What is a Privacy Policy?
A privacy policy is a statement that discloses some or all of the ways a website collects, uses, discloses, and manages the data of its visitors and customers. It fulfills a legal requirement to protect a visitor or client's privacy.
As awareness and concerns about the protection of personal information is increasing worldwide, it is very important that businesses, both small and large, implement and provide users of their websites with comprehensive privacy policies.
Countries around the world have their own laws with different requirements per jurisdiction regarding the use of privacy policies. You should make sure you are following the legislation applicable to your activities and location.
​
​
Important: The explanations and information provided herein, are only general and high-level explanations, information and samples. You should not rely on this article as legal advice or as recommendations regarding what you should actually do. It is highly recommended to have a professional assist you in the creation of your Privacy Policy. Copying terms from other websites is not good practice and is likely to lead to legal and compliance exposures.
There are multiple aspects of privacy law that all website owners must comply with when handling personal information. Below is a list of topics you should consider when implementing a privacy policy for your website:
1. What type of information do you collect?
​
Clarify which type of personal information you collect from your users/visitors, for example: email, name, IP addresses, billing details, social security number, etc. Collected information may be provided by the visitors and users of your website or collected automatically through monitory tools.
Sample: “We receive collect and store any information you enter on our website or provide us in any other way. In addition, we collect the Internet protocol (IP) address used to connect your computer to the Internet; login; e-mail address; password; computer and connection information and purchase history. We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page. We also collect personally identifiable information (including name, email, password, communications); payment details (including credit card information), comments, feedbacks, product reviews, recommendations, and personal profile”.
2. How you collect the information
In this section you will have to explain what your process is to collect personal information. For example: when your client sends you a message through a contact form; when they purchase a product in your store; or when they subscribe to your newsletter, etc.
Sample: “When you conduct a transaction on our website, as part of the process, we collect personal information you give us such as your name, address and email address. We assume that you agree to the collection of your personal information and that it will be used for the specific reasons stated above only.”
3. How you store, use, share and disclose your visitor’s personal information
The privacy policy must detail how you store and use the personal information collected. Also, you should inform the users of the website if, when and how such information is shared with third parties and/or with legal enforcement agencies, according to applicable local regulations.
Sample: “Our company is hosted on the Wix.com platform. They provide us with the online platform that allows us to sell our products and services to you. Your data may be stored through Wix.com’s data storage, databases and the general Wix applications. They store your data on secure servers behind a firewall.
All direct payment gateways offered by Wix and used by our company adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of credit card information by our store and its service providers”.
4. Communications
If applicable, explain to your users/visitors which means are used (e.g. email, text message, mailing, etc) and for what purposes (example: campaigns, promotions, updates, etc). Explain how you will contact them by using personal information collected on your website and how they will be able to opt out of receiving such messages.
Sample: “We may contact you to notify you regarding your account, to troubleshoot problems with your account, to resolve a dispute, to collect fees or monies owed, to poll your opinions through surveys or questionnaires, to send updates about our company, or as otherwise necessary to contact you to enforce our User Agreement, applicable national laws, and any agreement we may have with you. For these purposes we may contact you via email, telephone, text messages, and postal mail.”
5. Inform if you use cookies and other tracking technologies
In case your website tracks personal information, through the use of cookies, for example, this must be explicitly brought to the attention of the user. Be clear about what tracking mechanisms (e.g. cookies, Flash cookies, web beacons, etc.) your website employs, what personal information they gather and why they are being used.
Please note: Third Party Services (Such as Google Analytics or applications offered through the Wix App Market) placing cookies or utilizing other tracking technologies through Wix´s services, may have their own policies regarding how they collect and store information. Such practices are not covered by the Wix Privacy Policy.
When using the Wix platform, the following cookies will be stored on your visitors computer. View cookies.[1]
6. How your users will be able to withdraw their consent
Explain how your visitor will be able to withdraw their consent for collection of personal information and their ability to delete or change the collected information.
Sample: “If you don’t want us to process your data anymore, please contact us at XXXXXX@youremail.com or send us mail at: [YOUR ADDRESS]”
7. Ability to update the Privacy Policy
Inform your users about your ability to change/update the privacy policy.
Sample: “We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it”.
8. Questions and Contact Information
Provide valid addresses/channels in order for your users/visitors to be able to contact you.
Sample: “If you would like to: access, correct, amend or delete any personal information we have about you, you are invited to contact us at XXXXXXX@youremail.com or by mail at XX”
needs a link