One of the most important things when you own a website and/or run an online shop, that should not be neglected is the legal side of things. In this article, we are going to provide all the information necessary to completely understand Privacy Policies. We are going to start with what a privacy policy is, and why you need it on your official website. We will also supply you with some examples and a privacy policy Template.

It is important to understand that websites usually use cookies that store visitors' data, and because of this, displaying the privacy policy is of utmost importance. Since everything online is exposed to cyber attacks and data theft, make sure to check the privacy laws and legal requirements, as they are quite rigorous if you fail to comply. Let's slow things down and work our way gradually. There is a lot of ground to cover and every single piece of information found here deserves your undivided attention.

What is a privacy policy

Privacy is considered as one of the fundamental human rights by many countries in the world. The governments of these countries have passed legislation to protect individuals from their personal data being collected, distributed and used for numerous purposes without their knowledge.

Unlike other legal documents that people and companies display on their websites, the privacy policy is the only one that is required by law. The law strictly regulates the practice of displaying the privacy policy on websites or apps. We will come back to this in the privacy policy law requirements section of this article.

The definition of a privacy policy is easy to understand: "A privacy policy is a form of agreement. It is required by law if you use and/or collect any website (application user) personal data. The single purpose of this agreement is to inform website visitors about your data collection and sharing practices."

Simply put, it is a document that describes in detail what personal information your website collects from its visitors along with how you store it and use it.

Here is what falls into the category of personal data:

  • Visitor's IP address
  • Full name, name or surname
  • Email address
  • Birthdate
  • Postal Address
  • Any other information that can be used to identify the individual visiting your website

Why website owners need it

There are several compelling reasons why website owners need it, and here are some of them:

  • In many cases, you will be required to display it by law. As we have stated above, privacy is a fundamental human right, and many countries have laws in place that require you to display it if you live in one of them or you collect and use any data about their citizens.
  • There are also third-party services that may put you in a position to have to display the privacy policy because they collect and use website visitors' private data. For instance, Google AdSense and Amazon Affiliates, among others, have these kinds of actions and will require you to have a privacy policy on display on the website.
  • You will make it easier for your customers to establish a strong connection with your brand. By displaying the privacy policy, you will make your intentions regarding personal data collection, storing, and sharing quite clear. By being deceitful, you not only risk losing all the credibility you have built over the years with website visitors but also facing charges for your illegal act.

In any case, you can't go wrong with displaying a privacy policy on your website. In case you didn't need it in the first place, there won't be any harm done to you or the website visitors.

Privacy policy law requirements

As we have previously stated, displaying privacy policy agreements is mandatory by law, unlike displaying the terms and conditions. This is simply because the collected data can be used to identify an individual who has visited the website. Let's take a closer look at some privacy laws.

The United States of America

There are several states and federal laws in the USA that have provisions on data privacy:

  • The Computer Security Act of 1997
  • The Consumer Credit Reporting Control Act
  • The Computer Fraud and Abuse Act of 1986
  • The Americans With Disability Act
  • The Children's Internet Protection Act of 2001 (last updated in 2013)
  • The Cable Communications Policy Act of 1984

Beside this, you will have to get familiar with such laws and acts of the state you reside in. For instance, the State of California has the Business and Professions Code in power. This one requires any operator of an online service or commercial website owner who collects and stores personal information of residents of California to have and display a privacy policy agreement on the website.

In the end, make sure to check if there are any extensive legal requirements of having Privacy Policies, depending on your business model and the industry you are in.

European Union

EU has its own Data Protection Directive which regulates the collection, processing and storing of personal data of its citizens. This directive clearly states that companies operating from the EU must have a privacy policy.

Furthermore, this directive clearly establishes a legal framework inside of which you can gather and use the personal data of website visitors. This directive also governs how businesses can collect, store and use personal data and what they need to do to protect it from misuse.

Please note that this regulation has been updated and published in May 2016, but it is not going to be applied until the 25th of May, 2018.

Australia

Australia also has a law that governs data privacy. It is called Privacy Act and was established back in 1988. This law requires businesses from Australia to have and display a privacy policy. Australia's Privacy Act strictly regulates how companies need to handle sensitive user data. It covers all segments of sensitive data processing, from the collection and usage, to storage and disclosure.

The most important principle of Australia's Privacy Act is that you need to have a privacy policy, to keep it updated, and inform website visitors about each update.

What to include in the privacy policy

Please note that we are going to talk about what to include in the privacy policy in general. You must consult the applicable laws and policies of your country, and countries of your website visitors in order to cover all legal grounds. Or a much better alternative is to create privacy policy using our online generator.

It is important to note that the privacy policy agreement has two purposes. One is to protect your business, while the other is to inform website visitors. This is why you have to be as pragmatic as you can when writing it. Besides being short and concise, refrain from using complex legalese and jargon when you are writing it.

Type of information collected

It’s not enough for you to state that "personal information will be used" - you need to elaborate on this term because it’s relative. Therefore, go into the tiniest details when it comes to the information you plan on using, whether that will be only the name, or the name and age, the email address, the state where they live in, and whether you want to access their social platform accounts in order to reach other preferences.

The purpose of information collection

In order to gather as many "yes, I agree", it’s necessary to explain the purpose of your which to access personal information. Most websites explain their need for this type of data by stating that it’s for the purposes of increasing the overall satisfaction of their clients, customers, or followers. However, you do need to be very specific about your intention and especially so if they exceed the usual expectations.

How you collect information

In order to remove the unfamiliar and shed some light on your privacy policy, you should also state the means you’re using in order to gather their personal information. By including this segment, you will enable those particularly suspicious visitors to do some additional research and check whether your method is reliable or not.

How you protect ino

What happens on your website should stay on your website. All the data you gather from visitors needs to stay in the circle of your company or partners who have the authority to use it, which of course needs to be stated in your privacy policy. If you want for your target audience to be trustworthy and allow you to use their personal information, you need to make them feel safe.

The option to deny information collection

Although your primary goal is to have as many regular visitors as possible, you still need to allow your target audience to decide whether or not they find your document acceptable. Some business simply restrict access in total if a visitor doesn’t want to accept the terms, others make just a part of their content visible, while some just offer it as a proposal. It’s up to you to make this decision individually and it needs to be in accordance with your long-term goals.

Since many website owners use some kind of advertising network to further monetize their online presence, here are few things you need to inform your visitors about when you use Google AdSense.

  • Cookies are going to store information about your prior visits to this website and Google is going to use the cookies to serve ads based on this information.
  • Google also uses the DoubleClick cookies that store not only user information about prior visits to your website, but to other websites as well.
  • You (a website user) can disable this DoubleClick cookie by accessing the settings panel of Google AdSense.
  • If you are using any other advertising networks, make sure to provide a link to those too.
  • Inform users about interest-based advertising, how it works, and what they can do to disable it. Provide additional information by placing links to external websites.

Privacy policy examples

In order to get better insight into this matter, take a look at a couple privacy policies agreements of the popular websites.

Vimeo

As one of the leaders of video sharing platforms and a website that has visitors from all around the globe, Vimeo also has a long privacy policy agreement. They clearly inform their users of what steps they need to take if they feel their privacy has been violated. Feel free to take a closer look if you plan on writing and adding such a segment to your privacy policy agreement.

Vimeo privacy policy

Amazon

Being a company of such a magnitude, Amazon has done some serious work when it comes to writing and structuring their privacy policy notice. Amazon's writing style has more of a personal tone, which is a great way to establish a better connection and deeper trust with website visitors.

Amazon privacy policy

Take a look at their opening sentence, for instance: "Amazon.com knows that you care how information about you is used and shared, and we appreciate your trust that we will do so carefully and sensibly." Also, make sure to check the image below to see how Amazon displays Legal Policies and allows users to quickly access segments of the privacy policy Notice via links right on top of the document.

Where to display it

If you have terms and conditions agreement on the website and it references to the privacy policy, it is not enough. You are required by law to have the privacy policy as a separate agreement and put on display on your website. One of the reasons behind this is because it makes it easier for website visitors to notice and also understand that there are several different legal agreements.

If you take a look at the websites of major companies you can see that most of them have common privacy policy displaying practices. You can usually find the link to this legal agreement in the footer of a website, on each and every page.

Here is the footer of the Google.com page:

Google privacy policy link

Another common practice is to place a link to the privacy policy agreement on any form where you require a website visitor to enter personal data. It can be placed in line with the email field or as separate notification field contained in the form. Here is what it looks like in practice:

Privacy policy click-wrap link

How to enforce it

To be able to enforce a privacy policy, you need to ensure the following:

  • Website visitors can find the privacy policy easily.
  • You have provided contact information if visitors have any questions regarding the privacy policy.
  • Visitors are given notice about the privacy policy they need to agree to.
  • You give visitors notice about privacy policy updates, along with a link to previous versions of the agreement (email, private message on the website, popup window).

The enforceability of this agreement can be implemented by using either browse-wrap or clickwrap. A browse-wrap would be the first two examples in the previous section of the article, while the clickwrap method can be seen in the last example of the last section.

It is important to understand that the enforceability of these two methods is different. This is why many websites use both of these methods to properly inform the visitors about their privacy policy.

There are some best practices to follow in order to increase the enforceability of the privacy policy for either of the methods.

When you use a browse-wrap privacy policy agreement, make sure to:

  • To display it prominently on the page (not close to edges, for instance).
  • Make the font and links different and easier to spot (size, style, color).
  • Notify users about changes.
  • Require of users to take some action when they don't want to read the privacy policy.

When using the clickwrap method, make sure to:

  • Pick a noticeable and clear location on the website to display the privacy policy.
  • Be explicit about the denial and acceptance methods (By accepting, you are consenting to; If a visitor doesn't want to accept the privacy policy agreement, provide a notice about the restrictions and limitations of the services you provide).
  • Provide unchecked checkbox if you use one. Remember, it is about forcing a visitor to take action (If a visitor wants to continue without checking the box, provide a notice informing them why they can't continue the registration process).

Sample free privacy policy template

This privacy policy template will help you see how everything we talked about so far comes together to form a legal agreement. Keep in mind that this is just an example privacy policy template and does not cover many of the important topics.

Generic privacy policy template

This privacy policy ("policy") will help you understand how [name] ("us", "we", "our") uses and protects the data you provide to us when you visit and use [website] ("website", "service").

We reserve the right to change this policy at any given time, of which you will be promptly updated. If you want to make sure that you are up to date with the latest changes, we advise you to frequently visit this page.

What User Data We Collect

When you visit the website, we may collect the following data:

  • Your IP address.
  • Your contact information and email address.
  • Other information such as interests and preferences.
  • Data profile regarding your online behavior on our website.

Why We Collect Your Data

We are collecting your data for several reasons:

  • To better understand your needs.
  • To improve our services and products.
  • To send you promotional emails containing the information we think you will find interesting.
  • To contact you to fill out surveys and participate in other types of market research.
  • To customize our website according to your online behavior and personal preferences.

Safeguarding and Securing the Data

[name] is committed to securing your data and keeping it confidential. [name] has done all in its power to prevent data theft, unauthorized access, and disclosure by implementing the latest technologies and software, which help us safeguard all the information we collect online.

Our Cookie Policy

Once you agree to allow our website to use cookies, you also agree to use the data it collects regarding your online behavior (analyze web traffic, web pages you spend the most time on, and websites you visit).

The data we collect by using cookies is used to customize our website to your needs. After we use the data for statistical analysis, the data is completely removed from our systems.

Please note that cookies don't allow us to gain control of your computer in any way. They are strictly used to monitor which pages you find useful and which you do not so that we can provide a better experience for you.

If you want to disable cookies, you can do it by accessing the settings of your internet browser. (Provide links for cookie settings for major internet browsers).

Links to Other Websites

Our website contains links that lead to other websites. If you click on these links [name] is not held responsible for your data and privacy protection. Visiting those websites is not governed by this privacy policy agreement. Make sure to read the privacy policy documentation of the website you go to from our website.

Restricting the Collection of your Personal Data

At some point, you might wish to restrict the use and collection of your personal data. You can achieve this by doing the following:

  • When you are filling the forms on the website, make sure to check if there is a box which you can leave unchecked, if you don't want to disclose your personal information.
  • If you have already agreed to share your information with us, feel free to contact us via email and we will be more than happy to change this for you.

[name] will not lease, sell or distribute your personal information to any third parties, unless we have your permission. We might do so if the law forces us. Your personal information will be used when we need to send you promotional materials if you agree to this privacy policy.

Download Free Privacy Policy (PDF file)

Download Free Privacy Policy (DOCX file)

Use our professional privacy policy generator to create attorney drafted policy tailored specifically for you and how you run and operate your website or mobile app.

Conclusion

Having and displaying a privacy policy on a business website is mandatory by law. It is a unique way to inform your visitors about your data collection, storing, and distribution practices. This legal agreement has legal power and will be used in the court of law if your business is facing serious charges regarding any of the data privacy law violations. This is why writing and enforcing it deserves your undivided attention.