This post was refreshed to include up-to-date resources and examples on June 15, 2020.
Nonprofit privacy policies are often an afterthought in the website world. That’s probably because they’re rarely viewed by visitors and are all too often stuffed with legal jargon that’s only loosely recognizable as English.
It shows transparency and builds trust.
If a visitor wants to know the details of your policies they’ll be able to find them easily. And even some visitors who don’t want to read the policies in their entirety will take comfort in the fact that you’re making them available.
It helps you plan ahead.
Sure, it helps your visitors know what to expect. But it also helps you think through what information you’ll be collecting and the policies surrounding keeping that data safe. Planning ahead can help you avoid situations you don’t want to mess with down the road.
It provides basic legal protection.
Drop the legal jargon
Ask a Lawyer to Review It
After you’ve written it, have a lawyer review it. Tell them you don’t want to infuse it with jargon. You just want to make sure you haven’t omitted anything major.
- What information are you collecting from visitors? This can range from emails to credit card information to IP addresses to the pages they visit on your website.
- How are you collecting this information? Think about forms, cookies, log files or other collection methods that happen in the background of a website visit.
- Can this information be used to identify individuals, or is it aggregated and anonymous, or (more likely) is it both? Throughout the policy, it’s important to distinguish between the two.
- How will you use the information you collect? For example, for marketing purposes, to improve user experience or send a newsletter that the visitor requested.
- Where do you store information and for how long?
- Who will be able to access this information? For example, your staff members, marketing consultants, third party services, etc.
- Will you share this information with any other parties, like law enforcement, other nonprofits, partners or the person themself?
- Is your website integrated with any third party vendors that have access to visitor data, such as Google Analytics, MailChimp, OptinMonster or Salesforce?
- How will you protect their information? Do you have security measures in place?
- How will you notify visitors of changes to your policies?
Be as clear as you can when walking through the information you’re collecting, collection methods and data uses. Don’t be sneaky about it, but it’s okay to give yourself a little bit of wiggle room. Otherwise, this document could get out of hand pretty quickly.
For example, you might say you use website information to better target your marketing efforts, rather than going into detail on all the information that includes and exactly how you target these more specific groups of visitors.
Check out our post on GDPR compliance for tips on how to comply and to access a simple tool to assess your website traffic from countries in the European Union.
Resources for Writing Privacy Policies