Creating a Privacy Policy 6 April 2018  |  Cate

What is a Privacy Policy?

A Privacy Policy is a legal statement that is available on your site for your customers to read. It explains what data is collected whilst they are browsing and purchasing from your online shop, such as name and address, as well as how it is stored and how it is used. Having a Privacy Policy on your website is a legal requirement, especially through GDPR, so, even though it may seem daunting, this should not be ignored.

Below we have put together details of how data is processed and stored on all Bluepark sites for your reference. The amount of personal data that is processed and stored will be unique to your website, because this will depend on whether you ask for details such as Company Name, VAT Number, etc.

Can I Use a Template?

There are Privacy Policy templates and generators available on the internet and we have listed a couple below. However, as this is a legal document, and can be called upon in any related dispute, we would highly recommend having it checked by a relevant solicitor before publishing it on your website. What may be suitable for one business may not be suitable for yours, so making sure you're covered from the start is vital.

Free Privacy Policy Generator

Privacy and Cookies Policy - Website Contracts (use discount code bluepark20 for 20% off)

TIP: Please have read of The ICO's guide to Privacy Policies to find out what exactly is required.

Access to Privacy Policy

Visitors to your site must be able to access your Privacy Policy whenever they wish, so making sure they can find it easily is vital. The easiest way to do this is by adding a link to your Privacy Policy page within the Footer of your template. We also recommend adding the URL to the policy page in the Privacy Policy (URL) field in General / Settings > Settings > Website, to enable it to appear within your cookie consent pop-up.

Cookie Information

The two cookies that are used within the Bluepark software are as follows:

Any other cookies are created by 3rd party scripts, such as Google Analytics, and any information about the cookies they use can be obtained through them.

A cookie consent pop-up can be added to your site simply by ticking the Display Cookie Banner option in General / Settings > Settings > Website. Above this option there is a field to add a link to your Cookies Policy page and this link will appear on the banner for visitors to click on. If you do not have a separate Cookies Policy, then leave this field blank and the link will direct visitors to your Privacy Policy instead.

What Data You Store

When a customer signs up for an account on your website, Bluepark will store the details they have provided within the User Manager. If the account is created by your staff, the minimum amount of data this can contain is the customer's email address, password (which is encrypted), the date they registered and the date they last visited. If the customer created the account themselves, then it will also contain the IP address and Host Name they used the last time they logged in. If the customer types in further information, such as their address and telephone number, this will also be stored on their account.

All customer accounts can be deleted at any point, via the User Manager. We recommend adding a Right to be Forgotten page to your website that contains a form to allow your customers to request this. Please note, if the customer has placed an order prior to the deletion, their details will still remain on that order within the Order Manager. This is due to VAT regulations, which request that you keep all records of VAT transactions for a minimum of six years.

When a customer places an order, the information they enter, such as their name, email address, billing address, delivery address, telephone number, company name, and VAT number will be stored within the order itself. The other information that is stored is as follows:

• their IP address, its host name and its country location
• the type of device they used, such as mobile or desktop
• the date and time they ordered
• their payment method
• how much they paid
• the shipping method
• the number of loyalty points they earned, if applicable
• any activity on the order, such as the date and time the order was completed by your staff
• whether they are a new customer, a returning one or a guest
• the products they ordered

Please note: No payment information, such as credit card number, is ever stored within your site or the Bluepark's servers. This information is always stored separately by your payment provider(s).

Social Media Plugins

The social media share buttons, which can be added to all Product pages and Blog pages, and the Facebook share for discount button, only transmit data once they have been clicked. Therefore, the button only becomes active once the customer has clicked on it and at this point they will be using the social media's website. The only data the social media's servers receive from your site is referral information from the page, such a product title and image. No personal data is transmitted.

If you have added the Facebook Pixel, Pinterest Pixel or any other social media tracking code to your site, you must declare this in your Privacy Policy too. As these tracking pixels contain data about the visitor, it is important to include details about what this data is and how it's stored. You can find out what this is by going to the social media's Privacy information page, such as Facebook's one here - https://www.facebook.com/business/m/privacy-and-data.