- Answer a few questions about your business:
- Enter the country and click on the "Next Step" button:
- 1.1. Laws
- 1.2. Ecommerce Stores Collect Personal Data
- 1.3. Limit Your Risk
- 1.4. Build Trust
- 4. Examples of Shopify Store Privacy Policies
- 4.1. What Personal Information is Collected
- 4.2. How Personal Information is Used
- 4.3. If Information is Shared with Third Parties
- 4.4. How Long Information is Stored For
- 4.5. How Personal Information is Protected
- 4.6. How Payments are Processed
- 4.7. Consumer Rights
- 5. Summary
There are a number of global laws that require Privacy Policies. Your Shopify store must meet the legal requirements of the country your consumers reside in.
Let's consider some of the applicable laws.
The California Online Privacy Protection Act (CalOPPA) is a state law that will be applicable to your Shopify store if any of your consumers live in California - even if your business has no physical presence in California. CalOPPA affects any business which collects personal data from Californian residents and is one of the strictest privacy and data protection laws in the world.
The General Data Protection Regulation (GDPR) is an EU regulation that came into effect in May 2018 with the aim to keep EU residents' data secure. The GDPR applies to any ecommerce store which allows EU residents to access and purchase goods and services from it - regardless of whether or not the shop is based within the EU.
Does your Shopify store offer goods or services to EU citizens? Does your store process or collect their data?
If you answered 'yes' to either of these questions, you need to ensure that your shop complies with the GDPR as there are tough penalties for non-compliance. This is the case even if you own a small Shopify store with a very small EU presence. If your shop has the potential to gain EU customers, the GDPR applies to you.
If you have customers in California, Canada, Australia, the UK or anywhere in the EU, these laws will apply to your Shopify store.
Ecommerce Stores Collect Personal Data
If you use a tool such as Google Analytics, additional personal data will be collected. This Google tool collects the users location, gender, what time they browsed, what pages they browsed through and how long they browsed for.
Limit Your Risk
Firstly, your customers will be able to locate the document whenever they want to and it will not be hidden away in another document.
It makes sense to use pages for posting information that isn't frequently updated, such as legal documents and 'about us' pages. Additionally, these are sections that customers like to reference frequently and therefore must be in an accessible place.
- Underneath the 'Sales Channels' section on the left side of your screen, click 'Online Store' then click 'Pages' from the menu:
- Once you've clicked 'Pages' a screen will appear containing an 'Add page' button. If you click this button Shopify will bring up the following screen:
Make sure that you click the 'Save' button at the top right once you are happy with your title and content.
- To the right-hand side of the screen is a box marked 'Visibility.' This is where you decide whether to publish immediately, add a specific date to publish or keep the page hidden from your online store. Make sure your page is visible.
Now that your page will be live, you can link it to your store.
- Go back to your 'Online Store' located on the left-hand side of your screen and go to the 'Navigation' section:
- From 'Navigation' click 'Footer menu', which is written in blue in the center of the screen. After you've clicked 'Footer menu' the following screen will appear:
- Click on 'Add menu item' at the bottom of that screen and the following box will open:
Your link will now be added to your site footer for your users to easily access.
Examples of Shopify Store Privacy Policies
What Personal Information is Collected
State what types of personal information you collect. Be as specific as possible here.
How Personal Information is Used
Disclose how you use the information that you collect. Be transparent about all the ways in which you'll be using it.
Shop Beer Gear uses a bullet point list to explain how it uses the information it collects from its customers. The list is thorough but jargon-free:
If Information is Shared with Third Parties
Leif makes it clear that the shop never sells information to third parties for marketing purposes. This statement is easy to understand and will help to build trust with the store's consumers. The shop is also clear that the only scenario where personal information is disclosed is if the law requires it to be:
How Long Information is Stored For
Let users know how long you plan to keep their personal information for. Let them know when you delete date, or how they can request to have it deleted.
The above clause links to a longer clause further down in the policy which goes into more specific detail concerning the retention periods for different types of information. In addition, the retailer states its criteria for determining retention periods:
How Personal Information is Protected
How Payments are Processed
ColourPop's 'Processing Your Payment' clause explains that Shopify Payments is used as a third party payment processor.
Gymshark provides a bullet point list of customer rights, which includes the right to delete data and to update or correct any incorrect data:
Privacy Policies are also a great way of building trust with your customer base, as well as providing your shop with a legal safety net should a dispute arise.