Your Business Needs a Website Privacy Policy, but What Should Be in It?

Related Posts
  • The NLRB Limits Non-Competes Read More
  • Who’s In Charge Here? Key Roles in Corporations and LLCs Read More
  • Yes, It’s Personal: Authentic Emotion in Negotiations Read More
/
privacy policy depiction of user information

If your business has a website that collects or utilizes any personal data from visitors—even if you do not sell products or obtain personal or credit card information from them—then you need to have a detailed privacy policy visible on your website.

A privacy policy protects your business from potential privacy violations. A well-drafted policy outlines what information your business collects, how your business uses this information, whether your business shares personal data, and how users can contact you regarding questions about the data or the policy.

Some key information to consider including in your privacy policy is outlined below. Because of the detailed nature of privacy laws, we highly recommend that you work with an attorney to prepare your privacy policy.

  1. What information does your website collect? Your privacy policy should begin by outlining the information your website collects. Do you have a “contact us” page where website users input their name, email, and reason for contacting you? Can users sign up for your newsletter through your website? Maybe users can browse open employment positions and even apply through your website. However users interact with your website, they are likely providing some sort of information, and you should provide notice of that data collection. Your policy should also state that whatever information a user submits to the website is voluntary.
  1. How does your company use this information? If a user submits their email address to your site, are they agreeing to receive a digital newsletter? Will you also send other marketing information? If so, this should be specified in the privacy policy. If your business sells products or services, the policy should indicate that the information provided will be used for shipping and customer services inquiries.
  1. Does your company utilize cookies? Cookies are bits of text that are placed on a computer’s hard drive to collect certain information by automated means. Companies may use cookies to tell them, for example, whether a user has visited the website before. We are all familiar with the ubiquitous cookie consent pop-up on websites. Although using such a notification is not required, your privacy policy should spell out whether you utilize cookies and, if you do, provide details regarding the information the cookies collect.
  1. Does your company share the data it collects? One of the main purposes of a privacy policy is to inform website users of whether and how you share personal data. If there is any possibility that you will share personal data, it should be disclosed in the policy. Even if you do not intend to actively share personal data, you may still have to share data (such as email addresses) to your service providers or if required by law. Your site may also ask users to consent to sharing their data at some point in their web journey on your site, and your policy should make this explicit.
  1. Rights regarding personal data. Users have certain rights regarding the collection and processing of personal data, and these rights must be delineated in your privacy policy. A few of these rights include the right to know whether (and for what purposes) the business processes personal data; the right to access, modify, and correct personal data; and the right to know if (and to whom) the business has shared the data, and for what purposes the data was shared.
  1. Accessing and modifying personal data. As mentioned above, users must be able to obtain personal data obtained by your business. You should explain this in the policy and include contact information for how someone can reach out to your business. Be sure to keep this information updated.
  1. Minors’ information. By law, privacy policies must state that the website is not directed towards children. If the business learns that it has collected information from individuals under the age of 18, they must take immediate steps to delete the information.

These provisions are only the most important and most common components of a website privacy policy. Your specific business may require additional notices or explanations to remain compliant with the law, reduce liability, and best serve your website visitors. Reach out to a knowledgeable attorney should you have any questions about your website privacy policy.