Notification

  • Image

    Webinar | Angel Investing in India: Mistakes First-Time Investors Avoid

    Book your seat

Do I need terms & conditions, and privacy policy for my business?  

Get in touch with us

    Your information is confidential and secure


    AI Summary
    • A Privacy Policy (PP) is legally required for any business that collects or uses personal information such as email addresses and names, while Terms and Conditions (T&C) are not mandated by law but are strongly recommended.
    • The Information Technology Act, 2000 was amended in 2009 to introduce basic privacy and data protection obligations for businesses handling personal data in India.
    • Under Indian law, businesses can face civil liability for damages if they fail to use reasonable security practices and procedures while handling sensitive personal data or information, resulting in wrongful loss or gain to any person.
    • A T&C document should cover governing law, user rights and responsibilities, confidentiality, security measures, copyright notice, refund policy, and termination criteria.
    • A Privacy Policy should describe data collection methods, security safeguards, categories of personal information collected, use of cookies, data protection rights of subjects, and contact details of the business and its Data Protection Officer or Data Controller where applicable.
    • Without a T&C agreement in place, a business has no legal basis to limit or restrict how users may use its website or app, leaving it exposed to misuse and copyright infringement risks.
    • Any online business, including a simple website or basic mobile application that allows or requires user registration, should have a T&C agreement presented to clients.
    • Small businesses face the greatest risk from improper data handling practices, making a compliant Privacy Policy essential regardless of company size.
    • Having both a T&C and Privacy Policy helps a business manage user data in accordance with local laws while limiting its own legal exposure as the website or app owner.

    Get in touch with us

      Your information is confidential and secure


      Introduction

      You’re working on a lovely website for your company when the developer requests your Terms & Conditions (“T&C”) and Privacy Policy (“PP”) page. You’ve spent hours honing the messaging on your landing page, your bio, and other material. You haven’t even considered an uninteresting project like this. Isn’t that legal jargon at the bottom of websites? Is it even read by anyone? Do you really need a T&C and PP page for your website if you’re a small business? That’s an excellent question. The quick answer is no, technically, but you should. Read this article to know more about why your business should have a T & C and PP page.

      If you collect or use any personal information from your clients, you must have a PP in place. For instance, email addresses, first and last names, and so on. The goal of this knowledge is to enlighten clients about your collection and use of personal information about them. A T&C understanding presents terms, conditions, prerequisites, and provisions associated with the use of your website or mobile/workplace application, for example, copyright security, account termination in cases of maltreatment, and so on.

      Important Elements

      In T&C:

      1. Governing law: what nation and/or state law governs your company?
      2. Users’ rights and responsibilities: the rules that govern how your website is used.
      3. Confidentiality: a provision stating that information gathered via the relationship via the website is not to be divulged to any third parties unless expressly authorized.
      4. Security: what types of security do you use on your website?
      5. Copyright notice: All text pertaining to the whole content of the website is protected by copyright and other relevant intellectual property rights.
      6. Refund policy: the company’s refund policy, if any.
      7. Termination: a set of criteria specifying the terms of the agreement’s termination by both parties.
      8. And a lot more

      In PP:

      1. Data Collection: Describe how data is gathered and processed.
      2. Security: How is personal information safeguarded?
      3. Personal Information: the sorts of personal information collected and processed by your website.
      4. Cookies: an explanation of cookies and how they are used by your website
      5. Data Protection Rights: the rights of data subjects
      6. Contact information for your firm, as well as the Data Processing Officer and Data Controller, if relevant.
      7. as well as others

      Why are they needed?

      1. Terms and Conditions

      In contrast with PP, the T&C are not legally required under law. However, it is highly recommended to have one so that the business can anticipate misuses of their website or mobile application, as well as to limit your own danger as the proprietor of the internet business. Without this type of agreement in place, and without it being properly permitted, there is no way for the business to legally limit or restrict how someone may or cannot use their site or app. Copyright infringement issues might arise if clients use the business’ content without their permission or if there is abuse. It is recommended that any online business (even if it is just a simple website or a basic, mobile application) that allows or requires a client to enroll for a record have this agreement set up and present it to clients.

      1. Privacy Policy

      The Information Technology Act was amended in 2009 to provide basic privacy and data protection protections. In India, the privacy legislation currently compels companies and websites to use caution while collecting and handling sensitive personal data or information. A civil provision is now available that specifies damages for a business that fails to use “reasonable security methods and procedures” while managing “sensitive personal data or information,” resulting in unlawful loss or benefit to any individual. Hence it is legally mandated to have a PP for businesses whether small or large.

      Small firms stand to suffer the most as a result of improper data practices. The business can manage data in accordance with local laws and internal procedures, but if a customer views it as mistreatment, the business may face liability or, at the very least, a costly and time-consuming legal battle to contest the allegation. A Privacy Policy defines the business’ principles for managing information and separates forbidden behaviors from permissible ones. Also, if a consumer authorizes the operations of the business by agreeing/consenting to your Privacy Policy, they are less likely to sue the business.

      Conclusion

      Irrespective of the size of your business, having T&C and PP helps increase transparency and the trust your customers have in you. It also helps save the business from future liability that might arise due to the use of the website, the contents of the website, the data collected and how the data is utilized.

      About the Author
      Garima Mitra
      Garima Mitra social-linkedin
      Co-founder | garima@treelife.in

      Spearheads Transactions, Contracts, and Compliance verticals. Combines expertise in business law and a passion for social impact to shape the legal and financial ecosystem for startups.

      We Are Problem Solvers. And Take Accountability.

      Related Posts

      Decoding DPIIT Deep Tech for startups: eligibility and taxation
      Decoding DPIIT Deep Tech for startups: eligibility and taxation

      The Department for Promotion of Industry and Internal Trade formally defined Deep Tech Startup as a distinct legal category for...

      Learn MoreLearn More
      Data Fiduciary vs Data Processor: Redrafting Your B2B Vendor DPAs Under the DPDP Act 2023
      Data Fiduciary vs Data Processor: Redrafting Your B2B Vendor DPAs Under the DPDP Act 2023

      Most Indian B2B contracts signed before 2024 were not written with the Digital Personal Data Protection Act, 2023 in mind....

      Learn MoreLearn More
      Who Owns the Prompt? Modifying Employee IP Assignment Clauses for the GenAI Era
      Who Owns the Prompt? Modifying Employee IP Assignment Clauses for the GenAI Era

      Most Indian employment agreements assign to the employer everything an employee creates, develops, or invents during employment. That clause was...

      Learn MoreLearn More

      For Customer Support

      Mumbai | Delhi |
      Bangalore | GIFT City

      Speak to Us!

      We respond within 60 minutes.

        Your information is confidential and secure


        Let's talk.

        We've seen most founder problems before. Tell us yours.






          Typically responds within 4 hours
          Or reach out directly