Keep Your Website Menu Simple
January 31, 2022Is your privacy policy up to scratch? If you collect any information from your website visitors, you need a privacy policy on your website. Here are some common examples of how your website might collect data and why you need a privacy policy:
- A contact form collecting contact information and the message
- A subscription form gathering email addresses and names to send newsletters and offers, etc.
- Facebook advertising connected with your site which tracks browser actions of users (cookies).
- An online store taking payments
People who use the internet are familiar with horror stories of leaked data, and some remain distrustful of using credit cards or personal information online even though it is commonplace today. In Australia, the Privacy Act 1988 gives the public the right to know what information you hold on them, assurances that you will keep it secure, and comply with current information handling practices. Having a clear privacy policy posted on your website demonstrates you will meet all your privacy obligations.
Imagine you are looking to buy a new barbeque online. You find one you want, and the website looks the part, but the identity of the business is completely hidden, as is its location, how to contact them directly, and what they do with your information. This lack of transparency is a red flag. It is possibly a dubious site for information security. Don’t allow your website to present your business in this way.
There’s more to a privacy policy than just legal responsibilities. It builds trust and lends legitimacy to your online business, helping to remove reluctance to engage your business online. If you’re upfront about your information policies by ensuring they’re available, your customers are more likely to deal with you with confidence.
What about Australian websites doing business in Europe?
The European Union General Data Protection Regulation (the GDPR) is a series of information protection requirements. This European Standard applies to any Australian business that does business with consumers in the EU. The GDPR has a lot of similarities with the Australian Privacy Act 1988, but there are a few differences, (eg: the ‘right to be forgotten’ and the requirement to allow visitors to opt-out of tracking cookies). Decide whether the GDPR applies to your business, so you’ll know if you need to comply with their data handling practices which are more extensive than your obligations under the Australian legislation.
What can you include in your privacy policy?
Make sure it’s findable
Where on your website should your privacy policy be so it can be found easily by your customers? Firstly, give it a page of its own with helpful headings and links. Secondly, place the privacy policy link in the site footer menu or near the copyright notice. This is the ideal place, as it’s where people are used to looking for this information, plus a link in the footer is viewable on any page on the website.
Website Security Certificate (SSL)
Some URLs start with http:// and others start with https://. The ‘s’ shows the website is secure and encrypted and that any data your customers share with you (such as submitting contact or enquiry forms) will be encrypted, keeping it out of reach of hackers. This is a key tool in online security, and without it, your customer’s browser might even deter them from accessing your site. So, make sure you have a security certificate set up with your web host and that you state that on your privacy policy. It will be obvious for those that know what they’re looking for in a browser, but for those less sure, it’s helpful to explain it on your policy page.
State the information you collect
Specify the data you collect and retain about your web visitors. That might be an online store where you need to state how you manage credit card details, or you might only gather information via a contact form. This is where you would need to describe what you do with the information and how long it is kept in your privacy policy. Whatever the case, you must be clear about what data you collect and what you do with it.
State how you’ll use the information
Provide clarity for your customer on what you do with their information, how it is stored, and how long it is retained. For example, that you use the address and phone number for shipping purposes, or that cookies are used for advertising to the customer in their web browser in the future. Customers will also want to be certain that information will not be shared with third parties.
Identify yourself
Your official business name, address, and contact information should be clearly placed in your privacy policy. This helps build trust, helps prove your online business is associated with a real business with flesh and blood people in a bricks-and-mortar location and gives a point of contact for anybody wanting to clarify your privacy policies. This together with the above goes a long way to reinforcing confidence in your online presence.