It’s a legal requirement to have a website privacy policy if you run a business website. Here’s what you need to include in yours.
Privacy policy for website: do I need one?
The short answer is yes, if you have a website for your business (or run any other website that collects data on visitors) then you need a website privacy policy (also called a website privacy notice).
The website privacy policy is a legal requirement that lets your website’s visitors know about how you collect, handle, store and potentially also share their personal data. It needs to comply with the UK General Data Protection Regulation (GDPR), which is now part of the Data Protection Act 2018.
Whatever the purpose of your business website, it’s likely to collect data on visitors. Even if your website is just a ‘shop window’ featuring a blog and your contact details, it’s still collecting data on visitors (for example, if you use website analytics tools, these usually give you details like how much time a user has spent on a particular page).
If your business website is an online shop, meaning that you collect personally identifiable data and take payments, then your website privacy policy will need to go into more detail. That’s because you’ll need to give your visitors details like how long you store this data.
You’ll also have responsibilities around securing this data and how to approach data breaches.
Ultimately, under the GDPR, a person has the ‘right to be informed’ about how their data are being used. This is one of the most important transparency principles of the legislation and your website privacy policy should explain this in a clear and simple way.
What do I put in my website privacy policy?
Firstly, it’s important to get to grips with the key themes of the GDPR. These should help you understand the ‘whys’ behind your website privacy policy.
Your privacy notice isn’t simply a box-ticking exercise, because as customers become more savvy about their data, they’ll favour businesses that are open and transparent about how that data is being used.
You should do a data mapping (or data audit) exercise, which will establish:
- the types of data you hold
- why you use them
- the legal basis for using them
- details of when and how you share the data
After doing this exercise, you’ll be in a good position to fill out your own website privacy policy.
Website privacy policy terms and definitions
In a typical website privacy policy template, you may come across general categories of data. You should explain which data you collect and how long you retain it, this includes:
- identity information (including name, gender, marital status, date of birth)
- contact information (including email addresses and phone numbers)
- account information (including usernames and passwords)
- payment information (including bank account and card details)
- transaction information (including details of goods and services)
- survey information (including information collected in surveys and feedback)
- marketing information (including a user’s marketing and communications preferences)
- website, device and technical information (including browsers and IP addresses)
You can also detail which ‘special information’ (if any) that you collect on your users. This is data that need more protection because they’re sensitive, and includes information like race, politics and religion.
Your website privacy policy should then outline the purpose behind collecting the data, along with the legal reason. There’s also sections on how you share the data, as well as your visitor’s rights under data protection law.
Not all parts of this privacy policy example will be applicable to all businesses. As data protection is a complex and important topic to get right, be sure to take legal advice on your business’s privacy policy and your wider data controlling activities.
More policy guides for your small business
Take a look at some of our other guides designed to help you and your small business.
- Employment contract template
- Leave of absence policy template
- Annual leave policy template (holiday policy sample)
Other useful resources for your website privacy policy
Data protection is a huge subject, so it’s a good idea to do all the research necessary to make sure you’re getting your website privacy policy right. Check out more guides here:
- our guide to the Data Protection Act 2018
- how to create a business website – a step-by-step guide
- a general privacy notice template, which goes beyond digital interactions
- an employee, contractors and workers privacy notice
- the ICO’s (Information Commissioner’s Office) guide to the UK GDDPR
Small business guides to running an online business
- How to take payments online
- How to advertise your small business
- How to respond to online reviews
- What type of business insurance do I need?
Looking for employers’ liability cover?
As the UK’s biggest business insurance provider, we specialise in employers’ liability insurance. We’ll run you a quick, tailored quote right now online, and let you decide if we’re a good fit.
Photo: Jacob Lund/stock.adobe.com
This block is configured using JavaScript. A preview is not available in the editor.