Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

How to Write an Effective Privacy Statement for Websites

How to Write an Effective Privacy Statement for Websites

Privacy Policy for Website
A clear Privacy Statement keeps users informed on how their data is used

If you have a website or mobile app that collects personal data from its users, you will need a Privacy Statement, also known as a Privacy Policy. A Privacy Policy is often required by law in many countries.

Privacy statement for websites must accurately reflect the site’s data collection and use:

  • A company’s privacy policy is only as strong as the staff that implements it
  • Your privacy statement should be clear, direct and easy to understand
  • If you decide to modify how you use personal information, you must inform your users
  • Keep technical jargon and legal terminology to a minimum

So what is a Privacy Policy and what are the legal requirements governing them? How do you go about writing a Privacy Policy? Let’s find out.

Also Read: Free Privacy Policy Compliance Review

7 easy steps on how to write a Privacy Statement for Websites to reflect data collection and use

1) Determine what types of information you collect from visitors to your website.  Is the information personally identifiable? For example, does your site collect:

  • names
  • identification numbers
  • addresses
  • phone numbers
  • e-mail addresses
  • IP addresses
  • access dates and times

2) Why is this information collected? Is the data collection appropriate to the activity or transaction? If not, why do you collect it?

3) By what means is this information collected?

  • cookies
  • weblogs
  • surveys
  • web forms
  • registration for an event or course
  • newsletter sign-up
  • when placing an order

4) What will this information be used for and who will have access to it?

  • How long will the collected information be stored?
  • Do you have the user’s consent to collect and use the information?
  • Does the user have the option to prohibit such collection and use?
  • Is the site hosted by an outside vendor? What will they do with the information?
  • Does the site use any kind of analytics? If so, have you informed the user and provided directions to disable analytic tracking?

5) How will users be informed if your privacy policies change (including changes to how the information will be used)?

  • Via email?
  • Will you post a privacy statement modification date?

6) How can visitors with questions about your site’s privacy statement contact someone?

  • Have you provided a webmaster contact address or telephone number?
  • Have you provided the Business Contact Information of your Data Protection Officer?

7) How is user information protected?

  • Computer safeguards?
  • Secured files and physical access controls?
  • If the site is not intended to handle confidential information,  have you informed users?
  • Are there alternate ways for users to provide confidential information, such as via staff phone numbers?
  • Is SSL activated?

Your website needs a privacy policy. Having one promotes user trust in your site and keeps you on the right side of stringent privacy regulations like the PDPA and GDPR.

Also Read: The impact of GDPR and PDPA in Singapore

Here’s a list of questions that can guide you when drafting your Privacy Statement for website:

  • What kind of personal information do you collect?
  • What kind of personal information is collected automatically, e.g. via the web server?
  • What kind of third parties are collecting personal information from your users?
  • How are you using that personal information?
  • Do you send promotional emails/newsletters? If yes, can users opt-out? If so, how?

Save yourself the hefty fees of hiring an attorney for legal advice and document drafting, and contact Privacy Ninja for a FREE Privacy Policy review.

All we need is just your website privacy policy content and we will inform you if the current version is compliant to the Personal Data Protection Act (PDPA) requirements, and will send back a compliant draft to you within 48 hours totally free of charge.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us