Wix is seen as one of the top user-friendly & all-in-one website builders. With a reputation for easy-to-use software and affordable plans, and over 100-million users worldwide, it's no surprise that you chose Wix to build your company website.
You may also be aware that Wix does not technically require users to post a Privacy Policy on their Wix-generated websites. But does this mean you can skip posting a Privacy Policy?
Keep reading to find out.
Wix is an online WYSIWYG website creation software that offers basic page-building packages for free, making the brand incredibly popular among users and small business startups.
Even the premium professional packages are affordable when compared to similar website-building services, and although the platform is not open-source, Wix makes up for it in usability and security. No wonder it was voted the most popular.
Wix also places minimal requirements on customers and leaves the responsibility up to each user to comply with privacy and internet regulations according to their location. In other words, Wix does not state that website customers are required to post a Privacy Policy.
This can be misleading, however, because most Wix users are required to post a Privacy Policy, even if it is not specifically stated by Wix.
Our Free Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display in minutes.
- Click on the "Free Privacy Policy Generator" button, located at the top of the website.
- Select where your Privacy Policy will be used:
- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- Continue with building your Privacy Policy while answering on questions from our wizard:
-
Almost done. Now enter your email address where you'd like your new Privacy Policy sent and click on the "Generate" button and you're done.
That's it. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
- 1. Wix Recommendations Regarding Privacy
- 2. What Does Wix Mean by "Applicable Laws"?
- 3. What to Include in Your Wix Privacy Policy
- 3.1. An Introduction
- 4. What Information is Collected
- 4.1. How Consumer Information is Used
- 4.2. Cookies
- 4.3. Third-Party Sharing
- 4.4. User Preferences
- 4.5. Data Retention and Security
- 4.6. European Consumers' Rights
- 4.7. Children Under 13
- 4.8. International Transfers of Data
- 4.9. Do Not Track Signals
- 4.10. Changes to Your Privacy Policy
- 5. How to Upload a Privacy Policy to Your Wix Website
Wix Recommendations Regarding Privacy
While Wix does not specifically require a public Privacy Policy, they have quite a lot to say about end-user privacy and privacy law in general. For example, in the Wix Market Terms of Use, you will find the following recommendation:
"Wix recommends, and in some circumstances requires, that all Third Party Developers for the Apps in its App Market post a privacy policy or other statement describing the applicable App's privacy practices regarding how personally identifiable information is collected, shared, and used by or through an App and its respective App provider, whether Wix or a Third Party Developer."
The Wix Privacy Policy goes into further detail about customer responsibilities regarding end-user privacy. In this paragraph, consent measures and applicable regulations are mentioned:
Finally, the general Wix Terms of Use requires users to actively agree to follow any applicable regulations according to their own geographical location, as well as the locations of end users:
In short, it's clear that while Wix does not expressly require a Privacy Policy, they do expect all customers to uphold international and local privacy laws, the majority of which require a public and accessible Privacy Policy.
What Does Wix Mean by "Applicable Laws"?
The pertinent question to ask now is, "Which privacy laws apply to me?" You might be surprised.
Here is a list of national and international privacy regulations that apply to most US-based online businesses:
General Data Protection Regulation (GDPR) - Applicable to any entity that collects data from European Union residents, the GDPR requires businesses to post a clear, easy-to-understand Privacy Policy that is accessible to all end users.
In regard to Privacy Policies, the GDPR also calls for the following to be included in the Policy:
- The physical location and contact information for your business
- Disclosure of EU users' rights concerning their personal information
- Which personal data you collect, how and why it's obtained, and whether or not the data is shared with third parties
- Disclosure of your legal basis for obtaining EU personal information
- Details about international data transfers, if relevant
The Children's Online Privacy Protection Act (COPPA) - Even if you don't intentionally collect personal information from children, this regulation will need to be addressed in your Privacy Policy, meaning you must have one published. If you do have users who are children (under the age of 13), you will need to take extra steps to make your Privacy Policy COPPA-compliant.
The California Online Privacy Protection Act (CalOPPA) - Although this regulation is from California, it applies to any company that collects personal information from California residents.
CalOPPA calls for a prominently posted Privacy Policy that incorporates the following information:
- What kinds of personal data you obtain as well as which third-parties have access to that information
- A simple, straightforward way for end users to view and revise their personal data
- How users will be notified when the Privacy Policy is revised or updated
- A visible effective date of the Privacy Policy
- An account of how your website answers "Do Not Track" signals from web browsers
These might not be the only privacy laws that will apply to your business. Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), for one, applies to most US-based businesses as well.
However, if you follow the statutes outlined above, your business will end up likely being compliant with PIPEDA and most other privacy regulations.
As you can see, Wix's condition to "fully comply with all applicable laws" will definitely require most Wix websites to publish a Privacy Policy.
What to Include in Your Wix Privacy Policy
A Privacy Policy generally has two goals:
- To maintain transparency with your customers about the way your company handles personal data
- To comply with all relevant privacy laws as laid out in the previous section
In order to meet these goals, we have outlined some of the most important clauses to include in a well-written Privacy Policy for Wix websites.
An Introduction
You can knock out several requirements with an introductory section. This is where you can state the name, location and contact information for your business, an effective date for the Policy, and what you'll do to update your users about material changes to the Policy.
Including all of these elements helps you meet several stipulations of the GDPR and CALOPPA.
Hubspot includes these elements as well as an explanation of the Privacy Policy's general purpose within the introduction:
Here you can clearly see which company is represented by the Privacy Policy, where they are located, and how to contact them, as well as the effective date of the policy.
What Information is Collected
It is imperative to be transparent here. Let your users know exactly what information you will be collecting from them and how it will be collected. This includes anonymous information like IP addresses and geolocation data.
A lot of companies separate this section according to the methods by which data is collected. For example, automatically collected data could be one paragraph, and information collected directly from the user would be another section.
Getty Images illustrates a good example of this approach:
Notice how Getty points out that information is collected:
"with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests."
This is Getty's way of naming their legal basis for collecting user data, thereby complying with the GDPR.
This part of your Privacy Policy is an appropriate place to name your legal basis for processing personal data.
How Consumer Information is Used
Next, let consumers know exactly how their data is used. It is important to list out each use of consumer data in detail to prevent possible privacy disputes. Especially if you use consumer data to provide personalized advertising or marketing, you will want to make this clear to your customers.
Getty lays out all the ways it uses consumer data in an organized list format:
Cookies
If you use cookies to collect data about visitors (even if they are third-party cookies) you will need to let your users know this.
Many websites incorporate a cookies banner into their homepage, as well as as a separate Cookies Policy to list out which cookies they use. However, it is also recommended that you include a brief cookies clause in your Privacy Policy to let users know that you are using this technology to collect customer data.
Hubspot fulfills this with one short paragraph that includes a link to its Cookie Policy:
Third-Party Sharing
Almost every major privacy regulation requires that you inform users if you share their data with third parties.
You can create a separate clause for this topic and make sure you explain why third-party sharing is necessary.
Shutterfly explains why it shares data with third parties in simple, plain language:
If you share consumer data with third parties for purposes of personalized advertising or remarketing, make sure to mention it in this section, as Shutterfly has done here.
User Preferences
More than one international privacy regulation requires that customers be provided with an easy way to opt-out of marketing communications, personalized advertising, and remarketing campaigns.
Adobe handles all of this efficiently with detailed instructions and a preferences link within a clause that's clearly labeled as being about "withdrawing consent":
If you click the link at the end of the clause you're presented with this marketing preferences interface that gives users complete control over advertising and marketing communications:
Data Retention and Security
Consumers want to know how their data is handled. This clause is your chance to explain everything about your data processing practices, such as:
- How data is protected
- How long data is retained
Adobe's Privacy Policy organizes these points into different clauses.
First, a brief but adequate security clause lets users know that Adobe does its best to keep personal information secure, but that no security controls are 100% effective:
Data retention practices are addressed in a separate clause, which covers certain GDPR stipulations:
European Consumers' Rights
The GDPR requires some specific language regarding European Union consumer rights. If you did not cover this in any previous section, it will need its own clause.
This clause should include a list of EU user rights and a method to exercise these rights, as well as contact information for your Data Protection Officer or European Representative, if applicable.
Adobe's users are told what their rights are when it comes to their personal information and how to go about exercising them, including accessing and making changes to the information Adobe holds:
By explaining how customers can access and edit their personal information, Adobe is meeting both GDPR and CALOPPA regulations.
Here's how Sony UK provides multiple contact methods including a web form, standard mail and international phone numbers:
Children Under 13
Whether your content is targeted to children or not, you will need to make it clear that your business respects COPPA regulations. If you do not offer services or content targeted to children, all you have to do is say so, as Shutterfly does here:
A clause like this one will cover you in case a child submits information without your knowledge, since you have plainly stated that you have no intention of collecting information from minors.
If you do offer services that are targeted to children, you will need to follow the strict guidelines set by COPPA in order to collect any personal information at all from children under 13 years old.
International Transfers of Data
If your business transfers data between countries, the GDPR requires that you state which legal framework you use to safely transfer data over international borders.
Getty explains its international transfer mechanisms here (Editor's note: Please note that the Privacy Shield framework has been invalidated. It is being replaced with the EU-U.S. Data Privacy Framework, which is not fully finalized yet.):
Do Not Track Signals
CalOPPA requires that all websites disclose how they respond to browser "Do Not Track" signals.
Even if your website does not recognize DNT signals, it is still necessary to say so, as Apple has done below:
Changes to Your Privacy Policy
Also in accordance with CalOPPA, it is necessary to let consumers know how they will be informed of any changes that take place to the Privacy Policy in the future.
Hubspot demonstrates this clause well:
These are a few of the main clauses that your Wix website's Privacy Policy should include.
How to Upload a Privacy Policy to Your Wix Website
Now that you have an excellent, ultra-compliant Privacy Policy, it's time to upload it to your Wix website. Here are some basic instructions on how to do so, straight from the Wix website.
- Add a new page to your website using the "Menus and Pages" interface:
- Click Add Page at the bottom.
- Name your new page "Privacy Policy" and click Done.
- Next, use the "Text" element to add a new text box to the page. Click Add on the left side of the Editor interface.
- Click Text and drag the text element of your choice to where you want it to be on your page.
- Copy/paste your Privacy Policy into this text field and adjust how you want it to look on the page.
- Now, add the Privacy Policy page to your footer navigation by adding a new text box to the footer of your site's homepage. Click Add on the left side of the Editor interface.
- Click Text and drag the text element of your choice to the bottom of the page, as close to the footer as possible.
- Click Move to Footer.
- In the text box, enter "Privacy Policy"
- Create a link from that text box to the Privacy Policy page by using the "Edit Text" function. Click "Edit Text" and highlight Privacy Policy.
- Click the Link icon.
- Choose Page and then find Privacy Policy in the "Which page?" dropdown menu. Click Done.
That should do it! Once you have completed the steps above, your Wix website will be complete with its own respectable Privacy Policy. Now you can rest assured that your website follows Wix requirements as well as international privacy laws, at least as far as the Privacy Policy goes.