The Easiest Way to Add a Privacy Policy to Your Shopify Store
Table of Contents
Creating a Privacy Policy is not a choice but rather a legal requirement under most privacy laws such as the European Union's GDPR, Canada's PIPEDA, California's CCPA and Brazil's LGPD.
In this article, we will cover:
- What to consider when creating your Privacy Policy for your Shopify store
- How to create a custom-made Privacy Policy for your Shopify Store
- How to add your Privacy Policy Page to your website
Since your Shopify-powered eCommerce store likely targets consumers living in those regions, you need to create a custom-made privacy policy that satisfies legal requirements under these laws to shield your business from legal action and fines.
Take Facebook, for example:
In 2020, Facebook was slapped with a 9 Million Dollar Penalty because its Privacy Policy did not provide information about third-party developers who could access users' friend lists when a user installs an app.
While Facebook is a deep-pocket mega-corporation that can write off such a fine as merely the cost of doing business, the majority of companies on the planet, including Shopify-powered growth businesses like yours, cannot tolerate such high fines.
Therefore, you must create an Shopify privacy policy to be transparent about collecting and using your customers' data.
After drafting your privacy policy, you need to put it in a visible place on your website so that your visitors can easily find it.
4 Things to Consider when Generating your Shopify Privacy Policy
ONE
Make sure your privacy policy is compliant with relevant laws.
If you sell your goods or services to users in a specific country and explicitly target consumers in that area, you will likely be subject to that country's data privacy laws.
If this is the case, you need to tailor your Privacy Policy to make sure that you comply with all relevant local laws, whether it is GDPR, CCPA, LIPEDA or LPGD.
Some businesses fall into one trap: GDPR compliance is the highest standard and automatically makes a business compliant with all other laws—this is false. Compliance is not universal, and GDPR widely differs from its counterparts, such as California's CCPA and Canada's PIPEDA on some issues and other laws.
For example, even if you do not sell your customers' data, you still need to state this in your Privacy Policy to comply with CCPA. GDPR, however, does not impose such a requirement. In other words, CCPA sets an additional requirement you must comply with that the GDPR does not.
TWO
Translate your policy to the languages of countries you sell within
The primary purpose of having a Privacy Policy is to empower individuals by informing them about how their data is collected, used, shared and deleted.
Suppose your Privacy Policy is not provided in your visitors' native language. In that case, that individual may be unable to find out how you use their data, which would undermine the right to transparency on processing personal data.
You are likely to face regulatory action if you do not translate your Privacy Policy to local languages.
One recent victim of such a mistake was TikTok.
The Dutch Data Protection Authority fined TikTok for €750,000 because TikTok did not provide its Privacy Policy in Dutch—it was only published in English. The Dutch Authority decided that this did not satisfy the GDPR's transparency requirements because users who did not speak English would be unable to understand the content of the Policy.
THREE
Each Shopify store is unique; personalize your Privacy Policy
Each business differs in which data they collect, providers they use, data sharing and selling and retention periods, analytics tools used—whether it is google analytics or competitors.
Each Shopify eCommerce business collects different types and amounts of data, stores this data on different servers located in different countries, and uses personal data in many ways.
For example, one eCommerce business may collect customers' phone numbers and store EU customers' data servers in Europe. Another store may not ask for its customers' number and choose to keep EU customers' data on servers operated by US cloud providers in the USA.
Considering that each e-commerce business has its unique set of data processing activities, it must have a customized Privacy Policy to explain data collection practices clearly.
No two privacy policies should look alike.
FOUR
Make it easy to read and navigate to serve your customers well.
Your Privacy Policy is your primary way of communicating with your customers about how you collect and use their data. Suppose your customers cannot easily access the Policy and navigate across different sections of your Privacy Policy. In that case, you are unlikely to satisfy transparency requirements under relevant laws such as GDPR and CCPA.
The French Data Protection Authority fined Google almost 60 Million Euros because it was so complicated for users to navigate the Privacy Policy. For instance, it took users as many as six actions to get to the relevant section on data retention periods and purposes to use personal data.
How to add a Privacy Policy to Your Shopify Store — For Free!
In the previous section, we have touched upon the main legal issues that every Shopify Store owner should consider when creating a Privacy Policy.
As a Shopify store owner, we know that you have a lot on your plate to work on, from SEO optimization to developing a profitable business model.
Therefore, it is in your best interest to use automated tools to customize your store's customized Privacy Policy which will save you enormous time and help you comply with relevant laws.
You can use Enzuzo's Shopify Privacy Policy Generator to build your personalized Privacy Policy and streamline your data privacy compliance efforts with GDPR, CCPA and PIPEDA.
STEP 1
Start Generating Your Privacy Policy in Minutes.
Visit this page to start creating your customized Privacy Policy for free.
STEP 2
Fill Out Our Questionnaire to Personalize Your Privacy Policy.
Next, you'll provide information about how you collect and use your customers' data to and enable compliance with relevant privacy laws.
When filling out this section, provide details on the following:
- Business details: Business name, business address and contact details such as email and phone number
- The regions where your website operates and collects data: This helps you align your Privacy Policy with each individual local privacy law regime's requirements.
Suppose you select the United States as one of the countries where you collect personal data. In that case, the Privacy Policy will include a section on the sale of personal information to comply with California's CCPA.
- Website Cookies: If you are using website cookies, you need to explain your purposes of using these cookies. Enzuzo provides you with a list of potential goals for which you use website cookies. This list of uses includes personalization, website traffic analysis and remembering user preferences.
With Enzuzo you can quickly satisfy GDPR, CCPA and PIPEDA's transparency requirements.
- Types of personal data you collect:
Under the GDPR, CCPA and PIPEDA, you must inform your customers about the categories of personal data you collect about them. In this stage of the form, provide a list of data types such as names, address details, phone numbers, financial data, purchase information and mobile device identifiers that your store is likely to collect and use. By clicking boxes across these data types, you can ensure that your Privacy Policy sufficiently lists various kinds of personal data you collect.
- Data you may collect about the usage of your website:
This section applies if you are collecting personal data related to the use of your Shopify store, such as IP address, time stamps, device ID or location information. Enzuzo allows you to add the types of usage data you collect to your Policy and your purposes.
For example, suppose you collect device ID or location data to prevent fraud or collect data on web searches and product views for advertisement. In that case, you can easily insert this information into your Policy with Enzuzo.
- Information on your marketing activities:
To comply with privacy laws such as the GDPR, CCPA and PIPEDA, you should inform your website users about the third-party services you use on your eCommerce store, such as Google Analytics and your remarketing activities.
If you click YES in this section, for whether you use Google Analytics for remarketing, Enzuzo will automatically add this information into your Privacy Policy.
- Translate to local languages that your website visitors speak
If you target customers in European countries, you must translate your Privacy Policy into local languages to comply with the GDPR. As observed in the TikTok case, you cannot fulfill your transparency obligations under the GDPR with just the English version.
With Enzuzo, you can translate your Privacy Policy in English, French, German, Italian, EU Portuguese, Brazilian Portuguese, Spanish and Dutch.
- Make your Privacy Policy easy to navigate with an accordion format
As we have seen with the fine imposed on Google due to the confusing structure of the privacy policy, it is a must to make your Privacy Policy as easy to use and navigate as possible.
With Enzuzo's accordion format feature, you will make things easy for your customers to go through the Privacy Policy, find the relevant section they are interested in quickly and comply with legal requirements under the GDPR and the CCPA.
How to Add Your Privacy Policy to Your Shopify Store
After generating your Privacy Policy by using Enzuzo’s Privacy Policy Generator, adding this on your website takes only a few clicks:
Step 1: From your Shopify dashboard, go to your online store and visit navigation:- Step 2: Click on the footer menu:
- Step 3: Navigate to ‘click item’:
- Step 4: Press on ‘add menu item’:
- Step 5: Click on ‘Link’ and paste your Enzuzo privacy policy URL to add it.
Your personalized Privacy Policy will go live on your Shopify Store within minutes once you follow these steps.
Final Thoughts
A customized and easy-to-read Privacy Policy available in all local languages is critical to Shopify Stores’ data privacy compliance efforts.
As we saw with fines levied against Google, Facebook and TikTok, a Privacy Policy that is not easy to navigate for users and not available in local languages does not satisfy transparency requirements.
By using Enzuzo’s Privacy Policy Generator, you can eliminate the risk of facing legal action and hefty fines.
Ali Talip Pınarbaşı