Privacy Policy for AdWords Remarketing

by Jennifer L. Legal writer.
Privacy Policy for AdWords Remarketing

If you want to use Google AdWords for remarketing, then you must either draft a compliant Privacy Policy or amend your existing Policy so it complies with Google's guidelines. The reason for this is simple. It all comes down to data privacy.

We'll explain what you need to do to make your Privacy Policy compliant with Google's guidelines.

The moment you collect, store, handle, or process a user's personal data, you're legally bound to comply with various data privacy laws. These laws include the following:

  • General Data Protection Regulation (GDPR)
  • California Consumer Privacy Act (CCPA)
  • Personal Information Protection and Electronic Documents Act (PIPEDA)

Although these laws are all different, they have one principle in common: People have the right to know who has access to their personal data, and what companies plan on doing with the data they collect.

Put simply, you can't use someone's personal data for marketing or other analytics purposes without getting their informed consent. The most effective way to get this consent is by:

  • Drafting a clear, concise, and user-friendly Privacy Policy
  • Ensuring that users can read this Privacy Policy before you begin collecting their personal data

There's no doubt that remarketing, also known as retargeting, is a great strategy for generating business and boosting conversion. Why? Because it lets you specifically target users who have already shown an interest in your service or product. Here's a very brief summary of how it works:

  • The user lands on your website and looks around
  • These users are added to customized "lists" through browser cookies
  • You can then send these users highly targeted ads on various websites

Who wouldn't want to target a highly curated audience that's likely to convert into paying customers? It's unsurprising that remarketing is such a popular business strategy. What's important, however, is that you're aware of your legal responsibilities and obligations before you use this marketing tool.

So, you're ready to start using Google AdWords for your remarketing or retargeting needs. Let's briefly consider how it all works before looking at how to draft a compliant Privacy Policy.

Introduction to Google Adwords Remarketing (AWR)

Introduction to Google Adwords Remarketing (AWR)

Google Ads, or Google AdWords, is a highly popular online advertising and marketing platform. It lets you place ads on Google and it lets you know which advertisements are working most effectively. Specifically, AdWords lets you send curated ads to the audience you know will appreciate them the most.

All you need to get going is:

  • A free AdWords account
  • A small tag, or pixel, added to your website from Google's remarketing codes
  • Users who click on your website and accept browser cookies

Google sums it up succinctly on its own Privacy and Terms page. Here's what it says:

Google Privacy and Terms: How Google Uses Cookies in Advertising page excerpt

You'll note that cookies play an important part in how Google AdWords operates, which is why privacy is such a key issue. Let's take a closer look at what Google expects from its developers and partners before we consider how to draft a compliant Privacy Policy.

AdWords Remarketing Privacy Policy Requirement

AdWords Remarketing Privacy Policy Requirement

Google sets out that everyone who uses its business tools, including AdWords, must provide a Privacy Policy. What this means is that if you fail to provide users with a Privacy Policy and Cookie Notice, and you continue using Google AdWords, you could lose access to your account.

Essentially, you must provide a Privacy Policy that tells users the following:

  • You use remarketing or similar marketing technologies
  • How you use these technologies to advertise online
  • How third parties, such as Google, use cookies, device identifiers, and similar technologies to deliver targeted ads
  • How third-party vendors and partners display your ads online
  • How users can opt-out of retargeting cookies and targeted marketing
  • Where they can find out more information about their privacy rights

Google Ads Help: What to include in your Privacy Policy for remarketing page

This may seem like a lot of information, but don't worry. It's much easier to comply with these obligations than it looks. First we'll briefly break down the handful of clauses that every Privacy Policy should have, and then we'll take a closer look at the AdWords-specific Privacy Policy clauses you'll need.

How to Draft an AWR-Compliant Privacy Policy - General Terms

How to Draft an AWR-Compliant Privacy Policy - General Terms

Every Privacy Policy should explain the following:

  • The type of data you collect
  • Why you collect this data
  • How you collect it
  • What you do with the personal information once you've got it
  • How users can opt-out of everything but essential data collection (i.e., how they opt out of marketing and related activity)

So, what do these clauses look like? Let's take a look at examples of each type.

Type of Data

Tell users that you collect personal information from them. Personal information, legally speaking, is any information that can be used to identify someone, such as their name, IP address, or email address.

The list is non-exhaustive, meaning there are many identifiers which may be considered personal information. It's a good idea, then, to keep your clause broad so you're covered for collecting a wide variety of personal information.

Here's an example from Barnes & Noble:

Barnes and Noble Privacy Policy: What is the personal information that we collect clause

Inform users you're collecting personal data, and what this may include.

Purpose of Collection

Users have the right to know why you need the data you collect from them. You may, for example, need their financial details to complete a transaction, or their basic name and address details to set up an account.

Data privacy law is all about transparency. You should set out, as clearly as possible, why you need a user's personally identifiable information.

Arnold Clark, a vehicle retailer, sets out in clear, concise sections precisely why it collects personal information, at what stage and why:

Arnold Clark Cookies Policy: Excerpt of Personal information that we collect, why we collect it and how we use it clause

Make it clear why you need certain personal identifiers at various stages so customers know exactly what information you take from them, and why.

Method of Collection

You can collect personal information from users in various ways. For example, you might gather their name, home address, date of birth, and email address when they go through checkout. You might also collect their IP address when they browse through your site.

What's most important is that users know how you collect data from them at these various stages. In other words, they should know that creating a store account is a method of personal data collection, and so on.

Here's another example from Barnes & Noble:

Barnes and Noble Privacy Policy: How do we collect your personal information clause - Information you provide to us section

Be transparent about when and how users supply you with personal information.

Use of Personal Identifiers

Be clear about how you plan on using someone's personal data once you have it.

There are some circumstances in which you have to use or disclose someone's information. For example, if you suspect they're committing fraud through your platform and you contact the authorities. However, in other circumstances, you should set out how you use the data from the moment the data is exchanged.

Taking another look at Barnes & Noble, we can see that the company dedicates a whole clause to setting out how they use personal identifiers. It's a broad clause drafted very much in the retailer's favor. It uses personal information to manage the business, which means someone's data can be used for virtually any business-related purpose:

Barnes and Noble Privacy Policy: How do we use your personal information clause

Keep this clause as broad as possible.

Opt-Out

Users must be able to opt-out of data collection for marketing. It's all about a person's "right to be forgotten." You must tell users that they can opt-out of marketing at any time, and it should be possible for them to reject marketing and other analytics activities from the outset.

Here's an example from Beauty Kitchen:

Beauty Kitchen Privacy Policy: Controlling your personal information clause

The company clearly and concisely explains how users can opt out of marketing and makes it clear that users can change their mind (or rescind consent) at any time.

In line with privacy laws around the world, give users full control over their data.

Comply with AdWords Remarketing - Specific Privacy Policy Clauses

Comply with AdWords Remarketing - Specific Privacy Policy Clauses

The above clauses are the bare minimum that any Privacy Policy should have to comply with the law. Every AdWords-compliant Privacy Policy must contain these clauses.

Now, here's a look at the more specific clauses you'll need to comply with Google's own AdWords Policy.

Disclosure of Use of Remarketing

If you plan on using remarketing technology, you must disclose this to your users. To comply with Google AdWords' Terms, there are two main steps:

  • Disclose that you use cookies
  • Disclose that you use remarketing or ad retargeting tools

First, be clear that you use cookies for marketing and data analytics purposes.

Barnes & Noble has a great example for this. It explains what cookies are, in simple terms, and is very open about using marketing cookies:

Barnes and Noble Privacy Policy: Cookies clause

Once you've clarified that you use cookies, you can then talk about how you use remarketing to advertise online. At this stage, all you need is a declaration that you use these technologies to reach your customers.

Here's an example from Beauty Kitchen. It explains the types of technology that the company uses, including ad tags and custom audience tools, to remarket around the web:

Beauty Kitchen Privacy Policy: Sharing your information with third parties clause - Advertising tools and cookies section

Be clear about using remarketing technologies. A clause declaring your use of these technologies is sufficient.

Third Parties

You must include a clause that tells your visitors how third-parties such as Google may place ads for you across the internet. This is based on users visiting your website, and the personal data they share with you. Again, it doesn't have to be a long clause. The more succinct and concise the clause, the better.

Here's an example from Myprotein. You can see the clause is very general so that it includes a broad range of third parties. What's key is that users know that they may see tailored ads on third-party websites:

Myprotein Privacy Policy: Marketing clause - Tailored ads and cookies section

Tell users that they may see your ads across the internet because of your third-party data sharing policy.

Ad Display & Cookies

You should explain how third parties, including Google AdWords, use cookies or other device identifiers to display ads based on a user's previous behavior. The clause should, then, explain three things:

  • You use cookies
  • You partner with third parties
  • Third parties serve ads based on a user's past behavior on your website

Notice that this clause from Barnes & Noble covers these three requirements quite succinctly:

Barnes and Noble Privacy Policy: Targeted advertising clause

Opting Out of Targeted Marketing

Users must easily be able to opt out of targeted marketing. For this type of opt-out, you can link back to Google's own Cookie Policy, or direct users to disabling cookies through their browser.

This is the approach taken by Barnes & Noble, and it's entirely sufficient for purpose:

Barnes and Noble Privacy Policy: Third Party Web Analytics Services clause - Google section

More Information

Be clear about where visitors can find out more about their privacy rights. First, it should be obvious how users can contact you or your data controllers for more information. However, in addition to this, you should provide a link to one or two external sources.

Here's a good example from Myprotein.

Myprotein Cookies Policy: Google Analytics clause

Give users access to the information they need about their privacy rights.

Displaying Your Privacy Policy

Your Privacy Policy must be available to view online. The best place to add a link to your Privacy Policy is within your website footer. People check here for important links, and it will be visible from every page on your website.

Myprotein links to its Privacy Policy from its menu towards the bottom of the page. Users can view it whenever they're browsing the website by simply clicking the link:

Myprotein website footer links with Privacy Policy link highlighted

Remember: It's important that users have the chance to view your Privacy Policy at any time.

Conclusion

To use Google AdWords, you must either draft a compliant Privacy Policy, or edit your existing policy so it complies with Google rules. At a minimum, you can comply with Google AdWords unique Privacy Policy requirements by including these clauses:

  • Message on the use of remarketing or retargeting technology
  • Message on how third parties, including partners such as Google, display yours ads online based on user behavior
  • Message on how these third parties use cookies or similar technologies to place these ads, and that the ads are based specifically on past visits and browsing behavior
  • Advice on how to opt out of targeted marketing
  • Links to where users can find out more about their privacy rights

Complying with Google AdWords is less challenging than it seems at first glance. Simply make sure you're transparent about your remarketing and retargeting strategies, and that users can revoke their consent to remarketing at any time. Keep your Privacy Policy simple and user-friendly, and be aware of your general obligations under world privacy laws.

Last updated on 09 October 2020

Article categories

Jennifer L.

Legal writer.