Planning on starting a blog as a subdomain of your website? If so, you may be wondering about the legal complexities of creating subdomains for your website.
A common question people have is whether separate legal agreements are needed for subdomains.
Keep reading to find out the recommendations regarding how to incorporate Privacy Policies and Terms and Conditions for subdomains.
- 1. Subdomains
- 2. Privacy Policies for Subdomains
- 3. Why a Privacy Policy?
- 3.1. Privacy Policies for Leased Subdomains
- 3.2. Privacy Policies for Subdomains Owned and Managed by the Same Company
- 3.2.1. Blog Subdomains
- 3.2.2. Language Subdomains
- 3.2.3. Targeting Niche Markets
- 4. Terms and Conditions for Subdomains
- 4.1. Why a Terms and Conditions?
- 4.2. Terms and Conditions for Leased Subdomains
- 4.3. T&C's for Subdomains Owned and Managed by a Different Company
- 4.4. T&C's for Subdomains Owned and Managed by the Same Company
- 5. Summary
Subdomains
If you're considering adding a blog or other subdomain to your website, you know that it's simply a secondary domain name that can be treated as a seperate website, even though it usually retains a domain name very similar to the original. Some reasons companies do this is to create:
- A blog
- Multiple versions of the same website in different languages
- A niche website for a specific group of consumers
- An e-commerce store that is seperate from the main site
Here is a screenshot of the main website URL for Style Dot Me:
The Style Dot Me blog URL is a subdomain of the main website:
The basic logistics of creating a subdomain are relatively simple. Most hosting companies provide a number of subdomains for free with the purchase of a main domain name, so setting it up is the easy part. Delving into the finer details will depend on the purpose of the subdomain.
If the main website is informational and the subdomain is an e-commerce store, like the Herman Miller Store shown below, the Terms and Conditions of the e-commerce store will need to include more information about shipping, payments, and other relevant details.
Privacy Policies for Subdomains
Let's start with Privacy Policies. Existing businesses likely already have an established Privacy Policy. This public statement will define the personal information the business collects from its users, as well as how they process, store, and share the information.
This is the basic format of a standard Privacy Policy, as demonstrated by Target:
Although Privacy Policies differ from business to business, the average policy will include the following clauses:
- What information does your business collect about consumers
- How does your business use this information
- Who does your business share the information with
- How can users access, edit, or delete their personal information
- How do you use cookies
- When was the last time you updated your Privacy Policy
- How do you communicate those changes
- How you process information of children, if at all
- How can users contact you regarding privacy concerns
Why a Privacy Policy?
If you do not yet have a Privacy Policy drafted and publicly posted for your current online business, you'd be well-advised to take care of that before creating any subdomains. If your website or subdomain collects any personal information from your website visitors, you are required by law to post one.
Many consumer privacy laws affect the average online business. Since the internet is international by nature, you will be required to comply with European, Canadian, and state laws like CalOPPA, even if your business is not based in any these locations.
Here are a few privacy laws that likely apply to your website:
- California Online Privacy Protection Act (CalOPPA)
- Children's Online Privacy Protection Act (COPPA)
- Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
- European Union's General Data Protection Regulation (GDPR)
All of the above regulations require a public Privacy Policy of some kind, and many of them require the clauses listed above. These laws protect the privacy of each nation's residents, regardless of where the business is located, and so can be enforced internationally.
Privacy Policies for Leased Subdomains
Whether or not your subdomains will each need a separate Privacy Policy depends largely on the function of the subdomain. For example, some companies offer subdomains of their own website to different businesses, like Shopify.
Shopify is a large-scale e-commerce provider that offers subdomains to its customers. Each subdomain acts as its own webstore and is managed by a different company or owner.
Here is an example of a Shopify subdomain store:
The webstore Sol Theory is technically a subdomain of Shopify, but it is owned and operated by an independent company.
In this case, a separate Privacy Policy is required for each subdomain because each is managed by a different company, and each of those has its own business practices. Shopify includes this stipulation in its Privacy Policy, requiring each storefront to maintain its own Privacy Policy:
Another example of a company that leases subdomains to other businesses or individuals is Wix, a make-your-own-blog service. it also recommends that each of its own subdomains maintain its own Privacy Policy:
In short, if each subdomain is owned or operated by a different individual for her own use or services, then each subdomain should maintain its own Privacy Policy.
Privacy Policies for Subdomains Owned and Managed by the Same Company
Other types of subdomains, on the other hand, can usually implement the same Privacy Policy as the main website. If your subdomains are serving different functions within the same business, then one umbrella Privacy Policy should serve for them all.
Here are a few examples:
Blog Subdomains
When a subdomain is simply serving as a blog for the main domain or website, then the same Privacy Policy applies.
Sperry, for example, uses a subdomain for its blog. This is the main website URL and navbar:
This is only slightly different that the blog domain name and navbar, but it is still considered a subdomain:
When you click the Privacy Policy link on the blog however, it directs the user back to the main website Privacy Policy, since both domains are owned and managed by the same company.
Language Subdomains
Another popular use for subdomains is to create several versions of the same website in different languages. To illustrate, the L'Occitane main website URL looks like this:
The Spanish version, however, has the prefix "es" incorporated into the domain name:
This same website offers different subdomains in over 12 languages, but they all share the same Privacy Policy. However, each policy is translated into the correct language so that users can read it.
Targeting Niche Markets
Many larger companies also create subdomains to target niche markets or groups within their customer base. Nike, for example, has a subdomain just for investors:
Their main website URL looks like this, however:
Both websites link to the same Privacy Policy.
The only exception to this rule may be in the case of a subdomain that serves as an e-commerce store. If your main Privacy Policy covers the financial and shipping information that you collect to process orders, then the same policy should work for both sites. However, if the Privacy Policy of the original website does not mention payment processing information, a separate Privacy Policy will be necessary for the e-commerce subdomain.
Herman Miller maintains an e-commerce subdomain, but since they include payment processing information in the main Privacy Policy, the same policy still applies to both domains:
Terms and Conditions for Subdomains
Although a Terms and Conditions page is not required by law, it is the first place courts will refer to in the case of a lawsuit against your company.
Why a Terms and Conditions?
A Terms and Conditions agreement is where you let users know about your rules, restrictions and important details that come with using your website/app.
When it comes to disputes over payment, terms of sale, shipping, or any other matter, your Terms and Conditions can limit your liability.
This screenshot of Coca Cola's Terms of Use demonstrates the terminology that may reduce their liability in a court of law:
Terms and Conditions for Leased Subdomains
Remember: It's never required by law to have a Terms and Conditions agreement. However, it's usually a really good idea to have one.
If you operate a subdomain that's hosted under a different business' main website -- such as if you run a Shopify store -- you won't be required to have a Terms and Conditions agreement. But if you do choose to have one, these platforms usually make it very easy to add your agreement to your subdomain.
For example, Shopify shows its subdomain users how to add an "Agree to Terms and Conditions" checkbox to their subdomain sites so you can not only include your agreement but get your shoppers to agree to your Terms.
Depending on the nature of the leased subdomain, such as if it's an ecommerce store, a Terms and Conditions will be highly recommended.
T&C's for Subdomains Owned and Managed by a Different Company
A good example of this is the FIFA website. This is a screenshot of the Terms of Service for the main FIFA site:
In contrast, FIFA's e-commerce store is managed by a separate entity, and even though it's a subdomain of FIFA.com, it maintains a separate Terms and Conditions agreement:
Because the general FIFA website doesn't offer services like an ecommerce component that would need to address things like shipping, delivery and return or refund details, it doesn't need such an in-depth Terms and Conditions agreement.
However, the separate subdomain does offer such things that need to be addressed in its Terms and Conditions. More importantly, because the subdomain is ran by a third party for FIFA, that third party would clearly want to have its own Terms and Conditions in place to protect itself from legal liability not only to shoppers, but to FIFA as well.
If the subdomain is owned and managed by someone different the owner of the main domain, it would be very smart to have a Terms and Conditions agreement for the subdomain.
T&C's for Subdomains Owned and Managed by the Same Company
As we mentioned about Privacy Policies above, most subdomains that are owned and operated under the same company and owner can utilize the same Terms and Conditions for all.
LinkedIn maintains a separate subdomain for its blog:
Upon browsing, you will find that the User Agreement link redirects the visitor back to the User Agreement for the main website. Since the terms function the same way for both sites, there is no reason to create a separate terms page.
In the end, you must evaluate the nature of your business and the functions of your subdomains. In the majority of cases, the same Privacy Policy and Terms and Conditions can be used for all subdomains of one company. However, there are some scenarios and situations where you will need or want separate agreements.
A helpful way to think about it is to think about whether your subdomain has drastically different functions and features from your main domain that would warrant the need for additional Terms and Conditions.
For example, say you run a photography blog where you only post your photography work but don't allow user comments or any interaction at all from viewers. Your photography blog has a subdomain for an ecommerce store where people can buy your work, leave reviews and create shopper accounts.
You can likely get away without a Terms and Conditions agreement at all if your photography blog didn't operate that ecommerce store. However, that ecommerce subdomain will benefit greatly from having a Terms and Conditions agreement.
This is because you'll be interacting with customers and allowing them to interact more with your website, which means your Terms can help protect you from legal liability issues.
In this example, you could either have one Terms and Conditions agreement that you post on both domains, or you can simply post it to the ecommerce subdomain since it would be most relevant to the subdomain.
Summary
When it comes to a Privacy Policy for subdomains:
- If you operate a leased subdomain, you will need a separate Privacy Policy as required by the company you're leasing from (i.e. Shopify).
- If you operate the main domain as well as the subdomain, you can typically use the same Privacy Policy for both.
When it comes to a Terms and Conditions for subdomains:
- You aren't required to have a Terms and Conditions agreement for your subdomain, but it's highly recommended if your subdomain:
- Has a main domain that's owned/managed by someone else
- Is a leased subdomain (i.e. a Shopify website)
- Has different features and functions than the main domain, such as an ecommerce component, a way for users to submit content, etc.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.