Privacy Policy for Dropshipping
If you run a dropshipping store, then you need to provide a Privacy Policy to inform your customers about what happens to their personal information when they use your website. Personal data is any information you can use to identify a named individual, and people have the right to know what happens to any such data they share with you.
Every dropshipping store's Privacy Policy must contain certain basic clauses. However, bear in mind that the exact requirements for your dropshipping store's Privacy Policy vary depending on which global privacy laws you must comply with. If you're in any doubt as to which privacy laws apply, always get legal advice.
Below we'll explore the clauses that every legally compliant dropshipping store's Privacy Policy needs in more detail.
Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:
- Click on "Start creating your Privacy Policy" on our website.
- Select the platforms where your Privacy Policy will be used and go to the next step.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
-
Enter your email address where you'd like your Privacy Policy sent and click "Generate".
And you're done! Now you can copy or link to your hosted Privacy Policy.
- 1. What is Dropshipping?
- 2. Do I Need a Privacy Policy for My Dropshipping Website?
- 3. What to Include in Your Dropshipping Privacy Policy
- 3.1. Introduction
- 3.2. Contact Details
- 3.3. Jurisdiction
- 3.4. Consumer Privacy Rights
- 3.5. Personal Data Collected
- 3.6. How You Collect Personal Data
- 3.7. Purpose of Data Collection
- 3.8. Third Party Sharing and Tracking
- 3.9. Links to Other Policies
- 3.10. Privacy Law Compliance
- 4. Where to Display Your Dropshipping Privacy Policy
- 4.1. Website Footer
- 4.2. Points of Data Collection
- 4.3. Within Other Policies
- 5. Conclusion
What is Dropshipping?
Before we get into Privacy Policies in any detail, though, let's be clear on what dropshipping actually is.
Dropshipping is a type of ecommerce. It allows you to sell goods to customers without storing your own inventory, so there's no need to fulfill your own orders. Instead, you simply ask a third-party company to ship the products straight to the consumer.
A dropshipping transaction basically looks like this:
- A customer places an order with you
- You pass the sales order to a third-party supplier
- The supplier provides the stock and ships it directly to your customers
It's quick to get started, and you don't need to worry about running your own warehouse or handling delivery logistics.
Do I Need a Privacy Policy for My Dropshipping Website?
Yes, for two main reasons.
First, it's a legal requirement. In many countries around the world, you must provide a Privacy Policy if you process personal data for commercial purposes. A Privacy Policy sets out what information you collect, why you need it, and who you share it with. All things that customers have a legal right to know about.
Next, if you use a third party platform, it's almost always stated somewhere in the terms of the service that you must set out how you use your customer's information.
Here's how Shopify lets its customers know that they must let their own customers know about privacy practices and actually post a Privacy Policy:
If you don't provide a Privacy Policy for your customers, then you'll probably lose your dropshipping store and you may be subject to financial penalties, depending on which privacy laws apply.
In other words, drafting and publishing a legally-compliant Privacy Policy should be a top priority for any business.
What to Include in Your Dropshipping Privacy Policy
Your Privacy Policy must set out, at a minimum:
- The rights people have over their personal data
- What type of personal information you collect
- Why you need this information
- How you process this information
- Who you share the information with
- How customers can contact you for further information or to opt out of data collection
Let's take a look at these and some other important clauses.
Introduction
No matter which privacy laws apply, every Privacy Policy should have an introduction.
Essentially, all you need to do is explain that it's a Privacy Policy which sets out how you process, use, and share personal data.
Here's an example from dropshipping store, Dog Pawty:
You should also include the date when your Privacy Policy came into force or was last updated in this introductory clause. Or, put the date at the end of the Privacy Policy.
Contact Details
You must give customers at least one way to contact you about your Privacy Policy. An email address is ideal, but you could also use a telephone number or postal address.
Put your contact details somewhere obvious, like the end of your Privacy Policy, so customers can find them quickly. Again, Dog Pawty has a short but effective clause for this:
Jurisdiction
Next, set out the relevant jurisdiction. All this means is explaining which country's laws apply if a dispute arises between you and a customer, so you only need a few lines for this clause.
Pour Moi, for example, uses English law because it's a company based in England. This example is from its Terms and Conditions, but it works equally well in a Privacy Policy and it's a good example of a succinct, clear clause setting out which laws apply:
While this is a long clause, it should be noted that most clauses that cover this information are much shorter. For example, the highlighted sentence in the screenshot could be its own full clause and titled "Governing Law."
Consumer Privacy Rights
As we've touched on, consumers have the right to control who can access their personal data, and what happens to it. The specific rights depend on which privacy laws apply, but you must set them out clearly in your Privacy Policy.
For example, if the EU's General Data Protection Regulation (GDPR) applies, people have the right to delete, amend, or access their personal data at any time.
Dog Pawty sets these rights out using clear, succinct language:
And if the CCPA (CPRA) applies, consumers can ask that you don't sell their personal data, so you must specify this right in your Privacy Policy.
Levi's has a good example for this:
At a minimum, customers usually have the right to restrict the use of their personal data, including sharing it with third parties. However, whichever specific rules apply, make sure you highlight them in your Privacy Policy and explain how customers can exercise them.
Personal Data Collected
You should tell people that you're collecting personal data at all, and what type of data you collect. This will include, for example, their name, delivery address, and payment information. However, it also means device information such as someone's IP address and browser data, so be sure to disclose this in the clause:
Here's an example of a good clause from dropshipping store Mini Smart World:
You'll see they keep the clause fairly broad by using language like "including" so they're not restricting the specific data they can collect to just what's written in the Privacy Policy. This is a good practice to adopt.
How You Collect Personal Data
It's not enough to state that you collect personal information. You must also disclose how you collect it, too.
For example, in the above screenshot, Mini Smart World clearly describes how it uses cookies, log files, and web beacons to collect device information. It also collects personal data like customer names and billing addresses when customers move through the checkout.
You can, however, make this clause broader to cover as many scenarios as possible.
Meowingtons, for example, uses very general language. That said, it's an easy clause for people to quickly read and understand, which should be your goal when you're writing a Privacy Policy:
Purpose of Data Collection
You need a valid reason to collect someone's personal information. For example, if the GDPR applies, then you can't collect personal data unless it's for one of the purposes set out in the Act. However, no matter which law applies, you still need to set out the purpose of collecting personal data.
Let's return to Meowingtons. Again, the company uses clear, accessible language and short sentences to set out why it collects personal data from customers:
You don't need an overly complicated clause here. Just provide enough information to justify why you're collecting personal data, and how you use it.
Here's another example of a short but sufficient clause from Mini Smart World:
Third Party Sharing and Tracking
When you're dropshipping, you probably need to share at least some of the personal data you process with third parties to fulfill customer orders. If you do share personal data with third parties, then you must disclose this in your Privacy Policy.
Again, there's no need for a lengthy clause here. It's all about explaining things in a clear, succinct way so that the average consumer can understand what's happening to their personal data.
Here's an example from Warmly Decor. The company shares personal data with third parties to complete customer orders, and it runs data through Google Analytics to improve the user experience. You'll note that Warmly Decor explains how users can opt out of analytics, which is a great practice:
You should also specify if you use customer data for targeted advertising of any kind and, again, explain how users can opt out of this. Here's how Warmly Decor phrases such a clause:
Finally, you should confirm if you use cookies or tracking technologies of any kind, and your reasons for using them. Meowingtons keeps this clause short and simple:
Links to Other Policies
It's good practice to link through to your other key information and documents, such as your Terms and Conditions and Returns Policy, in your Privacy Policy. That way, customers can quickly jump to these other documents if they want further information before proceeding.
Here's an example from Macy's that links to the full Notice of Privacy Practices agreement, as well as to more information about its credit card services, which is a huge branch of the company:
Privacy Law Compliance
Finally, you'll need to check which privacy laws apply in your country to see if you need to add anything else in your Privacy Policy.
For example, if the EU's GDPR applies to you, then you'll need a clause setting out your lawful basis for processing personal data. Or, if the CCPA (CPRA) applies, you must inform consumers they have the right to opt out of data collection. We've touched on these extra clauses above, but just be sure you know when and how to use them.
Get legal advice if you're in any doubt as to which privacy laws apply to you or how to comply with them.
Where to Display Your Dropshipping Privacy Policy
Once you've created your Privacy Policy, you need to display it somewhere prominent on your website or mobile app. It must be easy for customers to find your Policy and agree to its terms before they share personal data with you in any way.
With this in mind, there are a few places where you might consider linking to your Privacy Policy. Let's break them down.
Website Footer
One of the most obvious places to put a Privacy Policy link is your website footer. If you place the link beside your other key policies, customers can find it quickly.
Taylor Stitch, for example, places a link to its Privacy Policy right beside the Terms and Conditions. As you'll see, it's titled "Privacy" rather than "Privacy Policy," which is fine because it's still obvious which document customers are reading:
Ensure it's visible on both the desktop and mobile versions of your website.
Points of Data Collection
Before you collect someone's data, take steps to ensure that they consent to your Privacy Policy. You can do this by placing links to your Policy at the point of data collection such as:
- When someone opens an account
- Before a customer completes a purchase
- When someone signs up to receive marketing or other communications from you
- Within other linked policies
Here's an example from Verve Coffee. Before someone completes a purchase, they have the option to opt in to special offers and marketing messages, as well as view the store's Privacy Policy and Terms of Service. This allows the customer to know exactly what they're agreeing to before they check out or opting in:
Within Other Policies
Finally, you should link to your dropshipping Privacy Policy within your other key documents, like your Terms of Service and Returns Policy. This way, customers can quickly move between documents to source the information they need without wasting time searching around your website.
Here's an example from Shopify's own Terms of Service. You can't use the store unless you consent to the Terms, Privacy Policy, and Acceptable Use Policy. So, to make it easy for users to understand what they're consenting to, Shopify links to all policies within the Terms of Service:
Ideally, place the link near the start of your other policy so customers can find it easily.
Conclusion
If you run a dropshipping store of any kind, then you must create a legally compliant Privacy Policy and post it somewhere obvious on your website for customers to read before doing business with you, such as:
- The website footer
- At the point of data collection (signing up for emails, completing an order, etc.)
- Within other policies
Your Privacy Policy must include, at a minimum, the following clauses:
- Introduction
- Business contact details
- Applicable laws
- Consumer rights over personal data
- Type of data collected
- Purpose of data collection
- Data sharing purposes
- How you collect data
- Third party tracking and sharing practices
It's a good idea to link through to your other policies, too.
Remember to always check any applicable laws to see what other additional clauses you may need.