How we protect your data
In this section you should explain what measures you have taken to protect your users’ data. This could include technical measures such as encryption; security measures such as two factor authentication; and measures such as staff training in data protection. If you have carried out a Privacy Impact Assessment, you can mention it here too.
What data breach procedures we have in place
In this section you should explain what procedures you have in place to deal with data breaches, either potential or real, such as internal reporting systems, contact mechanisms, or bug bounties.
What third parties we receive data from
What automated decision making and/or profiling we do with user data
If your web site provides a service which includes automated decision making – for example, allowing customers to apply for credit, or aggregating their data into an advertising profile – you must note that this is taking place, and include information about how that information is used, what decisions are made with that aggregated data, and what rights users have over decisions made without human intervention.
Industry regulatory disclosure requirements
If you are a member of a regulated industry, or if you are subject to additional privacy laws, you may be required to disclose that information here.