Privacy policy, which is the information obligation posted on the website
Tips
25 January 2023
A website privacy policy is something that users encounter on a daily basis, but usually do not even pay attention to it. It turns out that the document may be more important than they think. A privacy policy - is it mandatory, what exactly does it contain and who can create one? Time to find out!
Privacy policy - what is it and what is its purpose?
What is a privacy policy? It is a document that can be found on a website and contains information about how and why the administrator collects data about users. Most often, the privacy policy can be found at the very bottom of the page, right next to other data such as the terms of service, FAQs or the administrator's contact details.
The document explains in detail for how long the domain owner will have access to the users' data and why they are collecting it. In addition, it is also the responsibility of the controller to secure the data against possible leakage and information on how it does this must also be included in the document. The policy must describe how user data is processed.
The issue of personal data in Poland is regulated by the RODO. The privacy policy must comply with the assumptions of the regulation and present the information, above all, in a clear and concise manner. The owner of the website must explain how the user can remove his or her data from the website's database and how he or she is able to block its sharing. 
Privacy policy and compliance with information obligations
A simple privacy policy is the responsibility of any administrator who even remotely acquires any user data of their website. The RODO regulation forces platform owners to meet their information obligations and it is the privacy policy document that is the ideal way to do this.
The privacy policy may include information on cookies, for example. This is one of the most popular methods of collecting user data. Information about so-called cookies appears on a website as soon as it is launched. The user must accept or reject the cookies in order to view the content of the website. Acceptance means that the website will collect data about him or her. What kind of information might this be?
Cookies are able to collect data of all kinds. They can remember everything that the user enters on the website. In some cases, this will include address or contact details of the online shop customer. Cookies are essential for the smooth running of many web processes. However, it is worth familiarising yourself with what a website can obtain from you. Usually, cookies are divided into mandatory cookies (those necessary to navigate the website) and optional cookies, which can be discarded. Sometimes they are used by the administrator for statistical purposes, for example.
What should a well-crafted privacy policy include?
Every website administrator needs to know what the privacy policy should contain. In the document, a mandatory element is the presentation of one's own data to the user. Everyone has the right to know who has access to personal information about themselves. The administrator is obliged to provide the customer with all the rights he or she has with regard to the data collected.
This means that there must be provisions in the privacy policy on how the user can remove their data from the administrator's database, how they are able to limit the information acquired or modify it. There are quite a few such legal aspects, so it is definitely worth constructing the document in collaboration with someone thoroughly familiar with the law and the RODO.
The administrator needs to write in the privacy policy what user data is for. Sometimes they are useful for research to build a profile of the website's audience, and sometimes they are an essential part of the ordering process in an online shop. Not only the fact of what the data is for, but also how it is processed, should be in the document.
If users' personal data may be visible to someone other than the site administrator, this must also be stated in the privacy policy. The customer must have full control and complete knowledge of their own data. Another essential element of the document is the retention period of the information. It must be written after what time the user data will disappear from the database.
If there is a Data Protection Officer working with the site, you must include information about him or her and the methods of protection in the privacy policy. You should also know whether the personal data you provide is mandatory or whether you do not have to share it with the controller at all. 
Does every website have to include a privacy policy?
Is a privacy policy mandatory for every website? Although it can be found on so many websites, the truth is that not everyone is required to have one. Only those administrators who collect user data in some way are obliged to put the document on their site.
A very popular way to collect data is for the administrator to run a newsletter. You do not have to have an online shop at all to collect information about your users in this way. Subscribing to a newsletter gives the domain owner access to the user's e-mail address, for example.
What personal data can be collected on the website?
Privacy policy and data protection - this issue puzzles a large number of users. However, the controller is obliged to inform them of the means of protection, so data on this subject can be found in the privacy policy document. An interesting aspect, however, is what specific data the website administrator may collect about its users.
This information includes, among other things, the customer's address data. These are sometimes used to fulfil the sales contract or to issue invoices. The administrator may therefore have access to the name, surname, place of residence, telephone number, location or e-mail address. In the case of entrepreneurs, it is not uncommon for this to also include the VAT ID number.
It may also include login and registration data for a service or application, i.e. email addresses and passwords. Personal data are all those pieces of information that in any way allow the identification of a subject using a particular browser or website.
Many websites contain forms that request various types of information related to specific services or job offers. In particular, the user may be asked for his or her CV, experience information, addresses to social media profiles, etc.
Website privacy policy - can we write it ourselves?
How do you write a privacy policy yourself and is it possible? You can find quite a few templates on Google that make it easy to provide the user with a suitable document. Anyone can write a privacy policy themselves, but it is not easy. The issues of security and ensuring users have a complete record require a lot of knowledge.
Privacy policy vs. online shop - when selling products in apps and on websites, it is worth asking a specialist to construct the personal data message. Only a legal specialist can ensure that the document is compliant and will write it based on the RODO.
It is also worth noting that, thanks to RODO, privacy policies changed a few years ago. Previously, the document was a bit more complicated, and today there is even an obligation on administrators to create clear and understandable content. All this is done to ensure that the user knows as precisely as possible what is happening with his or her personal information.
And how do you disable the privacy policy? Simply open your browser and find the privacy policy in the settings to remove the administrator's ability to dispose of the information stored.
Grow your business with InPost Fulfillment
Storage, packing, shipping – you don’t have to do it yourself! Leave it to the professionals.
Take a minute to leave your contact details and gain more time while reducing costs.
- Lightning-fast delivery
- Cost reduction
- Zero shipping issues
- Peak-season support
- Tailor-made offer
Czytaj również
