Privacy Policy for Facebook Lead Ads

Privacy Policy for Facebook Lead Ads

Facebook Lead Ads can help you generate interest in your business, distribute your promotional materials, grow your mailing list, and more.

But you must let users know about Facebook's data collection practices. You can't create a Facebook Lead Ad without providing a link to your Privacy Policy. And Facebook has some specific requirements about what your Privacy Policy must contain.

In this article, we're going to explain how to update your Privacy Policy so it complies with Facebook's Lead Advert Terms. We'll also look at some extra requirements if you target Facebook users in the UK or EU.


What are Facebook Lead Ads?

Facebook Lead Ads are designed to reduce friction in the lead generation process.

Businesses typically use Facebook Lead Ads to offer a free product or opportunity. This is often simply a means by which to obtain a user's personal information or contact details.

When a user clicks on your ad, a form appears within Facebook itself. Facebook populates the form using some of the information it holds about the user. All the user has to do is fill in the blanks and click "submit."

Using Facebook Lead Ads is an alternative to redirecting a user to a landing page. This means that a user is more likely to provide you with their personal information.

Why Do Facebook Lead Ads Publishers Require a Privacy Policy?

Why Do Facebook Lead Ads Publishers Require a Privacy Policy?

Facebook Lead Ads allow you to collect Facebook users' personal information. Facebook also uses cookies and similar technologies when targeting users with your ads, and when measuring campaign analytics.

The information you request via your Facebook Lead Ad relates to an individual consumer. Cookies can also reveal personal information. Therefore, you need a Privacy Policy that explains what personal information you collect and how you use it.

The obligation to create a Privacy Policy comes both from Facebook's Lead Ad Terms and from privacy law.

Facebook's Requirements

Facebook's Lead Ads Terms state that you must create a Privacy Policy before you can publish a Lead Ad:

Facebook Lead Ads Terms: Privacy Policy required clause

Facebook requires that:

  • You make all the disclosures necessary to comply with the law
  • You request users' consent for using their personal information if you're required to do so by law
  • You clearly disclose that your use of Facebook users' data will be governed by your Privacy Policy
  • You provide a link to your Privacy Policy

Note that Facebook doesn't explain what you should include in your Privacy Policy. This depends on which privacy laws you need to comply with, the nature of your business, and the nature of your Facebook Lead Ads campaign.

Your Privacy Policy will be unique to your business. But there are some clauses that all Lead Ads users should include, and we'll be looking at these below.

A Privacy Policy is required by law in pretty much every major market.

If you're targeting consumers in any of the following markets (and many more), failing to maintain a Privacy Policy could put you in violation of privacy law.

  • United States: The privacy laws of California require all operators of commercial websites accessible in California to publish a Privacy Policy.
  • European Union and United Kingdom: The General Data Protection Act (GDPR) requires all businesses to publish a detailed Privacy Policy.
  • Canada: Publishing a Privacy Policy is mandatory under the Personal Information Protection and Electronic Documents Act (PIPEDA).

There are two main reasons why you need a Privacy Policy:

✓ They're legally required: Privacy Policies are legally required by global privacy laws if you collect or use personal information.

✓ Consumers expect to see them: Place your Privacy Policy link in your website footer, and anywhere else where you request personal information.

Excerpt from TermsFeed Testimonials:

"I needed an updated Privacy Policy for my website with GDPR coming up. I didn't want to try and write one myself, so TermsFeed was really helpful. I figured it was worth the cost for me, even though I'm a small fry and don't have a big business. Thanks for making it easy."

Stephanie P.
Generated a Privacy Policy

Generate a Privacy Policy, 2020 up-to-date, for your business (web, mobile and others) with the Privacy Policy Generator from TermsFeed.


What to Include in Your Facebook Lead Ads Privacy Policy

What to Include in Your Facebook Lead Ads Privacy Policy

We're going to look at some of the basic information you should include in your Privacy Policy as a Facebook Lead Ads user.

We won't be covering everything you need to create a legally compliant Privacy Policy in this article. This is the information that pertains to your Facebook Lead Ads campaign, but there's a lot of other information you'll need to include besides this.

Take a look at our Privacy Policy guidance for the markets in which you operate. This will help ensure your Privacy Policy tells consumers everything they need to know about your business practices.

How You Collect Personal Information

Your Privacy Policy should explain all the ways in which you collect personal information. These might include:

  • Forms: Including order forms, sign-up forms, contact forms
  • Email: Customer services inquiries, complaints, etc.
  • Cookies: Including on your website and Facebook Page

For our purposes, your Privacy Policy should explain that you collect personal information via your Facebook Lead Ads.

Here's how Dolphins Pharmacy does this:

Dolphins Pharmacy Privacy Policy: Facebook Lead Ads clause

You'll also need a section on how you collect personal information using cookies, which we'll cover below.

What Personal Information You Collect

You can use Facebook Lead Ads for various purposes, all of which involve collecting personal information from Facebook users. For example:

  • Newsletter/marketing/blog signups: Email address, name
  • Providing quotes: Information about the user's property (e.g. car model)
  • Setting up appointments: Approximate location, phone number
  • Offering training or courses: Job title, name of employer, education

Under Facebook's Advertising Policies, there are certain types of personal information you must not request via your Facebook Lead Ad (unless you have Facebook's prior written permission), including:

  • Account numbers
  • Criminal history
  • Financial information
  • Government-issued identifiers
  • Health information
  • Insurance information (e.g. policy numbers)
  • Political affiliation
  • Race or ethnicity
  • Religion
  • Sexual orientation
  • Trade union membership
  • Username or password

Here's how Driftrock informs consumers about what types of personal information the company collects:

Driftrock Privacy Policy: What information do we collect clause

Your business almost certainly collects other types of personal information through other means, and you'll need to disclose this too.

Your Use of the Facebook Pixel

Many Lead Ads publishers use Facebook's tracking technology, the "Facebook Pixel," to track conversions. This is one of Facebook's recommended best practices for lead ads.

Integrating the Facebook Pixel on your website has significant privacy implications. You must explain your use of the Facebook Pixel in your Privacy Policy.

The Facebook Business Tools Terms sets out the information that Facebook requires you to include in your Privacy Policy if you use the Facebook Pixel:

Facebook Business Tools Terms: Pixels - Prominent notice and link requirement clause

In summary, you have to give notice of the following:

  • That Facebook and other third parties use tracking technologies to gather data about your users' activities, both on your website or app and on other websites and apps
  • That this data is used to measure ad campaign effectiveness and to target ads
  • How users can opt out of the collection and use of their data

Here's an example from ID Fitness:

ID Fitness Privacy Policy: Facebook Pixel Notice clause

You can integrate this notice into your Privacy Policy. Facebook's terms require that you provide a link to your Privacy Policy in specific locations, namely:

  • Website: On each page on which you use the Facebook Pixel
  • Mobile app: Within your "Settings" (or similar) menu, and within the listing for your app on the Google Play Store and or Apple App Store

Note that if you're targeting users within the United Kingdom or the European Economic Area, you'll also need to obtain their consent before you set the Facebook Pixel on their device.

How to Create a Privacy Policy for Your Website

TermsFeed Privacy Policy Generator: How to Create a Privacy Policy for Your Website

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your website. Just follow these steps:

  1. Click on the "Privacy Policy Generator" button.
  2. At Step 1, select the Website option and click "Next step":
  3. TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  4. Answer the questions about your website and click "Next step" when finished:
  5. TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  6. Answer the questions about your business practices and click "Next step" when finished:
  7. TermsFeed Privacy Policy Generator: Answer questions about business practices  - Step 3

  8. Enter your email address where you'd like your policy sent, select translation versions and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.


Adding Your Privacy Policy to Your Facebook Lead Ad

Adding Your Privacy Policy to Your Facebook Lead Ad

When you've created your Privacy Policy, it's easy to add it to your Facebook Lead Ad. Simply select the "Privacy Policy" tab in the ad creation form and provide a link to your Privacy Policy.

Facebook Ad creation form: Privacy Policy link highlighted

Facebook provides a default disclaimer which displays a link to your Privacy Policy. You can also add a "custom disclaimer."

This section is most relevant if you target customers in the United Kingdom or the European Economic Area.

Facebook requires that your Facebook Lead Ad contains any "choice mechanisms" necessary under applicable law.

Certain regions, most notably the EU, require businesses to obtain consent (permission) from consumers before using their personal information in certain ways.

Among other things, consent must be specific to a particular purpose. You should avoid "bundling" consent requests. If you intend to use consumers' personal information for multiple purposes, you should request consent for each individual purpose.

For example, if you're requesting a user's email address in order to send them a free ebook, and you also want to add them to your marketing mailing list, you need to request consent for both activities.

Facebook makes it easy to request consent for multiple purposes. You can do this using the "custom disclaimer" feature, which you'll find on the ad creation form.

First, tick the box next to "Add custom disclaimer:"

Facebook Ad creation form: Privacy Policy - Add custom disclaimer checkbox highlighted

You'll see the "Consent checkbox" options. You can add multiple consent requests here.

In our example Lead Ad below, we've set up two consent requests:

Facebook Ad creation form: Custom Disclaimer - Consent options highlighted

The first request is permission to send the user an ebook. The user must consent to this in order to click "Submit." The second consent request is for email marketing. This is optional.

To be clear, if your business and your target market are based outside of the European Economic Area or the United Kingdom, you may not have to separate out consent requests in this way.

You also use the "Text" box to add custom disclaimers. You may wish to give a more detailed explanation of how users' data will be processed. This might be necessary if you wish to share users' personal information with third parties. Or, if you are using your Lead Ad to allow users to enter a competition, you could use this box to explain your Terms and Conditions.

Summary of Your Facebook Lead Ads Privacy Policy

You can't create a Facebook Lead Ad without providing a link to your Privacy Policy.

You must ensure your Privacy Policy complies with relevant privacy law. In relation to your Facebook Lead Ads campaign, your Privacy Policy must explain:

  • How you collect personal information
  • What personal information you collect
  • How the Facebook Pixel works, and how users can opt out

If you target users in the EEA or UK, you should also add consent checkboxes if you intend to collect Facebook users' personal information for multiple purposes.

Robert B.

Robert B.

Legal writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.