Many entrepreneurs, and particularly freelancers, use portfolio websites to display their projects and demonstrate their capabilities to prospective clients. Business owners who use their portfolio websites to collect visitors' personal data should have a Privacy Policy to help ensure compliance with applicable privacy and data protection laws.

This article explains what a portfolio website is, what a Privacy Policy is, why you need a Privacy Policy for a portfolio website, and how to create, display, and get consent to your Privacy Policy.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



What is a Portfolio Website?

A portfolio website is a place where you can showcase your work and connect with clients.

Freelance writers, artists, graphic designers, and anyone who needs a website where potential clients can see examples of their work can all benefit from having a portfolio website.

Copywriter Stuart Tarn's portfolio website is organized by the types of copy projects he has completed, including web, email, social media, and print jobs:

Screenshot of Stuart Tam portfolio page

What is a Privacy Policy?

A Privacy Policy is a legal document that explains how you collect and process (use) consumers' personal data (information that can be used to identify an individual).

A Privacy Policy typically contains (but is not limited to) the following clauses:

  • How you collect personal data
  • Your reasons for collecting and processing personal data
  • Any third parties you share personal data with
  • How you keep the data you collect safe
  • How consumers can exercise their rights
  • Your contact information

Launch strategist and copywriter Sandy Dang's Privacy Policy contains pertinent clauses, including her website address, information about changes to the Privacy Policy, a description of the type of information she collects, and what is done with the information:

Sandy Dang Privacy Policy excerpt

Why Do You Need a Privacy Policy for a Portfolio Website?

You should have a Privacy Policy for your portfolio website to help ensure compliance with state and global privacy and data protection laws.

A Privacy Policy can help you meet legal requirements by explaining what you do with the personal data you collect and process and giving consumers a way to exercise their privacy rights.

Many privacy laws require you to have a Privacy Policy if you collect personal data directly from users, such as through a marketing communications sign-up or contact form, or if you use third-party service providers that collect personal data from users.

If you use your portfolio website to collect personal information from users (including names, email addresses, or phone numbers) you should have a Privacy Policy in place.

Even if you don't directly collect personal data from users, you should be aware of any third-party service providers you use that do. Many third-party service providers require you to have a Privacy Policy in order to use their services.

If you use analytics or ads services, cloud providers, automated marketing email platforms, or any other online platforms or service providers that collect users' personal data (such as Google Ads, Google Analytics, Mailchimp, or Salesforce) to facilitate your portfolio website, you should have a Privacy Policy.

What Laws Require a Privacy Policy?

Laws that require businesses to maintain a Privacy Policy include international legislation such as the European Union's (EU) General Data Privacy Regulation (GDPR), and state laws such as the California Consumer Privacy Act (CCPA/CPRA).

GDPR

The GDPR requires applicable businesses to maintain Privacy Policies on their websites that are clearly written, easily accessible, and regularly updated.

Article 13 of the GDPR explains that where you've collected personal data from your users, you need to provide information about:

  • Your contact information
  • How and why you collect the personal data
  • Rights the users have

This is done via a GDPR-compliant Privacy Policy.

To comply with the GDPR, any applicable business that collects personal data from consumers needs to have certain information in its Privacy Policy, including:

  • Identity of its organization
  • Identity of its Data Protection Officer (DPO)
  • Reasons for processing personal data
  • Third parties personal data is shared with
  • How long personal data is retained
  • Data subjects' rights

CCPA/CPRA

The CCPA/CPRA requires businesses that cater to California residents and meet its criteria to maintain regularly updated Privacy Policies on their websites.

Some of the clauses a CCPA/CPRA-compliant Privacy Policy should contain include:

  • The types of personal data collected
  • Where personal data is collected from
  • Reasons for collecting, selling, or sharing personal information
  • Third parties personal data is disclosed to
  • How California residents can exercise the rights granted to them by the CCPA/CPRA

The privacy laws that apply to you depend on both your business's and your users' location. For instance, the GDPR applies to anyone who offers goods or services to residents of the EU, as well as to businesses that are based in the EU.

You should have a solid understanding of which privacy and data protection laws apply to you in order to create a compliant Privacy Policy for your portfolio website.

What Happens If You Don't Comply With Privacy Laws?

Many privacy laws impose substantial fines on those found in violation of their rules.

For example, Article 83 of the GDPR explains that organizations that don't meet the law's Privacy Policy requirements can face fines of up to the higher amount of 20 000 000 EUR or 4% of their annual global turnover from the previous year.

Intersoft Consulting: GDPR Article 83 Section 5: General Conditions for Imposing Administrative Fines

How Do You Create a Privacy Policy for a Portfolio Website?

Your Privacy Policy should be clearly written, easy to understand, accurate, and regularly updated. While your Privacy Policy should be customized to reflect your unique business needs, there are a few essential clauses that many state and global privacy laws require Privacy Policies to contain.

Let's take a deeper look at each of these clauses.

The Types of Personal Data You Collect

This clause lists the kinds of personal data you collect, such as names, email addresses, phone numbers and financial and shipping information.

Copywriter Anna Rogan's Privacy Policy lists the types of personal information she collects, including device information, browsing behavior, names, billing and shipping addresses, payment information, email addresses, and phone numbers:

Anna Rogan Privacy Policy: Personal information we collect clause

Writer André of Maverick Words uses his Privacy Policy to explain the types of personal information he collects: users' names and email addresses:

Maverick Words Privacy Policy: What personal information do I collect clause

What You Do With the Data You Collect

You should explain your reasons for collecting and processing consumers' personal data, and what you do with the data. You should only collect personal data for the reasons you have given.

Common reasons for collecting consumers' personal data include communications, marketing, and order fulfillment purposes.

Artist Oh Dada's Privacy Policy describes how the personal data collected is used, including for the portfolio website's functionality and for advertising and communication purposes:

Oh Dada Privacy Policy: Purposes and legal grounds for data collected clause excerpt

What Third Parties You Share Personal Data With and What Data You Share

Your Privacy Policy should list the third parties you share consumers' personal data with, such as service providers and affiliates, and what types of data you share with them.

Copywriter Dayarne Smith's Privacy Policy explains that she shares information with third parties that help with sending emails and processing payments:

Dayarne Smith Privacy Policy: Sharing Information with Third Parties clause

Anna Rogan's Privacy Policy explains that she shares that personal information with third parties for targeted advertising, site analysis, and optimization purposes, and explicitly notes that data is shared with Google:

Anna Rogan Privacy Policy: Sharing Your Personal Information clause

How You Keep Personal Data Safe

It's important to keep the personal data you collect and process safe. Many privacy laws require businesses to take physical, technological, and administrative security measures to protect consumers' personal data.

The Privacy Policy on artist Susann Hoffmann's portfolio website explains that she keeps visitors' personal data safe by keeping her security measures up to date:

Susann Hoffmann Privacy Policy: Data Security clause

How Consumers Can Exercise Their Rights

In order to understand what rights your consumers have, you should check what privacy laws apply to them. Many privacy laws apply to businesses based on both their location and the location(s) where their consumers live. While consumers' rights vary depending on applicable laws, there are a few rights that most privacy laws protect.

Some of the rights that privacy laws tend to grant consumers include:

  • The right to opt out of the sale of their personal data or the use of their personal data for targeted advertising purposes
  • The right to withdraw their consent to use their personal data
  • The right to access, edit, or delete their personal data

For example, Chapter 3 of the GDPR lists the rights of EU consumers, including the rights to access, edit, or delete their personal data:

GDPR Chapter 3: Articles headings list

Artist Mimochai's, Privacy Policy explains that consent is directly requested for marketing purposes, and lets users know that they can withdraw their consent at any time by contacting via email or ground mail:

Mimochai Privacy Policy: Consent clause

Your Contact Information

Your Privacy Policy should include your contact information. You should have, at a minimum, an electronic contact method (such as an email address or an online contact form), but the more options you have for consumers to contact you, the better.

The Privacy Policy on copywriter Stephen Marsh's portfolio website includes an email address where visitors can send privacy-related questions:

Stephen Marsh Privacy Policy: Contact clause

Where Should You Display Your Portfolio Website Privacy Policy?

Your Privacy Policy should be accessible, and links to your Privacy Policy should be clearly labeled as such. You should display links to your Privacy Policy where consumers can easily find them, such as within your website footer or on your contact form.

You can put a link to your Privacy Policy anywhere on your portfolio website where you intend to collect users' personal data, such as on an account creation form, ecommerce checkout page, newsletter sign-up page, or on your contact form.

Let's explore some of the places you can put links to your portfolio website's Privacy Policy.

It's a good idea to maintain a link to your Privacy Policy within your website footer. That way, visitors to your portfolio website can find your Privacy Policy no matter what page of your site they navigate to.

Here's how Stephen Marsh displays this link in his site's footer:

Stephen Marsh website footer with Cookie and Privacy Policy link highlighted

Account Creation Page

If you allow visitors to your portfolio website to create an account, you should provide a link to your Privacy Policy on the account creation page so that they can read about how you handle personal data before they submit their information.

Writer and Amanda Frances's account creation page includes links to her Privacy Policy and Terms agreement:

Amanda France Create Account form with Privacy Policy link highlighted

When users go to create an account on business coach Melyssa Griffin's portfolio website, they must first tick a checkbox stating that they agree to receive promotional emails and agree to both Melyssa's Terms of Use and Privacy Policy and the hosting platform's legal agreements:

Melyssa Griffin sign-up form

Ecommerce Checkout

If you sell products from your portfolio website, you should include a link to your Privacy Policy on your ecommerce checkout page.

Author Brandon Sanderson's checkout page includes links to his legal policies, including his Privacy Policy:

Brandon Sanderson checkout form with Privacy Policy link highlighted

Marketing Communications Sign-Up

Many freelancers collect email addresses and other methods of contact from visitors to their portfolio websites. You should put a link to your Privacy Policy in the area of your portfolio website that allows users to subscribe to your newsletter or other marketing communications.

Author Zadie Smith's portfolio website is sponsored by Penguin Random House, so when visitors want to sign up for her newsletter they must first agree to Penguin Random House's Privacy Policy and Terms of Use agreement:

Zadie Smith email sign-up form

Visitors to writer Rupi Kaur's portfolio website are presented with a newsletter subscription box that contains two links to her Privacy Policy:

Rupi Kaur sign-up form

Contact Form

If you have a contact form on your portfolio website, you should include a link to your Privacy Policy within the form.

Communications professional Cassidy Slockett includes links to her Privacy Policy and Terms of Service agreement on her portfolio website's contact form:

Cassidy Slockett Contact form with Privacy Policy link highlighted

Once you have your Privacy Policy written and online, you should make sure you get users to consent to it.

One of the best ways to get consent to your Privacy Policy is through the use of a checkbox next to an "I Agree" statement. Users must tick the checkbox signaling that they agree that they have read and consent to your Privacy Policy before taking certain actions on your portfolio website, such as creating an account, purchasing a product or service, or signing up for a newsletter.

The Village's account sign-up page includes a checkbox next to a statement that says that by ticking the checkbox users are agreeing to its Privacy Policy and Terms of Service agreement:

The Village account register form with Agree checkbox highlighted

Summary

A portfolio website showcases your work and gives potential clients a way to learn more about your offerings and contact you.

A Privacy Policy is a legal document that explains how you handle users' personal information.

Many state and global privacy and data protection laws require applicable businesses to respect consumers' privacy rights and get consumers' consent before collecting or processing their personal data. Maintaining a Privacy Policy on your portfolio website can help you comply with privacy law requirements.

Anyone who uses their portfolio website to collect personal data from visitors (either directly or via third-party service providers) should have a Privacy Policy.

If you don't comply with applicable privacy laws, you may face hefty fines.

Your Privacy Policy should be clearly written, easy to understand, and regularly updated. It should be tailored for your unique business, but should include, at a minimum, the following clauses in order to comply with state and global privacy and data protection laws:

  • How you collect personal data
  • Why you collect and process personal data
  • A list of third parties you share personal data with
  • How you keep personal data secure
  • How consumers can exercise their rights
  • Your contact information

You should display your Privacy Policy where visitors to your portfolio website can easily find it. Some common places to display a link to your Privacy Policy include:

  • Website footer
  • Account creation page
  • Checkout page
  • Marketing communications sign-up
  • Contact form

One of the most effective ways to get consent to your Privacy Policy is by putting the link to your Privacy Policy within a statement that users must agree to before taking action on your portfolio website. You can put a checkbox next to the statement that users must tick before taking further action.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy