We offer graphic and web design solutions globally
Manila: +63-998-545-6310

Louigi in Web Design, Web Dev on January 19, 2021

What are Privacy Policies on Websites? Does Your Business Need 1?

If you’re planning to create a website or have one created, the privacy policy page or statement is one of the most essential pages you must have. This is a requirement of law whenever a user provides private or personal data. It can range from browser cookies up to financial information. If you continue reading, we’ll tell you why it is considered an essential aspect of any website.

With this article, we define privacy policies, which businesses need a privacy policy, what does it contain, and how to write a privacy policy.

Although, please remember that while the information herein is useful, this article can’t be considered or recommended as legal advice. It’s better to consult a specialist in privacy laws within your country.

Defining Privacy Policies

Computer screen showing a mouse hovering over a file called security.

A privacy policy is defined as a statement on how a certain company collects, stores, secures, and utilizes personal or private data from its users or customers.

Personal or private data can include personally identifiable information such as names, birthdays, physical addresses, emails, telephone or cellphone numbers, social security numbers, and IP addresses, as well as financial information including credit or debit card details or PayPal accounts.

Typically, the privacy policy also includes how the company will use the information, how it will comply with legal requirements, and what users can do when the firm fails to meet the privacy policy.

Do I Need a Privacy Policy for My Website?

Short answer, yes, you need one. Any site that gathers any kind of information from users is required to show a privacy policy on their website.

From websites that track user behavior through cookies to those that ask for email addresses to send newsletters, a privacy policy is required for these sites.

Legally, every country in the world requires a privacy policy. So if you’re creating a website designed for worldwide reach, it’s better to have one handy just in case. Our legal advice is that you should include one in your online service, website, or app to ensure compliance with privacy laws and privacy practices.

Privacy and data protection laws vary by country and region, but they all have something in common which is how to protect data.

Private policies need to meet major laws and standards present in the United States and Europe such as General Data Protection Regulation (GDPR), ePrivacy, and Cookie Law.

Before these privacy laws, the internet was like the Wild, Wild West. Businesses with websites can pretty much do whatever they want with the personal information they collect. That’s why the Federal Trade Commission (FTC) and other governing bodies established data privacy laws that make sure that online businesses are required by law to post a public privacy policy.

However, this was not visible to many users since there were no stringent laws on how to properly present these. They may have a privacy policy, but going to it may be tricky. It might even be non-existent in some cases.

That’s why regulations were put in place to make sure that users have easy access to the privacy policies of businesses.

What are the Common Privacy Laws on the Internet?

In the United States and Europe, there are legislation and legal guidelines that will affect your website depending on the information gathered, how it is done, and how it is processed. The European Union offers more stringent and consumer-friendly laws and regulations applicable to them. Meanwhile, the US has several laws that cover specific regions and demographics but no specific and all-encompassing data protection law compared to the EU.

Applicable to the European Economic Area (EEA) is the aforementioned GDPR. In the US, the more notable ones are California’s Online Privacy Protection Act (CalOPPA), Children’s Online Privacy Act (COPPA), and California Consumer Privacy Act (CCPA).



This law applies to any firm collecting personal information and data from California residents. It entails that any website or online service shall conspicuously feature a privacy policy that states what personal info is collected and where it is shared. It also requires the business with the website or online service to comply with the privacy policy.


Though similar to CalOPPA, this legislation focuses on regulating websites that are aimed at children under the age of 13. It can also be applied to websites that knowingly collect information from users under the age of 13, such as certain social media sites.

Other Applicable Laws

A privacy policy violation leads to civil litigation under the Unfair Competition Law.

Recently, a new regulation was also enacted called the California Consumer Privacy Act (CCPA).



In Europe, GDPR is enforced on businesses that collect personal information and data from European residents. With this regulation, businesses must protect the personal data and privacy of citizens in the European Union (EU). Non-compliance with the law can incur heavy punishment to the violators.

Since it was passed, GDPR became law across the EEA, which standardized the information you collect and its use in the entire region.

Furthermore, any organization whose website is available in Europe that are collecting personal info are required to comply with GDPR, even if the company may not be located within the EU.

Requirements of a Privacy Policy

A privacy policy must typically contain statements and terms that are required by law. No matter what country or region a business is in, privacy laws typically have similar guidelines. Privacy policies must be easily seen and accessed by any website visitor. It must be concise, transparent, and intelligible that is written in clear and plain language.

GDPR and Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) also require that consumers should be aware of how their personal data is used when they provide consent for data processing.

This protects the right of users to know that their personal data is being given to businesses and they offer their consent for the data to be processed. Usually, this means that the website must provide a link to the privacy policy in the web form or interface where the data will be collected.
Why Should You Place a Privacy Policy for Your Website

If you’re running a website or app for your business, it’s important to let users and visitors know about the data you collect, the use of cookies, and the processing of contact information that your firm or third-party services might do.

Doing this ensures and fosters a safe and trustworthy electronic environment on the internet, as well as guarantees your business’s conformity with certain laws and regulations on privacy. A transparent environment enables consumers and people to feel more confident in your business.

Many people value their privacy and respecting their wishes lets you build stronger relationships with them. Abuse of their personal information regarding the data you collect can give stress and bad publicity to your firm or agency. This may lead to loss of business and mistrust of your services and products due to shady business practices.

From a business and legal standpoint, it’s more beneficial to include a privacy policy on your website, or mobile app if applicable.

Where to Add the Privacy Policy to my Website?

Now, it’s no longer a question if you need a privacy policy, it’s how you show it. It needs to be conspicuously displayed on your website, and easily accessible. Strategically-placed links to your Privacy Policy ensures that you are protected from possible privacy complaints and legal allegations.

In fact, websites are required to ensure users indicate that they have read the privacy policy before they have their personal info collected for your services.

Major websites or online services including Google and Facebook follow applicable laws and privacy policy requirements in their services and content distribution and marketing.

If you have a prominent privacy policy link or page throughout the website, customers are less likely to be able to say that they never saw it. Here are a few ways you can add your privacy policy.

Basic Navigational Links

Typically, the privacy policy must be seen where users normally navigate through the website. It can be included in the footer to ensure that every page and customer can see your terms of use.

Footer of MSN.com showing how links to privacy policies should be done.

In the image above, the privacy policy link can be seen alongside other important links in the footer. This will then be present on each page of the website. This ensures you always have an accessible privacy policy page.

About Us Section

You can also place the privacy policy on the About Us or a similar page of your website.

If you don’t have an About Us section, you can place a link to your privacy policy page in a menu or where other informational links could be present.


When you want users to submit their personal information, you can use webforms. So it’s very pertinent to display a privacy policy link near these forms. You can remind users that you will their data and they can respond to your privacy policy agreement. This way, they’ll know of your data processing and protection policies each time they send their personal data to your business.

Contact Forms

Another form that users can fill up with personal information is a contact form. Typically, they input their name, email address, phone number, or physical address in these forms. So it’s a good idea to give them a chance to view your Privacy Policy before they do. It can give them peace of mind and reassurance that you’ll take care of their personal data once they send it to your business.

Signup Forms

Similar to contact forms, signup forms ask for the personal information of a user or visitor. However, this kind of form implies the start of a business relationship. They give you permission to communicate with them, provide products and services, and even market and advertise your solutions and business.

Because of this, it’s important to let them know what you intend to do when they fill in the signup form. Through the privacy policy, you let them know how you secure their data and also segue into asking for their consent to the policy.

When you acquire their agreement to the privacy policy, you get a valid record that the user saw and agreed to your data processing policies and terms of service as required by law. According to the law, this can count as consent and conform to certain laws while ensuring you are protected against privacy complaints and disputes in the future.

If your website plans to use that consumer data to deliver personalized advertising, asking for their consent is very important. In alignment with GDPR, customers and users must provide clear and unambiguous consent for user data processing activities such as what your business might do in targeted marketing campaigns. A checkbox to verify their agreement to your privacy policy and consent to the user data processing is enough to conform to the regulation.

Most businesses use a checkbox to obtain consent and verification that they agree and read the terms of service and privacy policy in place. A user must check the box to demonstrate that extra step of agreeing to the terms and policy linked in the associated statement. Using checkboxes such as this is a really solid way to get clear and undeniable consent.

Checkout Forms

If you’re running an e-commerce store, you’ll typically have a shopping car checkout interface that may ask for a customer’s phone number, email address, and other personal data. This is a perfect time to remind and link your privacy policy and Terms of Service.

Customers need to know how their personal information will be collected, used, stored, and protected by a third party before completing their order and sending their personal data to you.

To comply with laws and regulations, website owners like to place the link to the Privacy Policy close to the continue or checkout button to ensure that customers can definitely see it.

If you plan to use the personal information collected for targeted marketing or personalized advertising, it’s imperative to include a consent checkbox in the checkout form as well.

Who Needs a Privacy Policy and Why?

If you’re an online business or utilize third-party services, such as analytics or advertising, or provide these third-party services yourself, you need to disclose your policy clearly and conspicuously.

Privacy policies are required for any site that gathers data from users, such as location, name, addresses as covered by privacy protection acts of several countries and territories.

E-commerce sites that track user behavior through cookies and even companies that send newsletters need them. A privacy policy is a legal requirement that firms must adhere to.

As stated before, all online services, sites, and apps need to include a policy before users can use their service. But the following are some more uncommon ones that need one as well.

Third-party Advertising

Blogs and other informational websites can generate income through advertising placed on their site by third parties. Services like Google Adsense and Amazon Affiliates are the common third parties that can provide these.

Since advertising involves collecting and processing data in order to provide personalized and targeted ads, privacy policies are a must in using them for your site.

Google Analytics

Like Google Adsense or other advertising services, this also gathers and processes information from visitors and users on your site or app. As such it is also covered by data-protection laws.

Payment Processing

Like the checkout forms for e-commerce sites, a website that processes payments is required to have a robust privacy policy. Under a country and region’s protection act, you must store and secure financial information, including credit cards, bank accounts, names, and addresses.

How to Write a Privacy Statement for my Company Website

Again, a privacy policy is a document that states that you intend to collect the personal information, including phone numbers and email addresses of visitors, and process that data. In other words, it’s an explanation of what you’re doing to observe, collect, and analyze the private data of website visitors.

If you’re in a hurry and don’t need to add any special conditions to your privacy policy, a paid or free privacy policy generator can be used to aid you. Privacy policy generators have free templates you can copy for your site. Generally, a privacy policy generator and similar services can be enough in most cases for your website or app.

However, taking the time to get into the details and writing your own privacy policy may work better in the long run especially if you’ll add conditions and use cases that free privacy policy generators don’t account for.

So here’s a guide and advice on how you can write a privacy policy statement for your website without the help of a privacy policy generator.

Write Your Online Privacy Policy in Clear Language

Confusing your customers with technical terms is a big no-no. Especially if this is done to slip certain dubious conditions they would not have otherwise agreed to. That’s why you should write the privacy policy in clear, readable language. Make it short and friendly to the user. It’s a part of your company and website. You want them to trust your website is collecting and using their personally identifiable information. So make sure that the privacy policy is easy to read and intuitive.

Define Website Cookies and Cookie-Specific Policies

You must also explain what cookies are to your customers and what it does. What kind of information will be collected and what will be done to them. There should also be instructions on how to delete or reject cookies. Finally, you must reassure them that they can keep their data privacy despite the information you collect from cookies.

Explain Why You Have to Collect Personal Information

Establish trust in your users and visitors. Tell them how it is beneficial for them to have their website cookies tracked, their personal data collected, and their agreement to terms and conditions for a third party. You can explain that it improves their customer and user experience, including the content they receive.

Give Them An Option to Opt Out of Having Their Personal Data Collected

In your privacy policy page — or wherever you need to ask for user consent, give visitors an opportunity to reject the terms and conditions and cookies policy of your privacy policy. Give visitors an opportunity not to have their information collected by rejecting the consent form. As required by applicable laws on data privacy, and in adherence to privacy policy requirements, users can reject the use of cookies or other personally identifiable information from being collected and stored.

Assure Users that the Info You Collect are Secured and You Won’t Harm Their Privacy

Although you’ll give them an option not to provide their consent, you should also use this part as an opportunity to explain that processing their info and collecting their personal information is not harmful to them. You will respect their confidentiality and keep their info secure. Website cookies are not harmful to their device and as the website owner, you will not introduce viruses or worms that compromise or harm their right to privacy.

Hire Qadra Studio for Your Website

We create beautiful, engaging, and intuitive websites with our knowledge of privacy policies and everything else required in web development and design. Whether you want a brochure website or any tailor-made website, we have a team of expert web developers and designers who can expand your customer reach, boost your company, and increase your bottom line. Talk to us now for all your website design and development needs.