What do you need to know about privacy policies?

What is a privacy policy?

A privacy policy is a legal agreement that explains how you gather, use and manage any personal information from your customers and clients. This personal information may (please note, this list is not necessarily a complete list) include:

information provided to sign up for services; name, residential address, contact address and numbers, email address, photos and content you may have created or provided; payment information; log-in details and information you provide when setting up a profile; a record of any correspondence; replies to any surveys or questionnaires; details of your visits to the website, including the resources and pages that you access and any searches you make; any information required when you report a problem or complaint; the number of communications you make with us; taking photos at events, etc.

Does my business really need a privacy policy?

Most modern businesses, regardless of the specific type of business, need this kind of policy listed on their website, presuming you have a website. Having a privacy policy is in addition to any liability form or waiver you have for a movement-based business, like providing pole classes in person or online.

Also, privacy policies are legally required by many—but not all—countries (see here for a list of several global privacy laws. It’s best to err on the side of caution with your policies if you have a website that is accessible from anywhere in the world.

Customers also expect to see privacy policies. Some websites will have their privacy policy listed on the footer of their website, while others provide a pop-up with explicit information regarding their privacy policies asking for explicit consent. A “cookie banner” is a pop-up that may appear when a visitor comes to a website. This tool is more common for larger websites/larger businesses which may use cookies (a type of digital tracker) to collect data from visitors. They must legally inform visitors that their data is being collected, how that data will be used and get explicit consent to use the data.

How do I write a privacy policy?

Several global laws require that privacy policies also require them to be written in “plain and clear” languages and not “legal-ese.” There are many tools and samples online that you can use as a starting point for free to create your own based on your location and specific type of business including: RocketLaywer, TermsFeed, FormsTemplate.

Make sure to actually read the privacy policy text from these samples and update it for your specific situation especially how you actually collect and handle data.

Be sure to include any intermediaries such as people or tools that you might use that handle customer or client data. For instance, if you don’t collect personal information directly from users, but you have a third party that stores the clients’ details to process credit card information, you should clearly communicate this in your privacy policy. These might include email marketing tools like MailChimp, Payment processors like PayPal or a class scheduling system + payment processor like WellnessLiving.

Even if you don’t collect any kind of personal data, your privacy policy should simply state that and then be included in an obvious place on your website, such as your website footer.

Make sure to review your privacy policy annually or whenever relevant changes such as to data protection or privacy laws occur and note when your policy was last reviewed and updated.