You should know by now that there are no free services or products. You either pay your money, or you pay with your data.
Since misuse of personal data can significantly impact people's lives, regulators are introducing measures to protect personal data. One such measure is the need to have a privacy policy, which is a requirement of the General Data Protection Regulation (GDPR) of the European Union.
What Is a Privacy Policy?
The GDPR requires that when using personal data, you must tell people what you are using their data for, how you use their data, and what their rights are in relation to their personal data.
This information is usually written in a document called a privacy policy.
What Is Personal Data?
Personal data is any information that can identify an individual (natural person). It can be a name, surname, telephone number, email address, location, age, IP address, person’s business email address and more.
However, business data that does not relate to any specific individual is not personal data (such as email address info@website.com).
When Should Your Website or App Have a Privacy Policy?
The main criteria are simple. You must have a privacy policy when you use personal data.
Typical cases when personal data is used are:
- contact form
- email newsletter
- payment processing
- delivery of products or services
- website or app analytics
- online questionnaires
- live chat or chatbot
- user profiles
In these cases, you use personal data, and the GDPR requires you to have a privacy policy. If you use personal data but do not have a privacy policy, you may be fined by data protection authorities.
Besides, your service providers may also require you to have a privacy policy. Currently, it is required by many payment service providers, App Store, Google Play, Google Analytics, Facebook, Shopify, and more.
Why Is It Important to Have a Privacy Policy?
- Your business complies with the law (GDPR).
- You avoid unexpected fines. If you don't comply with the GDPR, you may face a fine of up to €20 million or 4% of the total worldwide annual turnover (whichever is higher).
One of the largest fines for the privacy policy’s non-compliance with the GDPR was imposed against WhatsApp, which received a fine of €225 million.
Lately, small businesses and individuals also receive fines for not having privacy policies or having insufficient information in their policies.
- You build trust with your customers. Your customers know why you need their personal data and how you will use it.
- You comply with the requirement to have a privacy policy that may be imposed by third parties, such as payment service providers, app stores and others.
What Should Be Included in a Privacy Policy?
Your privacy policy must tell how and why you use personal data. Other information required by the GDPR must also be provided, such as:
- information about your company/organization and your contact details
- to which particular website, app, or activities does the policy apply
- what personal data do you use
- why and how do you use the personal data
- legal basis for using the personal data
- how long do you store the personal data
- to whom you disclose your users' personal data and if you transfer the personal data outside the EEA (European Economic Area)
- the users’ rights, including the right to submit a complaint to a supervisory authority (in Latvia – the Data protection inspectorate)
Where Can I Get a Privacy Policy?
- Hire a law firm: the best option, but it usually costs the most and takes some time.
- An online generator: for example, Ligalio privacy policy generator, which is an affordable and quick self-help tool for websites and mobile apps.
- Use ready-made templates: usually provide a “generic” version of a privacy policy that will not suit your business needs since every business uses personal data differently.
- Write the policy yourself: Unless you are a lawyer, understand the GDPR and want to spend your time writing legal documents, you should avoid doing this.
Where to Place the Privacy Policy on Your Website or Mobile App?
The GDPR does not state where exactly you need to put the privacy policy on your website or app. However, the privacy policy must always be easily accessible. It means that the individual should not have to seek out the information; it should be immediately apparent where and how this information can be accessed.
A direct link to the privacy policy should be clearly visible on each page of the website. Therefore, for websites, the most popular place to put a privacy policy is in the footer.
Likewise, your privacy policy must be easily visible and accessible on your app.
Other Ligalio blog posts you may be interested in:
Is Google Analytics Illegal in the EU?
Google Play Store Privacy Policy Requirements
Article 6 GDPR and How to Apply It
If you need a privacy policy, check out our privacy policy generator! 🚀