top of page

Privacy Policies

  1. Notice - Your website's Privacy Policy must be posted in a conspicuous, easy-to-find location. The easiest way to achieve this is to post a link to your site's Privacy Policy on the home page. Additionally, the policy must be available for review by a visitor before he/she submits any type information on your website or any data is collected. The policy must also state in relatively easy-to-understand language what types of data or information your site collects. The Privacy Policy must also explain the consequences, if any, when a user or visitor refuses to provide data or information on the website. The Privacy Policy must also identify the effective date for current or proposed revisions.

  2. Disclosure - The Privacy Policy must list all sites, companies and organizations that will collect or receive the data or information. In the policy, you must list the legal name of the entities, their addresses and contact information. This applies to any third party companies to which the data or information may be transferred, sold or otherwise disseminated. If data or information will be kept offsite with a third party, the name and contact information of the outside party must be included as well.

  3. Purpose - Your site Privacy Policy must also explain in detail why you collect certain data and how it is used. The policy must disclose all applicable reasons and purposes for the required data with regard to the user visiting or using the website. Data must not be used for purposes or reasons other than those defined in the Privacy Policy.

  4. Consent - The Privacy Policy must contain language that ensures visitors that their data or information will not be used, sold, transferred or otherwise disclosed without their prior consent. Users or visitors must also be able to opt-out or discontinue use of the website and revoke consent for the use or dissemination of data or identifiable information. The Policy must also describe the steps needed for users to opt-out or provide a link to a third-party site that allows them do so.

  5. Security - A Privacy Policy must address data-security concerns of users or visitor of the website. The policy must include language that expresses the site's commitment to safeguarding data and explain the steps used to ensure identifiable data or information is safeguarded at all times. If the site discloses identifiable data or information to third parties, the Privacy Policy must also address how such parties handle, store and maintain such data. The Privacy Policy should also include language that stresses the fact that the site or organization makes third parties aware of their security concerns and makes all reasonable attempts to ensure they follow proper security practices as outlined in the Privacy Policy.

  6. Access - Your website's Privacy Policy must include language that ensures site members, users or visitors access to their data and online information. The policy must also spell out steps the user can take to change or edit or their information as needed, or delete or remove information if they choose to do so.

  7. Accountability - The Privacy Policy must include information that informs users or visitors of the steps they can take to correct inaccuracies in their personal information. Furthermore, the policy should list contact details of the organization or person responsible for providing oversight for the policy and its strict implementation. For instance, if your site is a member of an online privacy alliance or group that monitors compliance, the policy should state as much and provide contact details for the organization. If your site uses an in-house staff member for such tasks (not really recommended, as third-party enforcement programs are more trusted and respected,) you must list the name, email address, phone number and address of the individual.

Cookie Policies

With only a few exceptions, there aren't any specific requirements for cookie policies in jurisdictions other than the European Union. Nevertheless, with hundreds of millions of active Internet users living within the borders of the EU, it's hard to imagine many sites that won't receive a few visitors from the region. Consequently, posting a comprehensive cookie policy on your website will help you avoid legal hassles, possible site shutdowns or other issues because of the laws in Europe. Besides, posting a cookie policy makes your site more trustworthy and provides transparency for users. To make sure your policy meets the legal requirements set forth by the EU, it must contain the following sections:

  1. Consent - First and foremost, you must obtain the consent of a visitor or user before placing any type of cookie or data-tracking file on his/her computer. This can be achieved with a pop-up the first time a user visits your site, having your visitors accept a user agreement or allowing them to configure settings for cookies on initial visits. Regardless of the way you receive consent for cookies on your site, though, it must be done before your server or site places the files on the users' computers. Additionally, the method used to acquire consent from your users must include a link to the Cookie Policy for your website. Finally, if your site uses third-party cookies or trackers, you must receive consent for those types as well.

  2. Disclosure - In your site's Cookie Policy, you must disclose the types of cookies or data trackers placed on users' computers by your website, server or other third parties. In the disclosure, you must identify the cookies or data trackers, explain their purposes and detail the type of data retrieved from the cookies or data trackers. The disclosure must be in easy-to-understand language and be thorough enough that even lay or everyday users can understand the purpose and use of the cookies or data trackers. The Cookie Policy must also list all sites, companies and organizations that will collect or receive data retrieved from cookies or data trackers. In the policy, you must list the legal name of the entities, their addresses and contact information. This applies to any third party companies to which the data or information may be transferred, sold or otherwise disseminated. If cookie or tracker data will be kept offsite with a third party, the name and contact information of the outside party must be included as well.

  3. Opting Out - The Cookie Policy must also include instructions that inform users how to opt-out of cookie or data tracking on your website. You may include language that informs users that using the site may be difficult or impossible if they choose not to enable cookies or data trackers on your site. Nevertheless, the Policy must include instructions on how to disable cookies or data trackers if users or visitors choose to do so.

Concerns Regarding Children

Although the United States does not have any strict Federal laws regarding online privacy for adults, legislation for children is a different thing altogether. Introduced in October 1998, and revised several times since, the Children's Online Privacy Protection Act (COPPA) is a law designed to protect the privacy of children under 13 years of age. Consequently, if you operate or own a website designed for or directed toward young children, your site's Privacy Policy must contain additional information to satisfy the requirements for complying with COPPA.

If your site allows visitors younger than the age of 13, and collects data or information from them, the Privacy Policy must include the following elements.

  1. The type of information or data collected from children, whether it be from your server or website directly or from other third parties;

  2. The name, address, email address and telephone number of any and all operators or organizations collecting or maintaining information or data on or from the website;

  3. A description of whether the website allows children to decide if information is made public or accessible by others;

  4. How the website or organization uses any data or information collected from children;

  5. Instructions on how parents can view, edit or delete any information shared on the website by their children.

As you can see, requirements under COPPA are fairly strict and straightforward. In many cases, you can prevent hassles due to COPPA violations by simply refusing access to children under the age of 13, unless you have a good reason to do otherwise. While the above law applies primarily to children in the United States, other countries have passed similar legislation as well. Therefore, if you plan to direct content toward young children, it is wise to find out what the privacy laws are in your area regarding children users and visitors.

How We Can Help

If after reading the above, you think that crafting and implementing, legal, effective Cookie and Privacy Policies is difficult and requires a lot of work- you're right it is and it does. Writing legal and acceptable policies requires a lot of planning, research and attention to detail. Consequently, using online templates or auto-generated policies often create more problems than they solve. Each policy will differ from site to site depending on the location of the organization, the location of Web servers and the types of information, products or services the site provides. To think that there is a one-size-fits-all solution for Cookie and Privacy Policies is not only naive but legally reckless as well. Not paying close attention to the language and detail included in policies can leave you and your organization open to possible fines, penalties or even criminal liability.

Here at AllAboutCookies.Org, we understand the ins and outs of cookie and privacy legislation and can help you create comprehensive, yet easy to understand, policies for your website. Before crafting your individual policies, we will conduct audits of your site and existing policies, and then let you know how we can help you go about making the needed changes - so, that you comply with all applicable laws. After auditing your site and receiving your approval, we will commence to crafting privacy documents that will help you avoid any potential legal problems.

If you have questions about our privacy policy development services, please don't hesitate to contact us for a no-obligation consultation. We are here to help you with your policy needs and look forward to hearing from you soon regarding our comprehensive and cost-effective policy writing services.

bottom of page