A Separate Privacy Policy and Terms and Conditions for Subdomains?

A Separate Privacy Policy and Terms and Conditions for Subdomains?

Planning on starting a blog as a subdomain of your website? If so, you may be wondering about the legal complexities of creating subdomains for your website.

A common question people have is whether separate legal agreements are needed for subdomains.

Keep reading to find out the recommendations regarding how to incorporate Privacy Policies and Terms and Conditions for subdomains.


Subdomains

If you're considering adding a blog or other subdomain to your website, you know that it's simply a secondary domain name that can be treated as a seperate website, even though it usually retains a domain name very similar to the original. Some reasons companies do this is to create:

  • A blog
  • Multiple versions of the same website in different languages
  • A niche website for a specific group of consumers
  • An e-commerce store that is seperate from the main site

Here is a screenshot of the main website URL for Style Dot Me:

StyleDotMe: Screenshot of homepage with URL

The Style Dot Me blog URL is a subdomain of the main website:

StyleDotMe: Screenshot of blog homepage

The basic logistics of creating a subdomain are relatively simple. Most hosting companies provide a number of subdomains for free with the purchase of a main domain name, so setting it up is the easy part. Delving into the finer details will depend on the purpose of the subdomain.

If the main website is informational and the subdomain is an e-commerce store, like the Herman Miller Store shown below, the Terms and Conditions of the e-commerce store will need to include more information about shipping, payments, and other relevant details.

Herman Miller: Screenshot of homepage with URL

Privacy Policies for Subdomains

Let's start with Privacy Policies. Existing businesses likely already have an established Privacy Policy. This public statement will define the personal information the business collects from its users, as well as how they process, store, and share the information.

This is the basic format of a standard Privacy Policy, as demonstrated by Target:

Target Privacy Policy: Intro with links list

Although Privacy Policies differ from business to business, the average policy will include the following clauses:

  • What information does your business collect about consumers
  • How does your business use this information
  • Who does your business share the information with
  • How can users access, edit, or delete their personal information
  • How do you use cookies
  • When was the last time you updated your Privacy Policy
  • How do you communicate those changes
  • How you process information of children, if at all
  • How can users contact you regarding privacy concerns

Why a Privacy Policy?

If you do not yet have a Privacy Policy drafted and publicly posted for your current online business, you'd be well-advised to take care of that before creating any subdomains. If your website or subdomain collects any personal information from your website visitors, you are required by law to post one.

Many consumer privacy laws affect the average online business. Since the internet is international by nature, you will be required to comply with European, Canadian, and state laws like CalOPPA, even if your business is not based in any these locations.

Here are a few privacy laws that likely apply to your website:

  • California Online Privacy Protection Act (CalOPPA)
  • Children's Online Privacy Protection Act (COPPA)
  • Canada's Personal Information Protection and Electronic Documents Act (PIPEDA)
  • European Union's General Data Protection Regulation (GDPR)

All of the above regulations require a public Privacy Policy of some kind, and many of them require the clauses listed above. These laws protect the privacy of each nation's residents, regardless of where the business is located, and so can be enforced internationally.

Privacy Policies for Leased Subdomains

Whether or not your subdomains will each need a separate Privacy Policy depends largely on the function of the subdomain. For example, some companies offer subdomains of their own website to different businesses, like Shopify.

Shopify is a large-scale e-commerce provider that offers subdomains to its customers. Each subdomain acts as its own webstore and is managed by a different company or owner.

Here is an example of a Shopify subdomain store:

Screenshot of Sol Theory homepage: A Shopify subdomain ecommerce store

The webstore Sol Theory is technically a subdomain of Shopify, but it is owned and operated by an independent company.

In this case, a separate Privacy Policy is required for each subdomain because each is managed by a different company, and each of those has its own business practices. Shopify includes this stipulation in its Privacy Policy, requiring each storefront to maintain its own Privacy Policy:

Shopify Privacy Policy: Information from merchants clause

Another example of a company that leases subdomains to other businesses or individuals is Wix, a make-your-own-blog service. it also recommends that each of its own subdomains maintain its own Privacy Policy:

Wix Privacy Policy: Users-of-Users' Information clause

In short, if each subdomain is owned or operated by a different individual for her own use or services, then each subdomain should maintain its own Privacy Policy.

Privacy Policies for Subdomains Owned and Managed by the Same Company

Other types of subdomains, on the other hand, can usually implement the same Privacy Policy as the main website. If your subdomains are serving different functions within the same business, then one umbrella Privacy Policy should serve for them all.

Here are a few examples:

Blog Subdomains

When a subdomain is simply serving as a blog for the main domain or website, then the same Privacy Policy applies.

Sperry, for example, uses a subdomain for its blog. This is the main website URL and navbar:

Screenshot of Sperry homepage with URL

This is only slightly different that the blog domain name and navbar, but it is still considered a subdomain:

Screenshot of Sperry blog homepage with URL

When you click the Privacy Policy link on the blog however, it directs the user back to the main website Privacy Policy, since both domains are owned and managed by the same company.

Language Subdomains

Another popular use for subdomains is to create several versions of the same website in different languages. To illustrate, the L'Occitane main website URL looks like this:

Screenshot of L'Occitane homepage with URL

The Spanish version, however, has the prefix "es" incorporated into the domain name:

Screenshot of L'Occitane homepage with URL - Spanish

This same website offers different subdomains in over 12 languages, but they all share the same Privacy Policy. However, each policy is translated into the correct language so that users can read it.

Targeting Niche Markets

Many larger companies also create subdomains to target niche markets or groups within their customer base. Nike, for example, has a subdomain just for investors:

Screenshot of Nike investors subdomain with URL

Their main website URL looks like this, however:

Screenshot of Nike homepage with URL

Both websites link to the same Privacy Policy.

The only exception to this rule may be in the case of a subdomain that serves as an e-commerce store. If your main Privacy Policy covers the financial and shipping information that you collect to process orders, then the same policy should work for both sites. However, if the Privacy Policy of the original website does not mention payment processing information, a separate Privacy Policy will be necessary for the e-commerce subdomain.

Herman Miller maintains an e-commerce subdomain, but since they include payment processing information in the main Privacy Policy, the same policy still applies to both domains:

Herman Miller Privacy Policy: Personal Information clause

Terms and Conditions for Subdomains

Although a Terms and Conditions page is not required by law, it is the first place courts will refer to in the case of a lawsuit against your company.

Why a Terms and Conditions?

A Terms and Conditions agreement is where you let users know about your rules, restrictions and important details that come with using your website/app.

When it comes to disputes over payment, terms of sale, shipping, or any other matter, your Terms and Conditions can limit your liability.

This screenshot of Coca Cola's Terms of Use demonstrates the terminology that may reduce their liability in a court of law:

Coca-Cola Terms of Use: Liability clause

Terms and Conditions for Leased Subdomains

Remember: It's never required by law to have a Terms and Conditions agreement. However, it's usually a really good idea to have one.

If you operate a subdomain that's hosted under a different business' main website - such as if you run a Shopify store - you won't be required to have a Terms and Conditions agreement. But if you do choose to have one, these platforms usually make it very easy to add your agreement to your subdomain.

For example, Shopify shows its subdomain users how to add an "Agree to Terms and Conditions" checkbox to their subdomain sites so you can not only include your agreement but get your shoppers to agree to your Terms.

Depending on the nature of the leased subdomain, such as if it's an ecommerce store, a Terms and Conditions will be highly recommended.

T&C's for Subdomains Owned and Managed by a Different Company

A good example of this is the FIFA website. This is a screenshot of the Terms of Service for the main FIFA site:

FIFA Terms of Service: Intro clause with contact information

In contrast, FIFA's e-commerce store is managed by a separate entity, and even though it's a subdomain of FIFA.com, it maintains a separate Terms and Conditions agreement:

FIFA Store General Terms and Conditions intro: Scope, offer, conclusion of contract clause

Because the general FIFA website doesn't offer services like an ecommerce component that would need to address things like shipping, delivery and return or refund details, it doesn't need such an in-depth Terms and Conditions agreement.

However, the separate subdomain does offer such things that need to be addressed in its Terms and Conditions. More importantly, because the subdomain is ran by a third party for FIFA, that third party would clearly want to have its own Terms and Conditions in place to protect itself from legal liability not only to shoppers, but to FIFA as well.

If the subdomain is owned and managed by someone different the owner of the main domain, it would be very smart to have a Terms and Conditions agreement for the subdomain.

T&C's for Subdomains Owned and Managed by the Same Company

As we mentioned about Privacy Policies above, most subdomains that are owned and operated under the same company and owner can utilize the same Terms and Conditions for all.

LinkedIn maintains a separate subdomain for its blog:

Screenshot of LinkedIn homepage showing URL

Upon browsing, you will find that the User Agreement link redirects the visitor back to the User Agreement for the main website. Since the terms function the same way for both sites, there is no reason to create a separate terms page.

In the end, you must evaluate the nature of your business and the functions of your subdomains. In the majority of cases, the same Privacy Policy and Terms and Conditions can be used for all subdomains of one company. However, there are some scenarios and situations where you will need or want separate agreements.

A helpful way to think about it is to think about whether your subdomain has drastically different functions and features from your main domain that would warrant the need for additional Terms and Conditions.

For example, say you run a photography blog where you only post your photography work but don't allow user comments or any interaction at all from viewers. Your photography blog has a subdomain for an ecommerce store where people can buy your work, leave reviews and create shopper accounts.

You can likely get away without a Terms and Conditions agreement at all if your photography blog didn't operate that ecommerce store. However, that ecommerce subdomain will benefit greatly from having a Terms and Conditions agreement.

This is because you'll be interacting with customers and allowing them to interact more with your website, which means your Terms can help protect you from legal liability issues.

In this example, you could either have one Terms and Conditions agreement that you post on both domains, or you can simply post it to the ecommerce subdomain since it would be most relevant to the subdomain.

Summary

When it comes to a Privacy Policy for subdomains:

  • If you operate a leased subdomain, you will need a separate Privacy Policy as required by the company you're leasing from (i.e. Shopify).
  • If you operate the main domain as well as the subdomain, you can typically use the same Privacy Policy for both.

When it comes to a Terms and Conditions for subdomains:

  • You aren't required to have a Terms and Conditions agreement for your subdomain, but it's highly recommended if your subdomain:
    • Has a main domain that's owned/managed by someone else
    • Is a leased subdomain (i.e. a Shopify website)
    • Has different features and functions than the main domain, such as an ecommerce component, a way for users to submit content, etc.

Other Categories:

Jaclyn Kilani

Legal writer.

This article is not a substitute for professional legal advice. This article does not create an attorney-client relationship, nor is it a solicitation to offer legal advice.