If you own a Shopify store or are setting one up, then you need to create a custom privacy policy for your Shopify store.
Custom?
Yes! You can't copy the privacy policy from someone else or use any standard text. That's because you need to show your data processing activities specific to you in the privacy policy.
Imagine you need a legal contract to sell your apartment. Would you sign a contract copied from another deal, which still contains the wrong price, address and seller's details? You wouldn't, right?
Instead, you would write your contract with specific details for that deal. The same logic applies to privacy policies.
Why Do You Need A Privacy Policy For Your Shopify Store?
First, it is a requirement to have a privacy policy by personal data protection laws (including the GDPR) if you process personal data.
If you are new to this topic, personal data is information that can identify an individual (natural person).
Examples of personal data:
- name
- surname
- email address
- postal address
- IP address
- location
- age
- weight
- personal interests
... and more!
Suppose you are processing payments, delivering products, and have a newsletter or a contact form on your Shopify store. In that case, you are likely using your clients’ personal data.
For example, you may use clients’ email addresses and telephone numbers to contact your clients and deliver products. You may also check the payment status or order fulfilment status in your Shopify dashboard. Hence, you process personal data and must have a privacy policy for your Shopify store.
Second, Shopify requires you to have a privacy policy in its privacy policy for merchants.
In addition, Shopify states in its terms of service (Section 14 (3)) that it can suspend your account for any reason.
Failing to comply with their terms of service by not having a privacy policy could potentially give Shopify a reason to suspend your account, especially if some of your customers have complained about your services.
How to Get a Shopify Privacy Policy?
Tailored Solution (Recommended)
If you want to save time and money and comply with the law, you can use the Ligalio privacy policy generator.
The process is straightforward:
- Fill out our online questionnaire
- Generate your privacy policy in HTML or text format
- Copy and paste your privacy policy to your Shopify store website
- If you change what you do with personal data, update your privacy policy at no extra cost
Why Ligalio?
Ligalio privacy policy generator is created by experienced lawyers, and quality matters a lot to us. We used our expertise to ensure that the Ligalio privacy policy generator is developed in accordance with the requirements of the GDPR.
Also, being a startup, we know that businesses need to get solutions ASAP. Therefore, with Ligalio you can generate your privacy policy in less than 20 minutes.
Finally, whenever there are significant changes in law or how supervisory authorities interpret the law, Ligalio will send you a friendly reminder that you need to update your privacy policy (no weekly spamming!).
Write It Yourself (Not Recommended)
Unless you are a lawyer and understand the GDPR, you should avoid writing your own privacy policy.
For smaller businesses, it's tempting to copy a competitor's privacy policy, change some details and publish it for free on the website.
You shouldn't copy or write your own privacy policy for several reasons:
- you get the privacy policy in unreliable quality
- the privacy policy is not tailored to your business
- it's stealing, and you might get in trouble
- you may get a fine for non-compliance
You get the idea - bad quality = high risk.
Use a Template
Using a template is similar to writing your privacy policy - you should generally avoid it unless you get additional guidance or consult a lawyer.
Ready-made templates usually provide a "generic" version of a privacy policy. They might not suit your business needs since every business uses personal data differently.
Templates either have very little information or all the possible information. When using a template, you should carefully examine if everything that is written matches what you do with personal data and why you do it.
Imagine that you have a simple Shopify store, and you use a template that states:
"We collect video and audio recordings and other information, from your devices, including your location and biometric data within an image of a face or other body parts..."
If your clients read this, they may be scared and avoid using your store. Also, the text would not be accurate. Hence your privacy policy would be non-compliant.
Shopify also has a privacy policy generator, but in reality, it is a template. That means you will have to fill in all the missing info yourself and delete excess information.
Hire A Lawyer
Hiring a professional lawyer should produce a high-quality, tailored privacy policy. However, this might be costly if you are a small business.
Usually, lawyers require reasonable time to prepare a privacy policy and it could take up to 2 weeks, depending on your business's complexity. By using the Ligalio privacy policy generator as a self-help tool, you can create a privacy policy in less than 20 minutes.
We recommend hiring a lawyer if you use special category (sensitive) data [1] or data relating to criminal convictions and offences. You may use this data only under certain derogations if you have a legal basis. However, this is a very rare case for Shopify stores.
You should also consult a lawyer if you use children’s data to make sure that your privacy policy is understandable to your audience and that you comply with other requirements regarding the use of children’s data. This is important if you have customers that are under the age of 18.
How to Add a Privacy Policy on Shopify?
Step 1: Go to the "Settings" section on the left sidebar of Shopify's dashboard. Then select "Policies".
Step 2: Copy the generated privacy policy and paste it to the box under the section "Privacy Policy". Make sure you scroll down to the bottom of the page and click "Save".
Where to Place Your Privacy Policy?
The GDPR requires you to provide information about personal data processing in an easily accessible form (Article 12(1) GDPR).
“Easily accessible” means that the individual should not have to seek out the information; it should be immediately apparent where and how this information can be accessed. A direct link to the privacy policy should be clearly visible on each page of the website [2].
Typically, privacy policies are placed in the website's footer under the name "Privacy Policy". Shopify provides an easy way to do that.
Step 1: Go to the "Navigation" section on the left sidebar of Shopify's dashboard.
Step 2: Under the "Menus" section, select "Footer menu".
Step 3: "Add menu item"
Step 4: Click "Search or paste a link" and select "Policies". Then select the "Privacy Policy" you previously added to your website.
Step 5: Click the green button "Add" and then "Save Menu".
That's it! You have successfully generated and added a custom privacy policy to your Shopify store.
If you are interested to learn more about privacy policies, read our article - The Ultimate Privacy Policy Guide
Footnotes
[1] Special category data is:
- personal data revealing:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade union membership
- genetic data
- biometric data (where used for identification purposes)
- data concerning:
- health
- sex life sexual orientation
[2] Guidelines on Transparency under Regulation 2016/679 (wp260rev.01) adopted by Article 29 Working Party.
Other Ligalio blog posts you may be interested in:
Is Google Analytics Illegal in the EU?
Google Play Store Privacy Policy Requirements
Article 6 GDPR and How to Apply It
If you need a privacy policy, check out our privacy policy generator! 🚀