To comply with the law, every website owner should create a user policy. If you haven’t written your policy statements yet, you should do it right now. 

Your main task here is to inform your website visitors about how you are going to use their data and for what purposes. Today, we will explain to you how to do it the right way and provide you with examples. 

Let’s get started.

Check official requirements 

Before you start writing user policy for your website, visit, and read official data privacy requirements. It will help you to understand what specific information you should include in your policy and why.

Write your user policy from scratch

Some website owners wrongly believe that since most of the websites collect and process users’ data in the same way, they are allowed to copy someone else’s privacy policy and use it as their own. But the truth is that if you don’t want to get penalized by GDPR, you should write your statements from scratch.

Your website differs from other websites this way or another. And you should reflect those differences in your user policy. If you can’t do it by yourself, you can get help from writing companies or freelance experts.

Be specific 

Your task is to explain to your website visitors how exactly you will use their data. You can’t include in your policy generalized statements like “We will use your personal data for new product development” or “We will retain your personal data to provide you with personalized shopping experience.”

Be specific and provide users with more details. Here is an example of a well-written statement:

 “We will retain your browsing history and use details of the products you have previously added to your shopping cart (sizes, colors, etc.)  to make relevant suggestions to you for other products and smooth your shopping experience.”

Be concise 

GDPR requires you to provide users with a privacy notice in a “concise, transparent, intelligible, and easily accessible form.” So when you are writing your statements, try to be as concise as possible. Try to articulate your ideas clearly and keep the text of your privacy policy short.

All we know is that users rarely read the policies. And if the text of your policy is too long, people will unlikely want to read it. So try to avoid wordiness and use simple words and phrases instead of sophisticated ones.

Use plain English

Your website visitors come from different countries. Naturally, you should understand that many of them are not-English native speakers. To make your privacy notice accessible to every user, you should write everything in plain English. 

If you stuck in writing easy-to-read language, a paraphrasing tool may become useful. Paraphrasing tool will replace most of the complex words into simple words though increasing the readability as well as uniqueness of the writing.

Imagine like you are trying to explain how your website collects and uses personal user information to a 12 years old child. Describe the process in simple words. Don’t use professional jargon. 

Read user policies written by your competitors

If you don’t know what to write in your user policy and want to see a few examples, visit your competitors’ websites and check their policies. It will give you an idea of what you should and shouldn’t include in your privacy policy. 

Well, you can’t copy-past statements written by your competitors. But at least you can use them to find some inspiration.

Proofread it

User policy is an important legal document, and it must be perfect in terms of grammar. So once you finalize your user policy, you should read the text aloud and check it for mistakes.

After that, you should proofread the document using tools like Grammarly. Or, if you don’t trust AI-powered grammar checkers, you can visit GetGoodGrade and get help from proofreading and editing experts.

If you are not an English native speaker, you should take proofreading even more seriously. You should ensure that the text of your privacy policy is free from stylistic errors and incorrectly translated words. You can hire an editor who is an English native speaker to fix your mistakes and polish your writing.

Create a clear structure

Your user policy should have a clear structure. It should provide answers to the following questions in such order: 

  • What data do you collect?
  • How do you collect users’ data?
  • How will you use users’ data?
  • How do you store the collected data?
  • For what marketing purposes do you use collected data?
  • What are your users’ data protection rights?
  • How do you use cookies?
  • What types of cookies do you use?
  • How can users manage their cookies?
  • When did you update your policy last time?
  • How can users contact you?
  • How can users contact the appropriate authorities?

Photo by Christin Hume on Unsplash 

The key elements of GDPR-friendly user policy

Now let’s consider the key aspects of user policy in more detail and explain what you should write in each section.

What data do you collect?

It’s a simple question, and you should provide a simple answer. List all personal identification information you are using, including the user’s name, email address, phone number, and any other data you collect.

How do you collect users’ data?

In what ways do you get users’ data? Make a list of all the tools/ways you are using. For instance, you can write the following:

We collect your data in the following ways:

  • When you enter your details to sign up or place an order
  • When you voluntarily agree to complete a customer survey or provide feedback about our product 
  • When you start a conversation with a chatbot
  • When you browse our website, we collect your data via your browser’s cookies.

How will you use users’ data?

In this section, you should explain to the users how exactly you will use their personal data. Here is an example.

We collect your data in order to:

  • Process your order and manage your account.
  • Inform you about sales and new product releases via emails.
  • Invite you to participate in our loyalty programs and giveaways.

In case if you share users’ data with third parties, you must mention that in this section.

If you agree to our policies, we will share your data with our partner companies ABC and XYZ, so that they may offer you their products.

How do you store the collected data?

Here you need to specify where exactly you store collected data and assure users that you use the most advanced technologies to keep this data protected. For instance, you can write a statement like this one.

All collected data is securely stored on a server in Mulhuddart, west Dublin.

For what marketing purposes do you use collected data?

Basically, you collect users’ data to use it for marketing purposes. And you should talk openly about that. Also, you shouldn’t hide the fact that you partner with other organizations and share users’ data with them. 

We would like to send you information about our products and services that we think you might like, and information about products and services offered by our partner companies:

  • [List partner companies that will receive data]

In this section, you should also inform users that they can opt out of receiving marketing information at a later date.

Photo by Campaign Creators on Unsplash 

How do you use cookies?

Users who are reading your policy want to know how exactly you are using cookies. So please, mention all the ways you use cookies on your website. 

Take a look at the following example:

  • Using cookies enables remembering preferences, so you don’t have to keep re-entering information when you visit our website again
  • Cookies also allows measuring how you use our website so that we can make updates to meet your needs better.

What types of cookies do you use?

Different websites use different types of cookies. And you should make it clear to your customers that you are using very specific sets of cookies. 

  • Functionality cookies. Thanks to these cookies, we can recognize you on our website and remember your previously selected preferences. For instance, in such a way, we get information about your preferred language and location.
  • Advertising cookies. We use these cookies to get information about when you visit our website, what content you view, and what links you follow. Also, we use it to extract information about your browser, device, and your IP address. Sometimes we share some of this data with third parties for advertising purposes. 

When did you update your policy last time?

You should review your user policy on a regular basis and update it if necessary. Every time you start using new types of cookies or change your marketing policy, you should add new information to your user policy statements. Your users should stay informed about new ways of using their data.

Wrapping it up

To write a comprehensive user policy and make your website GDPR-friendly, you should have a clear understanding of how your website and your marketing strategy work. Before you immerse yourself in the writing process, talk to digital marketers, web developers, and other experts who are responsible for managing user information in your company. Clarify all the aspects of your website’s work, and then you will create a compelling document.