Does your website have a privacy policy? This is now legally required on your website to disclose your practices on protecting users’ personal information.

A Privacy Policy is probably one of the most important legal agreements for your online business, regardless how or where you operate: website, mobile app, desktop app and so on. 

Privacy Policy agreements are mandatory if you are collecting data that can be used to identify an individual because this data is legally protected by a number of important laws around the world that require a Privacy Policy in such cases.

ONE: It’s required by law if you collect personal information from users

Perhaps the most important reason why you need a Privacy Policy is because you actually probably do need it. It’s required by law.

TWO: It’s required by third-party services you may use

Many third-party services that are designed to enhance your website or app, such as Google AdWords or Google Analytics, are actively requiring you to have a Privacy Policy that contains certain information about your use of their services, plugins, SDKs, and so on.

Google Analytics requires a Privacy Policy because it stores cookies on a user’s PC, which are then used to collect data about the user. You disclose this in the Privacy Policy with a section called “Cookies” or through a separate Cookies Policy. Their legal agreement states that any business who sign-ups and uses their Analytics service must have a Privacy Policy available to users and that discloses the business’ use of their service.

If you use AdWords, Google requires you to update your Privacy Policy to inform your users that: You use remarketing to advertise your product or service through Google AdWords’ platform; Google is showing your ads to users on websites that they visit after visiting your website, and; How a user can opt out of this remarketing campaign

If your mobile app will be available on an app store, such as the Apple App Store or the Google Play Store for Android devices, you’re most likely to be required to have this legal statement either by the law (if you collect personal data) and by the terms of the app stores’ legal agreements (even if you don’t collect personal data). Apple requires a Privacy Policy for all iOS apps through the following legal agreements you agree to as a developer: Apple’s App Store Review Guidelines, Apple’s Program License Agreement (PLA) and iOS Developer Program License.

THREE: Users are interested in their privacy

People care a lot about their privacy, especially when it comes to the use of their personal information online. Most users want to feel secure before providing private information, such as the home address.

A Privacy Policy is not only a legally required document to disclose your practices on protecting personal information, but it’s also a great way to show users that you can be trusted, and that you have procedures in place to handle their personal information with care.

FOUR: There’s no reason not to

Even if you don’t collect any personal information from users, you should consider creating a Privacy Policy page regardless. Even if all it says is that you don’t collect any information.

A Privacy Policy is a legal agreement that explains what kinds of personal information you gather from website visitors, how you use this information, and how you keep it safe.

CalOPPA is one of the strictest privacy laws in the US. It affects anyone who collects personal information from people residing in California, which means its reach goes far beyond state borders.

Examples of personal information might include:

• Names
• Dates of birth
• Email addresses
• Billing and shipping addresses
• Phone numbers
• Bank/card details 
• Social security numbers

The content of Privacy Policies varies from one business to another. How a website collects and manages information, and how it interacts with third parties is unique to every company. Additionally, where a website’s users live can impact the company’s Privacy Policy because of international laws protecting global consumers.

At minimum, your Privacy Policy should cover the following points:

• Business Name and Contact Details
• Types of Personal Data You Collect
• Why You Collect Personal Data
• How the Data is Stored / Used
• How You Share Data with Third Parties
• How to Opt Out of Data Collection
• Affiliated Websites or Organizations (third parties included)
• Use of Cookies
• Future Changes to Privacy Policy

Note: if you are an e-commerce store accepting payments via your website, you will also need a TERMS AND CONDITIONS.

Now where does it go?

After you write your Privacy Policy, you’re going to need to display it so users can access it easily.

It’s common practice to include a Privacy Policy link in clear, legible text within the footer of a website. This link usually appears alongside other important information such as contact details and other important policy links. It should appear on every page of your site or mobile app.

Laws around the world require websites to have a Privacy Policy in place. From California’s broad CalOPPA law, to the EU’s new General Data Protection Regulation and other laws in Canada, the UK and Australia, there is much to understand about privacy laws and compliance.

As mentioned, you also need to be aware of requirements of third party services you use, such as analytics or advertising services. Always check the Terms of Use for these services to find out what you need to do.

By having a thorough, easy to read Privacy Policy that’s clearly displayed, you’ll be on a great path to complying with every privacy law and Terms agreement that comes your way.

Need help getting your site’s Privacy Policy together? Contact the Pathfinder team today.