Website Privacy Policy Help Guide

Every website needs to post a website privacy policy so that visitors understand how the site collects and uses their information. The following information explains the main sections and key considerations of a website privacy policy.

Note that this privacy policy may not be appropriate or may need to be supplemented for websites operating within regulated industries, such as in financial and healthcare industries.


Introduction

The "last updated" date is normally located at the top of the privacy policy. The best practice is to update this date whenever you modify the policy. Any changes you make will only apply to information collected after the revision date.

The introductory language clarifies that the policy only applies to information collected during online activities on the website and electronic correspondence, not information collected offline. By using the site, visitors agree to the terms of the privacy policy.

TRUSTe Privacy Program

If applicable, this paragraph informs visitors that your site has been awarded a TRUSTe privacy seal due to your compliance with TRUSTe's certification standards. Visitors are told to email you with any questions, and if they are not satisfied with your response they may contact TRUSTe, which will act as a liaison to help resolve the issue.

Information We Collect

This section lists the types of information you collect, including whether or not you collect "personal information." Personal information is any personally identifiable information that can be linked to specific individuals, such as names, addresses, dates or places of birth, and social security numbers.

Possible categories include the following:

  • Demographic information
  • Forum or discussion board activities
  • Product reviews
  • Search queries
  • Site feedback or suggestions
  • Surveys or polls
  • Sweepstakes or contest information
  • Billing and credit card information
  • Social security numbers

You may also add your own miscellaneous categories. You should be thorough in including all categories of information collected. Note that this document already permits you to collect certain standard categories of information, such as names, addresses, email addresses, phone numbers, personal interests, server logs, advertising interactions, online interactions, and activities on the website. It may be beneficial to preview this language in the document before adding your own categories.

This section also notifies visitors if you allow and collect account or profile information, transaction information, and user contributions such as public posts to forums or discussion boards.

Automatic Data Collection

Any automatic data collection technologies employed by your site are detailed here. These may include cookies, web beacons, flash cookies, DoubleClick DART cookies, and Google Analytics.

How We Respond to Do Not Track Signals

Here, you explain whether you track visitors' activities over time or across third-party websites and if you respond to Do Not Track (DNT) signals. DNT signals are sent by browsers to notify websites when visitors do not wish to be tracked. This section also explains whether you allow third parties (anyone else) to track visitors.

How We Use Your Information

This section lists the various ways in which you use the visitor information you collect. For instance, it notifies visitors if you sell or rent their information to others. Common uses of visitor information include to administer the site, to enforce site rules, to provide access to the site and its services, to research and analyze visitor usage data and target demographics, to maintain security, and to fulfill visitor requests. You may also use visitor information in other ways so long as you indicate the uses at the time the user submits the information or if you first receive authorization.

This section also explains that all information collected from visitors of the site belongs to you, whether or not such information is personal information, information visitors volunteer, or information passively collected (for instance, through automatic collection technologies).

How We Share Your Information

Here, you clarify the other parties that you may share visitor information with. These parties include any affiliates or subsidiaries; employees, contractors, business partners, and other third parties that provide support to the site; any new owner that receives your site's assets through a sale, liquidation, merger, or similar proceeding; and courts and government law enforcement agencies. You may also add others to this list or notify visitors of other parties that will receive specific information at the time visitors provide it.

You can optionally include third-party advertisers and ad servers or allow your site broad license to share with any third party it desires. However, to ensure that your policy stands up in court, you should tailor your privacy policy to your actual or reasonably expected privacy practices. Therefore, you should refrain from adding any parties that you will not actually share information with, limiting your list as much as possible.

Links to Other Websites

The privacy policy only applies to your website. Visitors should be aware of this when they exit your site and review the privacy policies of all sites they reach through links on your site.

Third-Party Tracking on Our Site

This section, if applicable to your site, indicates that your site allows third parties to place advertisements or other content on your site that uses tracking technologies to collect information from visitors. It then goes into more detail regarding targeted ads and whether or not they collect personal information.

Opt-Out Procedures

Visitors are told how to opt out of receiving certain communications from your site. If your site uses them, visitors may also opt out of sharing with third-party advertisers and targeted ads. Lastly, they are directed to review the relevant third-party privacy policies for any tracking technologies used on your site.

How to Access and Change Your Information

It is important that visitors are able to review, correct, and delete any personal information you collect on the site. This section provides the email address for doing so and, if your site provides accounts, explains how to update account information.

Notice of California Privacy Rights

This section is important to comply with the California "Shine the Light" law (California Civil Code Section 1798.83). California residents who use the site may request certain information regarding any disclosure of personal information to third parties for their direct marketing purposes by emailing you at the address indicated.

Security

Here, visitors are notified of your site's data security technologies and the measures you take to safeguard against unauthorized use or disclosure. For example, it explains whether you encrypt data using Secure Sockets Layer (SSL) data encryption or other technologies. Since no data transmissions can be guaranteed against loss or theft, it is important that this provision does not overstate your ability to protect data (for instance, against hacking or viruses).

Children's Privacy

Visitors must be notified about whether you collect personal information from children under 13 years of age. If so, you must state your reason for collecting such information, explain your uses of it, and notify parents or legal guardians of their related rights to review, update, and delete such information.

Changes to This Privacy Policy

You may post changes to the privacy policy at any time. However, note that any changes you make will only apply to information collected after a revision is posted. If you make any significant changes to how you collect, use, or share visitor information, then instead of just posting your changes on the privacy policy page, it is recommended that you email account holders directly and post notice in a prominent location on the site. This will make sure that your updates are legally valid should they ever be questioned in court.

Notification Procedures

You may make any notifications necessary regarding the privacy policy in whatever manner you deem appropriate (in accordance with applicable laws).

Cross-Border Data Transfers

Here, visitors agree that you may transfer visitor information to countries other than their own.

Contact Information

Lastly, visitors are told how to contact you should they have any questions, suggestions, or complaints. It is recommended that you include an address, phone number, and email address.


Table of content
Was this helpful? /

Can’t find what you are looking for?

Contact us here.