Pinterest Stumbleupon Whatsapp
Ads by Google

Table Of Contents

§1–What Is A Privacy Policy?

§2–Privacy Policy Requirements

§3–Privacy Policy Best Practices

§4–Sample Privacy Policy Clauses

§5–Privacy Policy Study Cases

§6–Privacy Policy Versus Terms and Conditions

Ads by Google

§7–Privacy Policy Template

§8?–?Conclusion

1. What Is A Privacy Policy?

Launching a website? This guide goes through what you need to know about creating, and writing, a privacy policy for your website. Don’t know if you do need a privacy policy? A very simple question will answer this for you: do you collect any kind of personal data from your users? If yes, then you need a privacy policy – it’s required by law in most countries.

What is a privacy policy? What are the legal requirements regarding privacy policies? What are the best practices for writing this agreement?

The guide will answer these questions for you. Please note that this guide is for informational purposes only, and does not constitute legal advice.

1.1. Definition

The definition of a privacy policy, as outlined by Wikipedia: “a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses and manages a customer or client’s data.”

So, a privacy policy is a legal statement that tells the user how a company or website operator may use, gather, manage or share the personal data that the user sends to the website when using that website or service.

Privacy policies are considered to be one of the most important pieces of information on a company’s website, because it references how users’ personal information collected on that website will be treated. People want to know that the information they enter on a website is going to be processed correctly and, once stored, it is going to be protected.

What is personal information? Personal information can be anything that can be used to identify an individual, not limited to but including:

  • Name
  • Address
  • Date of birth
  • Marital status
  • Contact information (including telephone number or email address)
  • Financial records
  • Credit card information
  • Medical history

Facebook, with its complex Privacy Settings, is asking for a first name, last name, email address, gender and birth date when you register for a new account. All of this is personal information.

For a website operator, the privacy page is where you should declare how you collect, store, and release personal information you receive from your users. The page needs to inform the user what specific information is being gathered, and whether it is kept confidential, shared with third parties and so on.

1.2. Principles

Personal information should only be collected if it’s done correctly and in accordance with the law. When crafting a privacy policy for your site, it might be helpful for you to keep in mind the following three principles.

Transparency

Users have the right to know how their information is being used. As a point of law, the website owner must provide his contact details, along with the purpose of processing, the recipients of the data and any other information that would be relevant to the user to know.

In 2012 Google launched the Good To Know campaign Google Launches Good To Know, Everything You Wanted To Know About Privacy [News] Google Launches Good To Know, Everything You Wanted To Know About Privacy [News] One thing about Google which different than most huge companies, is the way most people trust them. The recent launch of Google Good To Know is another step in the same direction – Google trying... Read More , which promotes privacy transparency and give users more details on how their information is being used across Google’s services.

In general, personal data can only be processed if the following circumstances are met:

  • Users have given their consent for their personal information to be collected
  • When processing of personal information is necessary for the performance of or for entering into a contract in order to fulfill legal obligations and compliance
  • When processing is necessary for the purpose of protecting the interests of the user
  • When processing is necessary for the pursuit of legitimate interests by the data controller (website owner) or by any third parties to whom the data are disclosed
  • The user has the right to access the data about him and has the right to demand rectifications, deletion or blocking of data that is incomplete, inaccurate or isn’t being processed in compliance with the data privacy law.

Legitimate Purpose

It’s important to remember the personal data collected by a website owner can only legitimately be used for the action in which a user has given consent. It cannot be used in any other way, without the user’s permission.

Proportionality

Personal data can only be processed in an adequate and relevant way. It cannot be processed in an excessive manner of that which it was collected for.

The collected information needs to be accurate and kept up to date. Businesses must take reasonable steps to make sure that any data collected would not be inaccurate or, if it’s incomplete, to be erased or rectified.

Personal data must be kept in a confidential manner. Businesses must have appropriate safeguards for processing personal data.

1.3. Quick Facts

Privacy policies are necessary, required by law and also helpful for establishing users’ confidence when using your website.

This type of agreement guides and helps your users know how your site collects and stores the personal data secure (such as an email address). This practice of being transparent with your users and potential customers through a privacy policy page can increase trust.

In Aug 2013, The Office of the Australian Information Commissioner (OAIC) released the results of a “Privacy Sweep” report. The sweep was part of the first international Internet privacy sweep, an initiative of GPEN (Global privacy Enforcement Network).

The report states that over 65% privacy policies examined have provided information that was not relevant to the handling of personal information. Some websites did not have a privacy policy at all.

Among the best practices observed from this Internet sweep was that it’s possible to create a transparent privacy policy by making them easily accessible, simple to read and with privacy-related information that the consumer would be interested to know.

Google’s Shared Endorsements What's Google's Shared Endorsements & How To Opt Out Right Now What's Google's Shared Endorsements & How To Opt Out Right Now The new Google ads are called "Shared Endorsements" and show just how private your online information really is. Hint: it isn't. Are you ready for your face to appear in ads? Read More were in the news last year. This feature changed the details of their privacy policy, but Google provided a web page where users can learn what these Shared Endorsements are, and how they can opt out of having their profile used for these ads.

2. Privacy Policy Requirements

For many online businesses, the need for collecting user information is a necessary part of doing business, but it is the company’s or the website owner’s legal obligation to take steps to properly secure (or dispose of) this data.

Financial data from online financial tools Get Your Finances In Order With 9 Financial Web Tools Get Your Finances In Order With 9 Financial Web Tools Money is something that we all want more of, but to get more of it requires us to do two things - bring more in or spend less. Preferably both. But how do you do... Read More , personal information from children (under 13) and material derived from credit reports may need additional compliance considerations – as opposed to an online business with a business model that involves less personal information.

2.1. Requirements by Country

Since there are different laws for different countries with regard to what is needed to be in compliance with the law regarding the collection of personal data, here are the summaries on the main guidelines over data privacy laws for USA, Australia, Canada, United Kingdom, India, and the European Union.

2.1.1. United States of America (USA)

There are several federal and state laws that have provisions for data privacy in the US, such as:

  • the Americans With Disability Act;
  • the Cable Communications Policy Act of 1984;
  • the Children’s Internet Protection Act of 2001;
  • the Computer Fraud and Abuse Act of 1986;
  • the Computer Security Act of 1997;
  • the Consumer Credit Reporting Control Act;
  • and several others.

In every aspect, an American’s privacy (in theory) is protected by more than one applicable federal and state law.

The Federal Trade Commission (commonly referred to as the FTC) is the government office that regulates data protection for consumers in the US.

The FTC issued a set of guidelines for companies to follow when writing their privacy policies:

  1. What information does the company collect and how does it do so?
  2. How does the company protect the information it collects?
  3. How does the company use the information it collects?
  4. Does the company share the information it collects with others, and if so, what is shared and with whom is the information shared
  5. Do customers have control over their personal data, and if so, what control do they have?

For different types of companies, the legal requirements of having privacy policies are more extensive as there are federal (as well as state laws) that regulate what must be disclosed in a privacy policy by companies that collect, use and share customer information in a variety of circumstances.

For instance, the Children’s Online Privacy Protection Act (COPPA) governs websites or online services that collect personal information from children under the age of 13. Some websites avoid these obligations by discouraging children from using their service altogether: The Tumblr app is now for only ages 17 & up Tumblr App Now For Only Ages 17 & Up In iTunes Store [Updates] Tumblr App Now For Only Ages 17 & Up In iTunes Store [Updates] Tumblr for iPhone changed its usage agreement on Wednesday and became an app solely for ages 17 and up. This followed Apple's recent nudity-related removal of 500px and its cease of promotion for Vine. Read More in the iTunes store.

The Gramm-Leach-Bliley Act regulates the use and sharing of a person’s financial details by financial institutions, and the Health Insurance Portability and Accountability Act governs privacy in relation to health-care services.

Path, the personal sharing app Path - The Personal Photo Sharing App We've All Been Waiting For [iPhone] Path - The Personal Photo Sharing App We've All Been Waiting For [iPhone] Read More , was fined $800,000 USD by the FTC for failing to comply with COPPA and because the app stored the names and numbers from the users’ phonebook without a proper disclosure.

2.1.2. Australia

The Privacy Act of 1988 is the law that governs Australia’s data privacy. The act includes several principles when dealing with personal information of individuals:

  • 11 Information Privacy Principles that apply to public sector agencies
  • 10 National Privacy Principles that apply to Australia-based businesses when they collect, use and store personal information from Australians

Information related to credit reports (such as credit reports or credit worthiness) is subject to other specific rules. The Act allows companies to opt-in to be covered by the Act.

For example, the privacy policy of Shop A Docket, an Australian website for deals and coupons, specifies that they make an effort to handle personal information in accordance with the Privacy Act of 1998:

We make every effort to maintain the highest standards in dealing with personal information in accordance with the Privacy Act 1998 (Cth) and the ADMA Code of Practice (“the Law”).

2.1.3. United Kingdom (UK)

The Data Protection Act 1998 (or, the DPA) is the governing law on data privacy in the United Kingdom.

The Data Protection Act controls how your personal information is used by organisations, businesses or the government – Data protection on GOV.UK

DPA contains strict rules (called principles of data protection) to make sure the data gathered by businesses is being collected, used and stored correctly.

You can find the full text of the law here. The GOV.UK website summaries these principles:

  • information is used fairly and lawfully
  • information is used for limited, specifically stated purposes
  • information is used in a way that is adequate, relevant and not excessive
  • information is accurate
  • information is kept for no longer than is absolutely necessary
  • information is handled according to people’s data protection rights
  • information is kept safe and secure
  • information is not transferred outside the UK without adequate protection.

Hungryhouse, an easy one-stop stop for restaurants in the UK (which also has a mobile app 6+ Best Apps To Order Pizza From Your iPhone [iOS] 6+ Best Apps To Order Pizza From Your iPhone [iOS] Ordering food online is by far one of the most convenient ways of securing a meal, and using an app on your iPhone is even simpler. Waiting in line or being put on hold on... Read More ) mentions in their privacy policy that they comply with the principles of the United Kingdom’s Data Protection Act of 1998:

Hungryhouse.com Ltd. complies with the principles of the ‘Data Protection Act, 1998’ and is registered with the Information Commissioner’s Office who oversee this act.

2.1.4. Canada

In Canada, the law that governs data privacy is called The Personal Information Protection and Electronic Documents Act (or, the PIPEDA). You can find the full text of the law here.

The Act applies to businesses that collect, use and store personal information from Canadians during a commercial activity. Exempt from PIPEDA are businesses that are subject to provincial legislation that is deemed substantially similar to PIPEDA “with respect to the collection, use or disclosure of personal information occurring within the respective province“.

Under the PIPEDA act, personal information is defined as information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization. Under this law, active businesses in Canada are required to:

  • get the user consent when collecting and using personal information
  • collect personal information by fair and lawful means
  • have personal information policies (like the privacy policy) easy to read and easy to find.

2.1.5. India

The Information Technology Act 2000 (IT Act 2000) incorporates a few provisions regarding data protection in India. Outside this Act, there are no other dedicated data protection laws in India.

RedBus, an online bus booking website in India, has its privacy policy similar to what other websites have. Its agreement covers the most important principles of a privacy policy: collection, sharing and security of personal information.

2.1.6. European Union (EU)

Countries in the European Union have their own national law that governs data privacy, but at a European Union level the Directive 95/46/EC or the Data Protection Directive aims to harmonise these data protection laws across the EU member states. You can find the full text of the directive here.

Under this directive, the personal information of users can be collected under strict rules and businesses must respect certain rights of the owners of the personal data.

The names of data privacy laws for various EU member states, per country:

  • Switzerland: the Federal Law on Data Protection of 1992
  • Denmark: the Act on Processing of Personal Data of 2000
  • France: the Data Protection Act of 1978
  • Germany: the Federal Data Protection Act of 2001
  • Italy: the Data Protection Code of 2003
  • Norway: the Personal Data Act of 2000

2.2. Requirements by Third Parties

To run a website, you sometimes use third parties for various purposes: Google Analytics for stats, MailChimp for sending marketing emails MailChimp: Newsletter Sending Service MailChimp: Newsletter Sending Service Read More and many other tools.

Some of these third parties may require you adhere to certain requirements in relation to your website’s privacy policy.

Google, for example, requires you to update your privacy policy if you use their remarketing services (also known as retargeting) from Google AdWords or Remarketing Lists with Google Analytics.

If you use any advertising service from Google on a website or section of a website that is covered by the Children’s Online Privacy Protection Act (COPPA), you are required to notify Google of those specific websites or sections.

For a full list of websites covered by COPPA you can use the following tool finder: http://www.google.com/webmasters/tools/coppa

If you’re operating a mobile app with Android, use this link: http://developers.google.com/mobile-ads-sdk/docs/admob/best-practices.

You must not use interest-based advertising to target past or current activity by users known by you to be under the age of 13 years. But the disclosure of using remarketing or retargeting must be included in any privacy policy, regardless of the tool you’re using to benefit from this activity (Google AdWords, Facebook or any other).

This applies to running ads on Facebook Facebook Ads vs Google Adwords: Which One Got Me The Most Clicks? Facebook Ads vs Google Adwords: Which One Got Me The Most Clicks? I honestly never thought that I'd be paying for any sort of advertising for my blog, at least not until it entered into the "big time", with many hundreds of thousands of pageviews per day.... Read More as well, even if you do it through a third party like AdRoll. AdRoll is a Facebook Exchange official partner that you can use for retargeting on Facebook.

Amazon, with its new “Login With Amazon” service, requires new customers registering with this service to have a privacy policy and include a URL to their page when registering a new app.

Depending on which online tools your business is using (or plans to use), it’s a good idea to have a look at their privacy policy to determine how they use the data they’re collecting and if there are any requirements to update your own privacy policy after signing-up as a member.

3. Privacy Policy Best Practices

The State of California (USA) has been held as a model of Internet privacy policies worldwide. The California Online Privacy Protection Act of 2003 (“OPPA”), was the first state law in the nation to require owners of commercial Web sites or online services to post a privacy policy.

California Attorney General announced measures to improve privacy protections for consumers who access the Internet through mobile apps.

OPPA applies to any person or entity that owns a commercial Web site or an online service that “collects and maintains personally identifiable information from a consumer residing in California who uses or visits” such a website or online service.

It requires businesses to conspicuously post a privacy policy on their websites. According to OPPA, a privacy policy is conspicuously posted on an website when:

  • the privacy policy appears on the homepage of the website; or
  • the privacy policy is directly linked to the homepage via an icon that contains the word “privacy” and such icon appears in a color different from the background of the homepage; or
  • the privacy policy is linked to the homepage via a hypertext link that contains the word “privacy” written in capital letters equal to or greater in size than the surrounding text, is written in a type, font, or color that contrasts with the surrounding text of the same size, or is otherwise distinguishable from surrounding text on the homepage.

The privacy policy page itself must contain the following:

  • A list of the categories of personally identifiable information the operator collects;
  • A list of the categories of third-parties with whom the operator may share such personally identifiable information;
  • A description of the process (if any) by which the consumer can review and request changes to his or her personally identifiable information collected by the operator;
  • A description of the process by which the operator notifies consumers of material changes to the operator’s privacy policy; and
  • The effective date of the privacy policy.

3.1. How to Name Your Privacy Policy Page

OPPA guidelines require that the word privacy be contained within the name of your privacy policy page and that it is written in capital letters equal to or greater in size than the surrounding text.

Here is how Apple.com links to their Privacy Policy page:

It also needs to be written in larger type than the surrounding text, or contrasting type, font or color to the surrounding text of the same size, or set off from the surrounding text of the same size by symbols or other marks that call attention to the language.

HubSpot colors all their links in the footer white (“Legal Stuff, Privacy Policy…”), while the non-linkable text is gray (“Copyright…”):

It’s also recommended to place a link to your privacy policy next to fields where you’re requesting personal information from users.

This is how a “Download Now” form on the Marketing Library from HubSpot is placing its link to its privacy policy when requesting the email address:

While this form requests more personal information than just one email address, a single link to privacy policy would be enough. Or, you can design the form to include the link outside any form inputs, but with a clear mention that you value the privacy of your customers’ information:

3.2. Where to Place Links To Your Privacy Policy Page

A link to your privacy policy page should be placed next to other important information of your website, such as the contact details and the Terms and Conditions link.

MailChimp groups their Privacy and Terms pages into one single link:

oDesk links their legal pages from a footer section called “Company Info” where you can find other links, such as About Us, Contact & Support and so on:

The privacy policy link should be listed from the main page of your website. It’s normally found at the bottom of the page, in the footer section, on all pages:

4. Sample Privacy Policy Clauses

Depending on the online business you run and what kind of personal information you collect, there are certain disclosures that you need to make available in your privacy policy.

What clauses you need to include depends on the business you run and the governing law, but it also depends on what kind of personal information you collect and how you use that data.

4.1. Personal Information Collected

The most important piece of information a privacy policy must display is what type of personal information is being collected through the website.

Remember that personal information is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context.

The abbreviation PII is widely accepted in the US context, but the phrase it abbreviates has four common variants based on personal / personally, and identifiable / identifying. They are not quite all the same and the use of which is dependent on the jurisdiction and the purpose for which the term is being used. In other countries with privacy protection laws derived from the OECD privacy principles, the term personal information is more usual. This can include broader definitions from place to place.

Personal information should be kept confidential and information is considered personal when it can be used to distinguish or trace an individual’s identity, such as name, social security number etc.

In 2012, Google decided to merge Google Set To Merge All Their Services Under One Massive Privacy Policy [News] Google Set To Merge All Their Services Under One Massive Privacy Policy [News] In a short while, Google will be making some huge changes to their privacy policy and terms of service. Basically, they will be placing all of their services under one giant privacy policy. They are... Read More over 60 privacy policies of their websites into one single privacy policy. The final agreement is online and you can see what kind of information Google treats as being personal, how they use the data and what control users have.

Some types of personal information that you need to disclose in your privacy policy include a person’s full name, date of birth, mailing and home address, email address, social security or national identity number, vehicle registration numbers, IP addresses, fingerprints, handwriting, profile pictures, credit card numbers, birthplace, telephone number, login name or screen name.

4.2. Cookies

Cookie files are small pieces of data that are sent from websites and stored in a user’s web browser while the user is on the website. This means that every time a user is browsing a website, even if this is several times a day, cookies will be sent back and forth from the user’s computer to the website’s server.

What’s A Cookie & What Does It Have To Do With My Privacy? What's A Cookie & What Does It Have To Do With My Privacy? [MakeUseOf Explains] What's A Cookie & What Does It Have To Do With My Privacy? [MakeUseOf Explains] Most people know that there are cookies scattered all over the Internet, ready and willing to be eaten up by whoever can find them first. Wait, what? That can’t be right. Yes, there are cookies... Read More

There are different types of cookies, like third party tracking cookies and authentication cookies. Third party tracking cookies are commonly used as a way of tracking an individual’s long term browsing, which can be a potential privacy concern.

Authentication cookies are the most popular as they have essential functions to perform, like knowing whether a user is logged in or not.

Learn how websites are using cookies in this article: How Do Websites Use Cookies? How Do Websites Use Cookies? [Technology Explained] How Do Websites Use Cookies? [Technology Explained] Read More

4.3. Children Under 13

The Children’s Online Privacy Protection Act (COPPA) is a US law that applies to operators of commercial web sites and online services that collect personal information from children under the age of 13 and operators of general audience sites with knowledge that they are collecting information from children under the age of 13. It requires that companies establish and maintain procedures to protect the security and integrity of the personal information collected.

COPPA’s rules require those companies to provide the minor’s parents with a notice of their information practices, obtain verification of parental consent at the outset, before the minor has a chance to offer up any personal information about themselves. Parents need to be made aware that they have the right to request all the information that has been collected from the child at any time.

Parents also have the opportunity to prevent any future use of personal information that has already been collected by the website, and limit the amount of personal information allowed to be collected on games or other activities.

COPPA is specific for children under the age of 13, but the Federal Trade Commission in the USA suggests that websites who target teenagers should take on these principles as well.

For websites who do not want to comply with this, it’s allowable to state that access to the website is denied to any kids under 13. Websites usually do this through a disclosure in their privacy policy called “Children Under 13”.

5. Privacy Policy Study Cases

Analyzing larger companies’ privacy policies can provide a good starting point for you as it can help you decide on what would you like (and need) to include in your own privacy policy.

However, it’s not recommended to simply copy a privacy policy from a competitor and use it as your own: this competitor can have disclosures that might be different from what you actually need to include in your own privacy page.

Analyzing how other companies react when bugs are found that impact personal information can also provide a very good starting point for you.

A bug on Flickr turned all private photos to public. Flickr’s team fixed it by making all users’ photos private by default Flickr Fixes Privacy Bug By Making All Your Photos Private [Updates] Flickr Fixes Privacy Bug By Making All Your Photos Private [Updates] Some Flickr users have been receiving emails regarding a privacy-setting bug affecting their photos. Whether you’ve received this email or not, this bug may affect you if you have any photos on Flickr. According to... Read More to prevent any privacy issues.

5.1. LinkedIn

LinkedIn is a powerful tool that you can use to market yourself and your skills to the world. We offer a LinkedIn Guide that proves just how powerful the social network is (especially for users who take their profile very seriously and make their LinkedIn profile stand out How To Make Your LinkedIn Profile Irresistible How To Make Your LinkedIn Profile Irresistible If social media has turned us into digital narcissists, then we should be building up our resume on LinkedIn all the more as it is a valuable platform for professional networking. Welcome to the digital... Read More )

LinkedIn’s Privacy Policy webpage clearly starts with a “Your Privacy Matters” title. This helps them enforce their philosophy of “members first”, where each member of their website is valued, including how their personal information is used across LinkedIn.

Big icons help users guide through the privacy section easily: Introduction, Information Collected, Uses & Sharing of Personal Info, Your Choices & Obligations and Important Information.

An interesting detail from LinkedIn’s privacy page: they tell you that, if you are living in the United States, then the LinkedIn Corporation controls your information, but if you live outside the US, then LinkedIn Ireland controls your information.

5.2. 500px

500px is “the Premier Photo Community” where you can sign up to upload, share, and discover inspiring photos Create A Stunning Professional Photography Portfolio With 500px Create A Stunning Professional Photography Portfolio With 500px 500px is aimed at photographers who want a professional portfolio that'll stand out in a crowd, without the headache of trying to organise a dedicated site. It's certainly got the “professional” edge over Flickr, and... Read More .

500px’s privacy policy is well laid out and is explicit in its explanation of how it controls the information that comes to them through use of their site. They start their privacy page by stating that they only use information that is relevant for the purpose of their website.

Similar to LinkedIn, they have a summary on the right column called “Basically”.

5.3. Wikipedia

Wikipedia, now a common household name The Origins of Wikipedia: How It Came To Be [Geek History Lesson] The Origins of Wikipedia: How It Came To Be [Geek History Lesson] Read More , has a straightforward privacy policy that describes how the website is collecting and retaining the least amount of personally identifiable information.

A “Details of data retention” section in their privacy page details what type of information is being collected, how it is retained and for what purposes.

6. Privacy Policy Versus Terms and Conditions

There is a difference between a Privacy Policy and the Terms and Conditions of a website. Although a reference to the privacy policy will be made in the Terms & Conditions page, they are usually also listed separately.

Mandrill, a service from MailChimp, has multiple legal pages that are listed separately: Terms of Use, Privacy Policy, API Use Policy and a Copyright Policy page.

A privacy policy, as we have noted in the beginning, governs the way websites are allowed to collect and dispose of their users’ information by law with regard to their users’ personal information.

Terms and Conditions include sections pertaining to user rights and responsibilities, definitions of key words and phrases found within the website, the definition of what the website considers to be proper use of their website, accountability for various online actions users can engage into, limitations of liability clarifying the websites position on damages and so on.

Mandrill’s Terms of Use specifies the requirements of signing up for a new account, at the “Eligibility” section:

While a privacy policy is required by law if you collect personal information from your users, a Terms and Conditions document is not, but it can be useful for your website to have one and establish certain rules to prevent abuses, offer acceptable use cases or community guidelines and so on.

It’s recommended that you keep these pages separate, as the focus of a privacy policy page is to discuss personal information matters, while a terms and conditions page should discuss the rules of using or accessing the website, general guidelines and so on.

7. Privacy Policy Template

The following privacy policy example can provide you with a starting point to making your website’s own privacy policy. The information must be modified to meet your own individual needs and the laws of your state. Consult with a lawyer!

In this example, the website collects only one category of personal information from visitors, the email address, and then discloses how is it used: to improve the website or service provided to users.

TermsFeed keeps an up-to-date privacy policy template for free, listed here. You can also use that template to get started with your own privacy policy.

This privacy policy sets out how [Business Name] uses and protects any information that you give when you using this website.

[Business Name] is committed to ensuring that your privacy is protected. [Business Name] may change this privacy policy from time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes.

This privacy policy is effective from [Date of publishing this privacy policy online].

What We Collect

[Business Name] collects the following information:

  • Contact information, including email address

What We Do With The Information We Gather

[Business Name] requires this information to better understand your needs and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping;
  • We may use the information to improve our products and services.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

How We Use Cookies

A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to Other Websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information that you provide whilst visiting such sites and such sites are not governed by this privacy statement.

You should exercise caution and look at the privacy statement applicable to the website in question.

Questions About This Privacy Policy

If you have any questions about this privacy policy, you can contact us through any of the available methods listed on our Contact page.

8. Conclusion

The legal framework that surrounds privacy policies is complex, and varies from one country to the next – and even between states or provinces of the same country. One thing is universal: the purpose of any privacy policy is to clearly disclose what kind of personal information a website collects, how that data is then used, and for what purposes.

Abiding by a well defined privacy policy is paramount for users to have confidence in using your website and not worry about what might happen to their data. Above everything, people want their private details to remain that way, and in today’s technological age it is more necessary than ever to prove to your users that your website is trustworthy.

The Center for Democracy & Technology recently praised Apple Apple Officially Recognized For Its Much-Improved iOS Privacy Settings [Updates] Apple Officially Recognized For Its Much-Improved iOS Privacy Settings [Updates] In the recent release of iOS 6, Apple included new and improved features for users to gain better control of privacy on their iOS devices. Though a lot of news of late has been about... Read More for its new privacy settings in iOS 6, stating that:

Apple’s decision to incorporate these substantial pro-privacy elements into iOS 6, allowing users to finally control how their data gets shared with specific apps, and to more easily express a desire not to be tracked by marketers.

Companies who do not have a privacy policy are not competitive with the industry they work in, as users now look to ensure that their information is taken seriously and protected as safely as possible.

Google’s AdWords, for example, uses a Quality Score to rank companies and the ads they’re running, based on many variables. One of these variables, which can increase your Quality Score, is having a privacy policy available on the landing page.

Best practices involving privacy policies have been agreed to have the following:

  • Making sure a link to your privacy page is on the main page of your website.
  • It should be offset in a different colour than the website background, so as to be easily identifiable.
  • It should be concise and streamlined to the specific needs of the company.

Take the included privacy policy template from this guide to have a good starting point for how to write your own. You can also analyze larger companies and organizations’ privacy policies – if they’re active in your industry. Don’t just copy theirs, though: you need to make your own privacy policy, as this legal agreement depends on what kind of data you collect and how you use that data.

Also remember to take note of how companies react to bugs that affect personal information of their user base Apple Responds To Privacy Risks Concerning Access To Contact Data [News] Apple Responds To Privacy Risks Concerning Access To Contact Data [News] Read More .

It is essential to ensure that your privacy policy is both easily understandable and accurate, as it is one of the most important documents on any website.

It is a legal document, and great effort is needed to ensure everything you have written in the privacy policy is accurate and fits your website’s general scope. Consult with a lawyer!

It’s not helpful, nor recommended, to obscure text or try to be less than forthright about what your website does with personal information.

We hope this manual gave you some idea of what to include in your privacy policy, and that our template gave you a reasonable place to start. Good luck!

Guide Published: February 2014

  1. Alexander
    February 27, 2015 at 7:03 pm

    I think Privacy Policy makers should be enforced to have a simple English version of all Privacy Policies as well as the legally binding official one, as the required legal language style for Privacy Policies is very difficult and tedious for most people to read.

Leave a Reply

Your email address will not be published. Required fields are marked *