What is a Privacy Policy?
When users interact with your apps or your site, certain information about them is recorded. For example: when they register for a free trial or subscription, they provide an email address and payment information. When they view your content, information about their activity and device is recorded in order to deliver the best experience and to generate analytics. Users might also reach out for customer support, and in doing so provide their name and email address. All of this information is considered ‘personal information.’
As the operator of your streaming service, you must provide your users with a transparent notice of how you handle their personal information, commonly known as a “privacy policy.” Don’t worry: creating a privacy policy is easier than it might sound. Privacy policies do not need to be long, difficult-to-understand legal documents; they should be clear, in plain language, and easy for consumers to understand. Your privacy policy should align with your tone and your brand.
Creating Your Privacy Policy
Creating your own privacy policy is quite simple, and we’re helping you get started by providing you with a template that already includes the most common points of collection and uses of data for OTT streaming services. You'll find the template right in your OTT site — just log in, go to your site settings, and select the "Agreements" tab on the left-hand sidebar. Customize the text from there.
How to Use the Template
The template is a starting point: it should be adjusted to reflect your organization’s use of subscribers’ personal information both within and outside of your streaming service. Please note that Vimeo makes no representations about the sufficiency or legality of the templated privacy policy, and you should always consult an independent attorney if you require additional guidance.
You can change the defaults depending on your uses of data, additional collection points, and the laws to which your organization may be subject.
Text in [square brackets] indicates notes to the drafter and suggestions on how to use the template. Anything in square brackets or yellow highlights should be reviewed and edited before the template is finalized. Ultimately, your final privacy policy should not include any square brackets.
In this section, we walk through some of the bracketed notes and explain how you should complete them:
Note to Drafter |
Explanation |
[[Platform Name]] |
The name of your subscription service. Example: Polly’s Pilates |
[[Seller Legal Entity Name]] |
The full legal name of your organization. Example: Polly Johnson Pilates, Inc. |
([your URL]) |
The URL of your streaming service, in parentheses: Example: (www.pollyspilates.com) |
[[Change this section if you provide your own payment processing]] |
This note is directed towards sellers who do not use Vimeo (via Stripe) to process their payments. Delete if this does not apply. |
[[Insert any additional information you collect: offline data, purchased marketing data/lists]] |
All points of data collection should be added. For example, if Polly’s Pilates has a physical studio location and tracks how often individuals participate in her class, Polly’s Pilates might add the following section: Studio Participation If you attend a class in-person at any of our studios, we may collect additional information about you, including your address, emergency contacts, and information about your class participation. |
[[add any other uses of information collected, i.e. advertising or retargeting]] |
All uses of data should be added. For example, if Polly’s Pilates advertises its streaming service on social networks, it would be using personal information to perform that ad targeting. They might therefore add to this section: |
[[add reference to any other service providers that have access to user data, i.e. advertising companies]] |
Besides the types of third parties already listed (e.g., Vimeo OTT, which powers your service), consider whether you share user information with any other types of service providers. For example: if you conduct advertising activities and measure the results of those activities, you should include “advertising partners” in this list. |
[[INCLUDE THE FOLLOWING SECTION ONLY IF SERVICE IS USING REMARKETING OR TARGETED ADVERTISING]] |
The section below this drafter’s note should be included to provide notice of advertising activities if the seller is using targeted advertising (i.e. on Facebook or Google) or conducting retargeting activities. If you do not engage in these types of activities, you can delete the section titled Targeted Advertising. |
[[INCLUDE THE FOLLOWING SECTION ONLY IF COMPANY IS SUBJECT TO THE GDPR]] |
The section titled EEA Users only needs to be included in privacy policies for organizations that solicit customers in the European Economic Area and are therefore subject to the GDPR. Please reference Vimeo OTT FAQ: GDPR and CCPA for more information. |
[[INCLUDE THE FOLLOWING SECTION ONLY IF COMPANY IS SUBJECT TO THE CCPA]] |
The section titled California Users only needs to be included in privacy policies for organizations that are required to comply with the CCPA. Please reference Vimeo OTT FAQ: GDPR and CCPA for more information. |
[[Adjust this section as needed for COPPA compliance, particularly if your service is Made for Kids]] |
If your service targets or is oriented towards children, you must comply with the Children’s Online Privacy Protection Act (pursuant to our Terms of Service). If you fall into this category, you should consult a lawyer. |
[[or by mail using the details provided below: [[address]] |
If you have a physical mailing address, you can include it here for an additional channel of correspondence. Remember, this is a public-facing page so you should not include a personal address. If you don’t have a business mailing address, you can omit this. |
FAQ
Can’t Vimeo provide a privacy policy for me?
You are the operator of your streaming service and have a direct relationship with your users. Vimeo merely provides the technology — the Vimeo OTT platform — to allow you to provide your service. In these kinds of situations, it is more common for the service operator, rather than the technology vendor, to provide a privacy policy.
Can you help me create a privacy policy?
We can’t provide you with legal advice. We suggest that you start with the template and then consult a lawyer if there are questions that you still have.