Blog

Free Sample Privacy Policy Template

One of the most important things you should know and never neglect when you own a website or run an online shop is the legal aspect of the trade. In this article, we are going to provide all the information necessary to completely understand privacy policies, how they work and why you need them.

It is essential to understand that even if you don't explicitly collect any information from your visitors, most websites usually use cookies that store visitors' data every time they drop by web pages. It can be a slippery slope when left unmanaged, so the existence of a privacy policy is of utmost importance.

Dealing with any website online can leave you vulnerable to cyber-attacks and data theft, among a host of other types of risks. Because of this, you must know the basic privacy laws and requirements to make sure that your website is complying well with these standards.

Privacy policies can be a long and boring subject, but we recommended that you study it thoroughly. In this article, we will go over privacy policies bit by bit. There is a lot of ground to cover when it comes to this subject, so it would be wise to split it so that each part gets your undivided attention.

What is a privacy policy?

Privacy is a fundamental human right that many governments from all over the world recognize. There are numerous legislations made to support and protect an individual’s right to have their personal data kept a secret if they choose not to divulge their information.

As much as possible, such legislations ensure that one’s data are safe from the unfair collection, distribution, and other types of uses that are done without the knowledge of the individual.

The idea of displaying a privacy policy was required by law to respect and protect privacy even in spaces as risky as online web pages. As a private company, you have the right to protect your legal documents from the eyes of others.

Yet, there’s one legal document that you’re absolutely required to divulge the contents of - the privacy policy. The law strictly regulates the practice of displaying the privacy policy on websites or apps. We’ll talk more about this in a while when we discuss the requirements when displaying your privacy policy.

The definition of a privacy policy is easy to understand. It is a type of agreement required by law for those who use or collect any personal data on websites or mobile applications. It lets website visitors know that their data might be stored and used.

Additionally, it reminds them that remaining on the website means that they are comfortable with the uses of their data. Simply put, it is a document that describes in detail what personal information your website collects from its visitors, along with how you store it and use it.

Of course, this disclaimer shouldn’t be used to justify unscrupulous data collection and use. There are still limits to how you can use the data collected via cookies. To help you understand what we consider as “personal data” here are some of the factors that meet the criteria:

  • The visitor's IP address
  • Full name, name or surname
  • Email address
  • Birthdate
  • Postal Address
  • Any other information that can be used to identify the individual visiting your website

Why do you need a privacy policy?

What is a privacy policy?

As an online entity, there are heaps of compelling reasons why you need to have a privacy policy. Here are some of the main reasons why you should draft an easy-to-understand and a fair privacy policy for your website visitors:

Displaying a privacy policy is required by law

In many cases, you will be required by law to display your privacy policy. As previously mentioned, privacy is a fundamental human right.

Thus, many countries have laws in place that require you to display it if you live in one of them or you collect and use any data about their citizens. If you want to have an online web entity, you should comply with these laws to prevent facing legal issues.

Having third-party services might require you to do so

As an online entity, there’s a possibility that you enlist the help of other third-party services to boost your online presence and increase your web traffic and visibility or to simply help you manage your website.

Examples of these include Google AdSense and Amazon Affiliates. These third-party services work effectively because they store and use the private information of web visitors. It is your duty as a host website to ensure that your visitors know how their personal data are being used to enhance their experience online.

It helps you establish a connection with your audience

Having a privacy policy enables you to develop a stronger connection with your customers. When you display your privacy policy, you are letting your customers know that you value transparency.

You don’t want to take advantage of their private information. You are making your intentions regarding personal data collection, storage, and sharing known. This is a good step.

After all, being deceitful means that you not only risk losing all the credibility you have built over the years with website visitors; you can also face charges for your illegal activities with regard to the use of personal data.

Expert tip: Take the hassle of writing your own privacy policy away with our privacy policy generator. It will save you hours of work and possible costly legal mistakes.

Privacy policy law requirements

As we have previously stated, displaying privacy policy agreements for websites that use web visitors’ information is mandatory by law. That is because the collected data can be used to identify an individual who has visited the site. Let's take a closer look at the privacy laws in some territories around the world:

1. United States of America

There are several states and federal laws in the USA that have provisions on data privacy:

  • The California Consumer Protection Act of 2020
  • The Computer Security Act of 1997
  • The Consumer Credit Reporting Control Act
  • The Computer Fraud and Abuse Act of 1986
  • The Americans With Disability Act
  • The Children's Internet Protection Act of 2001 (last updated in 2013)
  • The Cable Communications Policy Act of 1984

Additionally, you have to get familiar with the laws and acts in the state where you reside. For instance, the State of California has the CCPA in place among others.

2. European Union

The European Union has its own General Data Protection Regulations, which regulates the collection, processing, and storing of personal data of its citizens. This directive clearly states that companies operating from the EU must have a privacy policy. They should also display this on their web pages to ensure full disclosure to the web visitors.

Furthermore, this directive establishes a legal framework inside, of which you can gather and use the personal data of website visitors. This ruling also governs how businesses can collect, store, and use personal data and what they need to do to protect it from misuse.

To put it simply, EU’s privacy policy laws do not just limit its scope on making sure that you have a policy and you display it accordingly. It also seeks to remind web owners of the utility limits of collected personal data, and how one should handle that information properly.

3. Australia

Australia also has a law that governs data privacy. It is called the Privacy Act and was established back in 1988. This law requires businesses from Australia to have and display a privacy policy.

Australia's Privacy Act strictly regulates how companies need to handle sensitive user data. It covers all segments of sensitive data processing, from the collection and usage to storage and disclosure.

The most crucial principle of Australia's Privacy Act is that you need to have a privacy policy, to keep it updated, and inform website visitors about each update.

What to include in a privacy policy?

It is important to note that the privacy policy agreement has two purposes. One is to protect your business, while the other is to inform website visitors. That is why you have to be as pragmatic as you can when writing it. Besides being short and concise, refrain from using complex legalese and jargon when you are writing it.

There are various requirements when it comes to the inclusions in privacy policies per country. Nonetheless, some elements exist in almost all types and formats of privacy policies.

Of course, it would be best to review the applicable laws and consult an attorney in your country to make sure that you are complying with all requirements in privacy policies. Let's face it though - it's by far not the fastest or cheapest option available.

To make things much easier (and cheaper!) without compromising on the quality of the document, you may use an online privacy policy generator.

If, however, you decide to venture out and learn the ever-changing legal requirements by yourself, here are some of the things that you should make sure to include when drafting your own privacy policy:

Type of information collected

It’s not enough for you to mention that the personal information of your web visitor will be used to enhance their online experience and improve your data. You must elaborate on the details because this could be misconstrued.

What that means is that you really have to delve on to the nitty-gritty when it comes to detailing the information you plan to get. Your web visitors should know that their name, age, email address, the state they live in, and their social media platforms are going to be stored for lawful use.

The purpose of information collection

Gather as many "yes, I agree" from your web visitors by explaining the reason why you want to access their personal information. Most websites explain their need for this type of data by stating that they need the data to increase the overall satisfaction of their clients, customers, or followers.

If you wish to utilize their private information in other lawful ways, list that reason as well to make sure that all your bases are covered when it comes to disclosure.

How you collect information

To remove the unfamiliar and shed some light on your privacy policy, mention the process of how you collect the information from your web visitors. By doing this, your customers won’t feel like they’re being exploited when they visit your web pages.

Moreover, they’ll have an understanding as to how the internal process of information collection works. It also enhances your relationship with your consumers and establishes a level of trust between the brand and the customer.

How you protect information

It’s not enough to state that you’re collecting information to enhance their web experience. You should also assure your customers that you are doing your best to protect their information and avoid leaks or mishandlings. As they say, what happens on your website should stay on your website.

All the data you gather from visitors need to stay in the circle of your company or partners who have the authority to use it. Of course, you must state it in your privacy policy.

If you want your target audience to trust and allow you to use their personal information, you need to make them feel safe. Having a transparent privacy policy will help you establish a certain level of trust with your customers.

The option to deny information collection

You likewise need to allow your target audience to decide whether or not they find your privacy policy acceptable. Some businesses simply restrict access in total if a visitor doesn't want to accept the terms, while others make just a part of their content visible.

It's up to you to make this decision as a business. Still, it needs to be in accordance with your long-term goals.

Privacy policy examples

See how privacy policy works by reviewing a couple of privacy policies from leading businesses and websites. Here are a couple of privacy policies that you should look at if you’re planning on making one of your own:

Vimeo

As one of the leaders in video-sharing platforms and a website that has visitors from all around the globe, Vimeo also has a lengthy privacy policy agreement. They clearly inform their users of what steps they need to take if they feel their privacy has been violated.

Feel free to take a closer look if you plan on writing and adding such a segment to your privacy policy agreement.

Vimeo privacy policy

Amazon

Being a company of such a magnitude, Amazon has done some serious work when it comes to writing and structuring their privacy policy notice. Amazon's writing style has more of a personal tone, which is a great way to establish a better connection and deeper trust with website visitors.

Take a look at their opening sentence, for instance: "Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly."

Also, make sure to check the image below to see how Amazon displays legal policies and allows users to quickly access segments of the privacy policy Notice via links right on top of the document.

Amazon privacy policy

These are just a couple of examples that you should review when making privacy policies. You can opt for a more formal tone of writing like in Vimeo, or a friendlier version like Amazon. In both cases, you need to make sure that your privacy policy is easy to understand and not vague enough to be misconstrued by other people.

Where should you display your privacy policy?

Some people think that having a terms and conditions agreement on a website that references the privacy policy is enough. However, that isn’t exactly the case. You are required by law to have the privacy policy in a separate agreement and displayed on your website. You shouldn’t just list it under your terms and conditions and consider it done.

The reason for this is quite simple: it’s easier for website visitors to notice and understand your privacy agreement if it’s not connected with another long document/agreement like terms and conditions.

If you take a look at the websites of major companies, you can see that most of them have common privacy policy displaying practices. You can usually find the link to this legal agreement in the footer of a website on every page.

Here is the footer of the Google.com page:

Google privacy policy link

Another common practice is to place a link to the privacy policy agreement on any form where you require a website visitor to enter personal data. It can be placed in line with the email field or as a separate notification field contained in the form. Here is what it looks like in practice:

Privacy policy click-wrap link

How should you enforce your privacy policy?

To be able to enforce a privacy policy, you need to ensure the following:

  • Website visitors can find privacy policy easily
  • You have provided contact information if visitors have any questions regarding the privacy policy
  • Visitors get notified about the privacy policy they need to agree to
  • You give visitors notice about privacy policy updates, along with a link to previous versions of the agreement (email, private message on the website, popup window)

Implement the enforceability of this agreement by using either browse-wrap or clickwrap. A browse-wrap would be the first two examples in the previous section of the article, while the clickwrap method can be seen in the last example of the last section.

It is essential to understand that the enforceability of these two methods is different. That is why many websites use both of these methods to properly inform visitors about their privacy policy.

Fortunately, some best practices increase the enforceability of the privacy policy for either of the methods.

When you use a browse-wrap privacy policy agreement, make sure to:

  • To display it prominently on the page (not close to edges, for instance).
  • Make the font and links different and easier to spot (size, style, color).
  • Notify users about changes.
  • Require users to take some action when they don't want to read the privacy policy.

When using the clickwrap method, make sure to:

  • Pick a noticeable and precise location on the website to display the privacy policy.
  • Be explicit about the denial and acceptance methods. (By accepting, you are consenting to; If a visitor doesn't want to accept the privacy policy agreement, provide notice about the restrictions and limitations of the services you provide)
  • Provide unchecked checkbox if you use one. Remember, it is about forcing a visitor to take action. (If a visitor wants to continue without checking the box, provide a notice informing them why they can't continue the registration process)

Non-compliance penalties

As mentioned, businesses and online pages are required by law to provide and display a privacy policy on their webpages. Otherwise, they might face legal consequences for not doing so. Depending on where you live, there are different types of ramifications that come with not following the rules set for privacy laws.

To help you understand how important complying with such laws is, here are some of the penalties that come with non-compliance that you should be aware of:

CalOPPA (USA)

Otherwise known as the California Online Privacy Protection Act, this piece of legislation seeks to oversee the collection of data and private information in the United States. Violations will incur a penalty of USD 2,500 each.

General Data Protection Regulation (EU)

Failure to comply with this will result in two tiers of fines. The first tier will have you surrender 2% of your company’s annual turnover or 10 Million Euros, whichever is higher.

For a tier 2 violation, you’ll have to surrender 4% of your company’s annual turnover or 20 Million Euros, whichever is higher. In both cases, you’ll definitely lose out financially if you fail to comply with this law.

EU Cookies Directive

The penalty for violating this law includes monetary fines that reach up to GBP 500,000 GBP. Smaller penalties include notices and enforcement being sent to your company to alert you of your violation.

Personal Information Protection and Electronic Documents Act (PIPEDA, Canada)

This law is pretty straightforward, but the fines that come with this are not cheap. Companies who knowingly breach PIPEDA requirements can be fined up to $100,000 for each violation.

As a responsible business, you should comply with data privacy acts religiously to avoid hefty fines from governments. Read up more on your local data privacy laws now to make sure that your privacy policy is in line with the standards of your local laws.

Sample free privacy policy template

This privacy policy template will help you see how everything we talked about so far comes together to form a legal agreement. Keep in mind that this is just an example privacy policy template and does not cover many of the important topics.

Generic privacy policy template

This privacy policy ("policy") will help you understand how [name] ("us", "we", "our") uses and protects the data you provide to us when you visit and use [website] ("website", "service").

We reserve the right to change this policy at any given time, of which you will be promptly updated. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

What User Data We Collect

When you visit the website, we may collect the following data:

  • Your IP address.
  • Your contact information and email address.
  • Other information such as interests and preferences.
  • Data profile regarding your online behavior on our website.

Why We Collect Your Data

We are collecting your data for several reasons:

  • To better understand your needs.
  • To improve our services and products.
  • To send you promotional emails containing the information we think you will find interesting.
  • To contact you to fill out surveys and participate in other types of market research.
  • To customize our website according to your online behavior and personal preferences.

Safeguarding and Securing the Data

[name] is committed to securing your data and keeping it confidential. [name] has done all in its power to prevent data theft, unauthorized access, and disclosure by implementing the latest technologies and software, which help us safeguard all the information we collect online.

Our Cookie Policy

Once you agree to allow our website to use cookies, you also agree to use the data it collects regarding your online behavior (analyze web traffic, web pages you spend the most time on, and websites you visit).

The data we collect by using cookies is used to customize our website to your needs. After we use the data for statistical analysis, the data is completely removed from our systems.

Please note that cookies don't allow us to gain control of your computer in any way. They are strictly used to monitor which pages you find useful and which you do not so that we can provide a better experience for you.

If you want to disable cookies, you can do it by accessing the settings of your internet browser. (Provide links for cookie settings for major internet browsers).

Links to Other Websites

Our website contains links that lead to other websites. If you click on these links [name] is not held responsible for your data and privacy protection. Visiting those websites is not governed by this privacy policy agreement. Make sure to read the privacy policy documentation of the website you go to from our website.

Restricting the Collection of your Personal Data

At some point, you might wish to restrict the use and collection of your personal data. You can achieve this by doing the following:

  • When you are filling the forms on the website, make sure to check if there is a box which you can leave unchecked, if you don't want to disclose your personal information.
  • If you have already agreed to share your information with us, feel free to contact us via email and we will be more than happy to change this for you.

[name] will not lease, sell or distribute your personal information to any third parties, unless we have your permission. We might do so if the law forces us. Your personal information will be used when we need to send you promotional materials if you agree to this privacy policy.

Download PDF Download DOCX

Final words

A privacy policy is a way to inform your visitors about your data collection, storing, and distribution practices. Having and displaying a privacy policy on a business website is mandatory.

This legal agreement has legal power. It will be used in the court of law if your business is facing serious charges regarding any of the data privacy laws existing today.

As someone who wants to see your business thrive, we want to help you understand just how vital a privacy policy is. It’s not enough to draft one and display it - you also need to ensure that it gets enforced, and you follow these rules as rigidly as possible.

Save time and money with our privacy policy generator. Create an attorney-drafted privacy policy custom-tailored specifically to your needs in just a few minutes.