The 8 Questions Your Website Privacy Policy Should Answer

June 22, 2016
Copying and pasting legal agreements

Did you copy and paste your Website Privacy Policy? Risky!

Here’s the thing: Someone else’s Website Privacy Policy will not be able to protect you and your visitors, because you may use data in very different ways.

2016-06-20An inaccurate Website Privacy Policy may expose you to the risk of having your website taken down, or even potential legal action.

Many entrepreneurs share the misconception that they only need a Website Privacy Policy if they sell goods (or services) online. Wrong.

Website Privacy Policy and Website Terms of Use are minimum legal requirements, even if you are just marketing and not selling goods or services online.   Tweet: A Website Privacy Policy is required by law, even if you are just marketing & not selling goods or services online: this

The regulation of personal data use is overseen in Hong Kong and Singapore by the Privacy Commissioner for Personal Data (PCPD) and the Personal Data Protection Council (PDPC) respectively.

In order to have a Website Privacy Policy that truly reflects your organisation’s practices, there are a few essential questions it must answer:

1. What information will you be collecting from your visitors?

List out specifically the types of information that you may collect and process. This ensures that you are transparent with your website visitors and/or users regarding what information about them that you are collecting and what types of activity you are monitoring.

Section 1 - What DataSimply pick what is applicable to you when drafting your Website Privacy Policy with Dragon Law. Try now.

2. Will you use the collected information in another country?

You have to state explicitly all the countries and/or territories in which you will be storing or using the data.

Section 2.5 - transfer data

Note: Be extra careful if your server is located overseas or if you are a using a hosting service provider with overseas servers. You may be subject to additional provisions that restrict transfers of personal information.

3. How will you use the data you collected?

Next, it is crucial to specify the purposes for which you will use the information you have collected from your users. It is recommended that you create the most extensive list possible, to keep possibilities open for the future. Even if you are currently only using the data for record-keeping, there might come a time when you want to do direct marketing!

Dragon Law’s Website Privacy Policy covers the following purposes:

(a) ensuring that content from our site is presented in the most effective manner for you and for your computer;

(b) providing you with alerts, newsletter, education materials or information that you requested or signed up to;

(c) carrying out our obligations arising from any contracts entered into between you and us;

(d) allowing you to participate in interactive features of our service, when you choose to do so;

(e) designing and conducting surveys/questionnaires for client profiling/segmentation, statistical analysis, improving and furthering the provision our products and services;

(f) complying with laws and regulations applicable to us or any of our affiliates in or outside Singapore;

(g) legal proceedings, including collecting overdue amounts and seeking professional advices;

(h) researching, designing and launching services or products including seminars/events/forums;

(i) promoting and marketing services and products subject to your exercise of the opt-out right (please see further details in clause 2.2 below); or

(j) purposes directly related or incidental to the above.

If you intend to share the data you have collected with other entities (such as business partners or overseas offices), you need to state this in your Website Privacy Policy. In general, just as with purposes, you want to leave your options as open as possible.

5. Does your website use cookies? What kind of cookies?

Most websites use cookies to distinguish a user from other users. Cookies contain a small file of letters and numbers stored on the browser or hard drive of the user’s computer. This helps websites to provide users with a good experience when they browse the website.

There are different types of cookies. Some identify users and track website performance in order to provide a more personalised experience for visitors. Others help analyse the effectiveness of website content. The four most common types of cookies are:

Strictly necessary cookies are cookies that are required for the operation of your website. They include, for example, cookies that enable the user to log into secure areas of your website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies allow you to recognise and count the number of visitors and to see how visitors move around your website when they are using it. This helps you to improve the way your website works, for example by ensuring that users are finding what they are looking for easily.

Functionality cookies are used to recognise the user when the user returns to your website. This enables you to personalise your content for the user, greet the user by name, and remember the user’s preferences (for example the user’s choice of language or region).

Targeting cookies are cookies that record the user’s visit to your website, the pages the user has visited, and the links the user has followed.

It is critical that you specify what type of cookies your website uses and explain what kind of information these cookies will collect.

Section 4 - CookiesNot technically-savvy? Me neither! That’s why the Dragon Law app provides helpful and clear definitions that guide you through drafting each agreement.

Your website may be using a third-party web analytics service, such as Google Analytics, to collect information on web traffic. If your website uses a third-party web analytics service, your Website Privacy Policy should also specify which analytics service is used.

6. Can customers make payments online via your website? If so, what kind of encryption do you use for web payments?

If you allow customers to make online payments on your website and use technology to encrypt the transactions, you should specify what security technology you use. The most common type of encryption is Secure Sockets Layer (SSL).

Section 5 - Online Payments

7. Who can users get in touch with if they want to access the data?

Remember: Under the law, individuals have the right to check whether you hold personal data about them, the right to access that data, the right to require that inaccurate data is corrected, and the right to request removal or deletion of the data. Therefore, it is essential that you provide a contact person and full contact details (including name, address, telephone number, fax number & email address) that users can get in touch with should they want to assess or correct the data they have provided.

Section 6 - Contact InfoUnder the PDPA, organisations in Singapore are required to designate at least one individual, known as the Data Protection Officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.
Appointment of a DPO is also implicitly required in Hong Kong under Data Protection Principle 1.

8. When will you publish your Website Privacy Policy? How will you further notify users of updates?

Your privacy policy only binds users if it clearly states when it came into effect. Also, whenever you update your website, or use new analytics services, you want to make sure to update your Website Privacy Policy. Hence, you will also need a clause that states how users will be notified of new policy changes.

Section 7 date and change

Last but not least….

It is recommended that you provide a link to your Website Terms of Use in your privacy policy so that your website visitors can find it for reference easily.

Section 0.5 - ToSA Website Terms of Use specifies the rules for using your website and defines the legal relationship between you as the website operator and your website users.

Now, preview your document:

Section 8 - Document Overiew


And you’re done!

Congratulations! Your Website Privacy Policy is ready to go. You can now download your Website Privacy Policy in Word, PDF, or HTML, and upload it onto your website.

Running a business may be challenging, but with the right processes and documents in place, you can build prudent legal protections and ensure you stay compliant.   

Ready to get started?

Let Dragon Law’s smart Document Builder guide you through the essential steps of drafting a Website Privacy Policy.

Sign up for a free trial

No commitment, no credit card required.
Fully customisable to suit your needs.

Leave a Reply

Your email address will not be published.

Like what you just read?

Subscribe to our newsletter and be the first to hear of
the latest Dragon happenings, tips and insights!