Few entrepreneurs think in advance of privacy policy issues when they create their website. However, in connection with the new EU law on personal data protection (GDPR), entrepreneurs will have to change this habit if they plan to develop their business in the EU.

In this article, we will describe the elements of a successful privacy policy and provide a document template that complies with the GDPR rules for free, you can find it at the bottom of the page to help you start creating your agreement.

Online Privacy Policy Basics

To get it started,

let’s take a look at the basic information regarding the online privacy policy for websites.

Which websites need a privacy policy?

Any website or service that collects user data, conducts user analytics or shows ads should post a privacy policy agreement. If a business is registered in the EU, or the owner of the company plans to do business with EU citizens. You need to make sure that the privacy policy is in accordance with GDPR standards.

Why are such agreements necessary?

Your online privacy policy clarifies to users:

  • What data do you collect
  • How do you collect this data
  • How do you store and protect this data

Is there any difference between the data being collected?

Yes. Most privacy policy agreements share information with personally identifiable and non-confidential information.

The United States National Institute of Standards and Technology (NIST) provides the following definition of identity information:

“Any information about a private person held by the agency, including (1) any information that can be used to find out or track the identity of a private person, such as name, social security number, date and place of birth, mother’s maiden name and biometric records; and (2) any other information that is related to or that may be associated with a private person, such as medical, educational, financial and personnel information. ”

  Defined of Non-confidential information as:

“Information that may relate to an individual, account or profile, but which is not sufficient to identify, contact or find the location of the individual to whom this information belongs.”

Among the examples are:

  • Web browser type
  • Web browser plugin information
  • Local time zone
  • Date and time of each visitor’s request (e.g. entry, exit to/from each web page)
  • Language selection
  • Referrer site
  • Type of device (e.g. PC, laptop, smartphone)
  • Screen Resolution, Screen Color Depth, System Fonts

Many concerned users use special web browser extensions to mask this data. By the way,  VPNs prevent the use of certain types of non-confidential data. For example, a VPN service may mask the time spent visiting the ait and the user’s time zone. If you want to know more about VPN,  go here.

Will there be legal consequences if I do not publish a privacy policy?

Yes. It is illegal to collect user data without informing them of it. You will also face litigation if you violate the terms of your privacy policy and collect more data than you claimed, or somehow change the conditions for obtaining/using data without amending the privacy policy.

Websites that do not comply with GDPR standards may receive fines of up to EUR 20 million or 4% of total revenue.

Online privacy policy – free templates

Due to the complexity and the sheer volume of online privacy agreements, most users simply don’t read them. In fact, according to one study, these agreements are so complex that on average it would take the user 30 full working days to read the agreements of all the websites he visits during the year.

Now, for website privacy policy to comply with GDPR standards, the owners of these sites should shorten the text of the agreement so that it becomes more concise and understandable.

Despite the complexity, these agreements nevertheless relate to those aspects that concern most Internet users most of all: data protection, fraud protection and privacy. As online users are increasingly concerned with protecting private information, website owners, in turn, need to make their privacy agreement as clear and clear as possible. Below we provide an analysis that details the most important sections of this agreement and provides a free template for phrases that will become a clear alternative to legal jargon.

Item 1: Data Collection

Each privacy policy should detail

  •  what information the website collects
  • how this information is collected
  • and what happens to this information

Item 2: Data Use

After describing the process of collecting information, the agreement describes how website owners use it. Facebook had problems with this item when they decided to update their privacy policy in 2013. The company wanted to add language to the confidentiality policy agreement according to which it could use the data of its users, including children under 18, for advertising purposes.

Then, Facebook refused to introduce these formulations when a group of vigilant citizens attracted the attention of the US Federal Trade Commission. In 2014, Facebook published a plain language version of its privacy policy, which fell by two-thirds.

Companies (the same is true for their websites) that are serious about protecting user data:

  • Never sell data that can be used to identify a user to third parties
  • Encrypt and/or anonymize data to protect the database from hacking
  • Only a  small amount of time is stored

Item 3: Online Commerce Guidelines

For online stores, the privacy policy should describe how the private payment data of users who are collected to make payments are protected. This includes bank card numbers, social security numbers, and bank account information.

Item 4: Transfer of data to third parties

This section should describe in simple language the relationship of the website with third parties. Ideally, your website should not share or sell data that can be used to identify users until there is a legitimate reason for this. It should also detail what your company does with non-confidential information.

Item 5: Data Security and Tracking

To date, the best examples of confidentiality agreements is

  • how data is protected and cookies are used.

Last year, Google had problems with the privacy policy due to the fact that it transferred cookies to third parties. The UK Commissariat for Information forced this Internet giant to include in the agreement information about who can collect “anonymous identifiers” (similar to cookies) and the purposes for which the company collects this data.

Item 6: Ways to cancel your subscription

Each privacy policy agreement must specify how the user can unsubscribe from unnecessary services/newsletters.

Item 7: Consent

The standard online text of the privacy policy states that the user agrees to it simply by using the website. In addition, the rights of a private person should be described here, such as: send a request to delete or change some data and / or view the data of that person that has been collected by the website.

Here you will find the agreement template.

To summarize: your privacy policy strengthens user confidence

Your privacy policy is an important protection for your company and your users. Most importantly, it creates and strengthens the level of trust in your company. Your site will have an advantage over competitors with a complex and confusing privacy policy if you write your agreement in a simple and understandable language, and it will indicate specific actions to protect data.

Our template should be considered as a document from which you can push using. Each website has different working methods and goals, so the best privacy policy should specifically describe your case. To make your policy more effective, consult with lawyers and analyze the confidentiality agreements of other companies that work in areas similar to yours. Most importantly, read on at


 to learn more about the language of agreements and issues related to online privacy.