Privacy Policy for AdWords Remarketing
If you want to use Google AdWords for remarketing, then you must either draft a compliant Privacy Policy or amend your existing Policy so it complies with Google's guidelines. The reason for this is simple. It all comes down to data privacy.
We'll explain what you need to do to make your Privacy Policy compliant with Google's guidelines.
The moment you collect, store, handle, or process a user's personal data, you're legally bound to comply with various data privacy laws. These laws include the following:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA) as amended by the CPRA
- Personal Information Protection and Electronic Documents Act (PIPEDA)
Although these laws are all different, they have one principle in common: People have the right to know who has access to their personal data, and what companies plan on doing with the data they collect.
Put simply, you can't use someone's personal data for marketing or other analytics purposes without getting their informed consent. The most effective way to get this consent is by:
- Drafting a clear, concise, and user-friendly Privacy Policy
- Ensuring that users can read this Privacy Policy before you begin collecting their personal data
There's no doubt that remarketing, also known as retargeting, is a great strategy for generating business and boosting conversion. Why? Because it lets you specifically target users who have already shown an interest in your service or product. Here's a very brief summary of how it works:
- The user lands on your website and looks around
- These users are added to customized "lists" through browser cookies
- You can then send these users highly targeted ads on various websites
Who wouldn't want to target a highly curated audience that's likely to convert into paying customers? It's unsurprising that remarketing is such a popular business strategy. What's important, however, is that you're aware of your legal responsibilities and obligations before you use this marketing tool.
So, you're ready to start using Google AdWords for your remarketing or retargeting needs. Let's briefly consider how it all works before looking at how to draft a compliant Privacy Policy.
Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:
- Click on "Start creating your Privacy Policy" on our website.
- Select the platforms where your Privacy Policy will be used and go to the next step.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
-
Enter your email address where you'd like your Privacy Policy sent and click "Generate".
And you're done! Now you can copy or link to your hosted Privacy Policy.
- 1. Introduction to Google Adwords Remarketing (AWR)
- 2. AdWords Remarketing Privacy Policy Requirement
- 3. How to Draft an AWR-Compliant Privacy Policy - General Terms
- 3.1. Type of Data
- 3.2. Purpose of Collection
- 3.3. Method of Collection
- 3.4. Use of Personal Identifiers
- 3.5. Opt-Out
- 4. Comply with AdWords Remarketing - Specific Privacy Policy Clauses
- 4.1. Disclosure of Use of Remarketing
- 4.2. Third Parties
- 4.3. Ad Display & Cookies
- 4.4. Opting Out of Targeted Marketing
- 4.5. More Information
- 5. Displaying Your Privacy Policy
- 6. Conclusion
Introduction to Google Adwords Remarketing (AWR)
Google Ads, or Google AdWords, is a highly popular online advertising and marketing platform. It lets you place ads on Google and it lets you know which advertisements are working most effectively. Specifically, AdWords lets you send curated ads to the audience you know will appreciate them the most.
All you need to get going is:
- A free AdWords account
- A small tag, or pixel, added to your website from Google's remarketing codes
- Users who click on your website and accept browser cookies
Google sums it up succinctly on its own Privacy and Terms page. Here's what it says:
You'll note that cookies play an important part in how Google AdWords operates, which is why privacy is such a key issue. Let's take a closer look at what Google expects from its developers and partners before we consider how to draft a compliant Privacy Policy.
AdWords Remarketing Privacy Policy Requirement
Google sets out that everyone who uses its business tools, including AdWords, must provide a Privacy Policy. What this means is that if you fail to provide users with a Privacy Policy and Cookie Notice, and you continue using Google AdWords, you could lose access to your account.
Essentially, you must provide a Privacy Policy that tells users the following:
- You use remarketing or similar marketing technologies
- How you use these technologies to advertise online
- How third parties, such as Google, use cookies, device identifiers, and similar technologies to deliver targeted ads
- How third-party vendors and partners display your ads online
- How users can opt-out of retargeting cookies and targeted marketing
- Where they can find out more information about their privacy rights
This may seem like a lot of information, but don't worry. It's much easier to comply with these obligations than it looks. First we'll briefly break down the handful of clauses that every Privacy Policy should have, and then we'll take a closer look at the AdWords-specific Privacy Policy clauses you'll need.
How to Draft an AWR-Compliant Privacy Policy - General Terms
Every Privacy Policy should explain the following:
- The type of data you collect
- Why you collect this data
- How you collect it
- What you do with the personal information once you've got it
- How users can opt-out of everything but essential data collection (i.e., how they opt out of marketing and related activity)
So, what do these clauses look like? Let's take a look at examples of each type.
Type of Data
Tell users that you collect personal information from them. Personal information, legally speaking, is any information that can be used to identify someone, such as their name, IP address, or email address.
The list is non-exhaustive, meaning there are many identifiers which may be considered personal information. It's a good idea, then, to keep your clause broad so you're covered for collecting a wide variety of personal information.
Here's an example from Barnes & Noble:
Inform users you're collecting personal data, and what this may include.
Purpose of Collection
Users have the right to know why you need the data you collect from them. You may, for example, need their financial details to complete a transaction, or their basic name and address details to set up an account.
Data privacy law is all about transparency. You should set out, as clearly as possible, why you need a user's personally identifiable information.
Arnold Clark, a vehicle retailer, sets out in clear, concise sections precisely why it collects personal information, at what stage and why:
Make it clear why you need certain personal identifiers at various stages so customers know exactly what information you take from them, and why.
Method of Collection
You can collect personal information from users in various ways. For example, you might gather their name, home address, date of birth, and email address when they go through checkout. You might also collect their IP address when they browse through your site.
What's most important is that users know how you collect data from them at these various stages. In other words, they should know that creating a store account is a method of personal data collection, and so on.
Here's another example from Barnes & Noble:
Be transparent about when and how users supply you with personal information.
Use of Personal Identifiers
Be clear about how you plan on using someone's personal data once you have it.
There are some circumstances in which you have to use or disclose someone's information. For example, if you suspect they're committing fraud through your platform and you contact the authorities. However, in other circumstances, you should set out how you use the data from the moment the data is exchanged.
Taking another look at Barnes & Noble, we can see that the company dedicates a whole clause to setting out how they use personal identifiers. It's a broad clause drafted very much in the retailer's favor. It uses personal information to manage the business, which means someone's data can be used for virtually any business-related purpose:
Keep this clause as broad as possible.
Opt-Out
Users must be able to opt-out of data collection for marketing. It's all about a person's "right to be forgotten." You must tell users that they can opt-out of marketing at any time, and it should be possible for them to reject marketing and other analytics activities from the outset.
Here's an example from Beauty Kitchen:
The company clearly and concisely explains how users can opt out of marketing and makes it clear that users can change their mind (or rescind consent) at any time.
In line with privacy laws around the world, give users full control over their data.
Comply with AdWords Remarketing - Specific Privacy Policy Clauses
The above clauses are the bare minimum that any Privacy Policy should have to comply with the law. Every AdWords-compliant Privacy Policy must contain these clauses.
Now, here's a look at the more specific clauses you'll need to comply with Google's own AdWords Policy.
Disclosure of Use of Remarketing
If you plan on using remarketing technology, you must disclose this to your users. To comply with Google AdWords' Terms, there are two main steps:
- Disclose that you use cookies
- Disclose that you use remarketing or ad retargeting tools
First, be clear that you use cookies for marketing and data analytics purposes.
Barnes & Noble has a great example for this. It explains what cookies are, in simple terms, and is very open about using marketing cookies:
Once you've clarified that you use cookies, you can then talk about how you use remarketing to advertise online. At this stage, all you need is a declaration that you use these technologies to reach your customers.
Here's an example from Beauty Kitchen. It explains the types of technology that the company uses, including ad tags and custom audience tools, to remarket around the web:
Be clear about using remarketing technologies. A clause declaring your use of these technologies is sufficient.
Third Parties
You must include a clause that tells your visitors how third-parties such as Google may place ads for you across the internet. This is based on users visiting your website, and the personal data they share with you. Again, it doesn't have to be a long clause. The more succinct and concise the clause, the better.
Here's an example from Myprotein. You can see the clause is very general so that it includes a broad range of third parties. What's key is that users know that they may see tailored ads on third-party websites:
Tell users that they may see your ads across the internet because of your third-party data sharing policy.
Ad Display & Cookies
You should explain how third parties, including Google AdWords, use cookies or other device identifiers to display ads based on a user's previous behavior. The clause should, then, explain three things:
- You use cookies
- You partner with third parties
- Third parties serve ads based on a user's past behavior on your website
Notice that this clause from Barnes & Noble covers these three requirements quite succinctly:
Opting Out of Targeted Marketing
Users must easily be able to opt out of targeted marketing. For this type of opt-out, you can link back to Google's own Cookie Policy, or direct users to disabling cookies through their browser.
This is the approach taken by Barnes & Noble, and it's entirely sufficient for purpose:
More Information
Be clear about where visitors can find out more about their privacy rights. First, it should be obvious how users can contact you or your data controllers for more information. However, in addition to this, you should provide a link to one or two external sources.
Here's a good example from Myprotein.
Give users access to the information they need about their privacy rights.
Displaying Your Privacy Policy
Your Privacy Policy must be available to view online. The best place to add a link to your Privacy Policy is within your website footer. People check here for important links, and it will be visible from every page on your website.
Myprotein links to its Privacy Policy from its menu towards the bottom of the page. Users can view it whenever they're browsing the website by simply clicking the link:
Remember: It's important that users have the chance to view your Privacy Policy at any time.
Conclusion
To use Google AdWords, you must either draft a compliant Privacy Policy, or edit your existing policy so it complies with Google rules. At a minimum, you can comply with Google AdWords unique Privacy Policy requirements by including these clauses:
- Message on the use of remarketing or retargeting technology
- Message on how third parties, including partners such as Google, display yours ads online based on user behavior
- Message on how these third parties use cookies or similar technologies to place these ads, and that the ads are based specifically on past visits and browsing behavior
- Advice on how to opt out of targeted marketing
- Links to where users can find out more about their privacy rights
Complying with Google AdWords is less challenging than it seems at first glance. Simply make sure you're transparent about your remarketing and retargeting strategies, and that users can revoke their consent to remarketing at any time. Keep your Privacy Policy simple and user-friendly, and be aware of your general obligations under world privacy laws.
