Basic Privacy Policy Template for GDPR

Discussion in 'Site Security & Legal Issues' started by Maddox, Apr 18, 2018.

  1. Maddox

    Maddox Habitué

    Below is a basic privacy policy template to help you to get started in complying with the GDPR. I believe that it covers all of the basics, but if anyone finds something lacking please post a copy of what you believe should be added. This template is directed at forum owners - other website types may benefit from it or may need some adjustments.

    I hope this helps those who are pulling their hair out trying to comply with this new regulation.

    • Like x 5
    • Winner x 1
    • Pure Genius! x 1
    • Informative! x 1
    • Appreciation x 1
    • List
  2. Nev_Dull

    Nev_Dull Anachronism

    Two quick things I see are missing here:

    • There's no policy statement. It goes around the houses a few times and implies much but nothing here explicitly says "It is our policy that ....." Really, that's the point of the document.
    • There's no definition of terms. That's important so everyone understands what you're talking about. How does your site define "Personal information"? What does two-step verification mean?
    • A policy document should include a revision history, so it's easy to track changes and when they were made. That can be done in a separate document but it should exist in the event of a dispute.
    • Informative! Informative! x 1
    • List
  3. Maddox

    Maddox Habitué

    The statement is the first two paragraphs, you are telling people that this is your Privacy Policy and what it covers; what else would you like to see?

    You don't really need a definition of terms unless you are including a lot of terms that could easily be misconstrued - it's an optional that you can put in if you want. Remember it has to be in clear and easy understandable language, definition of terms can often be confusing to people, but you can add them if you wish.

    As for a revision history that's an internal matter for you - the only Privacy Policy that matters is the one in effect and has been agreed to. Remember you have to notify your members that your Privacy Policy has changed and that they agree to it; once they do any past revisions are no longer in force.

    As I said at the beginning this is a 'basic' privacy policy template - you can change whatever you wish and add whatever you wish; it's a starting point.

  4. highlander29

    highlander29 Enthusiast

    This is what I've written up. Not sure it's perfect but its what I came up with. Any comments or critique would be appreciated.

    Privacy On XXXX
    xxxxx is a hobby site without any gainful interest in the course of its own exclusively personal activity. xxxx does not offer goods or services, nor does it advertise or have any revenue. As a forum where anonymity is the norm, you should not share any information that will identify you personally. The site does not does not monitor the behavior of its users, track individuals online activity for purposes of creating profiles, or to take decisions concerning members or for analyzing or predicting personal preferences, behaviors and attitudes.

    Routine Information Collected from All Visitors
    All web servers track basic information about their visitors and our site is no exception. This information includes things like IP addresses, browser details, timestamps and referring pages. The information is tracked for routine site administration and maintenance purposes, and lets us know which pages and information are useful and helpful to visitors. We also use website analytics tools to retrieve information from your browser, including the site you came from, the search engine(s) and the keywords you used to find our site, the pages you view within our site, your browser add-ons, and your browser's width and height. This information is used to assess and improve the effectiveness of our site.

    Information Collected from Members
    When you make an account on xxxx, we ask for your email address, which is used to provide you with periodic updates on forum activities and automated notifications, such as email updates for new threads posted in a sub-forum, or an incoming private message. Site moderators and administrators may also contact you via this email address. You are encouraged to keep your identity a secret. To use this forum, you must use an email account that does not allow your "real life" identity to be determined. We also ask for your age, which is used to determine access to age-restricted subforums. You may provide other information as part of your member profile, such as your ZIP code/location, preferences, occupation, and interests, but this is strictly voluntary.

    Members may choose to take personality tests that are linked from the site home page or at other places on the forum. The significant majority of those tests are hosted on other websites that xxxx has no relationship with. We take no responsibility for those tests, those sites or information you enter into them. We do have two tests that are hosted by xxxx - the Free yyyyy Test and the zzzz Social Media Test. Your individual results are placed in a file in a public directory accessible to anyone who visits the site. Results from these tests are also stored in a database and the information in that database may be used for various purposes such as to help people determine their personality type or to facilitate improvements to these and other tests. The information may be analyzed in various ways to support studies on personality type, preferences, testing methods and the like. The results are not tied to your member name, userID or email address though if you post your results on the forum, that connection is established. At no time will this information be used to target individuals for marketing campaigns or other purposes, nor will it be resold for such purposes.

    We collect personal information from those applying for the xxxx Scholarship, the details of which vary from year to year and are listed on the Scholarship application page. This information is used as input to select the scholarship winners and is used for no other purpose. Information provided by Scholarship applicants is deleted within sixty days of the scholarship winners being announced. Essays are published on the forum and through social media and are not considered personal information.

    xxxx uses only standard Vbulletin cookies. No advertising is allowed on the forum, so you won’t run into any cookies from advertisers. You need not use cookies to use the forum, but doing so will improve your experience here. We use cookies to enable functions like showing whether a subforum you are viewing has new posts since your last visit, or to log you back in automatically when you return to the site if you have chosen this option when registering. If you are using a public computer, such as in a library, school or internet cafe; or if you have reason not to trust others who share your computer, it is best not to enable automatic login. After registering, you may change your cookie options at any time by editing the settings in your browser. If you have privacy concerns about cookies, you can disable cookies entirely through your browser, or disable or enable cookies on a per-site basis. Consult your browser documentation for instructions on how to block cookies and other tracking mechanisms.

    Sharing With Third Parties
    Vendors provide services to support the operation of this site, including hosting services, programming services and other related technical support services and given their role, they will have access at various times to information on the site. Additionally, we may access or disclose information including the content of your posts and messages, for the following reasons: (a) to comply with the law; (b) to protect the rights or property of other forum members; or (c) to protect the personal safety of our members or the public.

    What You Post or Share
    This site is structured with the intent of members on the forum preserving anonymity while interacting here. On the other hand, members may choose to become Facebook friends, exchange personal emails, or even meet in person at meet-ups, foregoing that privacy. Should you engage in such activity, privacy is your responsibility. Ultimately it is up to you to decide how much personal information to disclose, and to protect information you wish to remain private. The vast majority of information you share on the forum is accessible to anyone on the public Internet, so anyone can view what you post. Other areas are restricted to members, or more specifically to members over a certain age or post count. Keep this in mind as you choose what to post and where. Information that you post in publicly accessible forums may be reposted or accessed via links that are shared on sites outside of xxxx, such as blogs, Twitter and other websites. If you wish to protect your identity, you need to be cautious about whom you connect with on social networking sites such as Facebook. Do not externally share or reblog information posted in private members only sections of the forum as information in those areas is intended for members only. You should never share private information about others. Since this forum is intended for public sharing of information and encourages you to remain anonymous, privacy is largely your personal responsibility. Any requests related to individual rights or complaints related to privacy should be sent to

    Information Retention
    Information mentioned above is retained to support the continuity of the platform operations and not deleted.

    General Suggestions On Protecting Your Information Online
    • Be careful what personal information you share online, especially on social networking sites like Facebook and Twitter, forums like this one, and even in email.
    • Create a separate email account for registering on social networking sites and other online spaces. Don't connect it with your real name or identity.
    • Don't feel obligated to fill out fields that are not required when registering online or provide identifying information.
    • In your online user profile or forum avatar, use a photo that doesn’t identify you or your location, so you can’t be recognized.
    • Choose a username unrelated to your real name, usual nickname, or other identifying information, ideally one that is gender and age neutral.
    • Websites such as Facebook change their privacy policy all the time, so check your privacy settings periodically to make sure you are sharing only the information you want to share, with only those people you trust and not the general public online.
    • Do an Internet search of your name periodically to see where you appear online. If you find unauthorized information about yourself, contact the website admin to request its removal.
    • Like Like x 1
    • Informative! Informative! x 1
    • List
  5. JulieVA

    JulieVA Habitué

    Looks good! I have something similar. My original Terms of Use (TOU) & Privacy Policy (PP) were reviewed by an attorney & I was able to make some simple changes to them to account for GDPR using the EU resource page. Here's my TOU & PP.

Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.