YOUR PRIVACY POLICY READY IN MINUTES

A privacy policy is a document that states what personal data you collect from your users, why, and how you keep it private. The purpose of the privacy policy is to inform your users about how their data is being handled.

Most countries have privacy laws that require websites collecting personal data to have a proper privacy policy in place. Failure to comply can result in hefty fines and even prosecution.

You probably do. If your website collects personal data, you need a privacy policy. Most websites collect user data. It often happens via cookies without the website owner even being aware of it. If your website is hosted, or if you use features like plugins, social media buttons, or analytics tools, then your website may process user data. Find out if your website uses cookies or online trackers with our free website compliance scanner.

A privacy policy should include the following:

• Identification of the site owner and contact details
• Details about the data being collected and how long it is kept
• The legal basis and purpose for data collection
• Specific purposes for which the data is collected
• Categories of personal information collected from website visitors
• Third parties that may receive the data
• Information on cross-border data transfer and related safety measures
• User rights and how to exercise them
• The process for notifying users/customers about changes or updates to the privacy policy
• The effective date of the policy
• Information on the right to lodge a complaint with a supervisory authority

Depending on the nature of your website or business, your policy may require more information. Your website may also require other policies or legal agreements to be in place.

From time to time laws and third-party requirements are amended and updated. It’s important to make sure that your policies meet these latest requirements. You should seek legal counsel to ensure you know when your policy needs to be updated.

Some websites and businesses may require more than just a privacy policy. If your business needs to adhere to regulations like the GDPR, you might also need to consider implementing a cookie consent solution. Depending on the nature of your website or business, you may also require other legal agreements. For instance, ecommerce websites may need a return policy and a shipping policy.

Legal agreements like Terms and Conditions are also important for safeguarding your business. These agreements, also known as Terms of Service or Terms of Use, serve as a contract between the website and its users. You can use them to outline the rules for using your website or to define what’s considered prohibited user conduct.

A separate cookie policy may not be necessary if you include all the necessary cookie information in your privacy policy. In that case, your privacy policy should include the essential privacy details along with the required cookie information. However, for clarity and to adhere to cookie regulations, it may be better to maintain a distinct cookie policy alongside your privacy policy. This supports readability and compliance with all cookie-related requirements.

The GDPR privacy policy serves as a public declaration outlining how your online platform handles the personal data of its users and other relevant parties and how data protection principles are applied. You can find detailed guidelines for crafting a privacy policy in Articles 12, 13, and 14 of the GDPR.

The privacy policy requirements in Germany, which are governed by The Telecommunications Digital Services Data Protection Act, (TDDDG) and reference the GDPR, include the need to provide the controller’s identity and contact details, the Data Protection Officer’s contact details, a detailed description of processing activities and their purposes, information about the data processed, the legal basis for processing, details about special categories of personal data, recipients of the data, usage of third-party services, data transfers to third countries, data storage duration, guidance on exercising Data Subject Rights, consent withdrawal options, complaint procedures, and disclosure of automated decision-making.

In Denmark, the Databeskyttelsesloven (Data Protection Law) incorporates GDPR article 13, which outlines the essential information that must be provided to individuals when their personal data is collected. This includes disclosing the identity and contact details of the data controller, the contact information of the Data Protection Officer (DPO) (if applicable), the purpose and legal basis for processing, any legitimate interests pursued, the categories of recipients, any intended data transfers to third countries, the right to object to processing, and the categories of personal data if the information was not obtained from the data subject.

Based on a specific assessment, supplementary details such as guidance on access rights and the right to file complaints with the Danish Data Protection Agency may also be necessary.

he key legislations governing privacy policy requirements in Portugal are the Portuguese Data Protection Law, which adapted the GDPR into Portuguese law, and the Article 29 Working Party Guidelines on Transparency alongside GDPR requirements.

The requirements for privacy policy in Portugal are aligned with those of the GDPR. This includes providing detailed information to data subjects and conducting privacy impact assessments where “high-risk” processing is carried out. While there is no strict requirement to provide information in Portuguese, there is a risk that English may not be considered intelligible.

The implementation of the EU’s new legal framework, including the GDPR and the Personal Data Processing Act 2019 (ZZOÚ), modernizes data protection in the Czech Republic. ZZOÚ re-creates a supervisory authority for data protection — the Data Protection Authority (Czech DPA). The GDPR directly affects privacy in the Czech Republic, but ZZOÚ provides additional provisions to accommodate national requirements, especially in sections 5 to 15.

The Czech Republic’s privacy policy, in line with GDPR, mandates the inclusion of specific information, such as the controller’s identity and contact details, the purpose and legal basis for processing, any recipients of personal data, details of international transfers, the length of the data storage period, data subject rights, consequences of failing to provide data, and information on automated decision-making and profiling. Controllers must also inform data subjects of any further processing of existing data for a new purpose.

English, Italian, German, Dutch, with more languages coming soon.

The privacy policy generator supports GDPR compliance, as well as compliance with the CCPA/CPRA and US state-level privacy laws, with additional regulations to follow soon.