You’ve probably seen them before but never really took the time to read them. Often placed at the bottom of a webpage, these subtle links are more important than you think. Yes, I’m talking about privacy policies. You might not have asked yourself this question before, but I’m asking it today: you might have never read one before, but do you need to put one on your website or your app? Let’s find out!

Please keep in mind that this blog post should not be taken as legal advice but rather as legal information. Please contact a lawyer regarding your privacy policy needs.

Let’s start from the top. What’s a privacy policy?

A privacy policy is a legal document that discloses what personal information you gather about your app users or your website visitors, as well as how that information is used and disclosed by you and by the third-parties you work with.

What is personal information?

Personal information is any information that allows you to identify an individual. This includes email addresses, age, ethnicity, financial transactions, home addresses, and more.

When do you need to include one on your website or your app?

You probably need a privacy policy. You are required by law to have one as soon as you are engaged in a commercial activity. However, not participating in commercial activities does not necessarily absolve you from needing a privacy policy. In fact, the use of certain apps may require you to have such a policy.

For instance, very few people are aware of this (as very few people take the time to read the terms of service of the platforms they use), but Google Analytics, in their terms of service, say that “you will have and abide by an appropriate Privacy Policy […]. It also says “you must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data.” Finally, “you must disclose the use of Google Analytics, and how it collects and processes data.”

Amazon’s associates program, also indirectly requires you to follow some legal obligations, as it states you will be responsible for “disclosing on your Site accurately and adequately, either through a privacy policy or otherwise, how you collect, use, store, and disclose data collected from visitors, including, where applicable, that third parties (including [them] and other advertisers) may serve content and advertisements, collect information directly from visitors, and place or recognize cookies on visitors’ browsers […]”

And as you may have guessed, the list goes on. Is your app on Apple’s iOS store? You need a privacy policy. The same goes for the Google Play Store.

What do you need to include in your privacy policy?

What you need to include in a privacy policy obviously depends on the kind of information you gather and on your business but here are some guidelines.

You should first and foremost determine when you will be collecting personal information regarding your users or website visitors and disclosing that. Then, you should be disclosing the type of information you will be collecting at each moment and why it is necessary for you to do so. This could be to allow the user to fully take advantage of all your app’s features or in order to better assist a customer when they contact you.

Another important element is to whom the information will be disclosed and why. For instance, you might have to disclose your customer’s information if you have e-commerce and you use a third-party to process credit card payments.

You also need to inform your user of how they can access their data if they want to do so. Ideally, you would have a specific email address that will only receive requests regarding access to personal information.

As mentioned previously, these are only guidelines and every single privacy policy will be different depending on where you are in the world, what third-party services you use, and the type of data you collect. I recommend you to get an attorney to draft or review your privacy policy.

Conclusion

Hopefully, this made privacy policies a little clearer for all of you! Do not hesitate to leave us a comment or to ask us your questions regarding privacy policies!

The author, Aicha Tohry

This is my first guest post! The article was written by Aicha Tohry, from ARTY LAW. She is a lawyer from Montreal, Canada.