Adding Privacy Policy and Terms of Service

How to add a Privacy Policy and Terms of Service

Now is the time to add or update your Privacy Policy and Terms of Service! Adding a Privacy Policy and Terms of Service to your site is a very good idea as this protects both you and your customers in the event of a legal dispute. If you do business in the European Union or if anyone from the European Union accesses your site, the new GDPR regulations which come into effect on 25 May 2018, states you are required to have these on your site. Since the Internet is global this basically means all website owners should add Terms of Service and a Privacy Policy to their sites.

Please note: We do not and are not able to offer legal advice. This tutorial offers information only. Please consult your lawyer for any legal matters related to your website or business.


Privacy Policy

It’s officially required to have your Privacy Policy written in clear and concise language. You also have to provide easy access to it on your website. The best approach is to create a separate page for this and link to it from relevant places on your site. You don’t have to include it in your main navigation but it would be a good idea to link to it from your footer and wherever you need to obtain consent on your site (eg the “User Agreement” field on your contact form).

What exactly do you write in your Privacy Policy to comply with the GDPR? Here’s the list of essentials (be very specific when covering these):

  • What data you collect.

  • Why you need it (on a legal basis, e.g. consent).

  • How you obtain it (phone, email, etc. — manually or automatically).

  • For how long you retain it (on a legal basis, e.g. due to product warranty duration).

  • Whom you share it with (including any third-party services).

  • How users can access their data, change or delete it.

  • How they can opt out of your marketing messages.

If your organization does business in more than one EU member state, you will have to identify your data protection supervisory authority and document it within your Privacy Policy.

You must update your customers about every change to your Privacy Policy. If more than one person works in your business, don’t forget to communicate the updated document to your team, too.

Help!  I don’t know how to write a Privacy Policy!

If you find this task daunting and don’t know where to begin there are a number of Privacy Policy generators online.  They will ask you a series of questions about the nature of your website and business and generate a Privacy Policy for you based on your answers to those questions. Here are some pointers for selecting a Privacy Policy generator:

  • Search for ones that claim to produce GDPR compliant Privacy Policies.

  • If you select a free one, watch out for upsells as you step through the process.  Many of the free ones will either try to upsell you on other services, charge you if you give certain answers during the creation process, or obtain your consent to be marketed to in future. Be sure only to opt-in to promotions and services you are genuinely interested in.

  • Consider a paid option. Unless you have the skills to write your own Privacy Policy you may need to invest in getting expert assistance!

Terms of Service

As with your Privacy Policy, you should create a separate page for your Terms of Service and link to it from relevant places on your site (footer, “User Agreement” field on your contact forms or anywhere that you collect personal information).   

Your Terms of Service:

  • Stipulate the conditions under which people may use your website.

  • Protect your intellectual property rights.

  • Disclose how you intend to advertise to your site visitors.

  • Outline how you use data and protect your site visitors’ privacy (you can link to your Privacy Policy for further detail on this.

  • If you sell goods your Terms of Service should describe how those goods are delivered and what your return policy is.

  • Stipulate an age limit for using and/or transacting on your website.  Please note: the age of consent for GDPR is 16 so you can either make this your age limit or stipulate that if a user lives in the EU they must be 16 to use your site. In many countries, 13 is the age limit for sites that do not include adult content.

This is not a complete list and you should consult a lawyer to find out whether everything that is pertinent to your website and business has been covered by your Terms of Service.  For a useful guide see: How to Write Your Own Terms of Use (Terms and Conditions) Agreement. You can also find Terms of Service generators online that will step you through the process with a series of questions and then generate the relevant document for you.  Look for ones that are GDPR compliant and consider a paid version if you cannot find a free one that provides adequate coverage for your needs.

Was this article helpful?
0 out of 2 found this helpful