In a word, yes.
But what does that really mean? Basically, if someone lands on your website, what data about that person will you receive, and how will you use it? You might be thinking, “I don’t receive anything!” But that probably isn’t the case. If you use Google Analytics, then you have access to a certain level of user data even if the person doesn’t purchase from you or submit any of your forms.
- Types of Information Collected: Explanation of the categories of personal information collected, such as name, email address, contact details, IP address, and any other data collected through forms, shopping carts, cookies or tracking technologies.
- Collection Methods: Description of how the website collects personal information, including information provided by users directly through forms, registrations, or subscriptions, as well as information collected automatically through cookies or other technologies.
- Purpose of Data Collection: Explanation of why the website collects personal information and the intended use of that information (e.g., providing services, personalization, analytics, marketing).
- Legal Basis: Identification of the legal basis for processing personal information (e.g., consent, legitimate interests, contractual necessity) in accordance with applicable data protection laws.
- Data Sharing: Disclosure of whether and how personal information is shared with third parties, such as service providers, advertising partners, or law enforcement agencies.
- User Choices and Controls: Information about the rights and choices available to users regarding their personal information, such as opting out of certain data collection or requesting access, correction, or deletion of their data.
- Security Measures: Explanation of the security measures implemented to protect the personal information from unauthorized access, loss, or misuse.
- Data Retention: Indication of how long personal information is retained and the criteria used to determine the retention period.
- International Data Transfers: Disclosure of whether personal information may be transferred to and processed in other countries, including any safeguards implemented to ensure an adequate level of data protection.
- Contact Information: Contact details of the website operator or data controller for users to reach out with questions, concerns, or data subject requests.
Who we are
Suggested text: Our website address is: http://yoursite.com.
Suggested text: When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
Suggested text: If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Suggested text: If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Suggested text: Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
Suggested text: If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
Suggested text: If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
Suggested text: If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where your data is sent
Suggested text: Visitor comments may be checked through an automated spam detection service.
… if you site uses Google Analytics
We use Google Analytics to understand how our website is used and to improve its content and user experience. Google Analytics may collect information such as your IP address, browser type, operating system, referring website, pages visited, and time spent on our website. This information is aggregated and anonymized before being used for analysis.
Please note that this is just an example disclaimer, and it’s important to review and customize it according to your specific use of Google Analytics and any applicable legal requirements in your jurisdiction. It is also a good practice to provide a link to the respective privacy policies of Google and Google Analytics, so users can access more detailed information directly from the source.
… if you site has a subscribe box
- Purpose of Subscription: Clearly explain the purpose of the subscription, such as receiving newsletters, updates, promotions, or other relevant communications from your website.
- Information Collected: Specify the types of personal information collected through the subscription box, which may include email addresses, names, or any other relevant details you collect from subscribers.
- Consent and Subscription Process: Describe how user consent is obtained during the subscription process. Explain whether it involves an explicit opt-in checkbox, confirmation email, or other consent mechanisms, and emphasize that users are voluntarily providing their information for the specified purpose.
- Use of Subscriber Information: Explain how the collected subscriber information will be used. For example, mention that the information will be used to send newsletters, updates, or promotional content related to your website’s offerings.
- Third-Party Service Providers: If you use third-party service providers to manage your subscriptions or send out communications (e.g., email marketing platforms like MailChimp, Active Campaign, etc.), disclose that the subscriber information may be shared with those service providers for the purpose of fulfilling the subscription.
- Data Retention: Indicate how long you will retain the subscriber information and the criteria used to determine the retention period. This can vary depending on the nature of your communications and applicable legal requirements.
- Subscriber Rights: Inform subscribers about their rights regarding their personal information, such as the right to access, correct, or delete their data. Explain how they can exercise these rights and provide contact information for making such requests.
- Unsubscribing/Opt-Out: Describe how subscribers can unsubscribe or opt-out from receiving further communications. Explain the process and provide clear instructions or a link to manage their subscription preferences.
- Security Measures: Briefly mention the security measures you have in place to protect the subscriber information from unauthorized access, loss, or misuse.
… if you site has E-Commerce
- Personal Information Collection: Clearly outline the types of personal information collected during the e-commerce process, such as name, address, email, phone number, payment details, and any other information necessary for order fulfillment.
- Purpose of Data Collection: Explain the purpose for which personal information is collected, such as processing orders, providing customer support, delivering products, facilitating payments, and complying with legal obligations.
- Payment Processing: If your website handles payment processing directly, describe how payment information is collected, stored, and transmitted securely. If you use third-party payment processors, provide information on the involvement of those processors and their privacy practices.
- Order Fulfillment and Shipping: Disclose how customer information is shared with third parties, such as shipping carriers, to fulfill and deliver orders. Clarify that the sharing of information is limited to what is necessary for order completion.
- User Accounts: If your website offers user accounts, explain the information collected during the account creation process and how that information is used to manage and personalize user accounts.
- Marketing and Communications: Describe whether and how you use customer information for marketing purposes, such as sending promotional emails or targeted advertising. Provide information on how users can opt out of such communications if applicable.
- Data Security Measures: Explain the security measures in place to protect customer information from unauthorized access, loss, or misuse. Detail encryption methods, data storage protocols, and any compliance certifications or industry standards you adhere to.
- Data Retention: Specify how long customer information is retained and the criteria used to determine the retention period. If there are legal requirements or obligations for data retention, mention them as well.
- Third-Party Services: If you use third-party services or integrations on your e-commerce website (e.g., live chat support, customer reviews), clarify how customer information is shared with those services and link to their respective privacy policies.
- User Rights: Inform users about their rights regarding their personal information, including the right to access, rectify, or delete their data. Explain how they can exercise these rights and provide contact information for making such requests.
… if you run Retargeting Ads
- Explanation of Retargeting: Provide a clear and concise explanation of what Google Retargeting ads are and how they work. Describe that these ads are displayed to users based on their previous interactions with your website.
- Types of Information Collected: Disclose the types of data collected by Google Retargeting ads. This may include information about users’ visits to your website, pages viewed, products or services of interest, and interactions with your site.
- Purpose of Data Collection: Clearly state the purpose of collecting this data, which is primarily to deliver targeted advertisements to users who have previously shown interest in your products or services.
- Third-Party Websites: If your website includes links to third-party websites or services that may also use retargeting or tracking technologies, clarify that you are not responsible for the privacy practices of those websites and encourage users to review their respective privacy policies.
Join our list!
Our blog, delivered to your inbox. Never miss a post!