Is a Privacy Policy the Same as a Privacy Notice or Privacy Statement?
Although the terms "Privacy Policy" and "Privacy Notice" are used interchangeably, they don't always mean the same thing. Before you name your privacy document, you should understand what these terms mean and how to choose the right option for your business.
Below, we explore what the terms "Privacy Policy," "Privacy Notice" and "Privacy Statement" mean, and we'll cover how to display your Privacy document correctly, whatever it's named.
Need a Privacy Policy? Our Privacy Policy Generator will help you create a custom policy that you can use on your website and mobile app. Just follow these few easy steps:
- Click on "Start creating your Privacy Policy" on our website.
- Select the platforms where your Privacy Policy will be used and go to the next step.
- Add information about your business: your website and/or app.
- Select the country:
- Answer the questions from our wizard relating to what type of information you collect from your users.
-
Enter your email address where you'd like your Privacy Policy sent and click "Generate".
And you're done! Now you can copy or link to your hosted Privacy Policy.
- 1. What is a Privacy Notice?
- 2. What is a Privacy Policy?
- 3. What is a Privacy Statement?
- 4. Does it Matter What I Call My Privacy Document?
- 5. What Should I Include in My Privacy Policy, Notice or Statement?
- 5.1. Introduction
- 5.2. Data Processing
- 5.3. Consumer Rights
- 5.4. Contact Details
- 6. How Do I Display My Privacy Policy, Notice or Statement?
- 6.1. Areas Where You Collect Personal Data
- 6.2. Pop-up Banners
- 6.3. Website Footer
- 7. Summary
What is a Privacy Notice?
A Privacy Notice tells people who visit your website how you process their personal data, and how they can limit your access to personal data.
Fitness brand Gymshark, for example, calls its privacy document a Privacy Notice:
Women's Health also uses the term "Privacy Notice" for its privacy document:
Must you call this document a Privacy "Notice," though? The answer is no. For example, some businesses call this notice a Privacy "Statement" or "Policy," and for the most part, they're all taken to mean the same thing.
The law doesn't offer much guidance, either. For example, Article 12 of the EU's General Data Protection Regulation (GDPR) states that businesses must set out their privacy practices in writing, but there's no mention of the word "notice."
Similarly, the California Consumer Privacy Act (CCPA/(CPRA) requires businesses to provide a "Notice at Collection," but again, this is not the same term as "Privacy Notice." That said, you'll note from the example above that Women's Health does refer to its statement as both a Privacy Notice and Notice at Collection.
Here's another example. Canada's Personal Information Protection and Electronic Documents Act (PIPEDA) requires businesses to be transparent about what personal data they collect and how it's processed. As per Section 4 of Schedule 1 though, businesses only need to make this information available in an easily accessible format.
Here's what we can take from all this so far:
- A Privacy Notice sets out a company's privacy practices so website visitors can understand them.
- There's no clear legal requirement to name this document a Privacy Notice. However, you may choose to do so.
If you don't want to use the term "Privacy Notice," here's a look at whether you can call the document a "Policy" or "Statement" instead.
What is a Privacy Policy?
A Privacy Policy is the notice you present to customers, informing them of their privacy rights. In other words, you might call your Privacy Notice a Privacy Policy instead.
As an example, Walmart refers to its customer-facing statement as a Privacy Policy:
And Hermes also refers to its notice as a Privacy Policy:
These documents serve the same purpose as the Privacy Notices mentioned above. The only difference is in the name. Both terms include the word "privacy" so customers know the document covers their privacy rights.
This tends to be the standard, default way of naming these legal agreements and the way most commonly used.
Whether you call your privacy document a notice or policy, just make sure it contains the word "Privacy" somewhere in the title.
What is a Privacy Statement?
A Privacy Statement is what it sounds like: A statement of your privacy practices.
As we can see from the examples above, it's okay to use different terms to describe your Privacy document so long as the meaning and intent is clear, so you can use the term "Privacy Statement" to describe your Privacy Notice or Privacy Policy.
Here's an example from Microsoft. It covers the same types of clauses as the other documents; namely, how the company handles personal data and why. Again, the only difference is in the name:
Netflix also uses the phrase "Privacy Statement" to mean its core privacy document. From the introductory clause, it's clear that this statement sets out how the company processes personal data, and what choices people have regarding the sharing of this data:
As with the other examples, if you choose to call your document a Privacy Statement, ensure it's clear what the document is and why visitors should read it.
Does it Matter What I Call My Privacy Document?
In practical terms, no.
If you run a website, you can call your customer-facing document a Privacy Policy, Notice, or Statement. There's no legal requirement to call your document a Privacy Notice. What matters is that your document includes the correct information to help people exercise and understand their privacy rights.
It all comes down to your visitors' expectations. So long as it's clear that your document refers to your privacy practices, your visitors will understand the meaning of the document and what it's intended to communicate, regardless of what it's called.
Now we're clear on the naming of these agreements, let's briefly cover what you should include within it.
What Should I Include in My Privacy Policy, Notice or Statement?
Names aside, every Privacy document should include the following points of information:
- What personal data you collect
- Why you collect it
- How you collect it
- Who you share it with
- What rights a person has regarding their personal information
- Your business contact details
You may need additional clauses, depending on the services you offer and which privacy laws apply.
Covering how to write Privacy Policies in any detail goes beyond the scope of this article. However, let's briefly break the most common clauses down.
Introduction
Whether it's a Privacy Policy, Notice, or Statement, state clearly what the document is and why it's necessary.
Here's an example from McDonald's. It's only a few sentences long but that's all that's needed to make it clear what the document covers:
Data Processing
Explain what type of data you collect, why you need it, how you use the data, and who you share it with.
Here are some clauses from Barnes & Noble's Privacy Policy. First, it explains what data the company collects:
It then sets out why it collects the data:
As you'll see, what's most important here is the information contained within the document. Whether you call your document a Privacy Policy or Privacy Notice, the information must be comprehensive and detailed enough to comply with your legal obligations.
Consumer Rights
Disclose what rights people have regarding what data they share with you. Use simple language so it's easy for people to understand.
American Eagle has a clause that addresses some rights granted under the CCPA (CPRA):
Or, you can follow the McDonald's example and list the rights in bullet-point style, for extra clarity:
Whatever you call your Privacy document, it's crucial that it's easy to understand and user friendly.
Contact Details
Help customers reach you to exercise their privacy rights by providing contact details. At least one option should be free, such as sending you an email.
American Eagle has multiple different methods of contact, as well as separate contact information for credit card inquiries versus privacy inquiries:
Now that you have an idea of what to include in your Privacy document, let's look at methods of displaying your document, regardless of what you title it.
How Do I Display My Privacy Policy, Notice or Statement?
Website visitors must be able to view your Privacy document before they use your services. There are a few places where you should display your Privacy document:
- Anywhere users are asked to share personal data (sign-up forms, email subscribe forms, etc.)
- Pop-up banners (e.g. Cookie Notices)
- Your website footer
Here are some examples.
Areas Where You Collect Personal Data
Before visitors hand over any personal data, such as when they open an account or complete their shopping cart order, give them a clear opportunity to review your Privacy document. This way, you can ensure they've had a chance to read and understand your privacy practices before sharing personal information with your company.
For example, before someone opens a LancĂ´me account, they must confirm they agree to the website's Privacy Policy:
No matter how you name your Privacy document, make sure you make it available to people before they share any personal data with your website.
Pop-up Banners
If your website uses cookies and you have a pop-up Cookie Notice, you can link to your Privacy document here. This means visitors can easily review your document before deciding whether to accept cookies or share personal data with you.
Here's a great example from Levi's. The Cookie Notice includes a clear link to the Privacy Policy, which people can read for more information before clicking "I Accept" or "Customize Settings:"
McDonald's has a similar banner. Visitors can click "Privacy Statement" or "California Privacy Notice" to read the relevant document before proceeding:
You'll notice it's also called a Privacy "Statement" in this banner, as these terms can be used interchangeably, as we've noted.
Website Footer
You should place a link to your Privacy document in the footer alongside your other important documents such as your Terms and Conditions agreement and Cookie Policy. This way, visitors can quickly access all your key information from one place.
You can find Amazon's Privacy Notice, for example, beside its Conditions of Use:
Adidas also links to its Privacy Policy beside its Terms and Conditions and "Do Not Sell My Personal Information" page link:
Alternatively, you can link to your Privacy document in a sidebar or your website header, if it fits better with your website layout.
Finally, if you have a mobile app or website, make sure your Privacy document is somewhere clearly visible e.g. the page footer or app menu.
Summary
In sum, don't worry too much about what you name your Privacy document. Just make sure you use the same term consistently e.g. if it's called a Privacy Policy, use this phrase throughout the document. You should also ensure the document:
- Includes the word "Privacy" in the title
- Sets out your privacy practices clearly
- Establishes what rights people have regarding their personal data
- Complies with your legal obligations
Make sure you display your document somewhere visible, including your website footer and places where customers share personal data, such as when they register for an account or complete their shopping transaction. It's also a good idea to display your Privacy document in your Cookie Notice so visitors can read it before agreeing to cookies.
