You should have a privacy policy as part of good data protection standards and GDPR compliance. We've created a template to help you get started but ultimately you, as the data controller, will be responsible for the document and it's accuracy for your business.
👍 Pro Tip: If you want to add you policy document to your website consider a footer link. Also you can read this article on adding your T&C and Privacy Policy to your EvolutionX checkout process.
Getting started with a Privacy Policy
📄Legal Stuff: This template and all our GDPR documentation is purely for educational and / or informational purposes only. It is not intended to constitute advice, whether legal or otherwise. No contract or legal relations are, or are intended to be, made between Evolution Software and you. Under no circumstances shall ES Tech Group or it's subsidiaries be liable for any loss, damage, liability or expense incurred or suffered by you which is claimed to have resulted directly or indirectly from your use of the information provided in this documentation.
You can start from your own or from our template. If you're using our template then you can download it here.
⚠️ Pro Tip: You can create a content page on your web store and paste in the content or you can use a simple text editor such as Notepad when modifying the privacy policy. Avoid using word processors as these inject unwanted styling tags.
Customise the policy based on your business.
You should read the entire document and adjust anything you need to. In particular you should review the following sections and modify them where needed:
Replace all occurrences of [INSERT COMPANY NAME] with your business name. There are up to 5 places to do this.
In section 1 you'll see the declaration that you have appointed a DPO (data protection officer) to handle data protection questions. You can remove this if you prefer but it's recommended that you voluntarily nominate a person inside or outside your company as the DPO.
In section 1 the DPO contact details need to be completed by replacing the following with the correct values:
[INSERT DPO NAME]
[INSERT CONTACT EMAIL ADDRESS]
[INSERT CONTACT POSTAL ADDRESS NAME]
If you are opting not to have a DPO you can modify this section and the following paragraph to refer to generic contact information.If you are based outside the UK (Ireland for example) you should change the the statement in section 1 that reads:
Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk)
so that it reads asData Protection Commissioner - Ireland, the Irish supervisory authority for data protection issues (www.dataprotection.ie)Find and update the document date to today's date to reflect that this is the most recent update. In the template you can replace [INCLUDE THE LAST DATE THE DOCUMENT WAS AMENDED] with today's date or the date the document was enforceable from.
Section 3 includes a statement:
When asking for credit card payment information through our website we do not transmit the card details to our network or servers. We use third-party payment services which are fully PCi compliant to handle your details securely using SSL encrypted connections.
If you're using a legacy store you may wan to amend that statement to read:We always transmit your card details securely using SSL encrypted connections. Card details are stored with a third-party PCi compliant card services provider and are not stored on our servers.Section 3 part b has a list of third parties with which you might share data. You should review this and in particular section b where you should modify it to list the companies from which you get financial details about your customers and whether they're in the EU or not.
Section 4 How we use your personal data lists your uses of personal data and the legal basis for collection and processing that data in each example. Review and amend this as required. If you're unsure as to the legal basis consider reviewing our webinars, our GDPR page, and other resources in order to make your decision,
Review the Cookies policy in section 4. It refers to the default system cookies and addresses Google Analytics cookies. Other cookies you use because you've enabled third-party scripts or apps should added to this area.
🍪 You can read our article on setting up a cookie consent message here.Section 6. International transfers is likely fine for many stores but consider if there are times where personal data is stored in the US because of third-party apps, scripts, or business services you use. If so get advice from them on how to modify this statement.
Look for any brackets which haven't been removed and replaced with the correct answer in the document. For example:
[INSERT COMPANY NAME]
Add your new Privacy Policy to your website
You can paste the contents of your privacy policy into a new content page and name it. You can then add links on your website to direct people to the policy. If you need help with this just contact our customer success team for support.
How to make Your Privacy Policy even better (Optional)
Ok so you aren't going to settle for a simple text policy. Consider these ways to make it even nicer. You usual need to use the HTML tools in the page editor to do these steps:
Find all of the main heading lines (they start with a number followed by a period) and highlight them and select H1 for each of those lines.
Select any sub headings (no number in front of them) and highlight those and select H2 for those.
Bold any the elements you think would make it easier to read.
Add links to the list of sections at the top which can jump down to the section they refer to. Like a clickable table of contents. You can use anchor links to do this. Rather than explain those here is an article that gives a good example. Remember that when you see HTML tags, such as
</a>you need to be in the html editor of your page and not just typing them in the normal content area.
How to add create a link that jumps to a section of a web page