Privacy Policy for the Website: How to Write It Correctly

Privacy Policy for the Website: How to Write It Correctly

website privacy policy

The privacy policy represents a fundamental document for every website. Here’s how to write it effectively while respecting the legislation in force

The ability to manage visitor data represents a huge opportunity for anyone who owns a web space, be it a blog, a professional site or an e-commerce. Being able to collect, store and analyze user data can be extremely valuable to study your audience, understand which content is most of interest or carry out targeted marketing campaigns for certain customer groups, segmented by age, gender, interests or behavior online.

However, the collection of sensitive data of this type is not left to chance, but regulated by precise regulations relating to the so-called privacy policy: the collection of personal data must in fact be traced with precise measures that give the site owners the chance to make the best use of the information provided by users, but which puts them in a safe position leaving in their hands full rights on the management of their personal data.

Especially after the approval of the now famous GDPR, it is therefore essential to equip every online space with a specific privacy policy, well formulated, complete and updated . How to write an excellent privacy policy? Here is some useful information to not get lost in the vast ocean of privacy protection.

  • GDPR regulation: what is it about?
  • What is a specific website privacy policy?
  • How to create a privacy policy?
  • do-it-yourself
  • Create privacy policy with WordPress or dedicated plugins
  • Opt for Iubenda: a team of online lawyers
  • Seek help from a lawyer or a team of digital experts

GDPR regulation: what is it about?

The GDPR, ie General Data Protection Regulation, or even General Regulation on Data Protection , is nothing but the last update on the European privacy protection: was published in the EU Official Journal on 4 May 2016 and is entered into full force on 25 May 2018. There was a lot of attention that this regulation was able to generate, especially for the innovations it introduced and for the particularly high penalties it assumed in the event of non-compliance with the relevant regulations of privacy.

The privacy policy for a website is mandatory by law to be in compliance with the GDPR : treating the data and rights of those who spontaneously choose to provide their personal details with caution is essential.

What is a specific website privacy policy?

The privacy policy is a document that includes all the most complete information on how site owners and operators connected to it will collect, store, use and protect the personal data provided by users while browsing. It also informs the latter on how to protect themselves in the event of any violations of the current privacy regulations by the company providing the web service.

What is meant by personal data? Generally name and surname, date of birth, address, telephone number and other sensitive information such as IP address or credit card details.

The detailed content of the privacy policy depends on the site hosting it, its functions and its interaction with users, which lead to a more or less extensive collection of sensitive information .

In summary, all privacy policies should contain information about:

  • What information from users of the site will be collected
  • How they will be collected and archived
  • How this data will be used and whether or not it will be shared with third parties
  • How this information will be protected
  • What rights does the user have regarding the data it releases
  • How the user can decide not to share his data and what influences this can have on the use of the site
  • What is the identity of the owner of the site and / or of the data controller
  • What are the references to contact him to request changes and / or cancellations
  • How the user will be notified of any changes to the previous points
  • How the site will have access to payment data and how these will be stored and protected

It is important to note that the level of detail of the information to be provided is very high. Furthermore, it is often complex to understand exactly what data a website collects and who has access to such confidential information: for example, even the monitoring of visits through Google Analytics can be fully considered a data collection, as well as the use of cookies, the creation of campaigns with Google Ads or the simple use of social sharing buttons which also generates data sharing with third-party companies that belong to the networks.

Who needs a privacy policy?

Any site that even collects information on the geographical location of its users needs a privacy policy that is as accurate and meticulous as possible.

How to create a privacy policy?

Drafting a truly valid privacy policy, both to protect yourself from the law and to guarantee concrete protection for your users, is not a simple undertaking and does not consist only in creating a text that develops the key points listed above. The information required by the GDPR is detailed and meticulous and it is required to be presented in an exhaustive manner and with appropriate legal terms.

How to proceed then? There are several ways to get to the drafting of a privacy policy, some optimal, some not entirely appropriate: let’s see what they are.


The first of the possible options is to rely on do-it-yourself to build a valid document, or to copy-paste similar sites or sites that work in the same sector and with the same users. It goes without saying how risky and unorthodox this way of proceeding is when you really want to achieve a perfect and customized privacy policy on the peculiarities of a particular website and the services it offers.

Create privacy policy with WordPress or dedicated plugins

Anyone who owns a site created with the famous CMS WordPress, can have valid support for the creation of his privacy policy: his menu includes a special Privacy section that offers a privacy policy template for websites to be modified and customized to depending on the specific needs of the owner of the online space.

WP also provides complete guides on drafting effective privacy policies , to be studied and applied in creating your own. There are also numerous plugins for WP dedicated to the creation of the privacy policy which, by collecting the URL of the site and a few other data, are able to return an automatically drawn up policy.

Writing a privacy policy for a website in this way, however, using templates and automations, could still involve the risk of finding yourself with an incomplete document and incurring heavy penalties .

Opt for Iubenda: a team of online lawyers

In addition to WordPress plugins , one of the solutions adopted by many websites for the generation of their privacy policy involves the use of Iubenda, an easy to use and very intuitive portal that allows you to create precise and well-written documents and integrate them into your web pages. .

It is necessary to create an account on the Iubenda site in order to access the creation and customization of the policy: behind Iubenda’s services there are teams of lawyers specialized in online law who draw up and constantly update the privacy policies that the site makes available.

To customize the policy, it is necessary to provide Iubenda with data relating to the website owner , the data that will be collected, the methods of collection and the purposes for which they will be used or stored. The plus offered by Iubenda is the preparation of a list of services among which its users can easily select the ones they actually use within their online space: from Akismet to Facebook, from Google Fonts to the main social widgets.

Once the privacy policy has been created on Iubenda , it can be easily incorporated into a site , blog or e-commerce, via a direct link, a button in the footer or inclusion within the pages of the site. This privacy policy is also updated on a regular basis by the platform’s team of lawyers: it is not necessary to worry about making any changes to the text, which is automatically modified according to the most recent regulations in force.

Instead, it is advisable to periodically check that you have included all the new features of the website and the partners you are relying on, within the list of Iubenda services.

Seek help from a lawyer or a team of digital experts

However, to be 100% sure not to make mistakes in drafting the privacy policy and not to incur any mistakes or forgetfulness, the best choice is to contact directly an expert lawyer or a solidly competent web agency in the digital field. , who know how to support in a process that is as lightly taken as it is incredibly delicate. As much as the do-it-yourself or the intermediate ways may be attractive in terms of practicality and costs, publishing an incorrect or incomplete privacy policy on a website in some of its parts can incur penalties of absolutely not negligible amounts that could affect heavily on the business or profession of the site owners.

Choosing a partner who knows how to combine the most reliable professionalism at adequate costs and commensurate with the project is the best option to achieve the goal: to have a site that is perfectly compliant with the law , professional and well built in every single element.

Read Also – 14 SEO Simple Strategies to Implement Today on Your Site to Optimize Its Natural Referencing