Privacy Policy: Everything you need to know

Privacy Policy: Everything you need to know

Everyone has seen a Privacy Policy, but barely anyone reads it. Why does every company still have them on their websites? In this article, we explain what kind of a beast Privacy Policy is, why you need one, and how to make the people actually read it.

What is Privacy Policy?

Privacy Policy (or Privacy Notice) is a public legal statement of the company. It explains how the organisation uses information about its users, customers, or employees. This document is usually posted on the website or application and informs its users. Privacy Policy can also mean a broader term and include any notification on personal data processing. In the European Union, Art.13-14 GDPR requires organisations to have a Privacy Policy.

Why you need it

Privacy Policy has proven to build initial trust with the audience. Recent studies have shown that 45% of the respondents would share their personal details if they knew exactly how the company will use the data. Privacy Notice allows the individuals to see transparent details about the use of their data. Thus, they more easily decide to disclose their details and build long-term relationships with the brand.

The value of having a proper Privacy Policy becomes even more clear with sensitive data. MedTech apps and dating networks collect intimate details of their users, such as the details of social and/or sexual life or health data. The individuals want to know their data is safe and secure, and the Privacy Policy can effectively communicate it.

As for the business relations, a Privacy Policy is a checkpoint for collaborations and partnerships. Payment systems, App Store, Google Market, and even investors ask for the privacy notice before the onboarding. Why? To check the goodwill of the potential partner - does the company take the legal (privacy) requirements seriously?

If you do, a Privacy Policy for your service is one of the first  steps. It goes after filing documents for company registration and concluding agreements with the team.

What must be in

Privacy Policy is a short map of the company’s data flow in a user-friendly and intelligible form.

The points Privacy Policy must include are:

• Purposes and legal grounds - why you collect personal data? List your legal grounds, be it the consent, necessity to perform Terms of Use, or legal requirements. The doc must also explain what happens if the user refuses to provide the data necessary for the contract. On top of that, if the user gives their consent, they can withdraw it at any time;
• Third-party providers, partners and other recipients of the collected data, as well as the implied transfers of the data to third countries;
• Retention periods - how long and why are you going to store the data?
• Data rights reference - what rights do individuals have under the applicable privacy laws? The most notable examples under the GDPR are the rights to access, amend, and delete the data. The list also includes the right to complain to the competent government body;
• Contact details of the company and its privacy representative.

The exact list of details for the Policy is in the applicable data protection laws, such as the GDPR or national data protection acts.

The ideal Privacy Notice is a mix of abstract and case-specific information. While explaining general rules of data collection, elaborate on it in the examples. You can split the details into several use-cases, such as public profile creation, ordering the goods online, and payments.

How it must look

Besides the content, Privacy Notice is about how you communicate the details to the "end-user" of the document. The most important part is to remember that you address the layperson. Try to deliver even the subtlest legal details in plain and concise language. Considering phrases and language used by the users can help a lot. Basically, avoid legal jargon.

Applying design techniques to the Privacy Policy proved to be another best practice. Visual components help to understand the text. The use of standardised icons is even supported by the highest EU institutions, such as the European Commission.

To make sure that the end-user reads at least something of your Privacy Policy, consider developing a "layered notice". Give the user a short notice during the registration of the purposes, user rights, and contact details with the link to the full Policy. Then explain everything in detail in the Privacy policy itself.

Instead of the conclusion

Try to imagine yourself being an end-user of the service. What do you expect from the company recording your personal data? Honesty and transparency or legal jargonism covering questionable data practices? The answer now translates into the satisfaction of your own customers, where the Privacy Policy can play a significant role.

The network of privacy professionals at Legal Nodes knows how to draft both business- and user-friendly Privacy Policy. If you need help in preparing your public statements, we are here to help.

Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice.

Legal Nodes Team