Privacy Policy

What is a Privacy Policy?

A privacy policy is a document contained on a website that explains how a website or organization will collect, store, protect, and utilize personal information provided by its users.

The exact definition of personal information will vary depending on the piece of legislation but, generally, the following are included:

  • Names
  • Dates of birth
  • Addresses (postal and email)
  • Payment details (credit card numbers)
  • Location (IP address, geolocalization)
  • Social Insurance Numbers

In addition to outlining how the company will use the information, it also includes how it will meet its legal obligations, and how those sharing their data can seek recourse should the company fail to meet those responsibilities.

Why do You Need to Have a Privacy Policy?

it’s Required by Law

Most countries, by law, require that you have a privacy policy in place if you collect personal information from your users.

European Union

The European Union is known for having some of the strictest privacy laws in the world. The cornerstone of privacy legislation, the General Data Protection Regulation (GDPR) provides detailed information in articles 12, 13, and 14 in regards to privacy policies and the importance of facilitating the exercise of the rights that your users have over their data.

Wherever your company is located, if you operate in Europe or process the personal information of users located in Europe, you will need to comply with the GDPR and thus have a privacy policy that is easy to understand and access. You must also ensure that you have your users’ unambiguous and affirmative consent before you start collecting any personal information.

To be found GDPR-compliant, a privacy policy must contain some very specific elements. Unlike some other privacy laws, the GDPR is actively being enforced and the stakes are high for businesses that choose not to comply, with hefty fines in the millions of dollars.

Check out our article on how to write a GDPR compliant privacy policy.

United States (California)

While there is, to date, no privacy legislation at the federal level in the United States, the state of California has enacted its own in order to protect its constituents’ privacy.

The California Online Privacy Protection Act (CalOPPA) provides that any commercial website that collects or uses personal information from Californian residents must have a conspicuously placed privacy policy that details how it is collected, used, and shared.

In addition, the California Consumer Privacy Act (CCPA) came into force in 2020 to supplement the CalOPPA. While its scope of application is more limited – as it is notably targeted to businesses that either has an annual gross revenue of more than $25 million, make at least half of their revenue selling personal data of its users, or that sell, buy, share or receive personal information from at least 50,000 households, consumers or devices annually – it should still be taken into consideration.

This piece of legislation encourages transparency and notably requires that businesses serve users with a notice at collection or before the time that it starts collecting personal information. That notice at collection should link to a privacy policy that is to be updated at least every year.

For more information about CalOPPA and CCPA and to learn what elements your privacy policy should contain, read our article on the subject here.


Australia regulates how businesses should handle personal information through its Privacy Act of 1988.

Organizations that need to comply with the Australian Privacy Principles i.e. generally businesses that have an annual turnover of more than $3 million (in addition, some other smaller organizations need to comply, such as those that buy or sell personal information or provide health services – make sure that you consult with a lawyer) notably need to have an up-to-date and clearly expressed privacy policy that is available free of charge, in an appropriate format and that contains all the information required under this Act.

Other Countries

These examples are solely used to show you what some countries across the globe require when it comes to collecting personal information from their residents but many other privacy laws and regulations exist and they each have their own particularities – it is crucial that you make sure that you are complying with the sets of laws and regulations applicable to your website before you start collecting and processing any kind of personal information.

It’s Required by Third-Party Services

You may not be aware of this, but most of the third-party services commonly used on websites require that you have a valid privacy policy in place in order to comply with their terms of service.

If you are using Google AdSense or Google Analytics, for example, you must have a privacy policy that includes all the information that they require (including a clause regarding your use of cookies). Failure to do so means violating their terms, which could lead to you not being able to use their services.

It Helps You be Transparent

Having a privacy policy is also essential from a business perspective in order to be transparent with your website visitors and build a relationship of trust, especially since people increasingly value their privacy.

A website that does not inform its users that it collects data or that hides its policy may look untrustworthy – don’t let this be the reason why you lose business to your competitor.


    Your Cart
    Your cart is emptyReturn to Shop