Privacy (GDPR)

Privacy Policy: Everything you need to know

Privacy Policy: Everything you need to know

Everyone has seen a Privacy Policy, but barely anyone reads it. Why does every company still have them on their websites? In this article, we explain what kind of a beast Privacy Policy is, why you need one, and how to make the people actually read it.

What is Privacy Policy?

Privacy Policy (or Privacy Notice) is a public legal statement of the company. It explains how the organisation uses information about its users, customers, or employees. This document is usually posted on the website or application and informs its users. Privacy Policy can also mean a broader term and include any notification on personal data processing. In the European Union, Art.13-14 GDPR requires organisations to have a Privacy Policy.

Why you need it

Privacy Policy has proven to build initial trust with the audience. Recent studies have shown that 45% of the respondents would share their personal details if they knew exactly how the company will use the data. Privacy Notice allows the individuals to see transparent details about the use of their data. Thus, they more easily decide to disclose their details and build long-term relationships with the brand.

The value of having a proper Privacy Policy becomes even more clear with sensitive data. MedTech apps and dating networks collect intimate details of their users, such as the details of social and/or sexual life or health data. The individuals want to know their data is safe and secure, and the Privacy Policy can effectively communicate it.

As for the business relations, a Privacy Policy is a checkpoint for collaborations and partnerships. Payment systems, App Store, Google Market, and even investors ask for the privacy notice before the onboarding. Why? To check the goodwill of the potential partner - does the company take the legal (privacy) requirements seriously?

If you do, a Privacy Policy for your service is one of the first  steps. It goes after filing documents for company registration and concluding agreements with the team.

What must be in

Privacy Policy is a short map of the company’s data flow in a user-friendly and intelligible form.

The points Privacy Policy must include are:

  • Purposes and legal grounds - why you collect personal data? List your legal grounds, be it the consent, necessity to perform Terms of Use, or legal requirements. The doc must also explain what happens if the user refuses to provide the data necessary for the contract. On top of that, if the user gives their consent, they can withdraw it at any time;
  • Third-party providers, partners and other recipients of the collected data, as well as the implied transfers of the data to third countries;
  • Retention periods - how long and why are you going to store the data?
  • Data rights reference - what rights do individuals have under the applicable privacy laws? The most notable examples under the GDPR are the rights to access, amend, and delete the data. The list also includes the right to complain to the competent government body;
  • Contact details of the company and its privacy representative.

The exact list of details for the Policy is in the applicable data protection laws, such as the GDPR or national data protection acts.

The ideal Privacy Notice is a mix of abstract and case-specific information. While explaining general rules of data collection, elaborate on it in the examples. You can split the details into several use-cases, such as public profile creation, ordering the goods online, and payments.

How it must look

Besides the content, Privacy Notice is about how you communicate the details to the "end-user" of the document. The most important part is to remember that you address the layperson. Try to deliver even the subtlest legal details in plain and concise language. Considering phrases and language used by the users can help a lot. Basically, avoid legal jargon.

Applying design techniques to the Privacy Policy proved to be another best practice. Visual components help to understand the text. The use of standardised icons is even supported by the highest EU institutions, such as the European Commission.

To make sure that the end-user reads at least something of your Privacy Policy, consider developing a "layered notice". Give the user a short notice during the registration of the purposes, user rights, and contact details with the link to the full Policy. Then explain everything in detail in the Privacy policy itself.

Instead of the conclusion

Try to imagine yourself being an end-user of the service. What do you expect from the company recording your personal data? Honesty and transparency or legal jargonism covering questionable data practices? The answer now translates into the satisfaction of your own customers, where the Privacy Policy can play a significant role.

The network of privacy professionals at Legal Nodes knows how to draft both business- and user-friendly Privacy Policy. If you need help in preparing your public statements, we are here to help.


Disclaimer: the information in this article is provided for informational purposes only. You should not construe any such information as legal, tax, investment, trading, financial, or other advice.

Legal Nodes Team

Legal Nodes Blog

Privacy (GDPR)
Cookie Policy: How to Track Website Users Lawfully

The recent study of the Nederlandse Omroep Stichting (the ‘NOS’), a Dutch news media, showed that more than 1,300 Dutch websites violate the privacy of their users. The violation found by the NOS is simple - the users cannot use the websites wit...

Legal Nodes Team
For Startups
Why Your Startup Needs a Founders' Agreement + Template 2021

Founders Agreement – the key step to set clear intentions for you and your partners and to avoid misunderstandings in the future. In a new post on the Legal Nodes blog, we explain what a Founders Agreement is, reasons for your startup to prepare...

Legal Nodes Team
For Startups
Terms of Use that your users will actually read

In this article Legal Nodes Team talks about Terms of Use, how to write them effectively and why you need them in the first place. You could find a FREE template at the end of this article....

Legal Nodes Team
Privacy (GDPR)
How Can You Leverage a Privacy Kit More Effectively?

In this article, Punit Bhatia, a leading privacy expert, shares how small businesses can become privacy compliant by using Privacy Kits in an effective and why just branding the documents and templates in name of your company is not a good idea....

Punit Bhatia
Legal Nodes Updates
Legal Nodes in 2020: A Year in Review

Despite the fact that for many 2020 will be strongly associated with the coronavirus pandemic and lockdown measures, it would be a mistake to forget all the good things that happened this year. Especially when the festive season approaches, and ...

Legal Nodes Team
Privacy (GDPR)
Internet data mining. Is it legal in the EU?

Data mining is the process of collecting and analyzing human-readable data for own purposes. More and more businesses are built on that concept, scientists and medics also use automatically combined data from different sources to spawn predictio...

Ewa Wojnarska-Krajewska
Privacy (GDPR)
11 simple (but complete) steps towards the GDPR compliance in 2020

The GDPR can be a wake-up call to sort out your processes, procedures and technology and thereby run a more successful organisation. Data is now more essential than ever, regardless of your activities or market sector. Not only will efficiencies...

Thomas Hayes
Contract Work
Force Majeure Clauses and the Effect of Coronavirus on Businesses

The coronavirus pandemic has made force majeure clauses one of the hottest legal topics worldwide. To help businesses navigate this issue, we asked Tom Bohills, an English qualified lawyer and the Founder of Chronos Law, to explain the backgrou...

Tom Bohills
Privacy (GDPR)
Privacy Policy: Everything you need to know

Privacy Policy (or Privacy Notice) is a public legal statement of the company. It explains how the organisation uses information about its users, customers, or employees....

Legal Nodes Team