Table of Contents

Important: Someone else’s Website Privacy Policy will not protect you and your visitors because you may use data differently.

Did you copy and paste your Website Privacy Policy? Risky!

An inaccurate Website Privacy Policy may expose you to the risk of having your website taken down or even potential legal action.

Many entrepreneurs share the misconception that they only need a Website Privacy Policy if they sell goods (or services) online. This is Wrong.

To have a Website Privacy Policy that truly reflects your organisation’s practices, there are a eight essential questions it must answer:

1. What information will you collect from your visitors?

This is privacy policy 101. You must list the types of information you may collect and process.

Doing this ensures that you are transparent with your website visitors and users regarding what information about them that you are collecting and what types of activity you are monitoring.

When drafting your Website Privacy Policy with Zegal, you can quickly pick what applies to you. Try now.

2. Will you use the collected information in another country?

You have to state explicitly all the countries and territories where you will store or use the data.

warning-sign-on-a-triangular-background

Note: Be extra careful using a hosting service provider with overseas servers. You may be subject to additional provisions that restrict transfers of personal information.

3. How will you use the data you collected?

It is crucial to specify the purposes for which you will use the information you have collected from your users.

We recommend that you create the most extensive list possible to keep possibilities open for the future.

Even if you are currently only using the data for record-keeping, there might come a time when you want to do direct marketing!

If you intend to share the data you collected with other entities (such as business partners or overseas offices), you must state this in your website privacy policy.

4. Does your website use cookies? What kind of cookies?

Most websites use cookies to distinguish a user from other users.

Cookies contain a small file of letters and numbers stored on the browser or hard drive of the user’s computer to help websites provide them with a good experience when browsing the website.

There are different types of cookies. Some identify users and track website performance to give visitors a more personalised experience.

Others help analyse the effectiveness of website content. The four most common types of cookies are:

Strictly necessary cookies are required for the operation of your website. They include, for example, cookies that enable the user to log into secure areas of your website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies allow you to recognise and count the number of visitors and see how they move around your website. This helps you improve how your website works, for example, by ensuring that users find what they are looking for easily.

Functionality cookies recognise the user when the user returns to your website. This enables you to personalise your content for the user, greet the user by name, and remember the user’s preferences (for example, the user’s choice of language or region).

Targeting cookies record the user’s visit to your website, the pages the user has visited, and the links the user has followed.

You must specify what type of cookies your website uses and explain what kind of information these cookies will collect.

Not technically-savvy? The Zegal app provides helpful and precise definitions that guide you through drafting each agreement.

Your website may use a third-party web analytics service, such as Google Analytics, to collect information on web traffic. Your Website Privacy Policy should also specify which analytics service is used.

5. Can children use your website?

Can individuals below a certain age use your website? If so, you must implement safeguards to ensure compliance.

If your website collects personal information from individuals within a specific age range, it’s essential to specify the age group.

The GDPR policy places strict requirements on protecting the personal data of children. If you rely on consent as your lawful basis for processing data, children should be at least 16 years old.

6. How can users access and update their info on your platform?

Under the law, individuals have the right to check whether you hold personal data about them, access that data, request that inaccurate data be corrected, and ask for removal or deletion of the data.

Therefore, you must provide a contact person and full contact details (including name, address, telephone number, fax number & email address) that users can contact to assess or correct the data they have provided.

Under the PDPA, organisations in Singapore are required to designate at least one individual, known as the Data Protection Officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.


Appointment of a DPO is also implicitly required in Hong Kong under Data Protection Principle 1.

7. When will you publish your website privacy policy? How will you further notify users of updates?

Your privacy policy only binds users if it clearly states when it came into effect. Whenever you update your website or use new analytics services, you must also update your website privacy policy.

Hence, you will also need a clause that states how users will be notified of new policy changes.

Now, preview your document:

And you’re done!

Congratulations! Your Website Privacy Policy is ready to go. You can now download your Website Privacy Policy in Word, PDF, or HTML, and upload it onto your website.

Running a business may be challenging, but with the right processes and documents, you can build prudent legal protections and ensure you stay compliant.

Ready to get started?

Let Zegal’s smart Document Builder guide you through the essential steps of drafting a Website Privacy Policy.

Sign Up Free

No commitment, no credit card required.
Fully customisable to suit your needs.