Privacy Policy
Sample content source from https://www.privacypolicies.com/blog/privacy-policy-template/#Example_Of_A_Website_Privacy_Policy
Example of a Website Privacy Policy
To be transparent with your users about what personal information you collect and what you do with it, you are required to publish a Privacy Policy agreement on your website or give in-app access to it.
Websites usually post a link to the complete Privacy Policy agreement from the footer of the website, whereas apps generally add the Privacy Policy to an “About” or “Legal” menu.
Another popular location for ecommerce store apps and websites is the checkout page, or account registration page if you don’t have an ecommerce component but allow users to create accounts.
Medium links its Privacy Policy agreement to its website footer:
The format and theme of the Privacy Policy agreement is consistent with the rest of the website and doesn’t have any anchor navigation.
It includes the following clauses:
- Information We Collect & How We Use It
- Information Disclosure
- Public Data
- Data Storage
- Third-Party Embed
- Tracking & Cookies
- Modifying or Deleting Your Personal Information
- Data Security
- Business Transfers
- Email from Medium
- Changes to this Policy
- Questions
There’s also a section that specifically addresses EU users and includes information required by the GDPR such as:
- The legal bases for collecting and processing information
- What third parties (like payment processors) Medium engages with and shares data with
- How long data is retained
- The rights of EU data subjects
- How to make a subject access request
- Contact information for Medium’s EU Representative
If your company has users in the EU, like Medium does, you’ll need to include this type of information in your Privacy Policy to be compliant with the GDPR.
Now let’s take a look at some examples of specific clauses your Privacy Policy should have.
Examples of Useful Clauses for Your Privacy Policy
Your Privacy Policy must be accurate and easily comprehensible, with all the necessary information required by laws and for transparency.
Generally speaking, every Privacy Policy agreement should have at least the following clauses:
- What information is collected and how
- How is the information used
- How is the information stored and protected
- Company contact information
- Use of cookies, log files and tracking
- How a user can opt out of data collection/usage
Here’s each one in action.
What Information is Collected and How
Privacy Policy agreements inform users what information is collected from them. This includes information users voluntarily and actively provide when they register to use services, as well as information that may be collected from them automatically, such as through the use of cookies.
You can define how you classify information e.g. public, private, or personal information. This helps the user know exactly what these terms means in the rest of the Privacy Policy document.
Here’s an example of how you can construct a clause to explain this information to your users:
The PBS Kids Privacy Policy informs users what information it collects from them. It describes the information it collects as well as a short but further detailed section after each type of information that provides more information:
How the Information is Used
One of the main purposes of Privacy Policy agreements is to explain to users how the information the business collects is used.
Pinterest has a fairly large section on What we do with the info we collect in its Privacy Policy agreement. In its first paragraph, it states that the website uses the information to provide its services to its users. It goes on to explain a few different ways it uses the information including to identify users, process their transactions, make recommendations, and respond to their questions and comments.
How the Information is Stored and Protected
Another important clause to include in your Privacy Policy agreement is about how you store and protect the information you collect from your site’s visitors. You can explain the different ways you store information and what measures you take to protect that information.
For example, Caffe Nero’s Privacy Policy agreement states that user account information is protected by a password and explains what steps users can take to prevent unauthorized access to their accounts.
In addition to this, it also states that the website takes steps to ensure as much security as possible, however it doesn’t guarantee that the measures they take will prevent unauthorized access:
Shopify states in its Privacy Policy that it follows the industry’s standards on information security management to protect sensitive user information. It also says that the company performs audits annually to make sure that the handling of user credit card information is in line with the industry guidelines. Finally, it says that they cannot guarantee the absolute security of their users’ personal information since no method of transmission over the Internet is 100% secure.
Company Contact Information
As a business owner, it’s important that you include your company’s contact information in your Privacy Policy agreement. Generally, contact information is added at the end of the Privacy Policy and contains a physical (street) address, email address, and/or phone number. The more contact information that you can provide, the better.