- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
- 4. Benefits of Privacy Policies for Businesses
- 7. Examples of Compliant Business Practices
- 7.1. Drafting User-Friendly Clauses
- 7.2. Including Internal Links
- 7.4. Getting Affirmative Consent
- 9. Conclusion
The definition of personal data varies depending on which law applies, but generally, personal information is any data which allows businesses to identify an individual person.
Examples of personal information include:
- Email address
- IP address
- Passport Number
Although, as mentioned, the exact meaning can vary, here's a fairly simple definition of personal data from Article 4 of the EU's General Data Protection Regulation (GDPR).
The GDPR is one of the world's most comprehensive privacy laws, so it's a law worth familiarizing yourself with even if you don't target EU-based individuals.
Privacy Policies serve a few specific purposes:
- Privacy Policies compel businesses to act more transparently
- Privacy Policies can help build trust between website owners and consumers because both parties know what is expected of them
In many ways, Privacy Policies strike a balance between the rights of individuals to control who they share data with, and the need for businesses to process some personal information for commercial purposes.
Privacy Policies are not always optional, and are often required by law. Here are some of these laws:
- General Data Protection Regulation (GDPR): If you sell goods or services to EU residents,or process their personal data to a certain extent, then you must comply with the GDPR which sets out rules for processing and safeguarding personal data.
Benefits of Privacy Policies for Businesses
- Answering some questions about your business
- Selecting what country or state applies
- Explaining what type of data you collect and why
Of course, you can always customize the clauses, but the generator will give you a template you can use right away.
You can also refer to Privacy Policies from other businesses to help you with wording and drafting (although it's not advisable to copy other Privacy Policies word-for-word as this may constitute a copyright violation and also won't be accurate for your business).
- What type of information you collect
- How you collect the data
- Description of who you share the data with e.g. third parties
- A clause setting out what rights people have concerning their personal or sensitive data
- Explanation of how people can exercise these rights e.g. how they can "opt out" of sharing non-essential data with you
Examples of Compliant Business Practices
Drafting User-Friendly Clauses
- Use simple language
- Break up long clauses into shorter, more readable sections
- Highlight key words or phrases
- Use bullet points to improve readability
Here are some examples.
Walmart uses a mixture of bullet points and short, concise paragraphs to make key points. You'll also note they use straightforward, jargon-free language as much as possible:
Netflix highlights key words and uses bullet points to improve readability. It's easy for users to scroll through the Policy, jump to relevant sections, and make a note of the most important points:
Including Internal Links
In the next paragraph, it links people to the Minors Policy. No one under 13 can use Etsy, but there's more information for parents and account owners in the Minors Policy:
And in section 2, "Information Collected or Received," a link is provided to the Cookies and Similar Technologies Policy so customers can learn more about cookies:
Getting Affirmative Consent
Some laws, such as the GDPR, may require consent before you can collect or process someone's personal data. This is especially relevant when it comes to Cookie Notices.
As a result, some companies seek affirmative consent for their Privacy Policies by including a checkbox which users must tick to:
- Agreed to its terms
Consent isn't always necessary, even under the GDPR, so we won't find such checkboxes everywhere.
- GDPR: A failure to comply with the GDPR means facing fines of over $20 million or up to 4% of your company's global annual turnover (whichever is the highest amount)
- PIPEDA: Companies can be fined up to $100,000 for every occasion when they knowingly break this law
- CPRA: You may be fined up to $7,500 for every time you knowingly break the CPRA, and up to $2,500 for each accidental violation
- CDPA: The Attorney General can apply for damages of up to $7,500 for every intentional violation of the Act
The penalties can vary widely based on factors such as the severity of the violation and whether it's a company's first offense. Make sure you get legal advice for your specific situation, if required.
- Whether you collect personal information
- Why you need the data
- How you collect this information
- What choices users have regarding their personal data
- Use jargon-free language
- Keep paragraphs short, where possible
- Include links to other key policies e.g. Terms and Conditions
- Highlight the most important words or sentences
You can face serious financial charges or reputation damage if you fail to comply with privacy laws around the world.