A Privacy Policy is required by law.

As long as you collect personal data from your users, you definitely need this kind of legal agreement.

But how is "personal data" defined by law?

It's broadly defined, but it's any kind of data that can identify an individual. This will include:

  • Email address
  • First and last name
  • Mailing address
  • List of hobbies
  • The company an individual may work at: name, website, company size
  • And so on

All these categories of information can identify an individual, thus all can be included in the "Personal Information" category.

This means that your Privacy Policy is a very important legal document that you need to have.

Let's take a look at 3 important but often overlooked disclosure clauses that every Privacy Policy should have.

Disclosure #1: Communications

In a Communications disclosure you should notify the user that you may send them promotional emails while allowing them to unsubscribe at any time.

The unsubscribe link in all your emails is mandatory by the CAN-SPAM Act of 2003 law, but your Privacy Policy should inform users that you'll send them commercial messages once they sign-up on your website.

Etsy's Privacy Policy mentions that members of its marketplace may receive promotional emails, but anyone can unsubscribe either by following the instructions when logged into their account or from the link that would be available in any email sent by Etsy:

Etsy Privacy Policy: Communications clause

Disclosure #2: Cookies

The Cookies disclosure is commonly found in a Privacy Policy, but some websites may separate it into a Cookie Policy in order to comply with the EU Cookies Directive.

BBC separates its Cookies Policy from its Privacy Policy:

Screenshot of BBC Cookies Page

If you're required to comply with the EU directive on cookies, make sure to implement various methods to notify users about cookies when they visit your website.

Your cookies disclosure can start with the definition of cookies:

Cookies are files with small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your computer's hard drive.

You can then continue by letting the user know what type of cookies you collect and how you use those cookies.

DPN Privacy Policy: Cookies clause excerpt

Disclosure #3: Business Transfer

A Business Transfers disclosure gives users a prior notification that in the event that you sell your business, their personal information stored within your databases would be transferred to the new owner.

It's highly recommended that your Privacy Policy has this disclosure even if you plan don't plan to sell your business anytime soon.

Here's how AOL includes a business transfer disclosure in its Privacy Policy:

In the event that ownership of AOL was to change as a result of a merger, acquisition, or transfer to another company, your AOL information may be transferred. If such a transfer results in a material change in the use of your AOL information, you will be provided notice about the choices you have to decline to permit such a transfer.

As stated earlier, a Privacy Policy is mandatory by legal regulations in most countries around the world. But besides being mandatory, it can help you build trust with users as you show users that you value their privacy.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy