How To Write A Privacy Policy

Every entrepreneur should know how to write a privacy policy. Or, know what goes into this document.

Especially with the growth of the digital era, any business that wants to comply with privacy laws and regulations.

To limit their exposure to risk and liability, must start with the privacy policy.

Individuals are often willingly, and sometimes unknowingly, revealing a large amount of personal information online.

They and governments and regulators are also gaining more power in this area as well.

New websites and complex apps and devices appear every day and clients are situated all over the world. For this reason, regulating privacy is proving to be a difficult task.

In this article, we will look at what a privacy policy is, why it is important, and how you can write your own.

What is a Privacy Policy?

A privacy policy describes how a website or business collects, stores personal information.

There are various jurisdictions with their own rules around this. California has its own tough rules.

There are rules that apply to different sizes of businesses in the US. Europe developed one of the most notable with GDPR.

In response, many organizations, including government agencies and banks are restricting the jurisdictions in which their apps and websites can be accessed.

According to Article 30 of the GDPR, a compliant document must include the following information:

Contact Details

You should firstly include your business name, address, telephone number, and email address.

How long will you retain their information?

According to the GDPR, personal data can only be kept for as long as the legal basis for processing is valid.

Type of Data That You Collect, and How You Process That Data

The definition of the term “personal data” can widely vary, be specific as possible.

How do you handle personal information?

You must state whether or not you will be disclosing personal information to other parties.

Processing personal data on a legal basis

According to the GDPR, organizations can only process personal data if they have a legal basis for doing so.

Subject Rights

There are also eight data subject rights under the GDPR, which you should mention and explain in your privacy policy:

• Individuals have the right to object to some sort of processing such as direct marketing, by exercising their right to object.
• Individuals have the right to be forgotten in certain circumstances, and they can ask organizations to delete any personal data they have about them.
• Individuals have the right to know what data is being gathered on them, how it is being used, how long it will be kept, and if it will be shared with other parties.
• Individuals have the right to request that a company share whatever data it has about them to another entity.
• Individuals have the right to request a copy of a company’s automated decision-making operations, including profiling.
• Individuals have the right to get a copy of the personal information that an organization has on them.
• Individuals have the right to request how a business uses their personal data.
• Individuals have the right to have erroneous or incomplete data corrected.

When you’re starting a new business, there are a lot of moving components to keep track of.

And it’s easy for your privacy policy to get lost in the shuffle. But, with so much new data privacy legislation and litigation on the horizon, ignoring a privacy policy is a recipe for disaster.

If you collect information from a contact form, chat widget, or any online booking system, you will need a privacy policy in place.

The most popular online analytical program, Google Analytics, even includes a privacy policy in its terms of service.

Also, if you’re intending on running online ad campaigns, Google and Facebook both require privacy rules if you’re collecting any user data.

This is especially critical for Facebook Lead Ads, as each ad must have a privacy policy URL link.

The Federal Trade Commission is not afraid to prosecute companies that breach customers’ privacy, regardless of their size or reputation.

They’ve taken action against a number of corporations, including Google and Facebook.

Failing to disclose how they utilized their customers’ data appropriately has attracted penalties.

The privacy policy states how the business will use the data.

It also describes how people can claim compensation should the company fail to adhere to the policy rules.

Other information can also be included in a privacy policy. For example, how long is personal data stored.

How To Write a Privacy Policy

Your privacy policy should be written in plain and simple terms that can easily be understood.

This is especially crucial when working with children’s data since there will be many concepts to explain in greater depth.

Privacy rules should generally be expressed in the active voice, avoiding superfluous legalese and technical jargon.

Similarly, qualifiers like ‘may,” “might,” “some,” and “often” should be avoided since they are intentionally imprecise.

Saying you “may” do something does not assist the subject in determining the circumstances under which it will occur.

The policy should be free and simple to understand. Don’t bury it in a link at the bottom of a form that only a few people will notice.

Instead, offer them a written copy of the policy or a link to it when requesting their personal information.

You should include:

Describe The Scope of The Privacy Policy.

A privacy policy is a document that informs site visitors about the information you gather and how you use it.

Simply said, it’s a brief description of what you’re doing to track visits to your website.

You’ll almost certainly need to run a site audit to figure out exactly where/when you gather visitor data.

For example, account signup, newsletter subscription, contact form, and what data you collect at each stage.

Establish a Cookie-Specific Privacy Policy:

A cookie is a little bit of text that a website sends to your browser. It assists the site in remembering information about your visit, making it easier to return to the site and making it more beneficial to you.

In your privacy policy, you should include:

• What cookies are
• What info is collected
• What is done with the information
• How to accept or decline cookies
• Show how there are no harmful risks or what they are

Formatting

Your policy should be written in simple, easy-to-understand terms. You should also make the policy a part of your website.

Create the policy and publish it in the same way as the rest of your website. Make it look as though you want people to read it.

Make it brief, pleasant, and easy to understand. It should be available from anywhere on your website.

Give Details

Who will be able to see the information? Will you share the information with anybody else? How long will you keep the information?

These are the answers you must give. The reasons for doing so should be clearly defined, outlined, and explained.

Describe what you’re doing to keep the data of your users protected. Briefly describe the security precautions and data protection strategies you employ, as well as why you employ them.

Keep Things Simple

It’s critical to ensure that the ordinary reader understands what you’ve written. Simple wording is absolute, but not at the risk of missing out on crucial information.

Reduce your usage of ‘big’ words and stick to basic phrase forms.

It may appear to be dumbing down, but the goal is to assist everyone grasp what’s going on. But, without them having to know legal jargon.

Make it Interactive.

A privacy policy doesn’t just have to consist of plain form text. Instead, you could use interactive announcements to showcase the information.

You could also use a pop-up, short animated video to accompany your privacy notice.

As long as it serves the visitor the appropriate information, the options are unlimited.

Educate People About Their Rights

Individuals have several rights under the GDPR. Never forget to remind them of their right to withdraw permission and request that their data be deleted.

Also, describe how they could object to profiling or processing.

Tell the Truth in Your Privacy Policy.

Avoid obfuscation and lying. Maybe you shouldn’t be doing it in the first place if you have to hide anything unsavory to acquire consent.

For example, if you claim, “We never share personal data with third parties, except those we pre-select,” you’re effectively lying to the consumer.

And hoping that they’ll read the word “never” and ignore the rest. Not to mention the fact that you haven’t said with whom you’ll share the information.

Similarly, don’t leave out any information that you believe is relevant. Put yourself in the shoes of the users: what information would you like to have?

Remember that the GDPR does not discourage you from including extra information in your privacy notice. It is, in fact, encouraged.

Maintain Consistency

The privacy policy should be written in the same style as the rest of your website’s content.

Make sure it has the same style and feel as the rest of your site’s text. It should be something that people will find easy to read.

When you’re reaching out to investors to acquire funding, they’ll want to see that your company is compliant with the latest laws and regulations.

And, having a well-crafted privacy policy in place reassures them.

Keep in mind that in fundraising, storytelling is everything. In this regard for a winning pitch deck to help you here, take a look at the template created by Silicon Valley legend, Peter Thiel (see it here) that I recently covered. Thiel was the first angel investor in Facebook with a $500K check that turned into more than $1 billion in cash.

Remember to unlock the pitch deck template that is being used by founders around the world to raise millions below.

How Can You Make Your Privacy Policy User-Friendly?

It would take around 80 days for the average American to read every privacy regulation they come across in a year according to two Carnegie Mellon academics.

Privacy rules have traditionally been extensive, opaque, and difficult to comprehend.

But now, organizations are increasingly opting for a more user-friendly format to help alleviate customer worries over data.

Information should be given in a “succinct, transparent, and comprehensible manner, using clear and simple language.” That’s according to Article 12 of the GDPR.

There are a few things you may consider to make your policy more user-friendly:

Create a table of contents.

You can help users quickly navigate your policy by including a table of contents.

Even the most straightforward and simple policies can become long. It can get difficult for consumers to quickly access the information they need.

To help overcome this, you could include a table of contents.

Make your headings as clear as possible.

Because most users browse privacy rules with questions in mind, we’ve found that an FAQ format works best.

Include Section Summaries (TLDR)

Giving customers the TLDR on each section of your policy helps them to quickly scan over it and cut through the legal language.

LinkedIn’s privacy policy is a fantastic example of this.

Where Should Your Business’s Privacy Policy Be Placed on Your Website?

Many businesses provide a direct link to their privacy policy in the footer of their website which shows on every page.

Make sure the link font isn’t too small and doesn’t blend in with the background of the footer.

Your privacy policy should be easily accessible from any part of your website.

It must be readily available to all website visitors. And not just to visitors who have already submitted information or placed an order.

You’ll need to include a link to your privacy policy at every place where information is collected.

For example, sign-up forms, lead captures, and product or service order forms.

Privacy Policy FAQ

Is it necessary to hire a lawyer to draft a privacy policy?

No, a privacy policy does not require the assistance of a lawyer. However, you should check with a lawyer while drafting your privacy policy to verify that it complies with legal standards.

Is it necessary for me to have a privacy policy?

If you collect any type of personal information from visitors to your website or app, you must have a privacy policy in place.

Is having a privacy policy a legal requirement?

The most significant reason for having a privacy policy on your website or app is for this reason. Most countries’ privacy laws require website and app owners to provide a privacy policy visible to their customers.

Is it possible for me to create my own privacy policy?

Yes, you have the option of creating your own privacy policy. You don’t need a lawyer to draft a policy for your business; instead, you can use a privacy policy template to contain all of the clauses you need to describe your data-handling methods to users.

Wrapping it Up

While some business owners choose to draft their own privacy policies, we highly urge that you seek expert help when drafting legal papers to provide you with proper protection and legal validity.

Keep your privacy policy up to date, and send out privacy policy update notices to your customers.

You may find interesting as well our free library of business templates. There you will find every single template you will need when building and scaling your business completely for free. See it here.