By now you probably realize that privacy policies are complex legal documents and it’s very important that they’re legally sound and customized to your actual business processes, site, and needs. For this reason, we strongly advise against trying to write clauses yourself.
You’ll need to identify the data controller (you/your business). If the Owner is a legal entity, it is necessary to indicate the personal details, together with the residence or registered office, as well as contact details. Click here for more information on identifying details of data controllers.
Include the effective date of the policy. This means the date that the policy goes live and comes into force.
Identify the categories of data you’ll be processing, and state the reasons why. For example, if you have a newsletter, you might be processing first names and email addresses. The reason for this might be in order to send newsletters. Keep in mind that even IP addresses can be personal data.
Identify any third parties you share data with. This includes all integrations you have running on your site. Things like social plugins, google analytics, gravatar or other comment management plugins, web fonts, and more. Not sure what third-party integrations are running on your site, try our free site scanner.
List rights granted to the user under the law. This can include things like the Right to be informed, the right to access, do not track requests, etc. These rights vary depending on which law applies to BOTH you and your users.
More on compliance for bloggers and web publishers
This article is a part of our series on compliance for bloggers and web publishers. Read also:
contains clauses written by actual legal professionals,
allows you to customize your document based on your individual needs entirely,
gives you helpful info and tips about each clause before adding it, and
lets you go back in and edit or modify your documents when your business needs to grow or change.
How iubenda can help