Share

Privacy Policy: Everything You Need to Know (and a Privacy Policy Template)

February 10, 2022

Privacy Policy: Everything you need to know

Privacy policies. Every company seems to have one, everyone knows about them, but few people actually ever read them. So, why does every company have them on their website? Do businesses need to have them, even if they think most web users won’t pay any attention to them? In this article, we explore the nature of the beast that is Privacy Policies, explain why your business needs one, and how you can encourage people to actually read it. At the end of the article, you'll find a Privacy Notice template that you can tailor to your business with the help of a lawyer or privacy professional.

What is a Privacy Policy?

A Privacy Policy (or Privacy Notice) is a public legal statement of the company. It explains how the organisation uses information about its users, customers, or employees. This document is usually posted on the company’s website or application. The term “Privacy Policy” can also have a broader meaning and include any kind of notification by the company to a relevant individual about personal data processing. In the European Union, Art.13-14 GDPR requires organisations to have a Privacy Policy.

Why you need it

Aside from being legally obligated, Privacy Policies have other benefits that are worth noting. Having a Privacy Policy has proven to build initial trust with the audience. A recent study found that 45% of respondents would share their personal details if they knew exactly how the company would use their data. A Privacy Notice allows individuals to see transparent details about the use of their data. Thus, they are more comfortable sharing this data and may more easily decide to disclose their details and build long-term relationships with the brand.

The value of having a proper Privacy Policy becomes even more clear with sensitive data. MedTech apps and dating networks collect intimate details of their users, such as the details of social and/or sexual life or health data. The individuals want to know their data is safe and secure, and the Privacy Policy can effectively communicate this fact.

As for business relations, a Privacy Policy is a checkpoint for collaborations and partnerships. Payment systems, App Stores, Google Market, and even investors ask for the privacy notice before onboarding. Why? To check the goodwill of the potential partner; does the company take their legal (including privacy) obligations seriously?

If you do take the protection of your customers’ data seriously, a Privacy Policy to cover your service offering is one of the first steps you must take, after filing documents for company registration and concluding agreements with your team.

How to write a Privacy Policy

A Privacy Policy is essentially a short map of the company’s data flow in a user-friendly and intelligible form.

HQUOr2tPdfnwGgza0lXaMULrf0QD59LuGsTrwfTENUb0JUlNxBAHJWZU1YxWtPG4zoMeVhofV0EeHZUwl2qr4FviNQIkHdMUkJimgDQqIGMQwi5iAtyscPUZoAdbUoXGQ_FFtFf9
What a Privacy Policy should include

A Privacy Policy must include the following information:

  • Purposes and legal grounds — why do you collect personal data? List your legal grounds, be it the consent, necessity to perform according to the Terms of Use, or legal requirements. This section must also explain what happens if the user refuses to provide the data necessary for the contract. On top of that, it must also explain that if the user gives their consent, they can withdraw it at any time;
  • Who are the third-party providers, partners and other recipients of the collected data, as well as the implied transfers of the data to third countries?
  • Retention periods — how long are you going to store the data and why are you going to store the data for any given period of time?
  • Data rights — what rights do individuals have under the applicable privacy laws? The most notable examples under GDPR are the rights to access, amend, and delete data. The list also includes the right to complain to the competent and relevant government body about the company mishandling your data;
  • Contact details of the company and its privacy representative.

This is not a complete or absolute list for any given company; instead, an exact list of details for the Privacy Policies are to be found in the data protection laws that apply to each unique company, such as GDPR or other national data protection acts.

An ideal Privacy Notice will include a mix of abstract and case-specific information. It should also explain general rules of data collection, and elaborate on the rules in the examples. To make it easier for the reader, you can split the details into several use-cases, such as public profile creation, ordering goods online, and payments.

How your Privacy Policy should look

So, what should a Privacy Policy look like? Besides the actual content, a Privacy Notice must clearly and effectively communicate the details of the Privacy Policy to the "end-user" of the document. This may seem obvious, but think of it like this; the most important part is to remember that you are addressing a layperson. Try to deliver even the subtlest legal details in plain, user-friendly, and concise language and messaging. Consider using phrases and language that are already used by the users; this can help a lot. Avoid legal jargon, long explanations, and lengthy sections, all of which can be confusing.

You can also consider making the design of your Privacy Policy more user-friendly. People are more likely to stop and review Privacy Notices that don’t look like 60-page court judgements. Applying simple, engaging design techniques to a Privacy Policy is best practice. Visual components can support the reader in better understanding the text. The use of standardised icons is even supported by the highest EU institutions, such as the European Commission.

To make sure that the end-user reads at least something of your Privacy Policy, consider developing a "layered notice". Give the user a short notice during the registration, which covers the basics including the purposes of data retention, the user’s rights, and contact details with a clear link to the full policy. Then, explain everything in detail in the Privacy Policy itself.

Remember why privacy policies exist

Try to imagine yourself being an end-user of the service. What do you expect from the company recording your personal data? Honesty and transparency or confusing legal jargon that suggests that you’re covering up questionable data practises? The answer will often dictate the relationship you have with your own customers, and so the Privacy Policy can play a significant role in fostering a strong, trusting relationship between your company and your clients.

Privacy Notice template

To help you get started with your Privacy Policy, you can download a free Privacy Notice template that you can tailor to your business and processes. It’s always best to consult with a privacy professional or a lawyer to help tailor a generic Privacy Policy template to one that best fits the needs of your company. You are welcome to contact the team at Legal Nodes for assistance with any of your business’s privacy matters — hello@legalnodes.com.

Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice

Vlad is Head of DPO Product @Legal Nodes and a certified (CIPP/E, CIPM, FIP) privacy specialist. He's currently doing a PhD study on the topic of AI and personal data protection.

FEATURED

Explore our most popular resources