Website Policy Basics

In general, what are website policies?

Website policies help you comply with laws and help you limit your liability.  Each policy has a specific purpose, but are rooted in these two goals.  Below, we break down the purpose of each type of website policy:

What is a Privacy Policy?

A Privacy Policy is a statement published on a website or application that explains how your website(s) collects, uses, and discloses personally identifiable information, as well as your privacy practices. A Privacy Policy needs to contain the exact disclosures required by the privacy laws that apply specifically to your business.

When am I required to have a Privacy Policy? 

Most privacy laws start applying the moment you start collecting someone’s personally identifiable information, such as their name, email, or IP address. Other privacy laws apply only to for profit entities or websites that hit certain business thresholds (like processing the data of 25,000 or more residents of that particular state/territory/country). 

It is crucial to understand that privacy laws don’t care about where your business is located. What they care about is protecting the personally Identifiable information (PII) of their people (whether it be a country, state or territory-specific privacy law). So to get a proper Privacy Policy in place with the correct disclosures, you first must identify what privacy laws apply to you; only then can you determine the disclosures you need to make within your Privacy Policy.

What common website features require people to have a Privacy Policy?

1. Contact forms – collect personal information such as names and emails and often share that data with email service providers (like Gmail, Gsuite, Outlook, Hotmail, etc).
2. Analytics tools – many website analytics tools track users and may also collect personal information such as IP addresses and information regarding that user’s interactions with the website
3. Newsletter subscriptions – collects emails and often shares those emails with third party email marketing providers (like Mailchimp, Activecampaign, Constant Contact, etc.)
4. Ads – social media and search engine advertising often includes the use of pixels which can track user movement and even collect the personal information of website visitors including their IP address
5. Security features – security features like reCaptcha may track user movement and even collect the personal information of website visitors including their IP address (and share that data with third parties for security purposes).

How often do I need to update my Privacy Policy? 

You must update your Privacy Policy every time a privacy law that applies to your website is introduced or changed or whenever you change your own privacy practices. This happens more than you might think as we’re tracking dozens of privacy bills that could be signed into law. This can be a daunting task for most website owners as very few are up-to-date on their privacy law knowledge. That’s why so many people are looking for software that helps make this task easier.

What is a Terms of Service/Terms and Conditions? 

Terms and Conditions (also called Terms of Use or Terms of Service) is a statement that details the rules of using your website.

When am I required to have a Terms and Conditions? 

A Terms and Conditions is often not required, rather its intentions are to help limit the liability of the website owner.  If a website owner is taking eCommerce payments through the website, however, a Terms and Conditions is indeed required to explain the rules to transactions being made online and to comply with consumer protection laws.

What is a Cookie Policy?

A Cookie Policy explains to users the details of the types of cookies you place on your website visitors’ browsers. Not every privacy law requires a Cookie Policy, so this is an excellent example of why it’s important to know which privacy laws apply to your website.

What’s a Cookie Consent Popup? 

The main reason as to why websites have a cookie consent popup (or ‘banner’ or ‘tool’ or ‘solution’) is to comply with laws that require website operators to first get consent PRIOR to placing non-essential cookies on a website visitor’s browser. In other words, some countries require you to not track users by default with tools like Google Analytics, for example, until the user ‘consents’ to you doing so (and only at that point in time can your website’s script(s) fire placing non-essential cookies on their browser).

The following laws require consent prior to placing non-essential cookies on a user’s browser (or before collecting their personal information):

• ePrivacy Directive 2002/58/EC 
• General Data Protection Regulation (GDPR), 
• United Kingdom’s Data Protection Act 2018 (UK DPA), 
• California Privacy Rights Act (CPRA) 
• Personal Information Protection and Electronic Documents Act (PIPEDA).
• Quebec Law 25

If any of the above privacy laws apply to you, then you need to obtain consent for the use of cookies on your website through a cookie consent banner.

What is a Disclaimer? 

A Disclaimer is a statement that limits the liabilities that a website owner may be responsible for due to certain website features.

Having a Disclaimer will help you:

Advertise third party products or services – a Disclaimer will help you protect yourself if a user clicks on the third party advertisement and gets a virus or is somehow injured by the product or service. 

Sell or display health products – a Disclaimer will help you protect yourself in this case if the health products do not work as they should, do not deliver the results that were expected or if the user gets injured by the health products. 

Participate in an affiliate program – an affiliate program is a program whereby you list a particular link on your website and, if the user clicks on that link or purchases the product that the link displays, you receive money from the seller of that product. A Disclaimer will help you comply with the affiliate program’s Terms and Conditions and will help you keep the trust of the people visiting your website. 

Provide health, medical and fitness advice – a Disclaimer will protect you in case the user gets injured after following your health and fitness advice, much like the beginning of those exercise videos that you will watch in January of next year. 

Provide information that could be seen by others as legal advice – a Disclaimer will protect you by stating that there is no attorney-client relationship here and that the advice that you provide on your website is not legal advice, thus protecting you in case something goes wrong.