request.”

Pinterest Logo Vector (.AI) Free Download

– December 23, 2019

Pinterest’s privacy policy, part of Pinterest’s larger subdomain of policies, hasn’t changed significantly over the past two years, other than to include a brief section directing California residents back to their help center to exercise privacy rights.  

In terms of data collection, Pinterest states the following:

   •   “When you sign up for or use, you voluntarily share certain information — including name, email address, phone number, photos, Pins, comments, and any other information you give them.”

   •   “When you use a website, mobile application or other internet service, certain internet and electronic network activity information is created and logged automatically.”

Pinterest also provides detailed rights for users regarding their information, such as:

   •   Requesting access to the information collected about you. They’ll usually share this with you within 30 days of asking for it through their Help Center.

   •   Having your information corrected or deleted. You can update your information in your profile or delete your data by closing your account.

   •   Objecting to Pinterest processing your information. You can ask them to stop using your information, including when they use your data to send you marketing emails or push notifications. If you opt out of receiving marketing messages from them, they may still send you updates about your account, such as when someone comments on one of your Pins.

For California residents, Pinterest has included a section covering Right to Know and Access, Right to Equal Service, and Right to Delete. To exercise these rights, users have the option to visit the Pinterest Help Center or contact their privacy team at privacy-support@pinterest.com.

Snap Inc. Adds to Board of Directors - Digital Imaging Reporter

 – December 18, 2019

Due to numerous features in their app, Snapchat has collected swaths of data on users in the past years, including pictures, chat messages, usage, content consumption, camera information, location, advertisement interaction, and more. And because of the sheer amount of personal data collected, it’s essential for Snap to provide information regarding their app in the privacy policy. As highlighted in our last article, Snapchat also provides access for users to download their data and (in the case of an EU resident) delete their data.

Snapchat’s privacy policy also shines due to its readability and plain language, making it easier to understand than most.

Snap has added a California Privacy Notice (effective January 1, 2020) that details California residents’ rights regarding their data, information collected by Snapchat and how data is shared with third parties. Their policy states that Snap does not sell data but rather sells advertisements with specific targeting based on data, which can be controlled by the user via the support page on advertising preferences (currently does not exist).

In terms of the privacy requests, Snap covers the basics — including the right to know what personal information is collected, who it’s shared with, right to deletion, and right to get a timely response (45 days).

Google has a new logo - The Verge

 – March 31, 2020 

The scoop: Google collects the following, among other forms of data:

   •   Voice and audio information when you use audio features

   •   People with whom you communicate or share content

   •   Activity on Google and third-party sites and apps that use their services

   •   Location information

   •   Sensor data from devices

   •   IP address 

Google’s policy has a few specific points around CCPA requirements, including their audit and measurement practices, use of service providers, and advertising.

Google states this information is used to build better services, measure performance, and communicate with users. Google also offers an easy way for users to update, review, and manage their information, which covers an extensive amount of data: Google’s Data Export

Logo – OpenTable Brand

 – May 31, 2019

OpenTable offers extensive information regarding how your data is shared. Some of these include sharing:

   •   Information with restaurants and affiliates

   •   With third parties for their own marketing purposes

   •   Information with third-party vendors, consultants, and other service providers

   •   OpenTable does well to offer a way to opt out of information sharing through your account preferences and allows users to opt out of marketing communication through an unsubscribe link.

OpenTable presents a clear, concise overview with a table in their privacy policy — detailing information collected and used, how it’s shared, and user rights. Rights include opting out of communication, opting out of information sharing with third parties as well as access and correction of information, which can be done via an online account.

In addition to their privacy policy, OpenTable has further disclosures for California Consumers. These include Right to Know and Right to Say Know requests. In fact, OpenTable has a page designated for right to opt-out of sales of personal information requests and a request form for handling Right to Know or Delete requests.

Brand New: New Logo and Identity for Squarespace by DIA

– February 24, 2020

Squarespace’s extensive privacy policy provides details about the personal information collected, how it’s obtained, and how it’s used. Squarespace offers a section on rights and choices for users, which covers applicable laws that may allow users to retrieve, delete, or control how their data is used. Users can make updates in their account (update, change, delete personal information of account or end users) or contact privacy@squarespace.com for regulation specific inquiries.

There’s also a section covering California residents, their rights and requests that details how Squarespace maintains compliance and points users to the above-mentioned section on rights and choices for how to exercise consumer rights.

The new Slack logo: Best, worst and funniest reactions to a B2B ...

 – January 1, 2020

Slack has a very well-organized privacy policy, covering all the details regarding personal information. They also detail specific rights for their users including those in Europe and California, and users can make requests at privacy@slack.com. Additionally, Slack provides contact information on their privacy policy for their Data Protection Officer. Slack verifies requests using information previously associated with an account but may require government identification.

Slack states in the policy that in general they are the processor of customer data and the controller of “other information”. These distinctions matter for data protection laws in certain jurisdictions. In terms of the GDPR, Slack relies on legitimate interest in order to process user and customer data. 

Since our last privacy policy article, many companies have adjusted privacy policies to be uniform in how they cover the GDPR as it has been around for two years. More recently, companies have added portions regarding how they maintain compliance with the CCPA and handle privacy requests such as Right to Know and Right to Say No. Expect to see further changes as enforcement begins July 1st, 2020 and companies are examined directly by the Attorney General for compliance, including what their privacy policy covers.

Find out how DataGrail can work for your business

See a demo of the DataGrail Privacy Platform

Thank you for your submission!

Please check your email for more information, or continue browsing at www.datagrail.io.

Privacy Leader Conversations

Join us for a series of virtual roundtable discussions featuring privacy leaders and the DataGrail team sharing their unscripted thoughts on everything from early CCPA trends to handling data subject requests with a remote team during a pandemic.