- Don't steal your policies from someone else's business. You may be liable for a copyright violation. You may also be stealing something that has no practical application to your business.
- Don't write it yourself unless you know what you are doing. If you hire an expert to write it for you, make sure the expert has actual expertise in writing policies for your industry or something closely analogous.
The main sections are as follows:
Introduction: This section can tell your visitor a little about your organization, and any special information or functions that your website has. If your website has special conditions for collecting information from children (under 16 etc), you should state them clearly in this section.
Information Collected: Visitors have a right to know what information you are collecting. It may be obvious that you are collecting personal details by asking them to complete a form, but you should make it clear. You should also include information logged by your servers, such as hostnames and IP addresses.
Method of Collection: This details the methods you use to collect the information. Is it all automated? Do the forms visitors fill in collect other information, such as the original referrer? All of these questions will help you build a detailed description of how you collect information.
Storage of Information: How is the information stored? If you store information in a database and are located in the UK you may need to register with the government regarding the data protection act. If your servers are in the EU you will need to ask permission to transmit data outside the union, even if it stays within your company. Visitors have a right to know that you will make every effort to store their personal information in a safe and secure environment.
Contact details: It is important to be as transparent as possible, and allow users to contact you if they have a query. You should feature both an email address (or online form), as well as a real world address where a user can write to.