Now that you have a comprehensive Privacy Policy for your website, it’s time to understand how and where to display your Privacy Policy on your website.
It’s important for users to easily be able to access your Privacy Policy, and because of that, there are certain laws that specifically tell you how you must display your Privacy Policy.
One of the key things to keep in mind is that your Privacy Policy must be easily accessible. A user should not have to search through your website to find your Privacy Policy to understand how their personal information is being used.
Table of Contents
Why You Need to Have an Accessible Privacy Policy
Various legal regulations require that you display your Privacy Policy in a manner that is easily accessible to the user.
While not exhaustive, both CalOPPA and GDPR have guidelines for how you must display your Privacy Policy.
- CalOPPA- California’s Online Privacy Protection Act, which applies to businesses collecting any personal information from residents in California, requires that:
A website or online business must place a “clear and conspicuous hyperlink” to its Privacy Policy. It must “include the word ‘privacy’” and be displayed so that a “reasonable person would notice it”.
- GDPR- The European Union’s General Data Protection Regulation, which applies to businesses collecting any personal information from residents of the EEA, requires that:
A website or online business must make its Privacy Policy “easily accessible”. The Privacy Policy must also be "easy to understand” and in “clear and plain language.”
In addition to complying with various laws, it’s also important to place your Privacy Policy in an easily accessible place to build trust and maintain transparency with your users. Users have the right to know how their personal information is being used, so making it easy for them to access your Privacy Policy is good business practice.
Finally, another important reason to be strategic about where you place your Privacy Policy is to prevent lawsuits or legal disputes. Oftentimes in legal disputes regarding privacy, the user will claim that they did not see the Privacy Policy, therefore they did not consent to the terms. By placing your Privacy Policy where it is easily accessible, you will have a stronger defense against users claiming they did not see your Privacy Policy.
Where to Place the Privacy Policy on Your Website
Footer
Your Privacy Policy should be easily accessible throughout your website. The most common way to accomplish this is by placing your Privacy Policy in your Footer.
It’s important that the Privacy Policy be accessible regardless of which website page the user is on. By placing your Privacy Policy within the footer, you can ensure that the Privacy Policy can be accessed on every website page.
Since hyperlinks to Privacy Policies are most commonly placed in the footer, users also know exactly where they can expect to find your Privacy Policy.
To comply with CalOPPA, you should either link your Privacy Policy to the text “Privacy” or “Privacy Policy”. If you also have Terms & Conditions or a Disclaimer for your website, those should be placed separately in the footer.
As an example, Pepsi’s Privacy Policy can be accessed by clicking Privacy in the footer.
Similarly, McDonalds’ Privacy Policy can be accessed by clicking Privacy in the footer.
As you can see, both companies make it easy for users to find and access the Privacy Policy by clearly and conspicuously placing it in the footer, which can be accessed throughout the various pages on the website.
Side Menu
For some websites, it may not be practical or user-friendly to place the Privacy Policy hyperlink in the footer if the content auto-populates in a way to make it difficult or impossible to ever reach the end. In those cases, it may be more ideal to place the Privacy Policy in a side menu.
For example, for Reddit, it would be difficult or impossible for a user to scroll to the bottom of the page. To solve this issue, Reddit’s Privacy Policy can be accessed by clicking Privacy Policy on the side menu.
For similar reasons, Twitter’s Privacy Policy can be accessed by clicking Privacy Policy on the side menu.
Signup Forms
If you have any signup forms on your website, such as to sign up for a mailing list, an account or receive a free download, it’s important to include the Privacy Policy as part of your signup form.
On a signup form, a user directly inputs personal information, like their name or email address. When doing it, it’s important that the user understands how the information they input will be used. This is why it’s important to have a link to your Privacy Policy on your signup form.
The signup form for Nike’s email newsletter includes a notice that by signing up, you are agreeing to Nike’s Privacy Policy.
Note how Nike uses the word “agreeing”. It’s important to be able to show that a user agreed to your Privacy Policy and the way you process their personal information. Nike does this by indicating that you are agreeing to their Privacy Policy by signing up.
The important part is to be able to demonstrate that the user had notice of your Privacy Policy and that the user consented to your Privacy Policy.
A more solid method of doing this is by requiring the user to take an affirmative action to confirm their consent to your Privacy Policy. One of the ways this is accomplished is by incorporating a checkbox into the signup form.
If your business needs to have records of user consent to your Privacy Policy, you should use this method. For example, the GDPR actually requires unambiguous consent for certain data processing activities. In these cases, it is imperative that you require the user to take affirmative action to confirm that they agree to your Privacy Policy.
To sign up for the official Olympics newsletter, a user is required to check a box stating that they have read and understood the Olympic.org Privacy Policy.
Requiring this additional step of having a user check a box is the recommended method for getting clear consent when you are using a signup form to collect personal information.
Contact Forms
If you have a contact form on your website, you are likely collecting a name and email address through the contact form. It’s important to link your Privacy Policy on your contact form so that the user can know how the information they provide to you on the form will be treated.
On Disney’s contact form, they include a link to their Privacy Policy directly underneath the submission button.
Checkout Forms
Checkout forms are another important place to display your Privacy Policy, since you are collecting personal information like name and billing details on a checkout form. It’s important for users to understand how you are going to handle the personal information they provide to you through the checkout form.
On the Washington Post checkout form, there is a notice that by starting your subscription, you are agreeing to their Privacy Policy.
This notice is placed very close to the “Start your subscription” button, so that it would be difficult for a user to miss.
Summary
It’s important for users to be able to easily access your Privacy Policy on every page of your website, so they can know how their personal information is being collected and used. The most common method of doing this is to place a link to your Privacy Policy clearly in your footer, with either the text “Privacy” or “Privacy Policy”.
In addition, if you are collecting personal information on your website through the use of signup forms, contact forms or checkout pages, you should also include a link to your Privacy Policy there.
The key is to ensure that your Privacy Policy is easy to find and access.
For a premium Privacy Policy, you can purchase the Legal Bundle which includes all 3 legal policies: Terms & Conditions, Privacy Policy and Disclaimer.
