Drafting your customer privacy policy

///Drafting your customer privacy policy
Drafting your customer privacy policy2019-01-21T08:20:07+02:00
  • Policy, like a privacy policy, acceptable use of it policy, incident response policy

If you collect or process personal information about any identifiable individual (like your customers), you need to have a privacy policy. A privacy policy is very important because it’s your promise to the people whose personal information you process (like your customers) as to what you’re going to do with their data. Once you have decided on your policy, you’ve got to stick with it because if you don’t comply with your own privacy policy, you’re going to get yourself into some serious trouble. So not only is it important what you say but also how it is said.

A privacy policy should appear on all websites that collect personal information about visitors to the website. However, it should not be limited to your online visitors. If you collect, maintain and use consumer personal information in other ways, then the policy should cover that as well.

How we can help you

  • Have a great privacy policy by asking us to draft a bespoke tailored one specifically for you using our template.
  • Draft a privacy policy yourself by using our template. We have developed a template of a privacy policy. Comments for the customisation and implementation of the privacy policy are included as footnotes. The privacy policy is designed to satisfy your requirements regards the personal information of others and their privacy.
  • If you already have a privacy policy, check that it is in line with the latest law by asking us to review it for you.


If you are interested, please complete the form on the right or enquire now. We will contact you to find out more about your requirements and give you a quote.

Types of privacy policies

Broadly speaking, there are two types of privacy policies:

  1. A Customer Privacy Policy (external) which deals with how you process customer personal information; and
  2. An Employee Privacy Policy (internal) which deals with how you process employee personal information.

This article deals with a Customer Privacy Policy. It does not deal with Employee Privacy Policies or any of the other issues that form part of employee privacy, such as geolocation, nor does it deal with personal information policies, procedures and practices.

Factors to consider whilst drafting a Customer Privacy Policy

Whilst you have most certainly encountered a maze of privacy policies whilst surfing the Internet, it is very tempting to simply copy one and cut and paste from it to suit your own needs. Think before you do so as the maze of privacy policies you encounter are a direct result of legislation and court judgements in other countries that serve to protect personal information. In many instances, that legislation and those poor judgements are of no relevance in your country.

The goals of a privacy policy

Your privacy policy must keep three goals in mind:

  1. The policy must satisfy the legal requirements required by law (such as the GDPR, Protection of Personal Information Act, the Consumer Protection Act and the National Credit Act) and industry requirements (which will be spelt out in various Industry Codes, which POPI makes provision for). For organisations doing business on a global basis, they must consider a multitude of international privacy laws as well.
  2. The policy must satisfy your business objectives.
  3. The policy must reassure data subjects (privacy is an emotional issue for most consumers. Many people feel as though there is a full frontal assault on their personal information. They believe they have little or no control over the collection and use of their personal information. As a result, a privacy policy must be designed to allay consumers concerns and make them feel comfortable doing business with your organisation).

Your privacy policy provides high-level statements of your positions on particular issues whereas procedures bring those positions down to earth by laying out specific actions and responsibilities.

What are the benefits of having a privacy policy for customers?

  1. It may reduce the risk of your company being sued for infringing a customer’s right to privacy.
  2. The policy should also ensure that you comply with the law and therefore avoid sanctions for non-compliance.
  3. It will help you gain consumer confidence.
  4. Hopefully, bad publicity which can have serious economic consequences can be avoided.
  5. Your potential customers will not feel the need to seek out your competitors with better data privacy practices.
  6. A privacy policy should demonstrate good practice and therefore help to attract new customers or to keep existing customers.
  7. A well-drafted privacy policy should also enable you to deal with the personal information of customers in a manner which is beneficial to you.
  8. The personal information relating to your customers is a valuable business asset which should be protected and possibly even developed.

Do you collect personal information?

Personal information can be collected by various means and you should carefully analyse the functioning of your business or website to establish if and to what extent you gather personal information. You might even collect personal information without knowing it!  Ways in which personal information is collected include:

  • visitors subscribing to a newsletter,
  • a user registering on a blog or forum,
  • users submitting their details via a form,
  • in the process of contracting online,
  • taking orders,
  • through the personalisation of a website by a user,
  • through the use of cookies,
  • monitoring user access and habits,
  • sending or receiving e-mails,
  • SMSs or other similar messages.

You must update your privacy policy often

A privacy policy is a dynamic document and should be amended as the law relating to privacy and your business develops and changes. Your privacy policy should therefore be reviewed on a regular basis.

Please remember the following important pointer: Many organisations assume that once they privacy policy is in place, the job is completed. This is a mistake. Every time content or services are added, or website functionalities change, there is a risk of exposing users to privacy breaches. It is critical to every online business that as the business changes, the policy is reviewed to see if changes to meet the new challenges are necessary.

Acceptance of the privacy policy

It is suggested that you alert users to the fact that their personal information will be dealt with under a privacy policy by way of a clear and prominently displayed notice at the bottom of each webpage of your website.