Skip to content
View Categories

Free Legal Documents for Your Business

9 min read

Before we even begin, we first need to throw out the disclaimer that we are NOT lawyers and nothing we say constitutes legal advice.

Whew! Now that that is out of the way, let’s talk about legal documents for your website (and for your business too!). The Privacy Policy, together with the Terms of Use, are key components to making your website complaint to both national and international regulations.

With that said, what exactly is a Privacy Policy and what does it do? #

A privacy policy is a legal document that discloses the ways in which a website collects, processes, stores, shares and protects user data, the purposes for doing so and the rights of the users in that regard.

All websites interact with and collect data about their visitors in one way or another. This is even more applicable in the case of an e-commerce store. E-commerce sites typically collect personal data like names, email address, IP addresses, session activity and payment details, to name a few. For this reason, a privacy policy is vital as it protects website owners and customers alike, while also ensuring that your website complies with legal obligations.

But do I NEED a Privacy Policy? #

At this point, it’s clear that a privacy policy is pretty important. As stated earlier, ALL websites interact with user data in some way. This means that if you have a website and you intend to have people visit that website, then it’s mandatory that you include a privacy policy. The law requires you to inform users about what data you collect, how it’s used, stored and protected. As a matter of fact, under the EU GDPR legislation , it’s also necessary that your privacy policy inform users of their rights in regards to their data. The disclosures should be transparent, easily understandable, comprehensive and up-to-date. Failure to meet regulatory requirements can result in hefty fines (Article 83). These regulations apply to all organizations (including non-profits) that access data or offer goods or services to people in the EU. The GDPR applies whether your organization is located in the EU or not.

Not only is a privacy policy crucial to ensuring that legal requirements are met and customer trust is maintained, but many third-party apps and services require it. One example is Google. In order to access certain services and tools (for example, AdSense, Google Analytics, etc.), Google requires that you have a comprehensive and up-to-date privacy policy in place on your website.

What are the Legal Requirements? #

Most countries have data protection and privacy legislation that require businesses to have a privacy policy in place, but some global regions and states have stricter laws than others.

The United States, for example, doesn’t have a federal law that designates country-wide rules regarding privacy policies, however, some states have their own regulations in place. Occurrences like handling the data of minors, using third-party processors and cookie consent often have their own special rules as well. The fact is, you need to follow the laws of the regions where you do business or aim your services to.

We’ll take a look at the most basic, intermediate and robust privacy policy requirements below:

At its most basic, your privacy policy should include the following:

  1. Site / app owner details.
  2. Disclosures related to third-party access to the data.
  3. What data is being collected, how and why.
  4. Disclosure of your process for notifying users of changes/ updates to your policy.
  5. Effective date of policy.

It’s important to note that something this basic would only apply to local businesses that SOLELY sell to and processes data from local users, and even then, the policy will still be subject to state laws which might require you to include or disclose additional details.

It’s worth highlighting that simply adhering to requirements this basic can be hugely problematic as they may not meet the requirements of third-parties and in some cases can even leave you open to potential lawsuits or fines. Instead, it’s advisable to start with the strictest regulations in mind and remove clauses where they aren’t applicable.

The California Online Privacy Protection Act (CalOPPA) of 2003 is a good example of Intermediate– level regulation. Under this act, all commercial Websites that collect Personally Identifiable Information (PPI) of California residents must post on their website a clearly visible privacy policy that complies with the regulatory requirements. Personally Identifiable information here is defined as “individually identifiable information about an individual consumer” and includes a consumer’s first and last name, home or other physical address, email address, telephone number, and Social Security number. CalOPPA applies as long as the website is accessible by California residents (web server location and the location of the actual business does not matter).

Within the scope of CalOPPA, in addition to the basic requirements above, your privacy policy should include the following:

  1. The process by which users can review and edit their Personally Identifiable Information (if any such process exists).
  2. Disclosure related to how you handle the “Do Not Track” requests of users.
  3. A list of categories of personally identifiable information collected.

Also included in the Act are rules on special care regarding children. If your products or services also target children you must comply with the Children’s Online Privacy Protection Act (COPPA), which requires that operators of websites or online services that are either directed to children under 13, or which have actual knowledge that they are collecting personal information from children under 13: must give notice to parents and get their verifiable consent before collecting, using, or disclosing such personal information and must keep secure the information they collect from children.

The General Data Protection Regulation (GDPR) is an excellent example of a very robust data protection legislation. At its most basic, it specifies how user data should be collected, used, protected or interacted with in general. As the biggest change to data protection in the region in 20 years, it’s intended to bolster and centralize personal data protection for all EU residents. Personal data within the context of the GDPR refers to any data that relates to an identified or identifiable living person. This includes pieces of information that, when collected together, can lead to the identification of a person. As mentioned earlier in this post, there are pretty hefty fines for noncompliance, so it’s important to be ready.

Within the scope of the GDPR, your privacy policy should also include the following:

  1. Disclosures related to any data processors if different from the site owner. This includes all parties having access to or involved in processing user data. These include 3rd party apps, widgets, social buttons, ad service integrations etc.
  2. Rights of users: Under the new EU regulations, it’s mandatory users be able to request, view, transfer and erase their data (where some conditions are met) * Note, these regulations are applicable to ALL business (including non-profits), regardless of location, that accesses data or offers goods or services to people in the EU.

Other related requirements are

  1. The link (to the privacy policy) should be clear and prominent
  2. It should be easily accessible
  3. Your policy may not use overly complicated or indecipherable language (no legalese and unnecessary jargon).

The GDPR applies to all organizations (including non-profits) that accesses the data of EU residents. The GDPR applies whether your organisation is located in the EU or not. This effectively covers almost all companies (including US based ones).

So how do I create a Privacy Policy? #

If you search the internet, you may find tons of different ways to create the required legal documents for your website (and business). Some are free, some may be do-it-yourself, and others may be extremely costly or require hours of lawyer time (talk about pricey!!!). For us, we have found an incredible service that will offer you up to 3 free legal documents EVERY. SINGLE. MONTH. That service is called Avodocs.

With their extensive legal document wizard, they’re able to help small businesses create well formed legal documents (that doesn’t mean it’s a bad idea to run things by a lawyer, especially when you grow). To get started using Avodocs, go to their website and sign up for a free account. Once signed in, you have tons of options to choose from for legal documents, including:

  1. Privacy Policy
  2. Terms of Use
  3. NDA for Startups
  4. Memorandum of Understanding
  5. Internship Agreement
  6. Letter of Intent
  7. Pilot Agreement
  8. SAAS Agreement
  9. Master Services Agreement
  10. External Services
  11. Fundraising
  12. Founders’ Agreement
  13. Employee Onboarding

For your website, you are going to want to focus on the Privacy Policy and Terms of Use.

From the Documents page, find Legal Documents for Websites. Currently, there are only two, the exact two that we need. Click or tap on the Privacy Policy first and answer all of the steps through the wizard to get your Privacy Policy completed and emailed to you. You can then do the exact same thing for the Terms of Use.

And don’t forget that you still have one more free document for the month, so look through all of their options and you might find that you need one!

Now that you’ve created the documents, how do you add to your website? #

If you are working with one of our Hemp Sites, we have made it super easy for you. The first step is to open your policy document in Microsoft Word or whatever document editor you use and highlight all of the text and copy it (with ctrl + c OR right clicking on your mouse and selecting copy). Then, go to your Hemp Sites website and you will find in your dashboard under Pages > All Pages that there is already a page created for these two documents. All you have to do is hover over the page name and select Edit. The basic page editor screen will appear; from there, click where it says Type / to choose a block and paste your copied text right there (using ctrl + v OR right click on your mouse and select paste). At the top right of the screen click the Publish or Update button and you are all done!