what it is and how to set one up! – WAU

When accessing some websites, e-commerce services, or any other digital platform that requires a user registration, such as social networks, you probably have already been surprised with information about a privacy policy. Basically, it concerns how user data will be treated, what the company intends to do with those […]

When accessing some websites, e-commerce services, or any other digital platform that requires a user registration, such as social networks, you probably have already been surprised with information about a privacy policy.

Basically, it concerns how user data will be treated, what the company intends to do with that information and what are the security limits for its sharing.

But what exactly is a privacy policy? Does everyone need to have one online? How to assemble yours?

We have the answers to these and other questions!

Check out:

What is a privacy policy

Also called security terms and conditions by some websites, the privacy policy refers to the practices and processes adopted by a website, app, or other type of application provider to make your relationship with the user transparent.

Basically, it informs the user of all rights, guarantees, forms of use, data collected, processing and disposal of this personal information.

Typically, these sites and application providers ask the user, when filling out their registration, or start using the platform, demonstrate your express consent and agreement to these terms.

It is a way of not only informing the user what will be done with their data, but also exempting the provider from any responsibility arising from the lack of consent.

You want to create a privacy policy for your company so fast and simple? Use the free tool from Guru PME!

But what exactly is mentioned in a privacy policy?

See some of its main aspects:

Personal identification information

One of the main aspects of any privacy policy concerns user identification data.

Nowadays, with increasingly multiple and connected platforms, this goes far beyond a name and about a name.

Identification data can also be your identity document number, social security number, email, username, personal image, IP number (internet protocol) from your computer or internet access device (tablet, smatphone, etc.).

All of this information serves to identify users of websites and applications, so must be treated with care and confidentiality by companies.

After all, leaks of this data can have serious consequences not only for the user, but also for the service providers.


E-commerce sites are the ones that most need their users’ addresses to register.

These data are used not only for the delivery of products and for the provision of services, but also for the issuance of tax documents, especially in transactions involving the collection of taxes.

It is necessary to know if the user is an individual or a legal entity, and where their headquarters or residence is located.

Bank data

In addition to the address, e-commerce sites also often require the sharing of bank data from their users, either for the establishment of automatic debit in the provision of continuous services, or for the conduct of bank transactions, such as payments and transfers through credit card, for example.

Remember that bank details are not provided only by those who have to make a payment over the internet.

Often, sharing websites and apps (Airbnb, Uber, etc.), buying and selling products among consumers and even digital finance companies (fintechs) also collect their users’ personal data to make deposits.

These bank details are essential for the business model of these companies, but they must also be included in the privacy policy.

Navigation patterns and cookies

Have you noticed that, as you browse Facebook, Google and other such platforms, there is a constant refinement of advertising suggested to the user?

If you travel a lot, buy tickets online, are always comparing hotel prices, etc., similar products and services will probably be offered to you through these platforms.

This means that most application providers study and uses its navigation patterns to then optimize the relevance of its advertisements.

This is done through cookies, a kind of browsing history that is accessed every time you enter these platforms to better identify users’ profiles.

Conversation history

Yes, we need to talk about privacy policies referring to the exchange of messages between users.

When you are using a social network, it is important to keep in mind who can access this conversation, in what way and for what purpose.

After all, many of these conversations are private and the user has an expectation of confidentiality.

If you are using e-commerce, this may not be such a problem, as consumers of these sites and platforms communicate little with each other.

Nowadays, in London, the content of these messages exchanged between users can only be passed on to other people (government, civil society, judiciary, etc.) through a court order.

If a judge does not endorse, providers are not required to share private conversations.

But your privacy policy should reflect this care with the information exchanged, highlighting exactly who has access to each conversation.

Content limitations

There are websites and platforms that decide to impose restrictions on users on the content to be posted online. For example, nudity may not be allowed, as is the case with Facebook.

Besides that, there are sites that do not allow hate speech and racist content, so users who do not respect these policies are also subject to being expelled from these platforms.

Academia.edu, for example, is a site specifically designed for researchers to share their own articles, books and other publications for free with colleagues in their fields of study.

However, if any user decides to share, without authorization, books and materials from third parties that are protected by copyright, that content may be removed.

That is, it is important that the website itself, in its privacy policy, mention what is allowed and what is expressly prohibited in terms of content.

Digital Transformation and Marketing

Why is it important?

Now that you know exactly what a privacy policy is, you need to understand its need. Why is it important?

Why should companies, providers and social networks develop their own privacy policy? Check out:

Compliance with the Civil Framework for the Internet and the Consumer Protection Code

In London, since the 1990s, the Consumer Protection Code already provided for a special treatment given by companies to information about their customers.

E-commerce was not as expressive in relative terms as it is now, but it was already pointed out, at that time, the need not to pass this data between one company and another, as well as to maintain the organizational confidentiality of this type of information in the company.

In addition, in 2014, London legislation gained a specific regulation for the virtual world, the Marco Civil da Internet.

This law established rights and guarantees for users, in addition to establishing clear rules of responsibility for the public and private sectors.

Specifically regarding the privacy of users, the law specifically determines the protection of privacy, personal data and the security of networks.

In addition, there is a specific provision for civil liability of agents according to their activities and obligations. In practice, what does this mean?

Application providers (content sites, social networks, applications, etc.) must maintain the confidentiality of communications exchanged between users and their personal data.

They must also keep this information for a minimum of 6 months, if they are legally required to provide this information to the authorities, by court order Without a court order, personal data, communications and navigation patterns of users cannot be made public.

It is also worth mentioning the content of article 7 of the Marco Civil, which guarantees users the right to have access to “clear and complete information about the collection, use, storage, treatment and protection of their personal data”.

In addition, this information can only be used for purposes that “justify its collection, that are not prohibited by law and that are specified in service provision contracts or in terms of using internet applications”.

That is, the privacy policy is actually the contract that regulates the relationship between user and provider.

Support in the market and among its users

Having a privacy policy is also a smart and strategic measure in economic terms.

It makes sense for a company that wants to guarantee support in the market and among its users to keep the confidentiality of the data it uses in its day to day.

Just remember cases like Yahoo’s recent security breaches, which made thousands of user passwords public and exposed these people to various risks, such as fraud, breach of communications confidentiality and crimes against the financial order.

As a user, it is difficult to trust websites, platforms and apps that do not have an adequate policy to protect privacy and personal data.

As much as most users do not read several of these terms, any type of security breach or lack of privacy policy can decrease user adherence, engagement and loyalty.

In increasingly competitive markets, as is the case with online businesses today, it is essential to maintain this support and perception of security by the market.

Prevent information leakage

Does privacy policy have the consequence of preventing information leakage? Yes!

As unlikely as this relationship may seem, as companies are required to make these terms and conditions available when contracting with a user, they are also creating a “law” that regulates this private relationship.

Whether this policy regulates what can or cannot be done, the rights and duties of each party, it is also necessary to take the necessary and reasonable measures to put it into practice, such as the security of protocols, confidentiality in employment contracts and respect for users’ rights.


This is one of the main values ​​sought by internet companies today.

The online market is very dynamic, demanding from its entrepreneurs quick adaptability and the need to adapt to the new demands of consumers.

The more transparent the relationship between company and user, the better the results of these ventures, especially due to the fact that much of the users’ personal lives are now exposed, traded and stored online, such as cloud computing, for example.

In this context, transparency, security, reliability and protection of personal data are essential measures to be taken by companies.

Analyze Digital Competitors

Learn how to set up your privacy policy

What is the best way to set up your own privacy policy? See our tips:

Understand your business model

There is no point in copying and pasting on your website a model of a business privacy policy that you have nothing to do with.

It must be relevant to your area of ​​expertise and the type of information that is exchanged. After all, this information changes a lot from one sector to another.

The data obtained in an e-commerce are completely different from those of a social network.

Respect the legislation of your sector

Observe what the Marco Civil da Internet, the Consumer Protection Code and any other pertinent legislation say for your sector.

If you operate in the financial sector, it is important to check, for example, whether the Securities and Exchange Commission and the Central Bank have any specific regulations that you must observe.

Know your users’ concerns

Do you know your users well? Do you know what they are concerned with?

It is necessary to understand this profile well, since it will also be able to determine the type of privacy policy most suitable for your enterprise.

Avoid legal and other difficult to understand terms

It is essential that your message is clear.

Avoid hiding behind complicated and inaccessible legal terms. The privacy policy must be clear, transparent and objective.

Get and keep only what you need

As the Marco Civil da Internet notes, any collection of data that exceeds the need for your business model can be considered inappropriate.

This also avoids accountability in the event of a data leak. If you have a social network where there are no financial transactions, what is the purpose of obtaining your users’ credit card data?

It would be something more to protect and to be responsible for in case of leaks.

Watch what your competitors do

Still unsure how to best proceed with your company’s privacy policy? How about checking what your competitors are doing?

This does not mean that you should copy them, but it is certainly a good way to give more direction to your own policies.

What did you think of this information? How is the privacy policy of your website or enterprise? Also take the time to check out our guide on digital marketing for small and medium businesses!

privacy policy