A Website Privacy Policy, like Website Terms & Conditions tends to be one of those things that is often overlooked by entrepreneurs either until a problem pops up (involving website content, business practices, data breaches, or a review by the FTC which can come in and shut down your business), or until they are gently or not-so-gently nudged into getting proper legal documentation in place. (Hint: before you have a problem on your hands, this is your nudge!)

Posting a Privacy Policy fulfills your obligation as a business owner to let your visitors and clients know what information you collect, why you collect it, how you store it, what 3rd parties you may share it with, and more. If you are collecting any kind of data online from your visitors, whether a first name and email address, or information through Google analytics or a similar analytics program, you are required by law to have a Privacy Policy (and to follow that policy). While your Website Terms & Conditions constitute a legal agreement between your website visitors and you (or your business), your Privacy Policy is a disclosure of your policies and privacy practices. These documents govern your visitor’s visit to your website and the use of any information provided on or through your website.

So what exactly does a Privacy Policy cover?

If you are technically savvy, or at least moderately educated on all things websites, cookies and analytics, then you likely know that with most modern websites, all kinds of information besides information that is voluntarily provided by your visitors gets collected, including:

  • Where they access your website from (i.e. referring websites, google search, etc);
  • How long they spend on your website;
  • What pages of your website they visit;
  • At what page on your website they exit from;
  • The time spent on each part of your website

Additionally, the following likely gets collected as well:

  • What type of device they are using to access your content;
  • Information about their device, including universally unique identifiers, advertising identifiers, operating systems and versions;
  • Their service provider/carrier;
  • Where they are in the world, including specific zip codes;
  • Hardware and processor information;
  • Their IP address;
  • Their browser type, version and language
  • Network type
  • And more!

In addition to the above, other type of information from visits to your website gets saved to optimize future visits for the same user, including:

  • log-in names;
  • passwords;
  • shopping cart contents;
  • and other site-specific preferences

All of the above is in addition to any information that is provided voluntarily by the visitor, including:

  • first and last name;
  • email address;
  • mailing address;
  • payment and/or credit card information;
  • telephone number
  • and any other voluntarily provided information

If you collect any information from your visitors, then you are required to let them know how that information is retained and protected by your business, whether it is distributed or sold to third-parties, and how that information can be modified or deleted from your system if requested.

A well-drafted Privacy Policy should cover all of the above information and disclose how the information is used, retained, protected and if it needs to be modified or deleted how that can be done as well.

You should also provide proper disclosures regarding the relevant remarketing or retargeting practices in which your business engages. These disclosures are often required by third party platforms via which you conduct said remarketing or retargeting practices as a condition of use of their platform (including Facebook, Google, etc).

A well drafted Privacy Policy should also address its policy regarding protecting children and their personal identifying information to comply with the law.

And if you do business with residents in California, there are specific provisions that may be required both in your Privacy Policy and your Website Terms & Conditions to make you compliant with the law.

Additional provisions should cover the security measures taken to protect visitor information, the date that the Privacy Policy was last revised or modified (this alerts your visitors to re-read the Policy when necessary), changes to the Privacy Policy (including reserving the right to update or modify the policy at any time), and provide contact information for any questions regarding the Privacy Policy.

This summary outlines much of what is covered in a well-drafted Privacy Policy, but not all of it.

And if you wonder why you should not just copy and paste someone else’s policy or random samples from the internet, read this post.

PS. If you are interested in purchasing my Website Protection Package, you can visit my online store here.

________

For more information on Contracts, visit the following blog posts…..

DISCLAIMER: THE INFORMATION PROVIDED IN THIS POST MAY CONTAIN LEGAL INFORMATION, BUT DOES NOT CONSTITUTE LEGAL ADVICE. NO RELATIONSHIP, INCLUDING ATTORNEY-CLIENT RELATIONSHIP, HAS BEEN FORMED AS A RESULT OF THIS POST. YOU ARE ADVISED TO SEEK THE ADVICE OF AN ATTORNEY LICENSED IN YOUR STATE IF YOU HAVE ANY QUESTIONS.