If you collect personal information from your customers and other individuals (such as your employees), the law requires that you inform them when you do so. Many businesses will do this with a privacy policy to detail exactly what personal information they collect and what they do with it. However, businesses can use different names for this document – such as:
- privacy notice;
- information notice;
- data collection notice; or
- data protection notice.
There are slight differences between these names, depending on the context. Essentially, they all boil down to telling your customers how and why you use their personal information. In New Zealand, you may have seen businesses use a privacy statement rather than a privacy policy. Again, these are very similar, but there are some differences. Therefore, this article will explain the difference between a privacy statement and policy and their relevance to your business.
What You Need to Tell Your Customers
If you collect personal information from your customers, the Privacy Act requires that you tell them you are doing so. You need to take reasonable measures to ensure they know that you are collecting their personal information, and:
- why you collect their information;
- whether any laws apply;
- whether they can choose to give you their information;
- what happens if they do not give you their personal information;
- who has access to their information;
- about their ability to access and correct their information; and
- how they can contact you.
When operating online, you should have a formal document or webpage detailing this information. This would be your privacy policy or another similar document. Include links in your website footer to this page for easy access.
For example, when telling your customers what information you collect from them, your privacy policy should include a bullet point list of all of the personal information you collect. This could include cookie data and IP addresses, which customers may not initially be aware of.
What Is a Privacy Statement?
A privacy statement is a summary of how you deal with customer information. Usually only a few paragraphs or shorter, it provides the information above in brief terms. The Privacy Commission has resources on its website for drafting an appropriate privacy statement, including its Priv-o-Matic tool.
Despite its simplicity, a privacy statement is effective because it is an easily accessible summary designed to get across the critical points of your business’ privacy procedures. If you need a more detailed explanation of how you handle customers’ personal information, you should reference your privacy policy in your privacy statement.
Continue reading this article below the formWhat Is a Privacy Policy?
A privacy policy is similar to a privacy statement, except it is more detailed, and your customers may recognise its purpose more efficiently. A privacy policy may be appropriate when your organisation collects large volumes of complex personal information and has similarly complex procedures to deal with that information.
If you use third-party advertising services or advertise your business’ app on the App Store, these services require a privacy policy.
Your privacy policy may also detail information that the law may not necessarily require but is important to include. This includes:
- details of your security measures for personal information;
- a sensitive information clause;
- a cookie policy; and
- other relevant details.
Depending on your business practices, other countries’ privacy laws may apply, and you will need to meet their requirements. For example, if you sell your products to EU residents, the General Data Protection Regulation (GDPR) will apply to you. According to this law, there are a couple of differences regarding what you need to tell your customers, and a privacy policy is a good place to include this added detail.
Using a Privacy Statement or Privacy Policy
In short, the main differences between these two documents are:
- their length and complexity; and
- how you use them.
If your business collects personal information and uses it straightforwardly, then a privacy statement may be enough. However, you may collect large volumes of complex personal information and use it in various procedures. Therefore, you may need a privacy policy to convey this complexity to your customers better. In this case, it may be useful to use both documents.
For example, you may display your privacy statement when you ask for a person’s email address in a pop-up box, with a hyperlink to your more detailed privacy policy.
Alternatively, some businesses use a privacy policy to detail their internal procedures for handling personal information to inform their employees. They use a privacy statement as the external document detailing their privacy processes.
Key Takeaways
A privacy statement is a summary of how you handle customers’ personal information, usually a couple of paragraphs long. A privacy policy is a more detailed document relaying this information, which your privacy statement may link to. However you decide to use these two documents, you need to ensure you tell your customers everything the law requires when you handle their personal information.
If you would like more information or help with your business’ privacy documents, contact LegalVision’s privacy lawyers on 0800 005 570 or fill out the form on this page.
Frequently Asked Questions
A privacy statement informs your customers that you collect and handle their personal information. It is usually a paragraph or two, and you may display it when asking for customers’ personal information.
According to the law, a privacy policy is a more detailed document that outlines how you deal with customers’ personal information. Your privacy statement may link to your privacy policy, which should be accessible from every page on your website.
We appreciate your feedback – your submission has been successfully received.
