The privacy policy is one of the most essential legal requirements for websites.
Even if you just have a small business or a blog with no income at all, you might be surprised to discover that you still need a privacy policy.
Basically, if your website collects personal data, you need a privacy policy that informs your users about this according to privacy laws in most jurisdictions, including the EU and the US.
Almost all modern websites function with the use of cookies, so chances are high that your website is collecting personal data, for example for statistical, functional or marketing purposes.
In this blogpost, we take a look at what constitutes a good privacy policy, how to make a compliant GDPR privacy policy and whether using a privacy policy generator is a good idea.
Learn what the privacy policy is and how to get one for your website below.
A privacy policy is a document that states what personal data you collect from your users, why, and how you keep it private.
The purpose of the privacy policy is to inform your users about how their data is being handled.
Hence, the privacy policy should be accessible for your users and kept in a plain and readable language.
Most countries have privacy laws requiring that websites collecting personal data have a proper privacy policy in place.
Failure to comply can result in heavy fines and even prosecution. Are you based in the EU or providing services to EU citizens, you must have a GDPR-compliant privacy policy on your domain.
We will get into this in more detail below.
Personal data is information that can identify an individual, either directly or when combined with other data.
Names, e-mails, addresses, localization, IP-addresses, photos, and account information all are directly identifying data.
Health information, income, religion and cultural profiles and the like is also personal data.
Furthermore, and crucial in the present context, data on user behavior is also personal. Cookies can track and register individual users’ browsing activities, like what articles they scroll past and which ones they choose to click on.
You probably do. If your website collects personal data, you need a privacy policy.
Most websites collect user data. Often, it happens without the website owner even being aware of it, by means of cookies.
If your website is hosted, or if you use plugins, social media-buttons, analytics tools and the like on your website, then it does set cookies and collect user data.
With the enforcement of the GDPR and the EU ePrivacy regulation, a proper privacy policy is adamant for websites in the EU and websites that have EU-citizens amongst their users.
There are specific requirements as to what must be included in a privacy policy in the GDPR. The EU calls this a “privacy notice”, and their website (as linked to) explains how a GDPR privacy notice looks like.
If you are in doubt about the use of cookies on your website, you can try and take an audit of your website here for free.
The free audit scans five pages of your website and sends you a report of the cookies and online tracking on these pages, including information on their provenance, purpose and whether or not they are compliant.
If you want a complete overview of the cookies and online tracking going on on all of your website, sign up to Cookiebot consent management platform (CMP).
The privacy policy can be written as an independent page on your website, and be made accessible as a link in the header or footer of your website, or on your ‘About’ page.
It may also be hosted by a privacy policy-service with a link from your homepage.
Basically, it doesn’t matter where you choose to place it, as long as your users have access to it.
The privacy policy is a legal text. The phrasing depends on which jurisdictions your website falls under and how your website handles data.
All websites are different. We always recommend that you consult a lawyer to ensure that your privacy policy is compliant with all applicable laws.
However, this might seem as a large expense if you are, for instance, a hobby blogger or small business.
What you should never do, is to copy a privacy policy from some other website.
That is also why using a privacy policy generator can be a hazardous thing, since you must be very careful to include all the specific information of your website, and not just have privacy policy generator spit out a default one that isn’t aligned with your domain.