¿Qué, cómo, quién, dónde?

Sé inteligente...

¿Todo sitio necesita una política de privacidad?

¿Todo sitio necesita una política de privacidad?

Short answer: yes, quite an overwhelming few of them.

Which sites need a privacy policy exactly?

This is also not very easy to answer without all of the details surrounding a website. But there are a few things we can assume for certain:

"The collection of private data or personally identifiable information with commercial intent are generally subject to disclosure to its users. This is true for most western legislations. Europe has long been dominating this space with quite strict rules, while in the States, California is the leading region (who extends the privacy policy requirement to any website owner who targets Californians) advancing privacy practices for its own tech sector."

Now, before saying you don’t process any user data, some consider the fact that your website handles IP data by visitors a personal datum…!

If you want to double-check, a good place to do so is your local data protection agency. Just don’t forget that you might also want to check out the rules in locations you want to operate in (I’ll post a list of names after the main content of this answer for you to check).

You can also use our Privacy Policy as a template or an example to craft your own.

What does “Google Analytics” tell us?

Now Google Analytics is a very, very clear indicator that you need a privacy policy. If any of the nation-states rules do not bother you, then you might want to take a look at Google’s terms for Google Analytics:

You will not and will not assist or permit any third party to, pass information to Google that Google could use or recognize as personally identifiable information. You will have and abide by an appropriate Privacy Policy and will comply with all applicable laws, policies, and regulations relating to the collection of information from Visitors. You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data. This can be done by displaying a prominent link to the site “How Google uses data when you use our partners' sites or apps”, (located at www.google.com/policies/privacy/partners/, or any other URL Google may provide from time to time). You will use commercially reasonable efforts to ensure that a Visitor is provided with clear and comprehensive information about, and consents to, the storing and accessing of cookies or other information on the Visitor’s device where such activity occurs in connection with the Service and where providing such information and obtaining such consent is required by law.

Do not forget about your cookies!

The above section in Google’s terms for Google Analytics additionally reminds you not to ignore the fact that Google uses pretty invasive cookies and therefore you should inform users before these cookies get installed. This means that to European users you should likely be displaying a banner and inform them about cookies AND most importantly block them before they’ve consented to their use.

It’s quite a beast, which is why Google has even built an informational site regarding this, and iubenda.com deals with cookie EU policies daily to make any implementation as easy as humanly possible.

What belongs in a Privacy Policy in general?

User accounts, payments, EULA are marginally topics for the privacy policy, but these might be more important in a terms document. Here’s a structure that might help you with providing the right information to your users in your privacy policy:

  • Who is the site/app owner?
  • What data is being collected? How is that data being collected?
  • For which purposes is the data collected? Analytics? Email Marketing?
  • What third parties will have access to the information? Will any third party collect data through widgets (e.g. social buttons) and integrations (e.g. Facebook connect)?
  • What rights do users have? Can they request to see the data you have on them, can they request to rectify, erase or block their data (under European regulations most of this is mandatory)?
  • Description of process for notifying users and visitors of material changes to the privacy policy
  • The effective date of the privacy policy

This is what I work on daily at iubenda.com and in its privacy policy generator. You can generate a privacy policy for your website with Google Analytics starting at “free”.

List of data protection agencies for research and help



Monte Elbruz 132-604
Lomas de Chapultepec
CDMX 11000 México

Habla con nosotros

+52 (55) 5281-4135
+52 (55) 5281-1674

Las cookies facilitan la prestación de nuestros servicios. Al utilizar nuestros servicios, usted acepta que utilizamos cookies.