24 December 2020
Complying with global privacy laws might not be on the top of your "to-do" list, but don't neglect this important aspect of your business.
Enter your email address where you'd like your policy sent, select translation versions and click "Generate."
You can start by considering what personal information your customers (and potential customers) provide voluntarily, for example:
Here's how Shopify merchant Rebecca Minkoff explains the types of personal information its customers provide voluntarily:
Rebecca Minkoff also identifies the types of personal information it collects from customers who set up an account:
You probably also collect some technical information from visitors to your website automatically, with or without their prior knowledge. For example:
You might be surprised to learn that these types of data qualify as "personal information." However, personal information is a very broad concept.
Increasingly, personal information is defined as any information that relates to an identifiable individual. Therefore, you should be as transparent as possible, and disclose all types of data that you collect from your customers and visitors to your website.
Here's how Shopify merchant Uproot Wines identifies the types of personal information it collects automatically from visitors to its website:
Some businesses post a separate Cookies Policy explaining what cookies do, how the business uses them, and how to prevent the website from setting them.
Here's an example of part of a Cookies Policy from Shopify merchant Gymshark. First, Gymshark explains what cookies are and why they are used:
Further down the Policy, Gymshark explains how to block cookies on various web browsers:
In addition to explaining what personal information you collect, you must explain how you use personal information.
You should have a clear purpose for collecting personal information. It's bad practice to collect personal information unless you need it for a specified purpose. In fact, under EU law, it is unlawful to collect personal information unless you have a "lawful basis."
As an ecommerce retailer, you're likely to use personal information in some of the following ways:
Name, payment card details, billing address:
Here's an example from Shopify merchant Pixi Beauty UK:
This paragraph describes how Pixi Beauty uses personal information to send transactional emails (such as company announcements, customer service emails, and welcome emails).
Shopify offers a number of services that involve the collection and processing of your customers' personal information, including:
Whatever Shopify services you use, you must explain how Shopify collects and uses the personal information of your customers and the visitors to your website.
Craft goods store Leif uses Shopify as a web host. Here's how Leif explains this to its customers:
Shopify requires that you disclose the third parties with whom you share personal information.
As an ecommerce retailer, you'll probably be sharing personal information with quite a lot of other companies in addition to Shopify.
For example, you might share personal data with:
You should be upfront about any third parties with whom you share or might share personal information.
Here's an example from Shopify merchant Bluebella:
First Bluebella reassures its customers that sharing personal information doesn't mean selling personal information. Practically every business needs to share some personal information with third parties.
Note that Bluebella names some of the specific third parties with whom it shares personal information, such as Shopify and Amazon Pay. In other cases, it simply identifies the types of third-party companies with whom it shares personal information, such as "marketing agencies" and "social media sites." This is likely to be acceptable in most contexts.
And to make things even more complicated...you have to comply with whatever privacy laws apply wherever your customers live.
U.S. federal privacy law is pretty weak unless your business is aimed at children. Otherwise, if you have customers in the US, your main task is to comply with the privacy laws protecting California residents.
If your website is accessible in California, you need to comply with the California Online Privacy Protection Act (CalOPPA).
If you have customers in the EU, and/or the UK, you must comply with the EU General Data Protection Regulation (GDPR).
If you have customers in Canada, you'll need to comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).
Check out our article that covers more privacy laws by country.
Here's a short presentation with the steps. They're also included after the presentation so you can skip to that section if you want:
Log into your Shopify account. On the side menu of the Shopify dashboard, choose "Online Store."
On the "Pages" page, select "Add page."
In the "Online Store" menu, select the "Navigation" option. On the Navigation page, choose "Footer menu."
On the "Footer menu" page, click "Add menu item."
You must also provide any additional information that is legally required in your customers' countries of residence.