What Is A Privacy Policy and Why Do You Need One?

Privacy policy on a website is a statement that details the visitors about the data they collect from them. It informs the users what, how, and why these data are collected.

There are mainly two reasons why you should have a privacy policy for your website:

  • To be transparent
  • Because the law says so

Reading a privacy policy, the users will be aware of how you process their data and why. There will be no behind the scene business here. You have nothing to hide,thus ensuring transparency. It will build users’ trust.

Several privacy laws around the world mandate that the website must be transparent about any information they collect from their users and what they do about it. Thus, adding a privacy policy to your website not only ensures transparency, but it is essential for avoiding any legal trouble.

The privacy policy must be easily accessible on the website, preferably from the footer or header of the site.

Now, let us see how you can create an effective privacy policy.

How to Write a Privacy Policy for Your Website?

Here are some tips to keep in mind while preparing the privacy policy for your website.

What type of personal data do you collect?

Be clear what type of personal data you collect from the visitors.

These data may include name, address, email address, IP address, phone number, etc. that can be used to identify an individual, with our without additional data.

How do you collect personal data?

There are several ways you can collect personal data from the users. Some of them include cookies, forms, newsletters, surveys, payment gateway, etc. Mention about it so that the users are aware of it.

Why and how will you use the personal data?

To be transparent about your processing methods, you need to explain why you want to collect personal data. Users must be aware of what purpose will their personal data serve you.

You must inform the users of how you are going to use the collected data. i.e., be clear about your processing methods.

If you are sharing the information with third-party services, you must clearly mention it too.

Contact information

If the users have any questions about the way you deal with their personal data, they must be able to ask you. For that, you should provide details of the site administrator or any contact point.

Contact details may include name, address, email address, or phone number.

What does GDPR say about privacy policy and how to comply?

GDPR does not necessarily mention privacy policy in the document. However, it mandates that any data controller (in this case website owner) must be transparent about the personal data they collect from the data subjects (visitors). On that note, including a privacy policy is a big deal when it comes to complying with the law.

Per Article 13 of GDPR, there are specific details you must provide if you collect personal data from the users. Let’s look into them and what you can do to make your privacy policy GDPR-compliant:

  • The contact details of the website owner or the data protection officer (if appointed).
  • The purpose of processing personal data. If there any lawful basis of processing the data.
  • If there is any legitimate reason for processing the data by you or any third party.
  • Any recipient or categories of recipients of the users’ personal data.
  • If the data needs to be transferred to a third country or international organization, and if so, what are the safeguard measures taken by you to protect the data?
  • How long you will store the data and the criteria used to determine the retention period.
  • The rights of users that they can exercise.
  • The right to withdraw consent at any time, if applicable.
  • The right to lodge a complaint with a supervisory authority that monitors the implementation of GDPR.
  • If the processing of personal data is necessary for completing a contract or required by law. If so, what will be the possible consequences of not providing the data?
  • Automated decision-making, including profiling involved, and in such a case, what is the significance and consequences of such a setup?

Apart from these:

  • All the above details must be provided in a concise, transparent, intelligible, and easily accessible form.
  • The language of the policy must be clear and plain, especially if it is addressed to a minor.
  • Any updates to the policy must be made clear with the date when it was modified.
  • You should also include details about cookies in the privacy policy or link to the cookie policy page. Read more about GDPR-compliant cookie policy here.

Implementing the above points (wherever relevant) will help you in creating an effective privacy policy that complies with the GDPR.

Some Examples of GDPR-Complying Privacy Policies

Here are links to some of the well-written privacy policies that you can refer to:





Walt Disney

Wrapping Up

You need a lot of analysis into your processing methods to write a good privacy policy that complies with the privacy laws. It is not an easy task, but it is doable.

You can take help from many privacy policy generator tools. Create a privacy policy for your business website quickly and for free using the CookieYes Privacy Policy Generator.

Disclaimer: The purpose of this article is to share general information with the readers. It does not represent any legal advice. For any legal counsel related to the privacy policy and GDPR compliance, please contact a lawyer.