Clym Logo

Privacy Notice

What does privacy notice mean?

A privacy notice is a public-facing explanation of how an organization collects, uses, shares, stores, and protects personal data. It is written for individuals so they understand what happens to their information when they interact with a website, service, app, or organization.

How does a privacy notice work?

A privacy notice outlines data categories, processing purposes, third-party disclosures, retention periods, and available rights. It must be written in clear language and made available at or before the moment data is collected. Many laws such as GDPR, CPRA, PIPEDA, and LGPD require organizations to provide a privacy notice so individuals can make informed decisions about their data.

FAQs

Not exactly. A privacy notice is usually written specifically for external users to explain how their personal information is handled. A privacy policy may include internal procedures for staff, governance rules, and organizational data processing operations. Some organizations combine both into a single public document, but legally they serve different purposes.

Most organizations link the privacy notice in the website footer so it is accessible at any time. It should also appear near forms, sign-up pages, or consent banners where data is collected. The goal is for users to be able to review the notice before sharing their information.

Some regulations require particular disclosures, such as processing purposes under GDPR or categories of personal information under CPRA. However, notices should still be written in plain language so users can understand them easily. Overly technical or vague language may violate transparency requirements.

Updates are recommended when data practices change, new vendors are added, new technologies (like pixels or analytics tools) are introduced, or new laws take effect. Many organizations review notices annually to keep them accurate.

Any website or digital service that collects personal data, whether via forms, analytics, log files, or cookies, should make a privacy notice available. Even simple websites often collect device or usage information, which qualifies as personal data in many jurisdictions.