How to write a privacy policy for an online store

The mere phrase "Privacy Policy" is boring, makes you want to yawn and switch to something more interesting, but for the owner of an online store, this paragraph will help get rid of litigation and fines. Therefore, no matter how boring it is, every entrepreneur who operates in e-commerce should consider this issue.

What is the GDPR (General Data Protection Regulation). Privacy policy

In May 2018, the European Union adopted the General Data Protection Regulation (GDPR), which applies to all web resources operating in the EU. Also, all sites that collect and process information from citizens of the European Union countries fall under the regulation. According to the GDPR, a Privacy Policy must be posted on the site, and all users must be notified that the collection and processing of personal data are being carried out on the web resource.

The Privacy Policy is a public agreement that notifies a web resource about the collection and processing of user personal data. In turn, the user must read the privacy policy and consent to the collection and processing of data. The Privacy Policy within our country is essentially in compliance with the Law of Ukraine "On the Protection of Personal Data", as well as legal protection of the web resource itself.

GDPR Compliance is the very regulation that spells out the basic requirements for the protection of personal data. The official site where all the information is presented is https://gdpr.eu/. For information in Russian, you can also go to the Microsoft website https://docs.microsoft.com/ru-ru/compliance/regulatory/gdpr.

Why Privacy Policy is Important for Online Stores

The Privacy Policy is especially important for an online store because when making a purchase, the user transmits data such as a phone number, name, surname, delivery address, email address. Artificial intelligence collects data such as IP address, geolocation, time spent on the site, etc.

The terms of the Privacy Policy should be displayed on the site already upon the first visit of the user. In the interface, it usually looks like a small pop-up window with brief information and the ability to check the box next to the item "I agree to the Terms of the Privacy Policy".

To display the full information of the Privacy Policy, a separate page is created on the site. You can usually go to it from the footer (basement) of the site. This is done so that the user, being on any page, can go to the Privacy Policy page and read the terms. For some areas of activity, such as health and finance, a more detailed and personalized Privacy Policy (hereinafter PC) should be drawn up. If the user does not consent, the collection and processing of data should not be carried out.

Privacy policy in Ukraine

Do sites operating within Ukraine need a Privacy Policy? - Yes, since your website can be visited by users who are EU citizens, which means that you automatically fall under the GDPR.

How to correctly draw up a Privacy Policy for online stores operating in Ukraine

Here are some general guidelines for how a Privacy Policy should be written:

1. The GDPR requires that all information be provided in a language that is understandable to the user, without the use of complex legal terms.

2. It is necessary to display a detailed description of the process of collecting and processing data.

3. Provide information about what role you are performing - controller or handler. It is also necessary to indicate who collects the data and who processes it - the name, contact details, and location of the individual or the legal data of the company. The contact information of third parties to whom the user's data is transferred (for example, a marketer or targeting specialist) should also be indicated.

4. For what purpose the data is collected and how it will be used

5. Period of storage of user data (after the expiration of the period, user data must be deleted).

6. A separate item should contain information on the use of user data by artificial intelligence.

7. The PC should describe how the user can access his data to edit or delete them. When the user changes or deletes data, the information in the sources to which it was transferred must also be changed or deleted.

8. For each user action (registration on the site, subscribing to an e-mail newsletter, placing an order, applying, filling out a feedback form), separate information must be provided, where specific data can be used.

9. In case of information leakage, all users should be notified

10. At what level is the protection and storage of the user's data ensured?

11. Updates to the Privacy Policy

12. Information about what will happen to the user's data in the event of the closure or bankruptcy of the online store, as well as in the event of its transfer or sale to another company.

An approximate outline of the content of the Privacy Policy of the online store

1. Definition of terms

2. General provisions

3. Subject of the privacy policy

4. Purpose of collecting personal information of the user

5. Methods and terms of processing personal information

6. Obligations of the parties

7. Responsibilities of the parties

8. Dispute Resolution

9. Additional information

Online stores are the most complex web resources in terms of structure and functionality, which are interested in maximum interaction with the user, which means that the package of documents should be more voluminous than, for example, a website with a user's account. So for example, in addition to the Privacy Policy, the owner of an online store must also have:

• Public offer
• Terms of use
• Terms of return of goods
• Terms of refund

You can also add documents that confirm ownership of the logo and corporate style of the company, for all photos, videos, text content, illustrations. If your materials are used on other resources, you can request that they be removed. And in case of non-fulfillment of the requirements - to resolve the issues through the court. Disclaimer, the materials must be truly copyrighted, to prove this you must have all the source materials on hand (designer's layouts, files with texts, etc.).

In general, to draw up a legally correct Privacy Policy, especially a large online store will need the help of lawyers. You will also need legal assistance if you sell goods not only to EU citizens but also to citizens of the United States of America since some states (for example, California, Massachusetts, Nevada) have separate regulations. Today, more and more law firms offer services called GDPR compliance for business.

Final thoughts

At the initial stage of opening an online store, you can also use the online Privacy Policy generator. There are many resources where you can do this for free by simply filling out a questionnaire. You can also spy on a competitor's PC or just download a ready-made template, but if you plan to expand or the products you sell are specific, drawing up an individual PC by a qualified specialist will become a reliable legal protection for your business. We also recommend reading the article "How to design the main sections of the site".