What Is A Marketing Privacy Policy & Do I Need One?

Data is officially the world’s most valuable resource. It’s more expensive than oil, gold, and diamonds, and is the reason that Google, Facebook, and other tech companies have become some of the richest organisations on the planet. It’s also why data privacy has become so much more important in recent years. Your data is insanely valuable, and businesses must meet the privacy law obligations of their home countries to ensure that they don’t use it in illegal or unethical ways.

This is where a marketing privacy policy comes in. It describes your data policies in detail, and how you adhere to your country’s law to protect people’s privacy. In this article, we’ll teach you everything you need to know about marketing privacy policies, including how to create one for your business so that you can stay on the right side of the law.

Table of contents

1. What is a marketing privacy policy?
2. Do I need a marketing privacy policy?
3. What does a marketing privacy policy allow me to do?
4. How to create a marketing privacy policy
5. Where to put a marketing privacy policy on a website?

What is a marketing privacy policy?

A marketing privacy policy is the same thing as a regular privacy policy. It outlines how your business collects, uses, manages, and discloses people’s personal information, in accordance with the Australian Privacy Act of 1988. This includes any piece of information that can be used to identify someone, including their name, address, IDs, financial records, and movements. It also includes information on age appropriateness for your business, how you use cookies, and any recent changes you’ve made to your privacy policies.

If your business falls under the Privacy Act (more on this below), you must include a marketing privacy policy on your website.

Do I need a marketing privacy policy for my website?

If your business has an annual turnover of $3 million or more, or if it’s classed as any of the business types outlined on this page, you must adhere to the Australian Privacy Act, and so will require a marketing privacy policy on your website. Some services like Google Ads and Facebook business pages also require you to have a privacy policy, so if you want to use these important services for your marketing, you should add one to your website (more on how to do this later). Failing to add a privacy policy to your website might lead to big fines, or even litigation from disgruntled customers.

For a little background information, Australia’s privacy legislation was updated in March 2014 to include the Australian Privacy Principles (APPs), which help to regulate how organisations can collect and use people’s personal information. This change broadened how people can be “reasonably identified” using their information, including “anonymous” data like membership numbers which can be combined with other data to identify someone. That means if you collect any piece of information about a person, and your company falls under the Privacy Act, you must adhere to the rules in the APPs. If you’re not already bored, you can read the APPs in full on this government page.

Finally, in light of recent data mining controversies from companies like Cambridge Analytica on Facebook, where millions of people’s personal data was being given away without their knowledge, we are starting to take data privacy much more seriously. So if you want to keep people’s precious customer loyalty, it pays to have an accurate, up-to-date marketing privacy policy on your website. It tells them that you value their privacy, and will not engage in any dodgy tactics.

What does a marketing privacy policy allow me to do?

From a marketing perspective, a legally accurate privacy policy will allow you to collect personal information from contact forms (both on your website and social pages), and allow you to carry out “direct marketing” techniques like sending emails, instant messages, SMSs, making phone calls, targeting people with adverts, and more. In a word—the policy allows you to do the fundamental marketing work that can be undertaken by a business.

To get more specific, here are some common marketing techniques that a privacy policy allows you to do:

Collect data through web forms (contact form privacy policy)

Contact form information should be included in your privacy policy, like how you collect information through your forms, what you are collecting, and what you might do with that information.

Web forms are the primary way to collect people’s data, whether on your website or social accounts. So by including this information, you’ll be legally covered.

Use Google Analytics, cookies, or other tracking tools

Tools like Google Analytics can tell you people’s demographics, how they behave, which websites they came from, and more. This makes them invaluable for marketing, but also subject to the Privacy Act.

If you’re using any kind of tracking tool on your website, whether complex software like Google Analytics or simple Javascript cookies, you’ll need to include a section in your marketing privacy policy that outlines how you collect and use people’s personal data.

Send EDMs (email marketing privacy policy)

Your privacy policy should include information about your email marketing. This might include how and why you collect information through emails, how you track people’s email activities (like opening emails or clicking through to your website), where you got their email address or other personal information from, and how you obtain their consent to email them. Typically this is included in a specific section of the marketing privacy policy under the heading “email marketing.”

As a side note, if you’re sending EDMs or engaging in another form of direct marketing, you can only message people if you’ve got their express permission, and you must also include a way for them to opt out.

Use social media, including collecting data, creating adverts, and using the platform’s business analytics (privacy policy for your Facebook page and other social accounts)

Privacy laws apply for any digital medium, which includes your Facebook page and other social accounts. So if you’re collecting people’s personal information on these accounts, using their analytics tools (like Facebook’s Page Insights) to measure social media metrics, or creating adverts through them, you need to cover this in your privacy policy. Without doing this, some social accounts won’t actually let you use these important features.

If you don’t have a website for your business, you will need to upload your privacy policy to a file sharing service, a service that hosts it for you, or to your social media page itself if they provide you with an option (Facebook does).

Use Google Ads or other paid search adverts

If you’re using Google Ads to target customers, you must include this information in your privacy policy that talks about how you’re using people’s data, how third-parties show your ads on their website, and more. Google themselves shared what needs to be included in your privacy policy, on this page.

Use affiliate marketing (affiliate marketing privacy policy)

Put simply, affiliate marketing is when you advertise someone else’s products or services on your own website. If that process involves collecting personal information from people, you will need an affiliate marketing privacy policy (i.e. a section in your privacy policy that covers your affiliate marketing practices). Specifically, you may need to talk about how you are acting as a third party for another company, and that you will be sharing people’s private information with them.

How to create a digital marketing privacy policy

A digital marketing privacy policy is a legal document, so in theory, it should be created by a lawyer. But this is only really necessary if you’re running a major corporation with a lot to risk. For most other businesses, there’s plenty of high quality online privacy policy generators that will ask you the necessary questions about your business practices, and then generate an accurate policy for you. TermsFeed is considered one of the best, but there are lots of others to choose from.

Where to put a privacy policy on a website?

Your privacy policy should be on its own page on your website, and be accessible from a link in the footer. This is where people usually expect to find this kind of legal information, so you’re creating a good experience for your users if you follow suit.

Marketing privacy policy—summary

In Australia and many other countries, a marketing privacy policy is a legally required document that tells people how your business handles and uses their personal information. While some smaller businesses may not need them in Australia, many key marketing services like Google Ads and Facebook do, so it doesn’t hurt to include one on your website anyway, especially since you can use a privacy policy generator to create them at a low cost (even for free). The privacy policy will allow you to carry out all of the essential marketing activities without worrying about breaking the law.