What a Business Web Site's Privacy Policy Covers

Every business Web site should have a privacy policy. Make sure your privacy policy covers the following topics.

The "we collect" statement describes what you collect from your users. This can include email addresses from sign-up forms, contact information, physical addresses, credit card

You should state if you save, share, or sell your customers' email addresses. Keep in mind that if you use a third-party ad service, merchant account, or service, the customer’s email address may be used in this transaction. You should state that you or a third party will use their information in order to place their order. Find out if the third party will retain the user's information and, if so, what will be done with it. Be sure your policy covers this information as well.

On an e-commerce site, credit card information and physical addresses are used to process orders. You should also state what you will do with this information once an order has been processed. Do you retain their credit card numbers and addresses once an order has shipped? Will you sell or share this information with third parties?

If your site uses cookies, say so in your policy. Inform your users what information is collected with the cookie and what is done with the information once it has been collected. Since many companies that serve ads collect information on site visitors, you should also consider revealing your ad-server relationships.

Future use of any data collected should be covered as well. For example, if you process an order and save the customer’s address to send out a postcard on a new product, disclose this information too. This can include customer promotional emails or any reason that you might use their data in the future.

Your policy should also cover your site's security. If you use SSL to transmit sensitive data, mention it here. Also, mention any steps that you've taken to protect customer data from hackers.

Last, but certainly not least, include your business contact information, including specific email addresses or phone numbers that visitors can use. If they feel that your privacy policy has been broken in any way, or if they have questions about your policy, they will want to reach you and should be able to do so easily.

It's always a good idea to seek legal advice before writing your policy in order to ensure that you've covered all eventualities. These key points are just a guideline to help you write your own policy. Each business is different, and each privacy policy should be unique.