Privacy Policy 101: What It Is, Why You Need It, and How To Create One

If you’re wondering what is a Privacy Policy and why you need it, know that you’re not alone. Privacy Policy is a term often used when discussing websites and online businesses. However, as a new business owner who just got their first website set up, it’s normal if you’re not quite sure what it is and why you need it. 


So, let’s take a closer look at the Privacy Policy, why your business needs it and how to create one without a fuss.


What is a Privacy Policy?

A Privacy Policy is a legal document that discloses how the website owner collects visitors’ information, what personal information is collected, and for what purposes. 


Every website collects visitors’ data in one way or another, so every website must have a Privacy Policy to protect the website owners and visitors and ensure that the website complies with all laws and regulations. 


You might be wondering what type of data is considered personal information. Here are examples of what type of personal information you might be collecting on your website: 

  • Name 
  • Email address
  • Phone number
  • Address 
  • Credit card number
  • Date of birth
  • Location (IP addresses and geolocation)
  • Usernames 

So, if you have a website and someone visits it and interacts with it, it means that you are collecting their personal data, which can be used to identify them and thus should be protected. 


Why your website needs a Privacy Policy

The main reason your website needs to have a clear Privacy Policy that every visitor has access to is that it’s required by law in many countries worldwide. 


Even if your business is not located in a country where the laws are in place to regulate the collection of personal data, but you have people from that country visiting and using your website, your business should comply with the law of that country. 


Let’s take a look at some of the countries and their Privacy Policy laws:


United States

The United States doesn’t have strict privacy protection laws in place at the federal level. However, the FTC (Federal Trade Commission) has policies in place that help protect people’s personal data and ensure that websites are operating fairly and are not selling people’s information or leaving it unprotected for hackers. 

California has more strict regulations for businesses operating in their state. CalOPPA (The California Online Privacy Protection Act) requires all websites to have their Privacy Policy easily accessible and requires website owners to adhere to the policy. 



Australia has the Privacy Act 1988, which regulates how businesses collect personal information from Australia’s citizens. The website owners must have an updated Privacy Policy that informs visitors on how their personal data is used and make sure that the data they collect is protected. 



Europe has one of the strictest privacy protection laws in the world. General Data Protection Regulation (GDPR) that went into effect in 2018 outlines information (Articles 12, 13, and 14) on how businesses should handle personal data collected online. 

These regulations apply to all businesses and organizations that collect any form of personal data from the citizens of the EU. GDPR requires a more detailed Privacy Policy than other countries require, so when creating one yourself, comply with all regulations. 



The Personal Information Protection and Electronic Documents Act (PIPEDA) is Canada’s law protecting the private information of its citizens. All businesses that collect personal data from Canadian citizens should have a clear Privacy Policy on their websites. 

As you can see, no matter where your business is based and operates, chances are that you’ll get visitors from all around the world, and you should be aware of the data collection laws and regulations so you can comply with them and avoid getting fined. 

What are cookies?

Cookies are small files hosted on the user’s computer designed to hold specific data connected to a particular website. For example, when you create an account online and choose to save your username and password so you can automatically log in the next time, this information is stored in a cookie. 


Using cookies helps streamline visitors’ browsing experience and helps website owners track certain metrics like how many visitors are on their website.


You can see your cookies anytime in your browsers, you can delete them, and all websites are required to ask if you’re OK with cookies being used, which you can always decline.

If your website uses cookies (most websites on the internet do), then you should always disclose it in your Privacy Policy. And when visiting your website, the users should have an option to opt out of the cookies being used.


Privacy Policy vs. T&C – what’s the difference?

Every online business should have a Privacy Policy and Terms and Conditions (T&C) on its website. It’s common for website owners to mix these two legal documents or think that they’re the same. However, these are two very different legally binding documents. 


Your website’s Privacy Policy is there to protect the visitors’ and users’ data. The T&C agreement is there to ensure that your business is protected. 


T&C agreement should inform the consumer of what they’ll be required to do once they subscribe to or purchase your service. It is not required by law. However, it’s useful to have to protect your business from any liability or complaints. 


Where to display a Privacy Policy on your website

Your Privacy Policy should always be displayed so visitors can easily see and access it. It should be separate from your Terms and Conditions and other legal documents.


A good example is Google:

As you can see, it’s visible at the bottom of their page and separated from the Terms and Conditions. 

Shopify also has theirs positioned clearly at the bottom of the homepage:

If you collect visitors’ emails or ask them to create an account on your website, you might also want to include a clickable link to the Privacy Policy page before they submit their information, letting them know that it’s there and asking them to confirm that they understand it.


How to create a Privacy Policy

There are a few different ways you can get a Privacy Policy for your website:


Create one yourself 

With a little bit of time, you can create a Privacy Policy for your website yourself. Make sure that your Privacy Policy answers these questions:

  • Who is collecting the data – your business name, address, location, and contact information.
  • For what purpose is the information collected? 
  • What personal information is collected?
  • How is it collected?
  • With who the collected information will be shared? And why?
  • Do you use cookies, and why? 
  • How can users complain if there is a need in any case?


Hire someone to do it for you 

The most efficient and safest way to create a Privacy Policy is by having someone create it for you. This way, you’ll know that the information is correct, complies with the many different laws, and is up to date. 


If you’re unsure where to look, at WAcademy, we offer a service that includes creating a standard Privacy Policy and putting up a cookie banner for you. 


Use template generator

Lastly, you might use Privacy Policy template generators available online to create the policy for your website. It’s easier than creating the policy yourself. 


However, you want to ensure that you’re using a reputable template generator that complies with the different laws and has up-to-date information.

Written By: Karolina Wilde