When I’m helping my customers build a website, I always remind them that they should have a privacy policy. This is not always an easy or welcome conversation, but it is an essential one. Some of the reasons that you should have a privacy policy for your site include:
- Some advertising networks, such as Facebook and Google require you to have a privacy policy
- Your email marketing service may require a privacy policy
- Your customers will appreciate knowing how you are using the data you collect from them, and that you care about your customers’ privacy concerns
- Some countries and US States require privacy policies for websites
So what is a privacy policy?
From Wikipedia, “A privacy policy is a statement or legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data.” Customer data, also called Personally Identifiable Information (PII), can refer to more obvious things like their name and contact info that’s entered in a contact form, or an email address that’s entered to request a lead magnet, and other things like what you purchased. Customer data can also include less obvious things such as the IP address of the device that was used to visit the site, even if the visitor didn’t fill out any forms.
Aside from PII you are collecting, there’s other data collected by your Email Marketing service, analytics or site statistics software, marketing pixels and trackers, third-party fonts, video hosting services, and any other third-party service that is integrated with your website.
There are different laws that determine what counts as customer data depending on where you live or do business, or where your website visitors live or are viewing your website from. Some of these laws include:
- California Online Privacy Protection Act of 2003 (“CalOPPA”)
- California Consumer Privacy Act (“CCPA”)
- Nevada Revised Statutes Chapter 603A
- Delaware Online Privacy and Protection Act (“DOPPA”)
- Virginia Consumer Data Protection Act (“VCDPA”)
- Colorado Privacy Act
- General Data Protection Regulation (“GDPR”)
- Personal Information Protection and Electronic Documents Act (“PIPEDA”)
- Quebec Bill 64
- Australia Privacy Act of 1988
(This list is from Termageddon.) In addition to the above listed laws, there are several US Bills related to Privacy that have been proposed
What should be included in a Privacy Policy?
Below is a list of some things you’ll want to keep in mind when creating/adding your privacy policy:
- State what information you collect – Explain to your audience that it is vital that your privacy policy details the exact information you will collect. For example, does your website collect personal information like names, addresses, numbers?
- Explain how you will use the information – Walk your readers through why it’s vital that your privacy policy explains how a user’s information will be used. For example, with an e-commerce site, some data like a customer’s name and address will be used for shipping purposes. Data is also used for marketing. It’s also vital to include if you will be sharing any of this information with third party organizations.
- Who the information is shared with – This is not necessarily who you are intentionally sharing it with, such as directly giving another business/marketer access to subscriber information. This could also include email marketing services or marketing platforms or site statistics and analytics services that are receiving data about users from your site.
How to create a Privacy Policy
When I’m having the Privacy Policy conversation with my customers, they often ask me if I have one or a template they can use. Since a Privacy Policy is to some degree a legal document, I will not provide my customers with one because I am not a lawyer. (And since I am not a lawyer, this post is not legal advice but merely information. If you have questions, consult your attorney.)
There are a few tools that can help you create your Privacy Policy that I often point my customers to:
- Termageddon is my first choice. They offer several different policies for your website, include privacy policies (which includes information about how your website uses Cookies), terms & conditions, disclaimer policy, and EULA (End User Licensing Agreement). For each kind of policy, there is a bevy of questions to help tailor the policy to your specific needs and circumstances. (If you use my link to sign up for Termageddon, I may get an affiliate credit.)
- GetTerms.io is another option. I actually used their service before I found out about Termageddon. Their paid policy, which I have used, also requires you to answer a series of questions to customize the policy to your specific needs.
- Consult an attorney – if you’re not comfortable using a service like those listed above, you could consult an attorney familiar with this area of law.
Where to put your Privacy Policy?
Having a fantastic privacy policy is useless if no one knows how to find it. Most websites include a link to their privacy policy in the footer of the website, so it’s available on every page of the site. Including the link to yours in an expected places makes it easier for visitors to find it when they are looking for it.