How To Easily Generate Privacy Policies For Your Website

Why Talk About Privacy and Cookie Polices?

You may be thinking to yourself, “why should I even care about privacy policies? This is boring,  and it doesn’t apply to me.”

But, you’d be wrong.

Why? Every business owner should consider having a privacy policy on their website.

Privacy policies are so important that WordPress automatically generates a privacy policy page when you start a new site.

 

Privacy Policies Are Often Required

Did you know there are many laws that require you to have these policies and cookie notices on your website? And, these laws vary by country and state.

If you have a contact form on your website, you more than likely need a Privacy Policy.

Some legal requirements, like the GDPR in the European Union or the CCPA in California, are more stringent than others. For example, some of the requirements of the European Union’s GDPR, CCPA and CalOPPA may apply to your website even if you and your business are not based in the EU or California.

TIP: Consult an attorney to find out exactly what your legal requirements are.

However, having a privacy policy never hurts. In fact, it builds trust with your site visitors by being transparent about how you use any data you collect about them.

So What Is A Privacy Policy Anyway?

According to Wikipeda,

“a privacy policy is a statement or a legal document (in privacy law) that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client’s data. Personal information can be anything that can be used to identify an individual, not limited to the person’s name, address, date of birth, marital status, contact information, ID issue, and expiry date, financial records, credit information, medical history, where one travels, and intentions to acquire goods and services.[1] In the case of a business it is often a statement that declares a party’s policy on how it collects, stores, and releases personal information it collects. It informs the client what specific information is collected, and whether it is kept confidential, shared with partners, or sold to other firms or enterprises.[2]

Now that truly is a mouthful.

Basically, a privacy policy tells your site visitors what data you collect about them, and how you use that data. Almost every website collects some sort of data. For example, WordPress collects data. So does your contact form. And, if you’re connected to Google Analytics, you’re collecting data.

How To Generate A Privacy Policy

After you’ve determined that you should include a privacy policy on your website, you’re probably wondering how you create it and integrate it into your website.

One option is to hire an attorney to write it for you and to keep it updated. This, of course, is a great choice.

You can also use a privacy policy generator. There are tools and software that generate privacy policies for you that you can embed or link to from your website.

Privacy policy generators can be a good choice if you’re running a small business and don’t have the budget for an attorney, or you’re not doing a lot of complicated personal data collection. There are lots of policy generators out there, but not all of them are equal.

The two privacy policy generators I recommend are Termageddon and Iubenda. Termageddon is my first choice.

Why Use Termaggedon?

Termaggedon is the simplest but still comprehensive privacy policy generator I’ve found.

It as US-based company and is owned and founded by two people. The president of the company is a licensed attorney and a certified information privacy professional. The vice-president is a web designer and marketer.

They started Termageddon to make it easier for small businesses and web designers to create privacy polices and related documents required for websites. Termageddon is the only Privacy Policy generator listed the International Association of Privacy Professionals.

Termageddon is more than a Privacy Policy generator. It also generates Terms of Service, Disclaimers, and End User License Agreements.  I’m so impressed with Termagddon that I switched over all my policies from Iubenda the day I signed up.

I’m now a Data Privacy Certified Agency Partner with Termaggedon.

What Does Termageddon Do?

Termageddon makes it super easy for you to create compliant Privacy Policies, Terms of Service, Disclaimers, and End User License Agreements for your website.

They’ve done all the research and written the policies. All you have to do is answer a simple online questionnaire about your business. Then, Termaggedon spins up your policy behind the scenes based on your answers. You don’t have to worry about what clauses to include or what rules apply to you. They’ve figured it out for you! The process takes about 15 minutes.

When it’s done, you get an embed code to put into your website. Then, Termageddon keeps the policy up to date as law changes.

On top of that, their support is amazing. Ask them a question, and they’ll go out of their way to give you the answer and ask if there is any other way they can help you. I’d been hearing about Termageddon for a few months before I signed up. Now, I understand what all the excitement and praise was about. It is a fantastic service.

How Much Does Termageddon Cost?

Termageddon’s pricing is super simple. You either pay $10 per month or $99 per year for one license. You can create all of the policies for one website or application that one license.

Why Use Iubenda’s Privacy Policy Generator?

Iubenda is one of the top-ranked privacy policy generators out there. Iubenda is a company with legal and technical expertise, and specializes in privacy and cookie policies in many jurisdictions around the world.

Iubenda may be the most complete professional solution for complying with the myriad privacy regulations out there, but it is also very complex. In my opinion, it might be overkill for lots of small businesses. However, it is very customizable, so you can create a privacy policy for all the ways you collect data on your website.

Iubenda also offers other tools, such as a generator for terms of services for your website, and a cookie consent solution. Thus, Iubenda may be the right choice for you if you need an all-in-one solution for more for complex data collection systems. However, it is a bit tricky to set up, and it’s a bit confusing to figure out how to sign up.

What Does Iubenda Do?

With Iubenda’s Privacy and Cookie Policy Generator you can generate a fully customized, self-updating policy for your website. Iubenda’s policies are generated from a comprehensive database of clauses drafted and continuously reviewed by an international team of lawyers.

The Privacy and Cookie Policies

Simply, the Privacy and Cookie Policy discloses how you collect and use data you collect from your site visitors.

Depending on your jurisdiction, the Privacy Policy discloses some or all of the following information:

  • The contact and identifying details of who is controlling the collection of personal data;
  • Which personal data is being collected and processed;
  • The purposes and methods of processing;
  • The legal bases of processing (e.g. was there consent);
  • The third-parties that may also access the data — this includes any third party tools (e.g. Google Analytics);
  • Details relating to the transfer of data outside the European Union (where it applies);
  • The rights of the user;
  • Description of notification process for changes or updates to the privacy policy;
  • The effective date of the privacy policy.

You can think of cookies as bits of code that collect the personal user data. Your cookie policy then specifically describes the different types of cookies installed on your website, the third parties to which these cookies send data, and what data is being sent for what purpose.

The Cookie Consent Solution

The Iubenda Cookie Solution is another comprehensive solution to comply with Cookie Laws and third-party requirements. It works by displaying a cookie notice banner at each user’s first visit to your website. (You may have been seeing these banners on more and more websites in the last few years.)

The banner / notice also requests a site visitor’s consent to the cookies used on your website, and can prevent the collection of data until that consent is received. It also recognizes the jurisdiction of the site visitor, and can be set up to show the appropriate notices to comply with the rules of the location of the site visitor.

How Does Iubenda Work?

First, you take an inventory of all the tools and apps you use on website that might collect data. These tools include Google Analytics, email marketing providers like MailChimp, ActiveCampaign, or ConvertKit, and even the contact forms on your website.

Then, you create an account at Iubenda. To generate your policy, you’ll answer some basic questions about your business. Then, you’ll choose the clauses to include in your policy based on the tools you’re using on your website.

In fact, Iubenda can even scan your website and send you a report suggesting what clauses you need to include!  Then Iubenda generates the policy for you. Depending on your subscription plan, then you can either link to the policy or embed it into your website. Iubenda tells you how to do this.

The best part is that because Iubenda hosts and generates the policy, Iubenda also keeps it up to date when laws change. Iubenda even alerts you if you need to update the code snippet that integrates the policy to your website.

All you need to remember to do is go in and update the policy clauses whenever you change the tools you’re using on your website.

What Does Iubenda Cost?

Prices for individual sites and applications range from free for a limited policy to $129 per year for a comprehensive Privacy and Cookie Policy, Cookie Consent Solution, and Terms of Service for your website. However, there are many pricing plans available! Their pricing is confusing, so take your time when signing up for their service to make sure you get the right package.

 

Privacy and Cookie Policy FAQ’s

Now if any of this sounds complicated and confusing, it kind of is! So, I’ve gathered some FAQ’s from Iubenda to help you out.

Can’t I use a generic policy document?

It’s not possible to use generic documents because your policy must describe in detail the specific data processing carried out by your website.  It must also include the particular details of any third party technologies (e.g. Facebook Like buttons or Google Maps) specifically used by you.

What if my site does not process any data?

It’s very difficult for your site not to process any data. A simple contact form or a traffic analysis system such as Google Analytics is enough to trigger the obligation to prepare and display a privacy and cookie policy.

What is a cookie?

Cookies are small files used to store or track certain information while a user browses a site. Cookies are now essential to the proper functioning of a site. In addition, many third-party technologies that we integrate into our sites, such as simple video widgets or analytics programs, also use cookies.

What is the Cookie Law?

In addition to providing an easily available and accurate cookie policy, you need to adapt your website to the cookie law by displaying an informative cookie banner when someone visits your site for the first time. This banner need to link to a detailed cookie policy and give the user the opportunity to either reject or grant consent to the installation of cookies. Most types of cookies, including those issued by tools such as social sharing buttons, should only be released after the user have provided a valid consent.

Furthermore, many third-party vendor networks may limit ad reach if you do not have a cookie management system that meets industry standards in place — potentially reducing your ability to generate ad revenue.

What is consent?

Whenever a site user needs to enter personal data on your website, such as by completing a contract form, that person must give free, specific and informed consent to give you that information. In some jurisdictions, it’s also necessary to keep unambiguous records that allow you to demonstrate that valid consent was collected. Again, consult with your attorney to find out what regulations you must comply with for your website.

What is free, specific and informed consent?

You must obtain consent for each specific processing purpose, such as getting consent to send newsletters and another consent to send promotional material. Consent may be requested, for example, by setting up one or more check boxes that are not pre-selected or mandatory, and accompanied by relevant disclosures that make it clear to the user how his or her data will be used.

How can proof of valid consent be demonstrated unambiguously?

A range of information must be collected each time a user fills in a form on your website. This information includes a unique user identification code, the content of the privacy policy accepted, a copy of the form submitted by the user, as well as a record of the opt-in mechanism used.

Is the email I receive from the user as a result of filling out a form not sufficient as proof of consent?

Unfortunately, it is not sufficient, as some information necessary to reconstruct the suitability of the procedure for collecting consent is missing, such as a copy of the form actually completed by the user and the version of the privacy documents available to the user at the time the consent was collected.

Recommended Steps To Create Your Privacy and Cookie Policy

STEP ONE: Talk to your attorney and verify what regulations apply to you and your business and what policies your website needs.

STEP TWO: Choose which method is best for you to create your privacy and cookie policies. Do you need an attorney to draft it, or can you use a tool like Termageddon or Iubenda to create your privacy polices?

STEP THREE: Create and configure your policy using your method of choice.

STEP FOUR: Integrate your policy and cookie notices into your website.

STEP FIVE: Keep your policies up to date as your website changes and as the applicable rules and regulations change.

Of course, you can always reach out! I’d be more than happy to chat with you about your options for generating privacy policies for your website.

 

Data Privacy Certified Agency Partner

Leave a Reply