Creating a website is not easy at all: apart from the visual appearance and usability, website operators face another hurdle in the form of legal requirements that have to be overcome. In particular, creating and integrating a legally compliant privacy policy is a real nightmare for many website operators.
In this article we explain to you what is meant by a privacy policy, when and where you need one, how it should be structured in terms of content, whether a privacy generator is a perfect solution and much more!
What is a privacy policy and do you need one?
Let’s start with the definition of the term “privacy policy”. A privacy policy on the internet is always necessary when personal data is collected and used.
A privacy policy is responsible for fully informing the e.g. website visitor about the processing of personal data. Important components here are: Type, scope, purpose as well as the transfer of data to third parties (within and outside the European Economic Area (EEA)). This enables the website visitor to understand what is to happen with personal data in order to weigh up whether he or she wants this to happen.
What is the point of all this? Quite simply: to protect privacy.
In which legal area is a privacy policy required?
In Germany, the existence of a privacy policy has been legally binding for some time. With the coming into force of the new General Data Protection Regulation on 18 May 2018, this regulation also applies throughout the EU.
If you don’t have one or don’t set it up correctly, you could face high warning costs or fines.
Additionally, if your website processes data of persons living in California, CalOPPA also applies. The purpose of the California Online Privacy Protection Act (CalOPPA) is to protect the privacy rights and personal information of California residents. According to the CalOPPA, all information that a website operator collects about consumers must be listed in the privacy policy.
A third aspect you may need to consider is the United States’ Children’s Online Privacy Protection Rule (COPPA). According to this rule, website operators and online service providers must comply with certain requirements if they target and collect personal data from children under the age of 13 in the U.S.
Who needs a privacy policy?
From the previous section, it can be concluded that a privacy policy is mandatory for providers of an (online) service as soon as personal data are collected, processed or used. Currently – at the time of writing – this provision applies within the European Economic Area.
Regardless of whether you are the operator of an online shop, photographer, small business, association, real estate agent or craftsman: a legally compliant privacy policy is obligatory if the above-mentioned requirements apply.
💡 Did you know that a privacy policy is not only required on the World Wide Web?
Perhaps you have already noticed it: When you visit the doctor before your examination, you are given a clipboard with a multi-page consent form for the transfer of personal data to sign – in other words, the analogue version of an online privacy policy.
Since personal data is also collected and processed here, explaining and obtaining consent is essential.
What must be included in the GDPR-compliant privacy policy of my website?
The question that causes headaches for many website operators. The exact content and wording of a privacy policy always depends on the individual case: for example, an online shop needs a different privacy policy than an online forum, because different data is processed for different purposes. But the requirements for the privacy policy also differ within business areas.
In the following, we list some aspects that we consider necessary. But as just mentioned, the concrete content always depends on the individual case.
- Name of the person responsible (owner of the website)
- Contact data of the responsible person (owner of the website)
- Name and contact details of the data protection representative (e.g. e-mail address, telephone)
- General information on data protection e.g. legal basis of data processing (keywords: legitimate interest or consent)
- Data security measures taken
- Transmission of data to third parties (e.g. newsletter provider)
- Reference to data processing in third countries (e.g. USA as a data protection-unsafe country)
- Name of the recipient of the data
- Duration of the storage of the data
- Information about the right to obtain information
- Reference to storage, transfer and deletion of data
- Information about the right of revocation
- Reference to a right of appeal
- Information on (analysis) software used
- Note on online marketing tracking procedures (retargeting)
- Cookie notice
- Change and update of the privacy policy
Difficulties in creating a privacy policy
When generating a privacy policy, there are, as you have probably already noticed, many barriers. We will explain the three main difficulties:
Correct content
The biggest difficulty is probably knowing what exactly needs to be included in a privacy policy. Unfortunately, there is no magic formula for this, because the content depends on the individual case. We have listed some important points in the previous section.
Understandability
As a general rule, a privacy policy must inform your visitor transparently about the collection of data. Therefore, you should write it in a way that is easy to understand, without a lot of legal jargon – or at least explain such terms at the same time. However, it is at least as important to use the correct wording.
Accessibility
Your website visitor must always be able to access your privacy policy. In many cases, however, this is not the case because the privacy policy is hidden by a cookie banner, for example. We explain other typical sources of error in a cookie banner in our article Avoid 15 common errors in your cookie banner!
As a general rule, the privacy policy must be easily accessible on your website at any time with a maximum of two clicks and the wording of the link must make it clear that your privacy policy is hidden behind it.
A cookie policy differs significantly from a privacy policy. As the name suggests, a cookie policy deals with the topic of cookies. In a cookie policy – also known as a cookie guideline – the user is informed about the cookies and cookie-like data used.
Almost all information that is addressed in the privacy policy (e.g. contact details of the data protection representative) does not appear in the cookie policy. Both legally relevant pages should always be accessible. It is therefore a good idea to link them directly in your cookie banner. Alternatively, you can also break down your cookie policy directly in the cookie banner.
Privacy Generator as the ideal solution for your privacy policy?
Creating a correct privacy policy is anything but easy. Numerous legal, barely comprehensible paragraphs with even more incomprehensible sub-paragraphs have to be sifted through, understood and correctly applied. As a layman, you usually don’t stand a chance.
This is where so-called privacy policy generators come into play. They are considered to be the best and cheapest to free alternative to professional legal advice. Using a modular system, you can create a privacy policy tailored to your case in just a few steps.
In the following we will take a closer look at popular privacy policy generators💡
It is important to note that we do not list all the advantages and disadvantages of the selected generators, otherwise you would have to read a whole novel. 😉
source: termsfeed.com
TermsFeed
Termsfeed is one of the best known and most popular privacy policy generators. You can choose between a privacy policy for a website or an app.
Advantages:
One advantage is the choice of different generators. For example, you can choose between a privacy policy generator, terms & conditions generator and a disclaimer generator. In addition, TermsFeed covers all important standard clauses and is very beginner-friendly.You can also constantly update the document you create (in case your services change). Basically, all policies with basic functions are free of charge. For better protection, TermsFeed offers a one-off payment. This is where the provider differs from many other competitors.
Disadvantages:
Like many other free privacy policy generators, the TermsFeed generator does not provide comprehensive protection in the free version. Moreover, it is comparatively a bit costly.
source: datenschutz-generator.de
Datenschutz-Generator by Dr. Schwenke
The privacy policy generator by Dr. Thomas Schwenke is also one of the most popular privacy policy generators in German-speaking countries. Here, too, a distinction is made between a free basic version and a premium version for which a fee is charged.
Advantages:
One advantage that is already apparent on the homepage is the selection of generators. Contrary to what the name of the website suggests, Dr. Schwenke also offers, for example, generators for the imprint, the creation of terms of participation, home office matters and revocation instructions. In most cases, a privacy policy generator provider offers either the generation of a privacy policy only or the generation of a privacy policy and an imprint.
Theoretically, it is also possible to create an English privacy policy – but only in the paid version.
A short memory feature has also been built in, which ensures that the creation you have started can be continued at a later time. That is practical!
In addition, a privacy policy created for a fee may continue to be used even after the licence has expired.
The type of document created (e.g. HTML format or text format) can already be selected before the privacy policy is created. Here, too, the user is guided through various sub-topics and questions to finally obtain a privacy policy. Facts are explained and presented in a tangible way with illustrations.
Disadvantages:
Not all features, such as the availability of the document in English and selection options when creating the privacy policy, are included in the basic version. All generated texts may only be used free of charge by private individuals and small businesses with an annual turnover of up to 5,000 euros. However, this is also understandable here because as already explained in the previous example, there is a lot of work behind the creation and maintenance of a legally compliant privacy policy generator.
source: iubenda.com
Iubenda.com
Iubenda is often praised to the skies in terms of its privacy policy, so this provider should definitely not be left out of the comparison.
Advantages:
Iubenda offers a beginner-friendly step-by-step explanation, detailed explanations are provided in separate articles. Moreover, the provider presents itself as a high-end solution and offers, among other things, 1600+ clauses and more than 9 languages.
Disadvantages:
Iubenda also offers a free version with limited features. Unlike other providers, you have to create an account or log in to your account to create a privacy policy. “Quality Has Its Price” is definitely true in the case of Iubenda. The free version does not cover many use cases. However, the paid version offers a high level of quality. Therefore, this provider is not primarily suitable for small start-ups.
Conclusion
All in all, a privacy policy generator is a quick and easy solution for creating a privacy policy and integrating it into your own website. As a privacy policy newbie, you are taken by the hand and guided step by step through the jungle of legal issues. The result is either a sample privacy policy that can be individually adapted or a template that is already tailored to the individual case as far as possible. A privacy policy generator is therefore a beginner-friendly and, compared to legal advice, inexpensive way to create a privacy policy.
Attention: We cannot evaluate the correctness of the content, as we are not allowed to give legal advice. To be on the safe side, you should have your privacy policy checked by a professional lawyer in any case.
Don’t panic, ask a lawyer!
Even if good advice is expensive: In case of doubt, a lawyer should always have the last word – at least when it comes to your privacy policy 😉 A lawyer will not only create a template for your privacy policy, but can also answer general questions about data protection, the General Data Protection Regulation and the ePrivacy Directive.
If you want to get professional help, the costs range from about €500 to €15,000, depending on the effort involved.
How often should I renew my privacy policy?
How long is a privacy policy valid? That depends on the law. It is quite possible that you will have to renew your privacy policy. Therefore, you should regularly inform yourself about new regulations in the area of data protection and adapt your privacy policy accordingly – if necessary.
What else do I need on my website apart from a privacy policy?
In addition to a privacy policy, there is other legally relevant information that you must embed in your website:
Imprint
Including an imprint on your website is not mandatory in all countries – in the Federal Republic of Germany it usually is.
What is an imprint?
Every person who uses telemedia – whether commercially or editorially – must use an imprint on the website. It must contain information on the provider identification in the sense of the respective applicable law.
The setting of cookies and the processing of personal data may only take place after the informed and activated consent of the user (C-673/17) – also called opt-in procedure. The easiest way to manage cookie consent is with the help of a cookie banner.
But here, too, the correct set-up is quite a challenge. It starts with finding the cookies used and continues through to the correct integration of the cookies in the cookie banner.
Real Cookie Banner, our cookie plugin for WordPress, helps you a lot with this task. The integrated scanner feature and numerous design and service templates take a lot of work off your hands.
Set up your cookie banner in compliance with the GDPR and ePrivacy Directive and quickly and comfortably!