A privacy policy is intended to provide your visitors with general information about the data processor, the responsible data protection officer, and transparent details on the data that is tracked when browsing your website. This includes type, range, and purpose of all personal data that is collected and processed.
You should make it easy for your visitors to find this information. For that reason, we've already prepared the legal page Privacy policy in the sidebar of your Editor under Legal pages. This page is automatically displayed in the footer of your website unless you decide that it should not be visible. Furthermore, the page is linked in the checkout and attached as a PDF to order confirmation emails sent to your customers.
Skip to:
- The GDPR
- The content of a privacy policy
- How to edit the content of your privacy policy
- How to edit the visibility of your privacy policy in the footer
The GDPR
With the European Union's General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, the European Union harmonizes Europe-wide laws for data protection. Among other things, it specifies the requirements governing the collection and protection of personal data within the EU and the content that needs to be included in a privacy policy. Thus, every website that has visitors located in the EU is affected by the GDPR.
One aspect of the GDPR is that you need the explicit approval of a visitor for processing their personal data. There are certain circumstances that do not require such an explicit approval. This is generally allowed when the data concerned is relevant for the proper fulfillment of a contract. You may therefore process the necessary data that is required for doing your business. This includes, for example, passing on a customer's address to a logistic provider. However, in order to use personal data for different purposes (e.g. a newsletter subscription), you need the user's explicit approval.
The approval for the further use of this data must not be a requirement for entering into a contractual agreement in the first place. For example, it is not allowed to oblige a customer to subscribe to a newsletter by making it a requirement in the checkout process.
But what does all that mean for you? Where does your website track data? Here are some examples:
- Whenever a customer places an order on your website, the customer data is processed in your cockpit. Otherwise, you would not be able to process the order and thus fulfill the contract that was concluded when the customer placed the order. For that reason, you don't need the explicit approval of the customer.
- Before cookies that are not required for the basic functionality of your website are stored on the device of a visitor, you need their consent. For that reason, you have the option to display a cookie notice that actively asks for the consent of your visitors before such cookies are stored. Your visitors can also decide to reject this kind of cookies. Furthermore, you can provide your visitors with further information about the cookies used on your website on your cookie policy page.
- If the Analytics feature (visible on your Dashboard) is activated for your website, your website tracks visitors, orders, Best Sellers, and the total sales. Thus, you need to add a related section to your privacy policy.
- If you are using Google Tag Manager with your website, you might also track your visitors. If visitors decide to reject additional cookies in the cookie notice, functionalities enabled via the Google Tag Manager will also automatically be disabled. Meaning, in the cookie notice you are already asking your visitors for explicit approval.
- You can also provide information about any other third-party companies that as sub-processors may additionally process personal data of your visitors.
The content of a privacy policy
Now that you know which data might be stored and which actions you can take to ask your visitors for their approval, here are a few further aspects that might be relevant for you and your website and that you could thus include in your privacy policy:
- Name and contact details of the website operator
- Name and contact details of the data protection officer
- The kind of data that is collected (e.g. the name and address of a customer)
- The method that is used to collect data (e.g. via placed orders, a contact form, subscribed newsletters, or cookies)
- The purpose of the collection of the user data (e.g. for processing the order, answering customer inquiries, sending newsletters, or improving your website content and structure)
- The parties that will have access to the data
- The period for which the data will be stored
- Information about the rights your visitors have, e.g. to have their data deleted or corrected or to get an overview of the stored information
Furthermore, you might want to inform your visitors about the actions you take for data security. Regarding the data security of your website, you can rest assured that the necessary updates are provided regularly and automatically. The data centres in which your website is hosted are ISO-certified and meet the highest requirements of IT and data security. Note that this may not apply to the companies that are responsible for apps or integrations you are using within your website.
Info
Our partner Trusted Shops offers a legal text generator and a checklist for compliance with the GDPR that might help you to come up with a proper text for your individual website.How to edit the content of your privacy policy
You can create and edit the text of your privacy policy in the Editor by following these steps:
- In the sidebar of the cockpit, navigate to Editor.
- In the sidebar of the Editor, you'll find the section Legal pages. Select the page Privacy policy.
- In the preview of the page, use the text area ("Type here") to create the initial content or edit your already created content according to your needs. To do so, you can make use of all formatting options that are available for texts. The text and your changes are automatically saved.
Note
It is not possible to add images or other content elements to legal pages.How to edit the visibility of your privacy policy in the footer
It's up to you to decide whether you'd like to show or hide the privacy policy in the footer of your website. But keep in mind that it will be attached to order confirmation emails and can't be hidden in the checkout process. Here, it will always be displayed and linked alongside the terms & conditions, and your right of withdrawal page. Furthermore, your privacy policy should be made available via a link from each page of your website. Thus, displaying it in the footer is a good solution to fulfill this requirement.
This is how to edit the visibility of your privacy policy in the footer:
- In the sidebar of the cockpit, navigate to Editor.
- In the sidebar of the Editor, you'll now find the section Legal pages.
- Select next to page Privacy policy.
- Under Visibility on website, specify whether the page should be visible or not.
- Select Save.