What should be in a Privacy Policy

What should be in a Privacy Policy
Web visitor using credit card with confidence of the privacy policy, cookie policy, and GDPR
When you are collecting personal data from users, you need to have a Privacy Policy in place. This Privacy Policy should include certain elements in order to be compliant with privacy laws.

When you are collecting personal data from users, you need to have a Privacy Policy in place. This Privacy Policy should include certain elements in order to be compliant with privacy laws.

First, you need to specify the data you are collecting and why. You must also explain how the data will be used and whether it will be shared with any third parties. Users have a right to know what their data will be used for, so make sure this is clear in your Privacy Policy.

Next, you need to explain how users can access their personal data and make changes if necessary. They should also be able to opt out of having their data collected if they choose. Make it easy for them to find this information in your Privacy Policy.

Finally, you need to include contact information in case users have any questions or concerns about their data. By including all of these elements, you can create a Privacy Policy that is compliant with privacy laws and will give users the peace of mind they need when using your website or app.

At a minimum, a privacy policy should include:

The types of data being collected: Is the data anonymous, or does it contain personally identifying information?

A simple form asks for your website visitor’s name, email address, and perhaps a phone number. But more complex applications, including shopping sites, ask for much more detail, such as a home address, mobile phone number, credit card information, company information, personal preferences, and IP address information.

How will the data be used?

In simple terms, you can state why the data is being collected and how it will be used. For example, data can be used for marketing purposes or to improve the user experience on a website. But you should provide more specific details.

Who will have access to the data?

As the website owner, you have access to and control the information. Do you have a policy in place to allow your employees access to only the information that is required for their job function? You might need to provide information to third-party service providers, such as a payment processor. You should disclose the policy you have established to protect that information.

How long will the data be stored?

Private information can be stored on your website and your internal office systems. What is your data retention policy? Data can be stored indefinitely or deleted after a certain amount of time. That will depend on your business requirements and legal obligations. In general, it is better not to store data longer than is necessary.

What rights the user has regarding their data?

Depending on where you operate, you may be subjected to laws and regulations that require you to allow your website users the right to access, update, or delete their data.

You must provide a method for website users to contact you with their privacy concerns.

We recommend creating a dedicated email address such as “compliance@yourdomain.com” or “privacy@yourdomain.com” to publish on your website’s Privacy Policy. You should monitor this address to respond to any issues that arise.


Can I use a “template” to write my Privacy Policy?

A common question arises: “if I don’t change the content on my website very often, why do I need to worry about updating my Privacy Policy?”

If only it were that simple. A Privacy Policy is never “Static” and needs to be updated to comply with applicable privacy regulations.

Today’s websites are connected to “3rd party applications” or other websites such as Google Analytics, Facebook, Mailchimp, Constant Contact, or YouTube. Websites with Google Maps collect information about website visitors’ geolocation. These services update their policies regularly, and these changes need to be reflected in your website’s Privacy Policy.

The only practical way to manage these interactive services is by dynamically updating the Privacy Policy. This keeps the Privacy Policy current with all related services.

Lookit Services