Privacy Policyfree Christian Resources & Downloads



To comply with the General Data Protection Regulation (GDPR), you need a GDPR-compliant privacy policy.

  1. Free Online Privacy Policy Template
  2. Free Privacy Policy Download
  3. Free To Use Privacy Policy
  4. Free Privacy Policy For Facebook
  5. Free Standard Privacy Policy

Download Darisana Padalgal Tamil Christian Song Ebook as PDF; Download Yesu Azhaikiraar Jesus Calls Tamil Christian Songs Ebook as PDF; Download Arpudha Kuzhandai Yesu Padal Putthagam Tamil Christian Songs Ebook as PDF; Download 2002 Geethangalum Keerthanaigalum Tamil Christian Song Lyrics Ebook as PDF; Download. Christian Compliance Resources is committed to securing your data and keeping it confidential. Christian Compliance Resources has done all in its power to prevent data theft, unauthorized access, and disclosure by implementing the latest technologies and software, which help us safeguard all the information we collect online.

Without a GDPR privacy policy (also commonly referred to as a GDPR privacy notice or GDPR privacy statement), you’re at risk of noncompliance fines that could put you out of business.

Read on to learn what the GDPR is, if you need to comply, why a privacy policy is mandatory under the GDPR, and what a GDPR privacy policy includes.

Download our free GDPR privacy policy template to easily get started on your own GDPR compliance journey.

Table of Contents

1. What Is the GDPR?

The GDPR is a data privacy law in effect since May 25, 2018. Passed by the EU, but affecting companies around the world, the GDPR gives users more rights over the personal information they share with businesses, and penalizes companies that are negligent with this data.

The GDPR aims to protect the data rights of users in the European Economic Area (EEA). The EEA is comprised of the EU, Iceland, Liechtenstein, and Norway. Additionally, the GDPR applies to users in Switzerland.

Understanding GDPR basics is critical for any website or business that collects personal data from citizens of the EEA, as the law applies equally to companies in the US as it does to those in the EEA.

Privacy Policyfree Christian Resources & Downloads

Fines for noncompliance are up to $23 million, or 4% of your annual global turnover, depending on the severity of your compliance infraction.

2. Do I Need to Comply with the GDPR?

As the GDPR applies to businesses around the world, you may be subject to this strict privacy law. Whether or not you need to comply with the GDPR will depend on your answers to two questions:

1. Do I collect personal information from users?

Personal information includes names, emails, credit card details, device data, and other pieces of information that can be linked to a specific individual. If you use cookies, collect online payments, allow user accounts, or email your site visitors, you collect personal information.

2. Do I have, or plan to have, users in the EEA?

If you currently have users in the EU, Iceland, Liechtenstein, Norway, or Switzerland, and you collect personal information, you must comply with the GDPR.

Keep in mind that if you currently answer no to either of the two questions above, but plan to collect personal information from EEA users in the future, you need to prepare to comply with the GDPR as soon as possible.

Small businesses are also subject to comply with the GDPR if they collect personal information from EEA users. If you’re a small business owner, customize our privacy policy template for small businesses to meet GDPR requirements.

Do I Need a Privacy Policy to Comply with the GDPR?

To comply with the GDPR, you need a privacy policy.

GDPR guidelines focus on transparency, so companies must clearly explain how they collect, share, and process user data in a privacy policy.

Three articles within the GDPR address the privacy notice requirement:

  • Article 12 — Information about data collection, storage, and transfer must be presented to users in writing.
  • Article 13 — If you collect users’ data, you need to provide them with certain information, such as your contact details and data-processing purposes.
  • Article 14 — When data is not directly collected from the user, you need to provide details about relevant partners, affiliates, or third parties.

According to GDPR Recital 58, these articles can be satisfied by providing data-privacy information in electronic form through your website.

That is, you can satisfy three GDPR requirements by providing the right privacy policy on your website. If you built your website using WordPress, your WordPress privacy policy needs to meet GDPR requirements.

Having a privacy policy is also a requirement under the California Online Privacy Protection Act (CalOPPA) and California Consumer Privacy Act (CCPA), and your privacy policy can easily be written to meet these laws as well as the GDPR.

Privacy and data security laws around the world require privacy policies. To comply with the GDPR, your privacy policy needs to include certain information and meet specific requirements.

If you operate in Germany, Austria, or Switzerland, your website is legally required to have an impressum as well as a privacy policy. Many affected companies choose to combine the two.

3. What Is a GDPR Privacy Policy?

A GDPR privacy policy is a notice on your website that clearly explains how you process the personal data of EEA users.

Your GDPR privacy policy doesn’t need to be separate from your regular privacy policy. In fact, “GDPR privacy policy” only refers to a privacy policy that includes the necessary controls and information to meet GDPR requirements.

4. How Do I Make My Privacy Policy GDPR-Compliant?

To comply with the GDPR, your privacy policy must be transparent in language and content, and contain specific clauses regarding how you collect, share, and process data.

Your privacy notice should be understandable to the average reader, and should give them clear insight into how you handle their data and what rights they have regarding their personal information.

GDPR Privacy Policy Requirements

The two overarching requirements for your GDPR privacy policy are that it must be: transparent and user-centric.

According to Article 12 of the GDPR, information about data processing must be presented:

…in a concise, transparent, intelligible and easily accessible form, using clear and plain language.

Although the use of technical terms is inevitable in a privacy policy, the information should be concise, and not hidden in dense paragraphs. Complicated legalese and unnecessary fine print are unacceptable.

The GDPR’s official transparency guidelines explain that a compliant privacy policy should be structured intuitively, with logical menus and clickable navigation.

To appreciate the importance of transparency, look at the recent Google GDPR fine. The tech giant was penalized for spreading important information across many of its policies, and misleading users.

A transparent GDPR privacy policy is inherently user-centric, and features simple language, appropriate visual elements, and a navigable layout.

Your GDPR policy should be written to help users make informed choices about sharing their personal data.

What to Include in a GDPR Privacy Policy

In addition to being transparent and user-centric, a GDPR-compliant privacy policy should contain several specific clauses.

Your GDPR privacy notice must contain the following sections:

Appropriate contact details

The contact details of the following individuals need to be included in your privacy policy:

  • Data controllers: Data controllers determine how and why personal data is collected. If you collect personal data through your website such as login information or payment details, you are the data controller.
  • Data processors: Data processors process user data on behalf of the data controller. For example, if you collect payment details through a checkout page on your website, you may be the data controller, but a third-party payment processing service (like Stripe or PayPal) may be the data processor.
  • EU representatives (if applicable): If you process large amounts of data or highly-sensitive personal information, you may be required to appoint an EU representative (also known as an EU data representative) to represent your interests in the EEA.
  • Data protection officers (if applicable): You need a data protection officer (DPO) if you are a public body, or your business processes large amounts of data as a core function. DPO’s act as a security executive, and oversee the GDPR compliance of your company.

If you use multiple data processors, we recommend linking directly to their privacy policies within your own privacy policy, rather than listing out their unique contact details.

The basis on which data is being processed

Article 6 of the GDPR establishes the following six legal bases on which data can be lawfully processed:

  • With consent of the data subject
  • For GDPR legitimate interest
  • For the performance of a contract
  • To comply with a legal obligation
  • To protect the vital interests of the data subject
  • In public interest

A standard GDPR privacy policy must include which of these bases applies next to each data-processing activity. As seen in the example below, companies must clearly explain how they process user information.

Our free template includes the section above, which introduces a data policy based on a variety of business purposes.

With consent of the data subject is one of the most common data collection bases for websites. We strongly recommend you look at other companies’ GDPR consent examples to learn how to obtain lawful consent.

Automated decision-making and/or auto-profiling

Article 22 of the GDPR explains that individuals have the right not to be subject to a decision made solely by automated processing (without any human involvement). This is a unique requirement of the GDPR, as specifying such decision-making activity was not previously mandated by any privacy law.

If you implement an automated profiling system, it’s important to outline in your privacy policy how and why you conduct this type of decision making or profiling.

To whom data may be transferred

The GDPR requires companies to say who is involved in data processing. You need to list all categories of third-parties, partners, and affiliates with whom data may be shared.

As seen above, if such data sharing could occur as part of a merger or acquisition, you need to state this too.

To which countries data may be transferred

Your privacy policy needs to state which countries data is transferred to, and what systems facilitate these international transfers.

If cookies and other tracking technologies are used

Under the GDPR, information collected via cookies and other tracking technologies (such as pixel tags) is considered personal data.

Knowing what cookies are and how you use them is critical to GDPR compliance.

Therefore, cookies should be listed as a data-collection method, and treated with the same considerations as other methods.

Free Online Privacy Policy Template

How long data may be stored

The GDPR requires you to state how long data will be stored, and advises you to include the reasoning behind these time periods.

What rights users have under the GDPR

GDPR Articles 12–22 establish the eight fundamental rights of data subjects:

  1. The right to be informed
  2. The right to access
  3. The right to rectification (correction)
  4. The right to erasure (to be forgotten)
  5. The right to restriction of processing
  6. The right to data portability
  7. The right to object
  8. The right to not be subject to automated decision making

Free Privacy Policy Download

Your privacy policy should include a section which lists these basic rights granted by the GDPR.

How users can act on those rights

The list of data subject rights needs to include directions on how users can act upon those rights. GDPR privacy policies should give directions, information, and appropriate links to assist users who wish to act upon any of the rights listed above.

4. GDPR Privacy Policy Examples

Now that you know what a GDPR privacy policy should contain, let’s look at how well-known companies have accomplished this.

Free To Use Privacy Policy

These are all good examples of GDPR privacy policies, but remember that they aren’t templates for GDPR compliance. Copying another company’s clauses without modification will confuse users, and lead to legal trouble.

Example #1: Information Commissioner’s Office (ICO) GDPR Privacy Policy

The UK’s ICO has a model example of a GDPR privacy policy, with a navigational list on the left to allow users easy accessibility.

As you can see, the ICO’s privacy policy clearly lists out user rights under the GDPR, includes a brief explanation of each, and even provides links for users to learn how they can act on their rights.

Example #2: Etsy GDPR Privacy Policy

Etsy’s privacy policy was written with GDPR compliance in mind. It follows a standard ecommerce template layout, and begins with an easily navigable menu.

Contact information for Etsy’s data protection officer is displayed prominently, as are details for its data protection authority.

Free Privacy Policy For Facebook

If users are skeptical about Etsy’s data collection practices — or if they have a complaints — they know exactly who to reach.

Example #3: LinkedIn GDPR Privacy Policy

LinkedIn’s privacy policy is another good example of a GDPR privacy statement. As well as explaining all necessary information, the policy provides brief summaries for readability.

The networking site also includes a video version of its privacy policy. While this is overkill for small businesses, it’s worth noting the effort prominent companies are taking to make their policies accessible and GDPR compliant.

Example #4: Quickbooks GDPR Privacy Policy

Quickbooks’ privacy policy is another great example of a user-centric GDPR privacy statement. It offers various controls through its GDPR centre, and includes links to its privacy policy and other relevant documents.

Having a dedicated GDPR privacy page on your site allows you to house all relevant policies together — such as your terms of use, cookie policy, and disclaimer. Although only a privacy notice is required by the GDPR, these other policies provide critical legal protection.

5. How to Write a GDPR Privacy Policy

You should now have a good idea of what a privacy statement is, and all the key clauses and characteristics it must include to be compliant under the GDPR.

To write a GDPR privacy policy, simply download our free GDPR privacy policy template (UK and US compliant), and customize each section for your website and the specific needs of your business.

Alternatively, use our free privacy policy generator to create a compliant GDPR privacy notice in minutes. Our builder will ask some details about your business and help you answer tricky questions about your data practices and GDPR compliance measures.

Our GDPR privacy policy template, as well as our privacy policy builder, are suitable for:

  • Small businesses
  • Websites (including WordPress)
  • Blogs
  • Ecommerce platforms (e.g., Shopify, Woocommerce)

Without a GDPR privacy policy, your business is at risk. Download and customize your own template or build a privacy policy for free, but don’t wait to comply with the GDPR.

Not the template you need? Download and edit one of our other privacy policy templates:

Privacy PolicyDescription
Website Privacy Policy TemplateA standard privacy policy for basic websites and blogs.
Mobile App Privacy Policy TemplateA privacy policy for apps on the App Store and Google Play.
Ecommerce Privacy Policy TemplateA privacy policy built specifically for online ecommerce stores.

Who we are

Our website address is: https://coursepivot.org. and htpps://coursepivot.com.

What personal data we collect and why we collect it

Comments

We allow our visitors to post their comments, only if they are registered at either cursepivot.org or our other websites.

Your gravatar is visible when you post a comment. We do not show your comments to non-logged in visitors unless when the post is public.

Media

You should avoid uploading images that have location data because this can be extracted by web users

External links to other websites

Our lessons are meant to solve questions and textbook exercises.

We embed a link on coursepivot.org which redirects our users to other websites when the user feels the need to check sample solution on the lesson exercise provided.

Your purchase and personal information provided on third-party websites is at your own risk

Contact Forms

Cookies

Whenever you leave a comment or a question, we store cookies for your convenience so that you don’t have to signup or log in every time you wish to post a comment or question.

Whenever you log in, our website sends a cookie to your browser if it’s set to accept cookies. These cookies do not store any personal data and will be discarded when you close your browser.

Free Standard Privacy Policy

Embedded content from other websites

  • Articles and links embedded on our website are either authorized or are intended for such purposes.
  • Before clicking any link or image on our website, confirm that you are authorizing the said website to store your cookies as well.
  • We do not publish articles and educational materials on behalf of any company or user.

Analytics

Your Rights

If you have recently logged in or registered to our website, you can request a pdf file containing your personal data (email address, IP address). You can also request us to erase your personal data at any time.

Where we send your data

Free privacy policy download

Our spam protection service uses the data to detect spam comments

Your contact information

We do not share your personal contact information with anyone.

Additional information

We protect your data by ensuring it does not fall in the hands of third-party users within our website.

If there is a data breach on our site, we have a legal structure in place to protect your identity.