How to Write a Privacy Policy for your Website

Chloe Bucknell

A Privacy Policy is crucial for any online business.

Without one, you risk colliding with legal issues that could have been avoided.


Privacy Policy & Data Collection

When visiting websites, data is taken from the consumers browsing habits.

Why do websites want us to do this and why is it beneficial?

When you have someone’s browsing or buying data, you can personalise what they see using algorithms.

It is a very effective marketing strategy as it allows you to direct consumers to goods and services that they are likely to purchase.

Though, in recent years with scandals about data protection and information being sold internationally, a lot of consumers have become more conscious about which websites can have their privacy.

People are a lot more sceptical in agreeing to terms and conditions.

Alongside consumer scepticism, laws are being put in place to help protect the consumer from unwarranted data collection.

This gives the power back to the consumer.

Due to this, it is paramount that you have a privacy policy on your website.

This is so when traffic first arrives, they can read and agree to data collection to put them at ease.

They can then actively see what data you want from them and what the intention behind the data collection is.

Including one is beneficial to both parties.

Today, I will help you learn the do’s and don’ts of an effective privacy policy and explain how to write one for your website, covering all grounds and keeping within the law.

How to actually write a privacy policy

It is essential that you write an effective and thorough policy.

The policy can be used to protect the company if the consumers dispute how the data is being used as they have given consent to how you use it.

There are many ways you could write your privacy policy; the most accurate and precise way would be to hire a lawyer to write on up for you.

This option is an expensive investment but allows for more control as well as a personal tailoring to what you are looking for.

However, if you are a small business or do not need a super precise policy there are many cheaper options you can use.

Online you can find many generators for policy creation.

Such as, or where you can personalise a pre-set policy that fits your business and helps you learn the type of jargon you need to use.

Or… you could write your own using a template.

This gives you the freedom and preciseness of the lawyer option, but it’s also budgets friendly which is perfect for a smaller business.

Find a template online that fits what you are looking for and start from there.

Add what you need as a company and remember to cover all aspects.

If you really don’t want to use any pre-sets or templates but don’t want to fork out for a lawyer either, you can write your own policy from scratch.

This may take longer and you’ll need to research what to include to cover all basis, but it does give you total control.

You want to include aspects such as:

What data you will collect and how you will use it

Methods of collection

Customer communication

Redress and security information

Child privacy

Future changes

Contact information

  1. What Data you will collect and how you will use it

You need to list everything you wish to gather from your consumers.

This could include (but not limited to): Name, age, address, email, phone number, interests, browsing history.

Make sure to be explicit in what you want so the consumer is clear and there will be no legal misunderstanding.

After listing exactly what you want, explain what you will do with it.

Popular explanations could include “Marketing research” or “To help you have a smoother browsing experience.”

Go on to explain that it is to tailor your experience to make it easier for you to find what you want.

2. Methods of collection

 A lot of methods are obvious, such as billing address and bank details at checkout, or email address/phone number, name and age when signing into an account if your website requires so.

For any of the non-obvious method collection, make sure you outline how you will take the information in the previous point.

3. Customer communication

If you plan to further contact the consumer after their visit to the website, you need to explain how you will do so.

For example, a lot of websites send emails with promotional deals or weekly newsletters, if this is the case you must make the customer aware.

If it goes further such as texts, leaflets also explain this.

It is always best to be clear so you can build a trust relationship with the customer.

Make sure nothing is unexpected because it helps keep a positive image of the company.

Also, keep an opt-out option (or opt-in) when consumers give details.

For example, when signing up with an email have a button that reads on the lines of “I do not want to receive promotional emails from the company.”

This gives a sense of control to the consumer.

You can also say that it may negatively impact their browsing experience because “by opting out you may not have access to personalised deals.”

4. Redress and security information

For obvious fraudulent reasons, we are most sensitive about giving out our credit/debit card details as well as any other financial data.

Ensure that you state how you keep their details safe (through encryption) and what you do with them e.g delete them after use or after a certain amount of time without purchase.

Depending where you are in the world depends on what you can legally do with this data.

The goal here is to get your consumer base to trust you with their details.

They won’t buy anything if they don’t feel safe inputting sensitive data and you as a company will lose out on revenue.

To help with this, make sure you clearly state the consumer rights of the country you live in regarding data and how to go about exercising them.

You also need to include how to contact the business if the consumer feels unsure or unsafe with there details being online or if they think there has been a breach.

This creates a safety net for both your business (informed if there is a possibility of a breach) and the consumer knowing they can act if need be.

5. Child Privacy

Under the UK law, a child under the age of 13 cannot consent to privacy policies.

Therefore, it is your responsibility to make sure you check the consumer age before continuing.

Include a check box stating “to continue confirm you are over the age of 13” or a date of birth section in registration which denies customers under the age of 13.

Remember to include that you do not purposely collect data of children under the age of 13 to cover the basis that people may lie about their age.

6. Future Changes

If your policy changes for any reason you need to make sure you have alerted people who have previously accepted the policy.

In your current privacy policy include a clause stating you reserve the right to change the policy at any point and they will be alerted so (via email, text or other) customers can revisit and read the new policy.

They can therefore make an informed decision if they wish to continue using your site.

7. Contact Information 

Include your contact information to allow transparency between you, as the business, and your customer base.

This increases the reputation of your business as the consumer can ring/email about any concerns they have allowing you to create that initial bond.

By doing this, you will be more trustworthy to the consumer.

If you follow these steps and include everything that may concern your business, you will be able to create a fully comprehensive privacy policy that covers all grounds.

This ensures trust between you and your consumer base.

Good luck!

George Bird

George Bird

Marketing Intern

CB Digital Nottingham Marketing Agency