- What personally identifiable data are you collecting and for what purpose?
- How do you collect this data?
- How do you keep it secure?
- When do you share or disclose personally-identifiable data?
- What measures are taken to ensure the accuracy of data?
- How your customer can access the data you hold about them and ask for corrections to be made.
- You must say that you are using cookies. Google Analytics places cookies on the user’s browser to track visits to your website.
- You must say that you are using Google Analytics and how it collects and processes data. Google suggests pointing to their own description of this by linking to their article “How Google uses information from sites or apps that use our services”.
If you have switched on Advertising Features within Google Analytics, you must also include:
- The Google Analytics Advertising Features you’ve implemented, e.g., Demographic and Interest Reports, Remarketing Audiences.
- How you and third-party vendors are together using cookies and identifiers.
- How visitors can opt-out of Google Analytics Advertising Features. For example, through Ads Settings on their browser, Ad Settings for mobile apps, or through Advertising opt-out services such as those provided by the Digital Advertising Alliance and the National Advertising Initiative.
In their policy for use of Advertising Features, Google also encourages website owners to link to their information on Google Analytics opt-out browser add-ons. These can be installed by anyone to prevent their data from being used by Google Analytics.
Note that the Google Analytics terms of service also requires that you “will comply with all applicable laws, policies and regulations relating to the collection of information from Users”. In other words, our local privacy law needs to be complied with alongside Google’s requirements.