Skip to main content
Asked a question 10 months ago

What do I need to include in my privacy policy?

Where am I?

In ProjectArmy Community you can ask and answer questions and share your experience with others!

This information is provided for general information purposes only and does not constitute legal or other professional advice.

That's a good question, Ruby. Complying with privacy laws can be tricky, but they are designed to protect people from companies that may abuse private user data.

To understand what you need to include in your privacy policy13, you need to figure out what privacy laws apply to you and your visitors/users.

This is an important thing to understand. It's not just what privacy laws apply to you based on where you are located, but it's very important to understand what laws apply to your visitors that you must comply with. 

Many website owners fail to provide an accurate privacy policy because they focus on local privacy laws. 

For example, if you're located in California you might create privacy policy to comply with CalOPPA and CCPA16. However, if your website has visitors from the European Union and they can leave a comment or contact you through a form you must comply with GDPR and PECR16 (cookie law).

Here are a few pointers to help you figure this out:

  • If you're a local business catering to local customers (coffee shop, restaurant, plumber, etc.), you need to comply with your local privacy laws (city, state/provincial, federal).
  • If you're an ecommerce business shipping internationally, you must comply with local and international (where your customers are located) privacy laws.
  • If you're a blogger and write for anyone to read, you must comply with international laws. In most cases, you can't control who visits your blog, leaves a comment, subscribes to a newsletter, etc. 
  • If you're a blogger and you're writing for a local audience (local news, local reviews, etc.), you'll need to comply with your local privacy laws.

If none of them fit your situation, ask yourself "where do my visitors/users/customers live?" That will help you understand which privacy laws to comply with.

At ProjectArmy, we cater to an international audience. Since GDPR is the most comprehensive privacy law out there, complying with it ensures we also comply with most other privacy laws. That's why we extend GDPR protections and benefits to all our users. This simplifies our compliance, although it does add a bit more work.

Since I don't know what privacy laws you need to comply with, I'll give you general guidelines to help you be compliant with GDPR. That should also cover other privacy laws too.

  • Who is the owner of the website/business
  • What data do you collect? 
  • How is data collected?
  • What is the legal basis for collecting this data? (GDPR requires it and others may ask about this too. For example, consent, necessary for your service, legal obligation, etc.)
  • For which specific purposes are the data being collected? (For example, analytics, email marketing, order fulfillment, etc.)
  • CCPA requires categories of sources from which you collect personal information.
  • Which third-parties have access to the information? (For example, Mailchimp, Google Analytics, etc.)
  • Will any third-parties collect data through widgets or integrations? (For example, social share buttons, Facebook login for comments, popups, etc.)
  • If applicable, information about cross-border/overseas data transfer and what measures were put in place to ensure it's done safely and securely. (GDPR and AU APP laws require it).
  • What rights do users have? Can they see what data you have on them, change it, block it, delete it? (GDPR requires this)
  • Information on the process for notifying visitors/users of changes to the privacy policy
  • Effective date of the privacy policy

If you want to see an example of a privacy policy that covers everything, check out our own privacy policy17.

It's frustrating to comply with all the privacy laws. You shouldn't write your own privacy policy unless you're an attorney. I recommend you Google for privacy policy templates to give you a head start, so you don't have to write it from scratch. It'll make your life easier.

Our privacy policy is managed by Iubenda. They provide an easy platform to generate attorney-level privacy policy and cookie notice. It's only $27/year. It's very cheap compared to the service they provide and hours of frustration they saved me. I highly recommend it.

All ProjectArmy customers that sign up with Iubenda receive free assistance in setting up privacy policy and cookie solution on their WordPress websites. Create a ticket, and we'll help you get set up.

ProjectArmy is Iubenda Certified Partner.

Related Questions

No related questions.