A privacy policy explains to users how their personal data will be used, what steps have been taken to keep it safe, and how to exercise the rights of personal data.
Do You Need One?
Ultimately, you should contact legal council to be sure, however, here are often reasons companies may need a Privacy Policy:
- It’s required by Law: Many countries have laws requiring this. In the US, it is the California Online Privacy Protection Act (CalOPPA), Europe it is GDPR, Canad the PIPEDA, and Australia it is the Privacy Act of 1988.
- It’s required by Advertising Platforms: Some ad platforms require websites to have a privacy policy as a webpage on your website.
- Your internal security & compliance team may require it: Even if having a Privacy Policy may not explicitly be required by law in your case, your internal information security & compliance team may require it.
- It’s a general best practice: Even if not legally required to, disclosing if and how you use personal information on your website can build trust with your audience and the perception of your brand (even if the page says nothing more than you do not collect or store any information)
Where it goes:
Typically a privacy policy is in the footer of a website. It should be a page on the website rather than a pdf file. If following GDPR best practices, a link to the Privacy Policy should come up in a cookie policy pop up when a user first visits a site and near web forms that collect user information. Click for more details on GDPR
Resources
- https://www.freeprivacypolicy.com/ - this is a great resource for clients that will walk them through a series of questions to generate content for a typical privacy policy.
- https://www.freeprivacypolicy.com/blog/privacy-policy-vs-terms-conditions/
- This article goes over the differences between Privacy Policies and Terms and Conditions. Could be helpful for clients who are struggling with the differences.