A privacy policy is one of the most important documents on any website. It details your company's views and procedures on the information collected from visitors.
Although a privacy policy is technically a legal document, great effort should be made to craft a document that is both accurate and easy to understand, obscuring hidden clauses in reams of text is not acceptable.
The main sections are as follows:
Introduction: This section can tell your visitor a little about your organization, and any special information or functions that your website has. If your website has special conditions for collecting information from children (under 16 etc), you should state them clearly in this section.
Information Collected: Visitors have a right to know what information you are collecting. It may be obvious that you are collecting personal details by asking them to complete a form, but you should make it clear. You should also include information logged by your servers, such as hostnames and IP addresses.
Method of Collection: This details the methods you use to collect the information. Is it all automated? Do the forms visitors fill in collect other information, such as the original referrer? All of these questions will help you build a detailed description of how you collect information.
Storage of Information: How is the information stored? If you store information in a database and are located in the UK you may need to register with the government regarding the data protection act. If your servers are in the EU you will need to ask permission to transmit data outside the union, even if it stays within your company. Visitors have a right to know that you will make every effort to store their personal information in a safe and secure environment.
Contact details: Its important to be as transparent as possible, and allow users to contact you if they have a query. You should feature both an email address (or online form), as well as a real world address where a user can write to.
If you think that your data privacy policy is not at the level of compliance and you would like to have a review of your data protection policies, please do not hesitate to contact us.