Get Seasoned.
Get Seen.
What is an ecommerce privacy policy?
Why generate an eCommerce privacy policy?
Writing and implementing a privacy policy is no easy task, but the tips below will help you understand exactly what an eCommerce privacy policy is, why you need one, what your
privacy policy should include, what data to collect, and how to comply with international guidelines.
The words “privacy policy” probably bring up images of grayed-out, minuscule links at the bottom of a website. The truth is: the privacy policy is a legal document that’s crucial for any website, although probably ignored by most site visitors. Also known as a “privacy statement”or “privacy declaration,” a privacy policy is a statement explaining how the personal, and often sensitive, customer information will be collected, handled, stored, shared, and protected through interacting with a company's website.
The privacy policy is not just important for websites, it's especially important for an eCommerce store. The privacy policy reassures customers that their private data will be protected, but also helps your business meet regulatory requirements.
Since the privacy policy is a legal document, it can be difficult to understand. As a restaurant, business, or retailer, it can be confusing to write by yourself. First, you need to determine how your business will treat customer data. Second, you will make sure that your policy states how you will manage the data, and that your policy is in line with government regulations. Third, you will need to communicate your policy clearly and transparently to your customers in a way they understand.
Why create a privacy policy?
Before we cover how to craft a privacy policy, we'll first cover why you need one. Here are the top reasons why you need a privacy policy for eCommerce businesses.
#1 - It gives you legal protection
A privacy policy serves as protection from potential lawsuits from customers as well as other businesses. If your e-commerce site is sued, you can document that you have set in place a publicly stated privacy policy that clearly declares what you do with the sensitive customer information collected.
In addition, you need a privacy policy to use certain apps or services. Not only is a privacy policy critical to ensuring that you gain customer trust and that legal requirements are met, but many third-party apps and services also require it, such as Google.
In order to access certain services and tools like AdSense, Google Analytics, etc., Google requires that you have an up-to-date, comprehensive privacy policy in place on your website.
According to the Google Analytics terms of use:
“You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect traffic data, and You must not circumvent any privacy features (e.g., an opt-out) that are part of the Service.”
#2 - It builds trust with customers
As an e-commerce store, you will undoubtedly be collecting personal information from customers and visitors to your site such as name, age, address, email and credit card details. For obvious reasons, many will want to know that this information is in safe hands, so an accessible privacy policy on the website will demonstrate your commitment to security while helping to build confidence in your website and business.
#3 - It’s required by law
First and foremost, a privacy policy is legally required by law in the United States, Canada, the European Union, Australia, and other jurisdictions around the world — which is further explained below. All of that data is personal data, and should be disclosed in your e-commerce store privacy policy. In addition, e-commerce store owners need to both limit their risk as well as manage the expectations of their customers to avoid any misunderstandings.
#4 - What your privacy policy should include
When deciding what to include, start by making a list. While this will be individual to each merchant, there are general guidelines that every policy should follow, most of which are required by law.
The details of your policy will depend on things like the way you advertise, the products you sell, who your customers are, how you collect payment information, and how payment processors and other third parties are involved with your site and your data.
For example, Gap.com’s checkout page requires unregistered “guest” shoppers to enter just an email address, but when they get to the checkout page, it requires they disclose a great deal of personally identifiable information.
What to include in your privacy policy?
An effective privacy policy will clearly identify the types of data collected through your store, how and why it’s collected, and how it’s recorded, stored and deleted. Other unique factors relating to your e-commerce store also determine specific privacy protections needed for your policy.
1. Cookie policies
If data may be left on a user’s computer, this should be specified. An example includes cookies, which are often used to track the viewing habits of visitors, making it easier for returning customers to log in and remembers what products were added to the shopping cart. If you offer an opt-out from cookies, inform customers of this feature and the possible impacts for selecting this option.
2. Type of information collected
Specify the types of information collected from site visitors and customers. It is also important to share why you’re collecting that data and how users’ information is being used. For example, if you’re collecting email addresses, your privacy policy should explicitly mention that email addresses are required for communication purposes.
3. Users’ ability to view or modify personal information
Your privacy policy should contain a section detailing how customers can review the information a website has collected from them, as well as how they are able to change or delete that information. It should give consumers a chance to change, edit, or delete their own personal data, as well as the choice to opt out of sharing their data with you.
4. Circumstances when data may be released
On certain occasions, you may have to comply with lawful requests to hand over user data. Your privacy policy must address types of situations where customer data may be released.
Example: Walmart's privacy policy communicates that they may share users’ personal information in special circumstances, and lists some examples of situations in which they may share user data.
5. Who to contact regarding privacy concerns
Your policy should provide contact information for the people responsible for upholding your privacy procedures. Consider creating a unique email address for this purpose.
6. The policy’s effective date and most recent update
Be sure to keep your privacy policy updated. Log any changes that you’ve made and always display when the last update took place.
7. How, if any, of the collected information, is shared or sold
If user data is sold or shared to third parties, your privacy policy should include an opt-out option for those customers who don’t want their information disclosed to others.
Also, if you allow third parties to monitor the activities of your customers — for example, Google Analytics, AdSense, AdRoll, YouTube — your privacy policy has to include a clause that identifies those third parties and how they collect and use your customers’ data.
8. Describe a “Business Transfer” clause
Include a section detailing what will occur if you sell or merge your business with another company. Known as a “Business Transfer” provision. This clause should discuss what would take place if the ownership of the business changes, and the steps that your company will take to transfer the ownership of user data.
9. List any age requirements
If you’re selling adult or sensitive products, you may need to have a clause specifying the minimum age gropu for users to view your website.
How to create your privacy policy:
Once you’ve created a list of what you will include in your privacy policy, it’s time to create it. There are a couple of options when it comes to the actual creation of the policy, including:
1) Use an online privacy policy generator
There are a variety of online options to generate a policy for your specific needs. However, you must be certain that the services offered provide custom options backed by verifiable legal expertise. For a flat fee, a LegalZoom Business Legal Plan lawyer will draft your documents for you. Pricing starts at $399 for basic information for websites. E-commerce website privacy policies can cost more.
Example:
A great example of privacy policy generator is from TermsFeed. All you need to do is start the generator tool, enter the information about your website and app, then answer a few questions about your business. The Privacy Policy Generator creates a custom document that you can download as both as HTML or text files.
2) Hire a lawyer
If you have the budget, hire a legal expert or lawyer to help draft your privacy policy. Make sure the lawyer is experienced in international data protection law and check that they’re up-to-date with the legal requirements for your business.
If you’re on a tight budget, consider using a service such as LegalZoom, which enables you to schedule a consultation with an attorney.
3) DIY template
Most countries have privacy legislation that require businesses to have a privacy policy in place, but some have stricter rules than others. While the laws vary, one thing is consistent: if you operate a website anywhere in the world, a privacy policy that adheres to the laws in the regions where you operate and where your website users live, is essential.
Other Resources: TermsFeed provides a downloadable PDF file or MS Word, Google document.
Four e-commerce privacy policy best practices:
Aside from having relevant and accurate information in your privacy policy, presenting your policies clearly to allow customers to easily review is also important. Here are 4 best practice tips to consider when writing your privacy policy:
Best Practice #1 - Keep it updated
As consumer privacy and protection laws change, your policies should evolve as well. Set up a process to review your policy each year and when new laws are enacted. It will be important to state when your policy was last updated.
Best Practice #2 - Keep it simple
A privacy policy should be written in straightforward language and be simply presented. Consider Nordstrom Rack’s privacy policy, which uses plain language when explaining its terms. The page contains jump links to quickly navigate to various sections of the document they are interested in reviewing.
Best Practice #3 - Make your privacy policy easy to find
Ensure visitors can easily locate your privacy policy no matter where they are on your site. Follow the common practice of adding a privacy policy link in the footer of your site, so that it’s visible from any page.
Best Practice #4 - The bottom line
A privacy policy is a critical part of any website’s legal framework and should be made a top priority. Not only should it be written clearly, compliant, easily accessible, it is meant to protect your business from misunderstandings and potential lawsuits. The privacy policy also acts as an effective means of communication to customers regarding the sensitive data you collect. Open communication helps build trust with your customers and visitors to your site.
About Salt Creative:
Salt Creative is a full-scale web design agency offering modern, mobile-optimized websites, a wide range of marketing and graphic design services for businesses of all types and sizes. Whether a well-seasoned, established business in Boise, and in need of a website overhaul, adding eCommerce solutions, upgrading for mobile, or starting something new, we can help with affordable solutions. Our Boise web design team develops great-looking websites to establish an effective online presence.
Get My FREE Proposal!