Does your Privacy Policy includes this? Detailed checklist

By Will Elton, Updated: 2023-01-18 (published on 2018-06-22)

Did you copy and paste your Website Privacy Policy? Risky!

Here’s the thing: Someone else’s Website Privacy Policy will not be able to protect you and your visitors, because you may use data in very different ways.

2016-06-20An inaccurate Website Privacy Policy may expose you to the risk of having your website taken down, or even potential legal action.

Many entrepreneurs share the misconception that they only need a Website Privacy Policy if they sell goods (or services) online. Wrong.

In order to have a Website Privacy Policy that truly reflects your organisation’s practices, there are a few essential questions it must answer:

The regulation of personal data use is overseen in Hong Kong and Singapore by the Privacy Commissioner for Personal Data (PCPD) and the Personal Data Protection Council (PDPC) respectively.

1. What information will you be collecting from your visitors?

Privacy policy questions number 1: List out specifically the types of information that you may collect and process. This ensures that you are transparent with your website visitors and/or users regarding what information about them that you are collecting and what types of activity you are monitoring.

website privacy policySimply pick what is applicable to you when drafting your Website Privacy Policy with Zegal. Try now.

2. Will you use the collected information in another country?

You have to state explicitly all the countries and/or territories in which you will be storing or using the data.

privacy policy


Note: Be extra careful if your server is located overseas or if you are a using a hosting service provider with overseas servers. You may be subject to additional provisions that restrict transfers of personal information.

3. How will you use the data you collected?

Next, it is crucial to specify the purposes for which you will use the information you have collected from your users. It is recommended that you create the most extensive list possible, to keep possibilities open for the future. Even if you are currently only using the data for record-keeping, there might come a time when you want to do direct marketing!If you intend to share the data you have collected with other entities (such as business partners or overseas offices), you need to state this in your Website Privacy Policy. In general, just as with purposes, you want to leave your options as open as possible.

5. Does your website use cookies? What kind of cookies?

Most websites use cookies to distinguish a user from other users. Cookies contain a small file of letters and numbers stored on the browser or hard drive of the user’s computer. This helps websites to provide users with a good experience when they browse the website.

There are different types of cookies. Some identify users and track website performance in order to provide a more personalised experience for visitors. Others help analyse the effectiveness of website content. The four most common types of cookies are:

Strictly necessary cookies are cookies that are required for the operation of your website. They include, for example, cookies that enable the user to log into secure areas of your website, use a shopping cart or make use of e-billing services.

Analytical/performance cookies allow you to recognise and count the number of visitors and to see how visitors move around your website when they are using it. This helps you to improve the way your website works, for example by ensuring that users are finding what they are looking for easily.

Functionality cookies are used to recognise the user when the user returns to your website. This enables you to personalise your content for the user, greet the user by name, and remember the user’s preferences (for example the user’s choice of language or region).

Targeting cookies are cookies that record the user’s visit to your website, the pages the user has visited, and the links the user has followed.

It is critical that you specify what type of cookies your website uses and explain what kind of information these cookies will collect.

Section 4 - CookiesNot technically-savvy? Me neither! That’s why the Zegal app provides helpful and clear definitions that guide you through drafting each agreement.

Your website may be using a third-party web analytics service, such as Google Analytics, to collect information on web traffic. If your website uses a third-party web analytics service, your Website Privacy Policy should also specify which analytics service is used.

6. Can customers make payments online via your website? If so, what kind of encryption do you use for web payments?

If you allow customers to make online payments on your website and use technology to encrypt the transactions, you should specify what security technology you use. The most common type of encryption is Secure Sockets Layer (SSL).

Section 5 - Online Payments

7. Who can users get in touch with if they want to access the data?

Remember: Under the law, individuals have the right to check whether you hold personal data about them, the right to access that data, the right to require that inaccurate data is corrected, and the right to request removal or deletion of the data. Therefore, it is essential that you provide a contact person and full contact details (including name, address, telephone number, fax number & email address) that users can get in touch with should they want to assess or correct the data they have provided.

Section 6 - Contact InfoUnder the PDPA, organisations in Singapore are required to designate at least one individual, known as the Data Protection Officer (DPO), to oversee the data protection responsibilities within the organisation and ensure compliance with the PDPA.
Appointment of a DPO is also implicitly required in Hong Kong under Data Protection Principle 1.

8. When will you publish your Website Privacy Policy? How will you further notify users of updates?

Your privacy policy only binds users if it clearly states when it came into effect. Also, whenever you update your website, or use new analytics services, you want to make sure to update your Website Privacy Policy. Hence, you will also need a clause that states how users will be notified of new policy changes.

Section 7 date and change

Last but not least….

It is recommended that you provide a link to your Website Terms of Use in your privacy policy so that your website visitors can find it for reference easily.

Section 0.5 - ToSA Website Terms of Use specifies the rules for using your website and defines the legal relationship between you as the website operator and your website users.

Now, preview your document:

Section 8 - Document Overiew


And you’re done!

Congratulations! Your Website Privacy Policy is ready to go. You can now download your Website Privacy Policy in Word, PDF, or HTML, and upload it onto your website.

Running a business may be challenging, but with the right processes and documents in place, you can build prudent legal protections and ensure you stay compliant.   

Ready to get started?

Let Zegal’s smart Document Builder guide you through the essential steps of drafting a Website Privacy Policy.

Sign up for a free trial

No commitment, no credit card required.
Fully customisable to suit your needs.



Tags: business contracts | Hong Kong | online business | Singapore

Like what you just read?

Subscribe to our newsletter and be the first to hear of the latest Zegal happenings, tips and insights!