How to Write a Privacy Policy
Often overlooked, the privacy policy is one of the most vital parts of your website. If your site collects personal data from its users – such as form submissions or if you attach a tracking pixel – you will need a privacy policy.
It’s a formality required in many countries – and not having one when you should could land you in a lot of trouble. You may even have to pay a hefty fine.
So what should a privacy policy include – and do you really, reeeallly have to sit down and write one?
What is a a privacy policy?
In lawful terms, a privacy policy is a web page or document that declares a company’s or website’s policy on collecting and releasing information about a visitor. It usually declares what specific information is collected and whether it is kept confidential or shared with or sold to other firms, researchers or sellers.
A privacy policy is required for you to operate within the law if you collect information from your website visitors. It’s where you let people know what personal information you’re collecting, how you collect it, how you use it, and why.
One of the most important bits of a privacy policy also describes whether you share it with any third parties – and, if you’re a decent human being, why you do this and what the user can expect from it.
What does a privacy policy include?
Nearly every website you find will have a privacy policy nowadays. Click on it to read a real-life example of the sections you may need to include in yours.
Of course, they may have more or less information contained within the privacy policy than you need, so here’s a quick guide to the most common sections:
Introduction
Who are you? What are you all about? Why are you writing this privacy policy? An intro section isn’t mandatory, but it does help to clear up to users the basic facts and establish the kind of clear language you should be aiming for to encourage them to read further if they’ve got this far.
When it comes to a privacy policy, you can split it into as many sections as you like for easy reading. For example, here’s the first part of Convertri’s privacy policy:
Information Collection
This is where you need to disclose the types of personal data that your site collects and how you collect it from the user. Some companies combine this information into one clause, while others separate it into two separate ones, and most websites use list formats sparingly for sections like this.
In Convertri’s privacy policy, we format it into easy to read bullets and paragraphs. You can see clearly the kind of data we collect: for example, unlike LinkedIn, we don’t need your employment history, but we do find it useful to collect details about your browser type and survey responses.
Use of Information
Once you’ve collected your visitors’ information, how and why do you use it?
This is where you can reassure your visitors how your collecting data will benefit them (and it really should, otherwise don’t do it) as well as how you use the information in your business. It’s also helpful to point out that you won’t use their data for anything illegal or shady.
Third Party Disclosure
Third parties are the worst. That’s the thinking of most of your website visitors – most people hate being tracked around the internet by cookies and whatnot, or that’s what they’ll say when you enquire. The truth is, as long as you do it well, sharing data with third parties is absolutely fine as long as it benefits the customer – and you should be upfront and comprehensive in your privacy policy when you disclose who you share their info with, and why.
In Convertri, we set out who we share your data with, but keep the actual list for later on so it doesn’t clog up the reading flow. In our case, we need to disclose your information to joint controllers and system administrators who help run our app.
Information Protection
Reassure your users that the personal information you store is stored securely. You don’t have to go into the nitty gritty of how you do it – you don’t want to give hackers a roadmap – it’s important that you state clearly that you do take steps and have protocols for security and know what to do if things go wrong.
It’s a good idea to mention that your site is covered by SSL encryption, which lets them know it’s highly secure without giving away too much of your security protocols. You should probably also add a disclaimer which states that no system can ever be regarded as 100% secure – just in case the worst happens.
User Legal Rights
You must also include a section with your Privacy Policy that covers the rights of your users. This is especially relevant if your Privacy Policy needs to be compliant with GDPR.
In this section, you should explain that your visitors have the right to make amendments to their data, to delete data and to review the information on them that you hold. It’s a vital section to have to remind your users of their personal power over the information stored about them on websites.
Data Retention
How long are you going to hold and use your visitors’ personal data? You need to set out just how long they can expect to be on your system, as well as why you hold it that long.
Should I write one from scratch?
You can write a very basic privacy policy from this guide, but we feel like we must disclose (see what we did there?) this post isn’t meant for that. It’s a basic guide to the sections you can expect from a basic privacy policy, as well as why they need to be present.
To write your own privacy policy, there are many compliant generators on the internet which will ask you a few survey-like questions and spit out a fully formed privacy policy that’s customised for you, which you can copy and paste on your own site.
A word of warning: it’s not always easy to know how compliant these websites are, and therefore if your privacy policy will actually get across the information you need it to. Rules of the internet change from time to time (such as the recent introduction of GDPR, for example), so you would need to periodically get your privacy policy checked.
Alternatively, you can always pay a high-priced legal body to draft and check a privacy policy just for you, if you can afford it.
…Or, just get Convertri to do it
With Convertri, you get a fully functioning privacy policy template to use, right out of the box. You just add it like any normal page, then scan the copy for the bits you need to change, such as your website’s name, which are highlighted in red. We periodically review our privacy policy template so it’s always reliable, and getting it published is as easy as 1-2-3.
It’s simply the easiest method to put a privacy policy on your site.
Got any questions? Just leave us a comment below!