*What data is being collected? Here you will need to identify what exact data is being collected whether it is email address and IP information from comments left on the site, credit card and address information for purchase, email capture for a mailing list, or any other data you are collecting from your customers.
*What is the legal basis for processing the data? Here you should define what business purpose you are collecting the data for. For example, if you are collecting credit card and address information, you are using this information to process orders and mail merchandise to customers.
*How will the information be used? Here you will discuss exactly how you plan to use the data you collect. You may also wish to provide a statement here about how you balance your business interests with the interests of your customers in choosing to use their data. For instance, if they are signing up for your mailing list then using this information to send them information about your company and your products is in their interests. Sharing this list with another company may not be in their interests.
*How long will the data be stored for? This is a simple statement of how long will you store the data you collect from your customers. In the case of public comments on your website, this may be in perpetuity. In the case of credit card information, unless your shopping cart saves that information to a customer profile, you may not retain it beyond the transaction.
*What rights does the data subject have? First and foremost, your users must be able to opt out if they so choose. For example, most newsletter applications (MailChimp, etc.) make it easy for you to add an unsubscribe button. You need to ensure there is an easy, clear way that your customers can opt out.
*How can the data subject raise a complaint? You should develop a process whereby your customer can raise a complaint. This can be as simple as an email address and name of who to contact if they have a complaint.