The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. Although the GDPR requires many individuals to have a privacy policy there are many other instances which legally require one.
What is a Privacy Policy?
A Privacy Policy is a document that states how your business will deal with the personal information it collects. The policy covers how personal information is collected and what the personal information is used for. It also explains how the personal information is stored and managed.
When does the law require I have a Privacy Policy?
You must use a Privacy Policy if your business or company collects personal information online or directly from your customers. This includes
- Email addresses
- Physical addresses
- Telephone numbers
- Credit card numbers, etc.
Australian privacy legislation now requires websites to post a privacy statement if they collect any customer or website visitor information. So even if you have a basic contact form on your website this is necessary.
Where does you policy go?
For websites having links to your privacy notice and terms & conditions has become standard. Following this standard will make it easy for customers to find your privacy notice and remain compliant under Australian privacy law.
It is also very common to include your policy or a link to it in any email marketing with opt in features. This is to ensure that when customers are giving you private information they understand how you will use it.
Why should I have a policy?
- Requirement under law. As we have discovered above, if you collect any sort of private information, even an email address than you are required to have one.
- Google favours websites with Privacy Policies. Google checks your website to see if you have a policy. If you do not, google search results when penalise your website.
- Helps your visitors trust you. Particularly in this age of data privacy and security having this policy will substantially aid your credibility with your site visitors.
Conclusion
Ultimately a Privacy Policy is necessary for any company receiving or managing personal information. For large businesses, it is also a requirement. Subsequently, if you fall within this criteria, it is important to create this policy. However, if you’re still unsure you should contact a general commercial lawyer.