How can we help?

Tell us a little about yourself:











    Chat With Us

    Questions? Call Us

    "Justin at Alchemy Marketing is a marketing mastermind. He has worked with our company on every aspect of marketing including PPC, graphic design, mobile website optimization, media buying, billboard procurement and design and mass mail outs to name a few. Justin is very data driven and has a knack for pulling out insights that help our business optimize our advertising budget. I would recommend Alchemy to anybody looking to grow their online presence and drive more traffic to their website."

    Tom Tilaro, owner
    leatherfurnitureexpo.com

    "Justin has been a pleasure to work with. His expertise, creativity, and promptness keep us happy customers. 90% of our customers come see us because of how well our google ad words campaign is managed. We wouldn't be here if it wasn't for his website development and ability to utilize online marketing. Thanks Justin!"

    David Anderson, owner
    flooringhq.com

    "Justin and his crew at Alchemy Marketing are the bomb-diggity! Everything I need, and everything I envision, comes to life quickly and effectively through their expertise. When I'm not sure what I want or need, Justin's suggestions always point in the right direction!"

    Karen Pelot, owner
    pelotandassociates.com
    Alchemy Marketing
    2708 Hazelhurst Ave Orlando, FL 32804
    (407) 809-4090

    Privacy Policy
    Disclaimer
    Sitemap
    Accessibility

    How to Create A Privacy Policy for Your Website

    It used to be that only professors, lawyers and people with tin foil hats cared about Privacy Policies and the protections afforded to their data. While it’s unfortunate that it took numerous privacy scandals and abuses to get here, privacy is now something that is at the top of mind for both lawmakers and consumers.

    If you are unsure as to what a Privacy Policy is, it’s a legal agreement that is posted on your website and informs users of your privacy practices. It usually discloses what information you collect on your site, what you do with that information and who you share it with. In this article, we will discuss:

    • Why your website needs a Privacy Policy;
    • What your Privacy Policy should contain; and
    • Some tools to use to create a Privacy Policy in case you don’t feel comfortable creating your own.

    So grab your tinfoil hat and let’s get started!

    Does your website need a Privacy Policy?

    One of the main misunderstandings in this space right now is which websites need a Privacy Policy. Some people believe that if your website is secure then you do not need one, or that if you do not sell the personal information then you’re fine. The truth is that this is just not the case.

    Here’s a good rule of thumb – if you are collecting personal information on your website, you need a Privacy Policy. “Personal information” includes information such as name, address, email and phone number. If your website has a contact form or a newsletter sign-up form, then it is likely that you’ll need to have a Privacy Policy.

    If you collect personal information on your website, the following laws may require you to have a Privacy Policy:

    • General Data Protection Regulation;
    • California Online Privacy Protection Act of 2003;
    • California Consumer Privacy Act; and
    • Nevada privacy law – SD220.

    These laws are crafted to protect the privacy of the citizens of that particular state, not the businesses. This means that these laws apply to businesses regardless of where they are physically located.

    So, just because you are not located in California or Nevada, does not mean that you are free and clear. Some of these laws do not have a revenue requirement either, meaning that they can apply to small businesses, as well as large ones. Here is an article on these laws that may help you gain some insight into whether they apply to you. If you are unsure whether the law applies to you or not, the safest bet would be to just meet the requirements.

    Since privacy practices have grabbed the attention of lawmakers, over a dozen other states have proposed and are considering passing their own privacy laws. It’s important to note that these bills are to protect the citizens as well, and not the businesses. These bills will require you to make additions and amendments to your Privacy Policy and will impose hefty penalties for non-compliance.

    Lastly, your website needs a Privacy Policy because having one will help foster consumer trust, taking your clients down the path to purchasing. After being swindled by large corporations such as Facebook and Google, consumers are now hyper-aware of their privacy rights and want to make sure that whoever they buy from respects those rights. If you don’t have a Privacy Policy, you may lose that business to a competitor who does. Having a Privacy Policy will show your clients that you are a trustworthy company, making it more likely that they will buy from you.

    You need a Privacy Policy to avoid hefty penalties for non-compliance. It will also help to foster consumer trust, guiding your clients down the path to purchasing.

    What should a Privacy Policy consist of?

    Now that you know that you need a Privacy Policy, you probably want to either evaluate your own policy to make sure it’s compliant or you may want to jump in and write a new one. Here is a list of the basic information that you need to cover in your Privacy Policy:

    • Who you are – list who operates the website. If you are working on your own, without a company name, you should list your name. If you are working under a company name, such as an LLC or a Corporation, then list that information.
    • Who the Privacy Policy applies to – does the Privacy Policy apply to all visitors to your website? Does it apply only to the people who give you their private information? Does the visitor have your permission to use the website if they do not agree to the Privacy Policy?
    • What information you collect on your website. Go through your website and determine what information you collect. Do you collect it on an email newsletter sign-up form or a contact form? Personal information is information that can be used to identify someone and include the following examples:
      • Full name;
      • Home address;
      • Email address;
      • Social Security Number;
      • Passport number;
      • Credit card details; or
      • Log in details.
    • What you do with the information that you collect – here you’ll want to set forth how you use the information that you have collected on your website. Some examples can include:
      • Contact the person;
      • Answer questions;
      • Send email newsletters;
      • Send products; or
      • Allow downloads of resources or software.
    • Who you share the information with – if you share the visitor’s information with anyone, you must disclose that as well. For example, you may share the information with your website developer, your accounting software, your customer management system or a third-party vendor who helps you with shipping. You can disclose the specific names of the companies that you share the information with or you can list their categories.
    • Cookies – you must disclose whether your website uses cookies. A cookie is a small file which asks permission to be placed on a user’s hard drive. Cookies allow websites to respond to a user as an individual and is tailored to remember the users’ preferences. Cookies enable many common features of sites and failure to collect some cookies may cause the site to break. If you do collect cookies, you need to disclose this practice in your Privacy Policy.
    • Analytics programs – if you use Google Analytics to understand your website’s performance, you are required by Google’s Terms of Service to have a Privacy Policy and disclose this practice in the policy.
    • Do Not Track – DNT is a web browser setting that requests that a web application disables its tracking of an individual user. While there is no requirement for your website to respond to DNT signals in a particular way, you are required to disclose how your site responds.
    • Changes to the Privacy Policy – you should provide the visitors with information on how you will let them know if you make changes to your Privacy Policy. Will you notify them or not? How much notice will you give them of new terms?
    • Contact us information – where can the visitors contact you if they have any questions about your Privacy Policy?

    The above is a list of the most basic disclosures that you need to have. There can be additional disclosures based on what privacy laws apply to you and your business. Furthermore, the required disclosures will change once new laws are passed.

    Changes to Privacy Policies

    Let’s say that you have reviewed the list above and added the basic disclosures to your Privacy Policy. Is there anything else that you need to do? Yes. Consider the fact that the disclosure requirements change based on whether a law applies to you.

    For example, if the Nevada privacy law applies to you, you will need to disclose whether you sell the personal information of Nevada residents and how they can request that you stop those sales.

    If the General Data Protection Regulation applies to you, you need to make additional disclosures such as:

    • The consequences of failure to provide the information or the withdrawal of consent;
    • Whether you have a Data Protection Officer;
    • The rights of European Union citizens;
    • Your information retention period;
    • Whether you use the information collected for direct marketing and how the visitor can opt out of such use;
    • The location where you process the data; and
    • If you plan to transfer the data to other countries.

    Because there are new laws that are being proposed and passed on a frequent basis, the disclosures that you are making on your Privacy Policy will need to change as well to ensure that you are always in compliance.

    Privacy Policy tools

    Even though you came to this post to learn about what to include in a Privacy Policy, writing one yourself may feel overwhelming. There are a lot of laws that require you to have one if you collect personal information, and all of these laws have different disclosure requirements.

    This means that you’d have to read each law, cases that apply to those laws and opinions of experts on how to best write a Privacy Policy. Once you are doing all of that, there are new laws that are being passed on the subject, requiring you to study new information and spend your time updating the policy. It’s all a lot of work and, let’s face it, you probably have better things to do.

    Here are a few Privacy Policy tools that you may want to consider instead:

    • Hiring an attorney – hiring a data privacy attorney who has experience in writing Privacy Policies is probably your best choice. He or she will ask you some questions about your website and data practices and will write a Privacy Policy based on that information. Note however that most lawyers do not just update your Privacy Policy when the laws change without charging you extra and some lawyers may not notify you of the changes required at all. Furthermore, lawyers are a bit pricey, usually charging a few thousand dollars for a Privacy Policy. While this may be a good choice if you have the money, it is possible that hiring a lawyer may not be a viable option for most small businesses.
    • Using a Privacy Policy generator – Privacy Policy generators require you to answer some questions and then generate a policy for you through their software. Here are some good options:
      • Termageddon is a Privacy Policy, Terms of Service, Disclaimer and End User License Agreement generator. Note that their Privacy Policy includes a cookie policy and their Terms of Service includes a Return & Refund policy. They will automatically update all of your policies at no charge whenever the laws change so that you can focus on other things.
      • Termageddon is $10/month or $100/year and all policies are included in that price. It will take you less than 15 minutes to set up your policies and they offer a set it and forget it type of solution.

      • Termsfeed is a Privacy Policy, Terms of Service, Disclaimer, Cookie Policy, End User License Agreement and Return & Refund Policy generator. Termsfeed notifies their users whenever the laws change. They offer a free solution for limited protection and a paid solution for full protection options. They charge based on the protections that you select when answering the policy questionnaires. You can find more information about their prices on their pricing page.
      • PrivacyPolicies.com. PrivacyPolicies.com is a Privacy Policy generator. They do not update their Privacy Policies when the laws change. They offer a free solution, which does not include compliance with the California laws, nor compliance with GDPR. Their paid solution varies in price based on your needs but the charge is $14.00 for California law compliance and $24.00 for GDPR compliance. More information can be found on their pricing page.

      If you do choose to go with a solution for your Privacy Policy needs, make sure that you choose a company that is trustworthy and that will help you keep up to date with the changing laws.

      Having a Privacy Policy for your website is crucial – it is required by law for most websites, will help you avoid fees and penalties for non-compliance and will establish trust with your customers.

      Make sure that your Privacy Policy contains all of the required disclosures and that you have a plan for keeping up to date with the law. And, if all of that sounds overwhelming, then check out some of the tools suggested above for a hassle-free solution.

      This post should not be taken as legal advice.

      Author Bio

      Donata Kalnenaite is the President of Termageddon, a Privacy Policy generator that automatically updates its policies whenever the laws change. She is the engineer behind over a thousand policies, is a licensed attorney and a certified information privacy professional.