CookieFirst aims to make your use of third party tracking and cookies compliant with the ePR and the GDPR. The ePrivacy Directive and the General Data Protection Regulation have certain regulations on how you must use cookies for tracking users from the EU. We will look into what a privacy policy generator or template can do in terms of compliance.
Try our cookie policy generator to verify that the use of cookies and online tracking on your website complies with the GDPR policy. Create your free trial account here.
Introduction to privacy policies
One of the most essential legal must haves for a website is the privacy policy. Almost all websites require a privacy policy. Even bloggers without any income or small businesses need a privacy policy.
It mostly comes down to this: does your website collect personal data? If so, your website must contain a privacy policy to inform your visitors about how you handle their personal data. In order to be compliant with privacy laws in both European Union and the United States. Probably all modern websites operate by making use of cookies, so there is a high chance that your website collects personal data. This data is being collected for instance for functional, statistical or marketing purposes.
In this article we describe what a good privacy policy consists of, how to make it GDPR-compliant and whether it is a good idea to use a privacy policy generator.
So, let’s take a closer look at what a privacy policy is and how you can create one for your site.
What is a privacy policy?
In short a privacy policy is a legal document that contains information on what personal data is being collected from your visitors and how you keep that data private. According to privacy laws in most countries each website should have a proper privacy policy in place. It should be written in readable language and be easily accessible for every website user. EU based companies must have a GDPR compliant privacy policy available on their website not to risk significant fines.
More details about this follow below.
What do we call personal data? | Privacy policy generator
We define personal data as follows: it is information that can lead back to an individual on its own or in combination with other data.
Directly identifiable data are for example: names, adresses, email adresses, account information and photos. But of course also information about income, cultural profiles, religion and health information are personal data as well.
Important in this context we can say that user or visitor behaviour is also considered to be personal data. Browser usage and visitor behaviour can be tracked by cookies. Click targets and scroll depth on certain pages are examples of that.
Does my website need a privacy policy?
In short, yes you probably need one. Does your website collect personal data? Then you will need a privacy policy. In fact almost all websites collect user or visitor data. Not all website owners might be aware of this. Only if you investigate more you might find out your website is using cookies.
In almost all cases cookies are set by your website. For example if you use social media share buttons, plugins or analytics on your site, cookies are being set. But if you would not use that, if your web is being hosted, cookies are probably being set by your hosting provider.
A GDPR compliant privacy policy | Privacy policy generator
Under the European GDPR and ePrivacy regulation a compliant privacy policy is mandatory for sites who have EU visitors. The GDPR has specific requirements for creating a privacy policy, or a ‘privacy notice’ as they refer to it. You can view the EU’s requirements here.
If you are not sure about the presence of cookies on your website, you should create a free account with us and let us scan your website for cookies. Our free scanner crawls your website, finds all cookies, and our cookie policy generator categorises them and puts the list in a cookie policy. All of this works automatically.
After the scan you can embed the cookie policy in your privacy policy page or on a separate cookie policy page if you would prefer those to be separate.
Cookie Consent Manager | Take a 2 week free trial
Take a 2 week free trial for our paid plans or create a free account …
Create an accountView our plans
How do I get a GDPR compliant privacy policy?
You can create an individual page on your website for your privacy policy and link to it from the main menu of from the about page or footer. It could also be generated by a privacy policy generator service and hosted elsewhere. As long as you make it easily accessible from your website and as long as you keep it up-to-date.
The implementation of the GDPR could differ a little bit per country. The legal phrasing depends on how personal data is being handled and under which jurisdiction your company falls. No two websites are the same. We would always recommend to do a legal check to make sure that your privacy policy is compliant with your countries’ specific implementation of the GDPR.
If you own a small business operating a website or you have a small blog, consultation of a lawyer might be a significant expense. In any case, you should never just copy a privacy policy from another site.
The privacy policy must reflect how your website handles personal data exactly. For each website that would be really specific. This is also why using a privacy policy generator could result in not having a fully compliant privacy policy. So you should be careful with using services that offer a privacy policy generator, especially the free ones.
GDPR privacy policy generators & privacy policy templates
On the Internet you can find all kinds of privacy policy templates, tools and privacy policy generators. Some are paid services and some are free. They could also differ by which jurisdiction they are meant for. For example a US standard privacy policy is not necessarily GDPR compliant.
Let’s take a look at an example of a GDPR privacy policy. In this case from a website called TermsFeed. Among documents like Terms & Conditions they are a online provider of privacy policies. In the next video is explained clearly why you would need a privacy policy.
If you choose to use a privacy policy generator please be sure do a proper check to make sure all information about how your website handles personal data, is in there. You might need to modify or extend the generated policy accordingly.
If you are not sure on the applicable laws and regulations in your country, be sure to do some research. Because it’s just as bad to have an incorrect privacy policy as to have none at all.
You should also be aware that some locally defined laws can be extraterritorial laws in practice. This is the case with the European GDPR and the CCPA of the US state California. These laws are applicable to all organisations serving the citizens within their geographical area.
Privacy policy generator, GDPR requirements
In the GDPR text, under article 12, there’s a requirement that you should inform your website users about how you process personal data in the following ways:
- Easily accessible
- Free of charge
- Concise
- Transparant
- Easy to understand
Almost all privacy laws require to inform your users about:
- Exactly which personal information you collect from your users (email adress, name, IP adress, etc)
- You own business details and contact details
- The methods you use to collect the personal data, with third party scripts and cookies
- What digital security measures you take
- The purpose for which you collect personal information
- How users can opt-out and what the consequences would be
- What third party tools your website is using to collect, store or process the information (like an advertising service or an email newsletter-tool
GDPR privacy policy templates can offer you a good start, but be careful with using a privacy policy generator. We link to one below, however keep in mind that you put all required information into your GDPR privacy policy in order to be compliant.
Are you an agency, web developer or other reseller?
Earn 30% commission, take a look at our reseller model or contact us for numbers larger than 500 clients
Calculate your revenue
Cookies and privacy policy
The most difficult and tricky part of making your Website compliant are is the handling of cookies. Other parts of a website where data collection happens are mostly visible and static. For example a newsletter subscription or a contact form only store information when a user actively fills in the form, the user is aware of his personal data being stored.
Other processes operate in the background, like third party scripts that trigger cookies. Cookies are quietly being stored on a visitors computer when visiting a site without the user knowing. Most of the time even the website owner has no idea of these background processes.
Once the cookie has landed on the users computer all kinds of data can be collected and sent to third parties for any given length of time. There are millions of cookies and they tend to change every now and then.
GDPR and a privacy policy
It is being required to communicate accurately and specifically about the use of personal data. What this means is that the privacy policy as a document, contains a static part and dynamic part about cookies and third party scripts that should be updated on a regular basis.
CookieFirst handles this dynamic part of your privacy policy automatically. CookieFirst scans your website for cookies periodically and generates a full list of cookies being used on your site.
This information is:
- Available for the website owner
- Is being offered to the website visitor through a banner and cookie preferences panel, and through an embed of our code snippet in your privacy policy page or on a dedicated cookie policy page
Also, view our own automatically generated cookie policy here.
I’m looking for a GDPR compliant privacy policy generator, where to find one?
Just a simple search on the web results in a long list of privacy policy generators and templates. Some are free and some are paid services.
Take a look at this list of privacy policy generators: click here
