Privacy Statement - should I be concerned about liability statements?
We've been working with an external team to create a website, and when we were discussing T&C and policy, something concerning came up and wanted to seek your guidance.
here is the background in a point form:
If this any impact, both Entities are in Canada, Ontario
here is the background in a point form:
- A website was created by Entity B for Entity A
- API keys to social network logins are created/owned by Entity B
- Entity A does not have any knowledge of how social API keys were implemented, how the website data is stored, nor how the customer data is stored.
- The data is currently being stored on Microsoft Azure environment managed by Entity B
- Entity B has agreed on providing personnel from Entity A to view PostgreSQL table that stores user data
- Entity B is mandating to include this in the privacy statement “This website is operated for Entity A, all liabilities assumed therein by Entity A. Source code related to this website is owned by Entity B”
- Although Entity A does not have concerns related to the source code as Entity B has used in other projects, Entity A is concerned about comments around*, all liabilities assumed therein by Entity A*. Considering this is related to privacy and how the APIs would have been implemented which Entity A does not have ownership nor knowledge of.
If this any impact, both Entities are in Canada, Ontario