How to create a Privacy policy and why you need one
It feels like common knowledge at this point, but the concept of privacy that used to revolve around actual physical observation, is now much more complicated than that. As it happens, every user is naked in the eyes of dozens of Internet resources tracking their every tap every single day. But how much naked is enough, really?
If you wish to collect any personal user data for your business, you’re in dire need of a Privacy Policy. Hold every question you might have — we’ll walk you through them right about now.
What’s a Privacy Policy?
It’s a document that describes the way you collect and process personal data, what that data might be and why you require it. It should also disclose how users can limit what they give away and whether that can be shared with (or sold to) third parties for whatever purposes.
In general, what you can describe as personal data is any information that can be associated with a single user, making them identifiable. It’s certainly their name, their email and IP addresses, order history, activity in other apps, downloads — you just name it. Whatever user data you’re gathering, the Privacy Policy should specify it.
Some personal data is considered sensitive. Whether it’s financial or medical information, or courtesy of a minor — if you collect it as well, make sure to highlight that.
Mind you, if some data is stored in the user’s gadget in the form of cookies, you should also mention that in the document. Don’t forget about cookies.
Why is it important to have a Privacy Policy?
The short answer is: it’s about building trust and establishing balance. Having a transparent Privacy Policy signifies that you respect the privacy of your customers and don’t take anything from them without their consent. No hidden cache, no strings attached.
As we mentioned above, you can collect different kinds of personal data, and some of them may be essential for your business, while others not so much. A Privacy Policy serves as an instrument of control for the users with which they can choose what they’re ready to share with you, and what data they would prefer to remain unidentifiable.
Other than that, there’s also the matter of legal regulation. The General Data Protection Regulation (GDPR) implemented in the EU since 2018 requires that you obtain user consent before collecting and processing their data. It usually comes in the form of a checkbox confirmation that the user has read the Privacy Policy and agreed to its terms.
But what do I get out of it?
Being transparent with customers can actually turn out to be pretty beneficial for business owners as well.
For example, in the event of a customer dispute, mitigating liability is that much easier when you’ve had them agree to the terms of your Privacy Policy. You may think of it as a precaution just as necessary as Terms of Use, which it kind of goes hand in hand with.
Disputes aside, having a transparent and legally compliant Privacy Policy simply makes you reliable and professional in the eyes of your customers. If that’s something you would like your brand to be associated with, of course.
Where should I put a Privacy Policy?
It’s quite easy though to pinpoint the moment your Privacy Policy is supposed to be read and agreed to — right before any sharing of personal data occurs. Make your Policy readily available before a user logs in, downloads a file, makes a purchase, or takes any other significant action.
It would be safe to say that the website footer is the most common place for the link to a Privacy Policy, because it appears on every page. Some other areas that may additionally include the link are:
Login or account creation page
“Contact us” form
Checkout page
Content submission page
Newsletter subscription page
Cookie consent pop-ups
To sum it up, always make sure your Privacy Policy is placed conspicuously anywhere on your website.
The law such as GDPR doesn’t specify exactly where you should put your Privacy Policy, although it clearly states that the document should be easily accessible. You will certainly do yourself no favors if it’s hard to find.
Am I supposed to create it myself?
Well, yes and no. A Privacy Policy represents the intentions of the person who provides the services, i.e. the owner. There is however no requirement as to who should be involved in the creation of it. You may or may not consult with a lawyer at any point of this process, but the key point is you don’t have to.
The good news is that it probably took you longer to get to the bottom of this article than it is to create a perfect, ready-to-go Privacy Policy for your exact needs with a little help from Enty. The finished document is based on professionally crafted templates, your answers to a couple of necessary questions, and is of course legally compliant with all EU regulations. It’s available in English for Estonia, and both in English and Dutch for the Netherlands. The form is quite intuitive, too, but feel free to drop us any questions you have — and we’ll be happy to answer.