How to Write Our Own Privacy Policy

by Tibor Kopca Date: 22-10-2020 Privacy Policy legal document web design


In this article we will talk about Privacy Policy statements, how you can write one and implement it on your page.

Why did it pop up?

These days when we browse on any new page, or when we visit the site for the first time, most of the time we have to close some annoying pop up window or at least some part of the page. What's the meaning of it? That's obscured behind a few words containing clickable link to Privacy Policy or Cookies. We would like to explain why this exists and how we can write our own Privacy Policy or at least where you can find a free template to use.

“So what’s this thing actually?”, you may ask.
It’s basically a document or statement that discloses how the website operator handles data of the client, visitor of your page or user of your web application - it outlines the use of personal data.
Data means personal information - anything that can be used to identify an individual.
Yes, in the case of a business webpage, it needs to be specified what client information is collected and yes, it can be even traded or sold to other companies or enterprises. Privacy policies typically only inform the visitor generally what may happen with his data.
Here’s its definition in wikipedia.
To be fair, what exactly is permitted depends upon the applicable law in different countries, as they have their own legislation. For example, EU data protection laws cover the private as well as the public sector, in the US, that is not the case.

Do I need one?

Let’s say you are going to publish your brand new webpage, do you think you need it?
Well, if you won’t collect ANY data from users (visitors) on your page, you probably don’t need it.
BUT! If your site is or will be in the future a bit more complex, and you will be operating with some user data-that means you would COLLECT and USE users’ personal information, a Privacy Policy will be required by law.
So the answer is most of the time Yes, you will need to have one, as it’s a legal requirement by global privacy laws.

Since several different regulatory systems exist, one or all of them may apply to your webpage.
So depending where your business is located and if your webpage or application is accessible in other countries, you might need to comply with all of them. This applies whether you have a business presence there or not.

The most relevant in the western culture are:


gdpr

TL:DR

This type of text often falls into the TL:DR category. Too long, didn’t read: as you may imagine, not everybody is keen to spend their time reading legal documents. Imagine every time you hit some interesting link, you’re supposed to read several hundred pages of legal jibber jabber which nobody but lawyers understand. These documents tend to be hard to read for the general public, and are read therefore infrequently.

Most of the people just want to browse the internet and buy stuff at lower prices regardless of the site's privacy policies. Critics also question if consumers even read privacy policies or can understand what they say, after all, most people would for example think that as long as a site has a privacy policy it means it won't share data with third parties.
So this is an opportunity to create an environment of trust between you and your user by being honest and transparent.
Don't ask for more information than is necessary from a user - if it's not required in order to provide your services to a user, you shouldn't ask for it.

What is Personal Information

As we already explained, this part can be a bit of a grey area, as it depends by definition of the law in each country.
Personal information can be anything that can be used to identify an individual, not limited to the person's name, but also data such as

  • address,
  • phone number, calls, SMS info,
  • date or place of birth,
  • marital status,
  • contact information, billing or shipping addresses,
  • ID number, social security numbers,
  • financial records, bank derails
  • credit or payment information,
  • medical history, physical appearance,
  • authentication information,
  • microphone or camera data or device usage data,
  • It may be a signature, IP address, analytics data etc.

Privacy-Politcy-portrait-confused-young-girl-shrugging-shoulders

What should be included?

Well, that depends on the nature of your webpage. It needs to inform how you as the website operator manages user information. Moreover, the country where the user lives can influence how Privacy Policy should be written, because of, as we have mentioned, international laws protecting global consumers.
It's important to inform anyone involved what type of data will be collected and with as much details as possible.
Generally we also can cover the purpose of collecting this data.
Next, to comply with different requirements of different countries' laws, we will try to include information that must be included.
Inform how you will collect, store, protect, and utilize personal data provided by its users - the methods used could be contact forms filled by users, but also invisibly collected information like IP addresses.
Contact information, and if you operate a business - official name, the ways users can reach you. That goes both ways, if you're planning to contact your users, write how and why you would do it.
If you share data with third parties, you need to mention it.
If cookies are being used on the site, how can be done to opt-out and what it means for the user experience.
How to opt-out of data sharing, if the user chooses to later.

Another very important part is to let users know how you use collected data. This could be to notify users about updates, to improve the content, to display services tailored to user or advertising purposes or analytics.
And lastly the date of publishing the Privacy Policy document.
If your site is meant for adults, a statement that your website is not intended for children under 13 years of age and that they shouldn’t provide any information to you should be enough. This comes into play if there is a possibility that your page will be visited by a US child, which is under protection of COPPA.
Information what steps the user needs to take, if he wants to remove some of the information you store (Opt-out).
A dispute resolution clause can be included to describe the measures you're willing to take to resolve future issues.
To sum it up we need :

  • Contact information
  • Which information is collected
  • Collection method
  • Explain how you collect, use and share user data
  • Data usage
  • Opt-out user data

Terms Of Use and Privacy Policy documents are normally protected by copyright - it’s illegal to copy them without permission, unless.. you write it or utilize some generic one with the use of a generator. More on that later.

Another solution would be you pay for it, if the nature of your business needs it, but for starting web developers this is often not feasible, and we wouldn't be learning how to do it ourselves now would be?

How to write it

Your Privacy Policy statement should be clear, direct and easy to understand.
The technical details and specifics should be written without using jargon.
If you will be modifying later the personal information you’d collect, you must inform about it.
The golden rule is to let people decide when they come to your website if they want to share their personal information (Opt-in) and not collect information and let people ask you to delete it (Opt-out).

 
I aint no lawyer

There is a big difference in the quality of legal documents, when you aim for business purposed Privacy Policy, you should hire a professional to write it to your needs.
If you want to take the easy route or you may have just an easy-peasy recipes site, you may use one of templates on the internet or some Privacy Policy generator, which allows you to copy and paste the text provided. From there, customize those a bit to your needs as every site is different and templates are written too generally.
Here we provide some of handy-dandy Privacy Policy generators.

PrivacyPolicies.com, WebsitePolicies.com, Termsfeed.com, GetTerms.io, Iubenda.com, FreePrivacyPolicy.com, Privacyterms.io, Firebase App Generator, Shopify, PrivacyPolicyOnline.com, AutoTerms Privacy Policy Generator​.
BUT! They are all missing important stuff, namely GDPR, CCPA and CalOPPA sections which means you can’t collect a phone number or other contact information on your business website. Without these clauses, the privacy policy will not hold in a court of law, ESPECIALLY if you collect any personal information. If you have a business site, unless you write it yourself, you’re forced to pay premium if you really want your business to be lawful.
These sites also helps you with choosing the best one.

Where do you place Privacy Policy?

Many websites require users to indicate that they have read the policy when they first introduce their personal information. This is usually in the form of a checkbox during the registration process to confirm that the user has read it. This is a great way to get users to agree to the terms of your Privacy Policy. Moreover the link to the Privacy Policy should be easy to find and navigate to. Place it in the prominent location, normally from the footer of the website where the consumers expect to see it or anywhere else where you request personal information.


Summary

So in the end, the purpose of Privacy Policy is to inform the user WHICH personal information is collected, HOW it is used and HOW it’s protected. If you operate or have a website anywhere in the world, you surely need a Privacy Policy that complies with the laws in the jurisdictions where users of your web live.

Next time we write about HTTP Cookies and Terms of Service.
 

Images by :

Markus Winkler from Pixabay,

Business vector created by freepik - www.freepik.com,

Hand photo created by drobotdean - www.freepik.com.

 
by Tibor Kopca Date: 22-10-2020 Privacy Policy legal document web design hits : 822