Review your Privacy Policy

before you sell the business

When personal information is involved,
a Privacy Policy must also be involved.
 What is a Privacy Policy?
A Privacy Policy agreement (1) is the agreement where
you specify if you collect personal data, what kind of
personal data you collect from your users and what
you do with that data.

(1) Link to https://termsfeed.com/blog/sample-privacy-policy-template/

Personal information can include, but
is not limited to the following:

Email address
Phone number
First and/or last name
Home address
Birthdate

It's anything that could potentially identify an individual.

In the US, CalOPPA requires you
to have a Privacy Policy.
To be considered in compliance with CalOPPA, the websites privacy policy must contain the following:

- A list of the categories of personally identifiable information the operator collects;

- A list of the categories of third parties with whom the operator may share such personally identifiable information;
- A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information as
collected by the operator;
- A description of the process by which the operator notifies consumers of material changes to the operators privacy policy; and
- The efi'ective date of the privacy policy.
It's common in the business world to buy and sell assets,
includings mobile apps or entire businesses.

Businesses that can include lists of customers,

which include personal data of customers.
When this happens and the business is sold,
what happens to all of the collected
personal information of its customers?
 Enter the Toysmart.com case (2)

(2) Link to https://www.ftc.gov/news-events/press-releases/2000/07/ftc-announces-settlement-bankrupt-website-toysmartcom-regarding

Toysmarts Privacy Policy had included a clause that
stated that any information collected from customers
would never be shared with third parties.
 The court here held that the information
could not be sold on its own.

Under a settlement agreement, Toysmart would be able to

sell the database information as part of an entire business
package, which includes the entire website.

Only a qualified buyer could make the purchase, and the

terms and clauses of the Toysmart's Privacy Policy were to
be followed by the new buyer.
 The main takeaway here is that
what you put in your Privacy Policy matters,
and you must adhere to it (3).

(3) Link to https://termsfeed.com/blog/adhere-your-own-privacy-policy/

Include a "Business Transaction" clause in your Privacy
Policy to inform users that their personal data might be
transferred in the event of a business transaction.
 Seedrs includes a section titled "Changes of Business
Ownership and Control" within its Privacy Policy (4).

(4) Link to https://www.seedrs.com/privacy_policy

 The kik Privacy Policy (5) has a linked
section titled Information We Share.

(5) Link to https://www.kik.com/privacy/#changesection

 Hightail has a Business transfers section in its
Privacy Policy (6) that's very short and to the point.

(6) Link to https://www.hightail.com/terms#share

 Update your Privacy Policy to include a clause that states
that you may sell or transfer personal information of
users under certain business transactions.

Use TermsFeed's Privacy Policy Generator

to include this kind of clause (7).

(7) Link to https://termsfeed.com/privacy-policy/generator/