What Should Be Included in Your Privacy Policy?

If you have a website or an app that collects personal information from its users, you’ll have to have a privacy policy put in place. Whilst it’s common for users to not read this policy through, for the sake of your business it’s vital to have one.

Most people using the internet will have heard of a privacy policy, however many may not know what one is, what it does or what it generally includes. Through this guide, TechRound will be taking you through some of the most commonly asked questions surrounding privacy policies, as well as what to consider when writing one of your own.


What Is a Privacy Policy?




A privacy policy is a type of legal agreement. It explains to people the personal details that will be collected from them when using a website or an app, how the providers use this information and how this information is handled.

The information providers may collect from users includes the following:

  • Name
  • Date of birth
  • Contact details
  • Bank details
  • Billing address
  • Shipping address

The privacy policy will also typically state how this information is kept safe, helping to assure users that their personal information is in secure and trustworthy hands.

However, privacy policies aren’t just there for the sole purpose of informing and reassuring users, they’re also required by law.


What to Include in a Privacy Policy




Whilst your privacy policy will be dependent upon the regulations that apply to your region (explored later in this guide) there are certain general topics to consider when writing the policy up, these include, but are not limited to, the following:


The Information You Collect


It’s vital to disclose the precise types of personal details you are collecting for users. This can include:

  • Name
  • Date of birth
  • IP addresses
  • Payment details
  • Contact information

When describing the personal details that will be collected from users throughout the privacy policy, it’s important to be as clear as possible to avoid confusion and misunderstanding.


The Way You Collect This Information


Describe the way in which you collected these personal details from the user – e.g. contact forms and more back-end collections of IP addresses and user locations. It’s important to list the ways in which all of the personal details you acquire from users have been collected.


How You Use This Information


One of the most important parts to a privacy policy is detailing the ways in which your business uses the personal details collected from users. This can include notifying users as to important updates relating to the site/app/business, or contacting users for marketing purposes.

You may also be sharing this personal information from users with third parties for advertising or analytics purposes. You must inform users of how you use their information through your privacy policy, and make sure it abides by all the necessary rules and regulations relating to this area.


Information About Your Business


As well as disclosing how users’ personal information is collected and handled, it’s also necessary to provide relevant details about your own business throughout the privacy policy. This includes your business’s name and the relevant contact details for your business.


How to Opt Out


The privacy policy should also include details of how users can opt out of this data collection, as well as how to obtain a report on the user’s data already collected.

You must include all of the methods in which users are able to opt out of data collection clearly throughout the privacy policy.


Are Privacy Policies Legally Required?




Yes, you will most likely be legally required to have a privacy policy put in place for your website or app. There are a number of different regulatory systems implemented in various regions to help protect users’ personal details whilst on the internet.

In the EU, the General Data Protection Regulation (GDPR) is implemented, and requires those operating within its jurisdiction to abide by the necessary data and privacy framework.

Other regulatory systems exist in other regions of the world, including the Personal Information Protection and Electronic Documents Act (PIPEDA) in Canada, and the Children’s Only Privacy Protection Act (COPPA) across the US.

When handling any personal data from users of your website or app, it’s vital to know any and all regulations that will apply to how you handle this data and to make sure you abide by these necessary rules.