To comply with the law, every website owner should create a user policy. If you haven’t written your policy statements yet, you should do it right now.
Your main task here is to inform your website visitors about how you are going to use their data and for what purposes. Today, we will explain to you how to do it the right way and provide you with examples.
Let’s get started.
Check official requirements
Before you start writing user policy for your website, visit GDPR.eu, and read official data privacy requirements. It will help you to understand what specific information you should include in your policy and why.
Write your user policy from scratch
Your website differs from other websites this way or another. And you should reflect those differences in your user policy. If you can’t do it by yourself, you can get help from writing companies or freelance experts.
Your task is to explain to your website visitors how exactly you will use their data. You can’t include in your policy generalized statements like “We will use your personal data for new product development” or “We will retain your personal data to provide you with personalized shopping experience.”
Be specific and provide users with more details. Here is an example of a well-written statement:
“We will retain your browsing history and use details of the products you have previously added to your shopping cart (sizes, colors, etc.) to make relevant suggestions to you for other products and smooth your shopping experience.”
All we know is that users rarely read the policies. And if the text of your policy is too long, people will unlikely want to read it. So try to avoid wordiness and use simple words and phrases instead of sophisticated ones.
Use plain English
Your website visitors come from different countries. Naturally, you should understand that many of them are not-English native speakers. To make your privacy notice accessible to every user, you should write everything in plain English.
Imagine like you are trying to explain how your website collects and uses personal user information to a 12 years old child. Describe the process in simple words. Don’t use professional jargon.
Read user policies written by your competitors
Well, you can’t copy-past statements written by your competitors. But at least you can use them to find some inspiration.
User policy is an important legal document, and it must be perfect in terms of grammar. So once you finalize your user policy, you should read the text aloud and check it for mistakes.
After that, you should proofread the document using tools like Grammarly. Or, if you don’t trust AI-powered grammar checkers, you can visit GetGoodGrade and get help from proofreading and editing experts.
Create a clear structure
Your user policy should have a clear structure. It should provide answers to the following questions in such order:
- What data do you collect?
- How do you collect users’ data?
- How will you use users’ data?
- How do you store the collected data?
- For what marketing purposes do you use collected data?
- What are your users’ data protection rights?
- What types of cookies do you use?
- How can users manage their cookies?
- When did you update your policy last time?
- How can users contact you?
- How can users contact the appropriate authorities?
The key elements of GDPR-friendly user policy
Now let’s consider the key aspects of user policy in more detail and explain what you should write in each section.
What data do you collect?
It’s a simple question, and you should provide a simple answer. List all personal identification information you are using, including the user’s name, email address, phone number, and any other data you collect.
How do you collect users’ data?
In what ways do you get users’ data? Make a list of all the tools/ways you are using. For instance, you can write the following:
We collect your data in the following ways:
- When you enter your details to sign up or place an order
- When you voluntarily agree to complete a customer survey or provide feedback about our product
- When you start a conversation with a chatbot
- When you browse our website, we collect your data via your browser’s cookies.
How will you use users’ data?
In this section, you should explain to the users how exactly you will use their personal data. Here is an example.
We collect your data in order to:
- Process your order and manage your account.
- Inform you about sales and new product releases via emails.
- Invite you to participate in our loyalty programs and giveaways.
In case if you share users’ data with third parties, you must mention that in this section.
If you agree to our policies, we will share your data with our partner companies ABC and XYZ, so that they may offer you their products.
How do you store the collected data?
Here you need to specify where exactly you store collected data and assure users that you use the most advanced technologies to keep this data protected. For instance, you can write a statement like this one.
All collected data is securely stored on a server in Mulhuddart, west Dublin.
For what marketing purposes do you use collected data?
Basically, you collect users’ data to use it for marketing purposes. And you should talk openly about that. Also, you shouldn’t hide the fact that you partner with other organizations and share users’ data with them.
We would like to send you information about our products and services that we think you might like, and information about products and services offered by our partner companies:
- [List partner companies that will receive data]
In this section, you should also inform users that they can opt out of receiving marketing information at a later date.
Take a look at the following example:
- Using cookies enables remembering preferences, so you don’t have to keep re-entering information when you visit our website again
- Cookies also allows measuring how you use our website so that we can make updates to meet your needs better.
What types of cookies do you use?
Different websites use different types of cookies. And you should make it clear to your customers that you are using very specific sets of cookies.
- Functionality cookies. Thanks to these cookies, we can recognize you on our website and remember your previously selected preferences. For instance, in such a way, we get information about your preferred language and location.
- Advertising cookies. We use these cookies to get information about when you visit our website, what content you view, and what links you follow. Also, we use it to extract information about your browser, device, and your IP address. Sometimes we share some of this data with third parties for advertising purposes.
When did you update your policy last time?
You should review your user policy on a regular basis and update it if necessary. Every time you start using new types of cookies or change your marketing policy, you should add new information to your user policy statements. Your users should stay informed about new ways of using their data.
Wrapping it up
To write a comprehensive user policy and make your website GDPR-friendly, you should have a clear understanding of how your website and your marketing strategy work. Before you immerse yourself in the writing process, talk to digital marketers, web developers, and other experts who are responsible for managing user information in your company. Clarify all the aspects of your website’s work, and then you will create a compelling document.