Privacy Policy Template

What Is a Privacy Policy Made For?

By a privacy policy, one means a legal statement a purpose of which is to specify what actions a business takes regarding users’ personal information and for what purposes it is done.

A privacy policy can be used both for websites and mobile apps, but it should be adapted to the platform a business operates on.

A privacy policy is a very important tool when it comes to protecting personal information on the net. Keeping users’ information secure is one of the foremost purposes of every digital business, and it helps customers consider a business as a trustworthy seller or service provider. To be sure their information is treated securely, a customer should see that your privacy policy covers all of their possible concerns regarding the safety of information on the internet.

Why Do You Need a Privacy Policy?

Businesses need a privacy policy mostly in two cases:

1. When it is required by law for companies using the personal information on the internet.
2. When it is something expected by consumers dealing with online businesses.

Companies usually place privacy policies in the footer of the website. Along with that, it should be everywhere where a visitor is required to provide personal information.

Who Needs a Privacy Policy?

A privacy policy is needed by the majority of online businesses. It is connected with them offering newsletters, online coupons, and other offers that require a visitor to sign up. Once visitors sign up, a website/app starts collecting the information that is used to identify them.

Among common businesses that collect information from users are:

1. Websites offering different products and services
2. Blogs
3. Retail stores
4. Mobile and desktop applications
5. Service-as-a-software applications
6. Google AdSense and AdWords users etc.

Components of a Privacy Policy

You are unlikely to meet the same privacy policy on different websites as they all offer various products and services. But there are common elements of a privacy policy that concern all online businesses.

Information collected

First and foremost, a privacy policy should contain a section that would explain what information will be taken from a user. The most common data businesses gather from users are:

• a user’s name and job title
• a user’s contact information
• a user’s preferences and interests
• other details relevant to client-based surveys

Privacy options

This section of a privacy policy should explain what secure storage strategies a business uses. It might be security software or anonymization technologies.

The purpose of a privacy policy

From this part of a privacy policy, a user should learn what will be done to the personal information they decided to provide. For instance, it might be used for the purposes of:

• a public survey
• financial analysis
• internal record keeping
• improvement and possible promotion of products and services
• critical market researches etc.

A user should be explained in a privacy policy that even if a business shares their information with third-party partners, they will do so for express purposes of marketing or promotion only. Users should be confident that their personal information will not be sold. This way, the purpose of collecting personal details on the website/app should be disclosed explicitly in an easy-to-understand way.

Users’ rights

Users should be allowed to verify and control the nature of how their personal information is about to be used. They should be explained what actions they might take to keep their personal information private.

The main purpose of this section of a privacy policy is to make website visitors feel comfortable sharing their personal data and making them realize that they might refuse to do that at any moment. They may be given an option of restricting the collection of their personal information, by, for example, checking the pop-up box on a business website or in an app indicating that they do not want their personal details to be used.

A user should also be alerted to a company’s policy on updates and know exactly they will be aware of any changes that are made to a privacy policy.

Regulatory Acts

There are several regulatory mechanisms for businesses that provide services or sell products on the internet. All these mechanisms are meant to protect the privacy of business clients online. Check those regulatory acts thoroughly as you might need to apply all of them or just one in your privacy policy. Here are some of such regulatory documents:

• CalOPPA (requires companies to put a privacy policy on their websites; applies for all online businesses that operate in California)
• COPPA (provides protection for users under 13; applies for all online businesses operating in the USA)
• GDPR (provides protection of personal data; applies for all online businesses providing services in Europe)
• CAN-SPAM Act of 2003 (sets rules for commercial email; applies for all online businesses operating in the USA)
• SOPIPA (applies to companies that collect personal data from students in the USA)

What Should Be Included in a Privacy Policy Agreement?

The legislation of a country is the first factor determining what should be included in a privacy policy. But there are some common points in every privacy policy agreement that should be included.

1. Notice to the users on what will be done to the information collected. Businesses collecting data should disclose the purposes of collecting info prior to taking any actions regarding users’ personal information.
2. Access to the information collected. The users should be able to review or remove the personal information gathered by the business.
3. Privacy of personal information. Businesses that gather information on the internet are held liable for its accuracy and privacy which means they are the ones who should take all of the measures to keep it away from unauthorized third parties.
4. Choice of the information provided. Users should be given the freedom to choose what personal details they want and they don’t want to provide.

A privacy policy agreement is a comprehensive document that needs to include a lot of different nuances of using users’ personal information on the internet. This is why it cannot be done without due attention. A free privacy policy template that you will easily find on the internet might not be the right fit for your specific business, which is why we highly recommend creating a customized privacy policy template. It can be created with the help of our privacy policy generator. All you need to do is to provide crucial information on your company, its services, and some other important details. Then, you can easily download and print your free privacy policy template.

Privacy Policies Required by Third Parties

A lot of websites and apps might be using third party services such as newsletters or other third parties authorized to contact customers in relation to the product or service. In such a case, third party services would also require users to give consent to their privacy policy.

A privacy policy is also needed when a third party is tracking the browsing behavior of the visitors or their geographical location. Among third party services are Google Analytics and Google Adsense.

For instance, Google Analytics is a common third party app businesses use to analyze how their website visitors behave on their website – what actions they take, how much time they spend on the website, etc. This makes the websites working with the third party obliged to adhere to their privacy policies to the requirements of Google Analytics and warn users that their behavior will be tracked with the use of cookies.

What should a privacy policy for Google Analytics include?

As per Google Analytics (GA), websites that are using GA standard features should include the following type of information in their privacy policies.

• statement about the usage of GA as a third party for the behavior tracking purpose
• the ways of collecting and processing data
• the ways of using cookies to collect personal data

The important thing here is that a privacy policy agreement should be placed in a visible section of the website, usually, in the footer. Or if it is an app that is using GA, it should be located somewhere in the main menu.

To notify visitors about using cookies, a website should place a pop-up banner asking a visitor to provide consent to use cookies on the website. The user should be given a choice on whether to agree to the use of cookies or not.

In case the website is using advertising features along with standard ones, a privacy policy should also include:

• the way the business is doing remarketing
• the statement about using Google Display Network Impression and GA
• demographics, what actual features are used, and how they are used
• the statement about using cookies to show relevant advertising materials by third parties
• the method to opt-out of the GA advertising features using Google Ad settings

What should a privacy policy for Google Adsense include?

If a website or app is using Google Adsense as a third-party service, a privacy policy agreement should have a certain look too. It should comply with Google Adsense which is why a privacy policy should be updated according to terms and conditions and include:

• the statement about using Google Adsense and cookies to show relevant ads to visitors based on their previous actions on the net
• the method to opt-out of the Google Adsense using Google Ad settings

Websites and apps should also put effort into getting consent from a user to use cookies on a PC or mobile phone, depending on what a visitor uses. It should work in the same way as with GA alerts.

What should the consent to cookies look like?

The consent of a visitor cannot have a form of inaction. It was allowed earlier but now, websites and apps notifying visitors about using cookies cannot get passive consent from them.

It means that consent to cookies should be obtained actively, for example, by clicking a button or checking a box in a pop-up window. The text that might accompany the checkbox or the button might tell different, for instance, “Yes, I give my consent,” “I am happy with this,” “I agree,” etc.

Topics for Every Privacy Policy

Every privacy policy will be different as it should be customized to fit a certain type of business. However, some topics are common for every type of website or application. Here are those topics:

The types of information collected

All the personal information that a business is about to collect from a user should be listed in a privacy policy. It includes their IP address, contact information, payment data, name on the credit card, etc. The more details this section includes, the easier it will be for a business to avoid any misunderstandings with their customers.

Methods of data collection

The next section of a privacy policy should be devoted to methods of gathering personal information from users. They should clearly see how the information is achieved from them. It can be done obviously for a user, for example, through a contact form, or not obviously, for instance, on the back-end level.

Ways of information usage

This part of a privacy policy should give users a clear idea of how the personal information they agreed to share is going to be used. The uses can be very different:

• notifying users about updates
• advertising products and services
• sharing info with third-party apps or websites for analytic purposes
• improving content on the website
• displaying ads of other advertisers etc.

This part of a privacy policy is a good place to mention that a business appreciates users’ consent to share their personal information and they can be confident about the privacy of their personal information.

Users under 13

Regardless of whether your website or app is targeted at users under 13 or not, a provision about child privacy is something that you will need in a privacy policy. According to one of the regulatory acts mentioned above (COPPA), you will need to use a specific protocol when creating your privacy policy if you might collect personal information from children under 13.

If you consciously collect personal information from children under 13 and teenagers, a child privacy policy will need to be detailed. A child privacy policy should be written thoroughly as before handling a child’s personal information, a parent’s consent might be needed. Note that a protocol for handling children’s personal details differs drastically from the same for adults. In a perfect case scenario, you would need a privacy policy on a separate landing page that would adhere to the requirements of the Children’s Online Privacy Protection Act (COPPA). This regulatory act requires a business to take all the efforts to comply with this document in their privacy policy. It would be wise to first consult with an attorney to make sure a privacy policy agreement is compliant with this requirement.

If your business collects personal information only from adults but children can still visit your website or app, you have to include in your privacy policy a general statement about collecting personal information that would limit your company’s liability if a minor happens to visit your website or app.

Compliance with GDPR

Any company that makes its website or services available to EU citizens, including US companies, should also make sure their privacy policy is compliant with the General Data Protection Regulation (GDPR).  The purpose of such a regulation is to help EU citizens understand how a business collects, secures, uses, and shares their personal information.

Communication with users

This section of a privacy policy is supposed to let your website/app visitors know how their personal information will be handled in case they want to get in touch with you or if you initiate communications with them. Contact information involves personal data, which is why this provision of a privacy policy is an essential one.

By reading this section of a privacy policy, visitors of the website/app should know, how and for what purposes you will reach out to them. For instance, it should tell whether they will get notifications on a daily basis or less frequently, whether those notifications will be for marketing purposes or they will include important updates, etc. In addition, this section of a privacy policy should include all the methods of communication that you plan to use with your customers.

As well as that, a privacy policy should also help visitors learn how to avoid getting notifications in specified channels of communication, which is required by the CAN-SPAM anti-spam regulations.

Transfers of ownership

This might seem to be an unnecessary element of a privacy policy, but transfers of ownership to a business happen quite often, so it would be wise to include this clause in a privacy policy. This would help you limit your liability if you are no longer the owner of a digital business. This clause in a privacy policy should state that if a business transfer happens, customers’ personal information will be passed to a new business owner.

Conflict resolution

This clause can also be included in a privacy policy agreement, even though more details on how the disputes should be resolved between a business and its customers and what laws are applicable should be described in the website/app Terms and Conditions. The clause is relatively simple and should clearly state what measures your company will take to solve any disputes that might arise in the future.

Possible Changes to a Privacy Policy

Users should know that you can bring amendments to your privacy policy at any time. It should be explicitly stated in this part of your privacy policy. Users should be notified about any such changes simultaneously with the change occurring through agreed communication channels. This lets users get a feeling that they will be informed of any changes to the privacy policy they have consented to.

Contact Clause

This section makes a privacy policy even more transparent for users and it should provide contact information they can use in case they want to contact the business with any arising questions or concerns regarding the privacy of their personal information. It would be wise to provide users with a specific email or phone number of the department that manages privacy concerns specifically.

How to Fill Out a Privacy Policy in 5 Steps?

Businesses are free to use any wordings in their privacy notices but there are several essential requirements to what to include in every privacy policy. A privacy policy should always be crafted in plain English and an easy-to-understand manner for a customer.

Let’s use the best practices of creating privacy policies and use a privacy policy created by LinkedIn as an example. But remember that a privacy policy might differ from business to business greatly.

Step 1

Describe the type of data a business collects on its website/in the app. The section of a privacy policy might include:

• information a user provides on the website/app (when registering, filing in profile, posting and uploading information, etc.)
• information from third parties (for example, when a visitor uses the services of the partners and affiliates)
• the service use (how your website/app collects usage information from visitors such as when they are using the service, device information, internet protocols, etc.)
• the use of cookies and similar technologies (how your business uses cookies to collect data about location, device of a user, and what a user can do to opt out of them)
• device and location (how your website/app receives the URL of both the place a visitor came from and the one they go to and the time of their visit along with the info about their network and device)
• messages (how the information is collected when visitors are interacting with messages in connection with your website/app in any way)

Step 2

At this stage, your privacy policy should describe the way the collected data is going to be used.

• services (specify what services will use the personal information a visitor provided, how they will do it, and whether they have a choice of how the collected info will be used)
• premium services (tell how visitors can use others information when they buy premium options if any)
• communications (explain the ways your website/app will communicate with users if they give their consent to – email, phone number, notifications, text messages, etc., plus whether a visitor will have a chance to change communication preferences)
• advertisements (clarify how the collected data will be used in advertising, whether a user will be able to choose what ads to see, and what actual info will be used for advertising purposes)
• developing services (elucidate how the collected information might be used for developing and enhancing services your websites/app provides)
• customer support (a state that personal data can be used to improve users support)
• insights (mention that your business might use personal data of the customers to gather statistics, for instance, on your employees, profession, or industry in general)
• privacy (specify that data can also be used for security purposes or to prevent potential frauds or violations)

Step 3

This section of a privacy policy should describe the way of sharing collected information, including the following :

• user’s profile and the way people interact with it (tell how other users can interact with a user’s profile, what information they can see and use, etc.)
• a service provider (explain what other third parties can get access to a user’s information, for instance, services conducting analysis, audit, payments, fraud detection, marketing and development)
• legal disclosures (mention the situations when the information disclosure is required by law, for example, for actions that are suspected or actual illegal activities or to assist government enforcement agencies, protect the privacy and integrity of your website or app, etc.)

Step 4

This part of the privacy policy should tell about a user’s choices and duties regarding your website or service.

• data retention (tell how long a user’s data is being kept by your website or app)
• right to access and control of the data (provide a user with choices on how the personal data collected by your website/app can be controlled and managed)
• account closure (explain if it’s possible to delete personal data from your website/app and how long it will take to remove personal data, what information will be retained even after deleting, etc.)

Step 5

Here, include other important information you haven’t mentioned in the previous sections of your privacy policy agreement.

• privacy safeguards (what protocols are used, for example, HTTPS)
• cross-border transfers of information (tell that legally provided mechanisms of transferring data can differ from country to country)
• law background for processing (assure users that personal data is collected only there where there are lawful bases, and a user can always decline their consent to use their personal data)
• contact information (provide the contact for users who would want to ask their questions or complain about the privacy policy for your website or app)

The privacy policy template you will find on our website might give you a better understanding of what this document should look like. You can download it and insert your business name along with some other info and use this privacy policy for your website or in your app. However, be ready that you might be not the only one who will make use of this privacy policy template. If you need a customized privacy policy that would show the specifics of your business and include all the information you want to cover, use our privacy policy generator!