Nonprofit privacy policies are often an afterthought in the website world. That’s probably because they’re rarely viewed by visitors and are all too often stuffed with legal jargon that’s only loosely recognizable as English.
Privacy policies outline what information you’re collecting from website visitors, the collection methods and how you use the information that you collect. While your nonprofit’s privacy policy will likely be one of the least viewed pages on your website, it’s still important you have a good one for a few reasons.
I’m not a lawyer, so don’t consider this legal advice. But here are a few reasons your privacy policy is worth some forethought:
If a visitor wants to know the details of your policies they’ll be able to find them easily. And even some visitors who don’t want to read the policies in their entirety will take comfort in the fact that you’re making them available.
Sure, it helps your visitors know what to expect. But it also helps you think through what information you’ll be collecting and the policies surrounding keeping that data safe. Planning ahead can help you avoid situations you don’t want to mess with down the road.
Hopefully this will be a non-issue for your organization. But if you ever end up in a dispute involving your website, having a privacy policy will likely be quite helpful. Again, not a lawyer, but this just makes sense (assuming you’ve actually adhered to the policies you’ve outlined).
While there are lots of online privacy policy generators and templates floating around out there, we’d recommend giving it a shot yourself first. Sure, look at examples from other organizations in your space, but it should be incredibly specific to your organization and how you collect and use information through your website.
It doesn’t inspire much confidence. Instead, write your privacy policy in plain, understandable language. Your privacy policy is a whole lot less valuable if no one can understand it.
After you’ve written it, have a lawyer review it. Tell them you don’t want to infuse it with jargon. You just want to make sure you haven’t omitted anything major.
You’ll need to tailor your privacy policy to your organization and website, but here are some pieces of information to get you started:
Be as clear as you can when walking through the information you’re collecting, collection methods and data uses. Don’t be sneaky about it, but it’s okay to give yourself a little bit of wiggle room. Otherwise, this document could get out of hand pretty quickly.
For example, you might say you use website information to better target your marketing efforts, rather than going into detail on all the information that includes and exactly how you target these more specific groups of visitors.
In 2018, the European Union passed the General Data Protection Regulation (GDPR), which regulates the collection, storage and use of their citizens’ personal data. But it’s not just for organizations in the EU. Complying with these regulations will help your organization be more transparent and build trust through both your privacy policy and treatment of visitors’ personal data.
Check out our post on GDPR compliance for tips on how to comply and to access a simple tool to assess your website traffic from countries in the European Union.
Here are a few helpful resources as you write up your privacy policy:
Have anything you’d like to add? Or a resource you found particularly helpful in drafting a privacy policy? Perhaps an example of a great or confusing privacy policy? Let us know in the comments below.
Am interested in this topic for my church in Maryland. I’m not a lawyer, but my understanding is nonprofits are not exempt from having a privacy policy. Could you point us to resources oriented to helping non profits develop privacy policies, addressing situations such as: BASIC USES:
We maintain a database on members and visitors, but it is available only within the church building, and the data itself is limited to things like name, address, phone, email, for each person and child when made available to us. The completeness of information is determined by the family. Part of system keeps track of contributions, and access is severely limited to people recording incoming data, and to one person responsible for issuing receipts. It is not available to other staff, and not to members or visitors. We don’t take credit card information. We have paper copies of contributions my check, kept for some limited amount of time. We don’t share data with third parties. We might share contract information with known members or attenders with each other, eg names and addresses for social purposes, or for a particular purpose. BASIC QUESTIONS OF RESOURCES
-How does the prospect of cloud storage for data backup affect what should be in the policy? What content raises the need for a privacy policy. What content does not trigger a requirement for a privacy policy
Hi Dale. Thanks a lot for the comment. Unfortunately I’m not aware of any resources that offer legal advice specifically geared towards nonprofits when it comes to creating a Privacy Policy. We’ve done our best in this post to sum up some things to consider, but given the nuance of every individual organization’s situation we always recommend consulting an attorney if you’re concerned about protecting yourself. Typically if you’re going to be collecting any sort of information from visitors, you’ll want to explicitly outline what you’ll collect, how you’ll collect it, how you’ll use it and how you’ll keep it secure. Cloud storage would probably mostly fall into the “how you’ll keep it secure” bucket, but depending on the details, could factor into how you write up other portions as well. I’d recommend taking a crack at writing your Privacy Policy yourself in terms that you’d want to read. You can then ask an attorney to read it over and let you know if there’s anything that needs to be adjusted. I’d also suggest checking out the resources we’ve linked to above. Most of the meat in a Privacy Policy will be the same for both for-profits and nonprofit organizations. You’ll just need to adapt them to be tailored to your situation. I hope that helps. Thanks again for commenting!
I was actually looking for the exact thing. There are only a few posts about nonprofit’s privacy policy. Writing a business plan for a nonprofit can be daunting and you might not even know how to start if you don’t have a guide.