A privacy policy is a publicly available document that explains how a business collects, shares, and manages personal data.
Privacy policies should list what personally identifiable information it gathers (like names, email addresses, phone numbers, physical addresses, birth dates, financial data, etc.) and why it is collected. Privacy policies should also explain if the business’s website uses cookies, collects tracking data, and shares or sells any information with other entities.
Article 12 of the GDPR states that you need to deliver this information to clients in a way that is:
-
Concise, transparent, intelligible and easily accessible;
-
In clear and plain language; and
-
Free of charge.
Each business collects and handles customer, client, and employee data in a different way, so there’s no one-size-fits-all privacy policy. When writing your own privacy policy, you need to consider your business’s unique data collection and management strategy to write a policy that works for your business.