How to Write an Effective Privacy Statement for Websites

If you have a website or mobile app that collects personal data from its users, you will need a Privacy Statement, also known as a Privacy Policy. A Privacy Policy is often required by law in many countries.

Privacy statement for websites must accurately reflect the site’s data collection and use:

• A company’s privacy policy is only as strong as the staff that implements it
• Your privacy statement should be clear, direct and easy to understand
• If you decide to modify how you use personal information, you must inform your users
• Keep technical jargon and legal terminology to a minimum

So what is a Privacy Policy and what are the legal requirements governing them? How do you go about writing a Privacy Policy? Let’s find out.

Also Read: Free Privacy Policy Compliance Review

7 easy steps on how to write a Privacy Statement for Websites to reflect data collection and use

1) Determine what types of information you collect from visitors to your website.  Is the information personally identifiable? For example, does your site collect:

• names
• identification numbers
• addresses
• phone numbers
• e-mail addresses
• IP addresses
• access dates and times

2) Why is this information collected? Is the data collection appropriate to the activity or transaction? If not, why do you collect it?

3) By what means is this information collected?

• cookies
• weblogs
• surveys
• web forms
• registration for an event or course
• newsletter sign-up
• when placing an order

4) What will this information be used for and who will have access to it?

• How long will the collected information be stored?
• Do you have the user’s consent to collect and use the information?
• Does the user have the option to prohibit such collection and use?
• Is the site hosted by an outside vendor? What will they do with the information?
• Does the site use any kind of analytics? If so, have you informed the user and provided directions to disable analytic tracking?

5) How will users be informed if your privacy policies change (including changes to how the information will be used)?

• Via email?
• Will you post a privacy statement modification date?

6) How can visitors with questions about your site’s privacy statement contact someone?

• Have you provided a webmaster contact address or telephone number?
• Have you provided the Business Contact Information of your Data Protection Officer?

7) How is user information protected?

• Computer safeguards?
• Secured files and physical access controls?
• If the site is not intended to handle confidential information,  have you informed users?
• Are there alternate ways for users to provide confidential information, such as via staff phone numbers?
• Is SSL activated?

Your website needs a privacy policy. Having one promotes user trust in your site and keeps you on the right side of stringent privacy regulations like the PDPA and GDPR.

Also Read: The impact of GDPR and PDPA in Singapore

Here’s a list of questions that can guide you when drafting your Privacy Statement for website:

• What kind of personal information do you collect?
• What kind of personal information is collected automatically, e.g. via the web server?
• What kind of third parties are collecting personal information from your users?
• How are you using that personal information?
• Do you send promotional emails/newsletters? If yes, can users opt-out? If so, how?

Save yourself the hefty fees of hiring an attorney for legal advice and document drafting, and contact Privacy Ninja for a FREE Privacy Policy review.

All we need is just your website privacy policy content and we will inform you if the current version is compliant to the Personal Data Protection Act (PDPA) requirements, and will send back a compliant draft to you within 48 hours totally free of charge.