What is a privacy policy?
A privacy policy is a document in which the data owner (the person or entity that runs a website/app) outlines the methods, purposes and in some cases legal justification, of its processing of personal data. Privacy policies should also outline the rights that users have in relation to the processing of their data.
Privacy policies typically include information about:
- the types of data collected,
- how and why it is used,
- with whom it is shared,
- how it is protected, and
- users rights over this data.
You have probably seen privacy policy links on most if not all websites you’ve visited. It is commonly included in the footer so users can access it at all times.
Do I need a privacy policy for website?
No matter if you’re running a small or large website, a web or mobile app, a blog, an eCommerce or a newsletter (just to name a few examples): if you collect personal information from users, you need a privacy policy. It’s required by law and by third-party services you may use.
All that is required to trigger this obligation is the presence of a simple contact form, Google Analytics, a cookie or even a social widget: if you’re processing any kind of personal data, you definitely need one (even IP addresses can be considered personal data!).
- the types of data collected,
- how and why it is used,
- with whom it is shared,
- how it is protected, and
- users rights over this data.
Privacy Policies are Required by Law
The most important reason you need a privacy policy is to comply with data privacy laws.
Under the vast majority of legislations including the GDPR in Europe and most US State Laws, if you’re processing personal data you’re generally required to make disclosures related to your data processing activities via a comprehensive privacy notice.
As a result, this legal document is required by law in order to inform users and meet disclosure and transparency requirements.