RGPD

Drafting and adding your privacy policy to your Shopify website

Find out how a robust privacy policy for your Shopify website can protect your personal information, strengthen your online security and ensure worry-free browsing: everything you need to know is here!

Contents
Schedule a discussion

Reading time:

7 min

Find out how a robust privacy policy for your Shopify website can protect your personal information, strengthen your online security and ensure worry-free browsing: everything you need to know is here!

It is also a legal requirement in many countries, including the European Union and the United States, whether it is:

  • A showcase site (landing page)
  • An e-commerce site
  • A digital platform (social network, review platform, marketplace, etc.).

The required information is not, however, identical, owing to the categories of data collected and the purpose of such processing.

The privacy policy ensures the protection of your users' personal data and the transparency of your data processing practices in accordance with Article 13 of the GDPR.

This article provides that where personal data are collected from the data subject, the controller must, at the time the data are obtained, provide them with various detailed information.

This information includes the identity and contact details of the controller, the purposes and legal basis of the processing, the recipients of the data, and other details relating to the protection of personal data.

Article 14 of the GDPR sets out similar guidelines for cases where the personal data have not been obtained directly from the data subject.

In this article, we will guide you through the steps to put in place an effective privacy policy for your B2B or B2C website.

How to establish a privacy policy for Shopify?

The first step in establishing a privacy policy is to understand the data you collect and how you use it through the Shopify platform. This may include contact information, IP addresses, transaction data and other information relevant to your business.

You must also take into account local data protection laws, such as the GDPR in Europe.

Next, you must clearly inform the users of your website (i) about the types of data you collect, (ii) how you collect it and (iii) how you use it. This can be done through a privacy policy accessible from any page of your website under a clear heading ("privacy policy", "privacy page", or "personal data") so as to ensure that your users will understand that information about their connected data is to be found on that page.

Finally, you must ensure that you provide information about the intended processing of the data collected or, where necessary, that you obtain the user's consent before collecting any data. This collection is accompanied by the implementation of appropriate security measures to protect such data.

Is it mandatory to have a privacy policy listed on Shopify?

In many countries, in particular in the European Union and the United States, having a privacy policy is a legal requirement for websites. In France, this obligation stems from the duty of transparency regarding the data collected and the processing purposes for which they are collected, in particular in accordance with Article 13 of the GDPR.

How to draft a privacy policy for a Shopify e-commerce site?

A privacy policy for an e-commerce site must include information about the data you collect during the transaction, such as payment and shipping information. You must also inform users about how you will use this data and how you will protect it. Be sure to also mention your return and exchange policy in your privacy policy.

Unlike a showcase site, the information collected will likely be more extensive and serve other purposes. Moreover, this also means that there will be more points at which such data is gathered on the website.

Please note that if you use third-party providers to deliver your products, run email campaigns or track your users' activity, these providers must be identified as processors in your policy and their contact details provided.

To add your privacy policy, you must click on "Seetings" and then, at the bottom of the list, on "Policies".

Then, you must add your privacy policy on the "Privacy policy" page. You will need to ensure that this page appears at the bottom of each of your pages.

What are the important elements to include in a Shopify privacy policy?

Without being exhaustive, a privacy policy must include the following elements:

  • The types of data you collect;
  • How you collect the data;
  • How you use the data;
  • How you protect the data;
  • How you share the data with third parties, in particular, in this case, Shopify, which acts as a technical processor;
  • How users can exercise their data protection rights;
  • What processing operations are carried out;
  • How the data is transferred outside the European Union.

The privacy policy must be drafted by the data controller, which may be the company itself or a natural or legal person mandated for that purpose. It may also be your lawyer.

There are several actors who can assist you in drafting your privacy policy, such as Legaltechs, IT providers or a lawyer specialising in internet law.

Please note that, as a reminder, providers other than lawyers must not provide advice on these regulations. Therefore, it is advisable to use a lawyer who will offer you a full review of your GDPR analysis in order to ensure your compliance with French and European law.

What are the privacy rules?

When we speak of privacy rules, we are in fact referring to the regulations on the protection of personal data, governed (i) in Europe by the General Data Protection Regulation (GDPR), which entered into force on 25 May 2018 in the European Union, and (ii) in France by the "French Data Protection Act" (initially adopted in 1978, it has undergone several amendments since then, in particular to bring it into line with the EU GDPR).

This regulation aims to strengthen the protection of users' personal data by imposing obligations on companies that collect and process such data. In particular, it imposes the requirement to inform users about how their data is collected, used and stored.

What is the difference between legal notices and a privacy policy on Shopify?

Legal notices and the privacy policy are two pieces of information that websites must make accessible to their users.

To find out more about legal notices, you can read the following article: "Legal notices for an e-commerce site!"

Legal notices serve to describe the identity and legal information of the company, whereas the privacy policy concerns the manner in which users' personal data is collected, processed and stored.

The two pieces of information are therefore complementary but distinct.

In conclusion, the privacy policy for Shopify is an essential element for any website collecting personal data. It must be clear and concise, and contain the essential information regarding data processing.

It is governed by the GDPR and its drafting must be entrusted to a competent data controller. Companies must therefore ensure that they comply with the legal obligations regarding the protection of personal data and inform users about how their data is processed.

If you want to guarantee the protection of your data and the compliance of your website with the GDPR, do not hesitate to get in touch today. Click here for a free audit of your privacy policy and discover how we can support you in navigating the world of personal data protection with complete peace of mind.

To learn more

Is a privacy policy mandatory on Shopify?

Yes. As soon as your Shopify store collects personal data (orders, customer accounts, newsletter), the GDPR imposes a duty to inform via a privacy policy. This applies to a showcase site, an e-commerce site or a platform, with content tailored to the data collected.

What must the privacy policy of a Shopify store contain?

In accordance with Article 13 of the GDPR: the identity and contact details of the controller, the purposes and legal basis, the recipients of the data, the retention periods and the rights of data subjects. The content varies according to the categories of data and their purposes.

How to add the privacy policy in Shopify?

Create a dedicated page in Shopify, draft content that complies with your activity, then add the link in the footer and on the collection forms. The information must be accessible at the time the data is collected.

Can you use the policy template provided by Shopify?

Shopify offers a generator, but the resulting text remains generic and does not necessarily describe your actual processing operations or all your tools. An effective policy requires you to have mapped your data. It is better to adapt or have the document drafted so that it corresponds to your store.

What legal basis applies to processing customer data on Shopify?

It depends on the processing: performance of the contract to manage an order, consent for commercial prospecting, legitimate interest or a legal obligation depending on the case. The policy must indicate the legal basis for each purpose, which requires properly characterising your processing operations.

Must the policy cover the third-party applications installed?

Yes, insofar as these applications process your customers' personal data. Marketing, analytics or payment tools may be recipients or processors. The policy must take this into account and these relationships must be governed in accordance with the GDPR.

What are the risks of not having a compliant policy on Shopify?

A breach of the GDPR's duty to inform exposes you to sanctions from the CNIL and to complaints from customers. A missing or inadequate policy also undermines buyers' trust, a key element for an online store.

Do you also need a cookie policy on Shopify?

Yes, if your store places non-essential cookies (analytics, advertising). The cookie policy is distinct from the privacy policy and is accompanied by a compliant collection of consent. The two documents are complementary for a Shopify store that is in good standing.

Still have questions?

Our team is available!

Have a question?

Vos informations restent strictement confidentielles.
Thank you! We will get back to you shortly. If you'd like to speed things up, schedule a time with me directly here:
Schedule a 15-minute call
Oops! Something went wrong while submitting the form.
Homme en costume bleu foncé avec cravate et pochette blanche, bras croisés, regardant vers l'avant.

Ressources

Aller plus loin

00
article(s) affiché(s) sur
00

2 min

Cybersecurity & NIS 2: Legal Obligations?
The NIS 2 directive, driven by the European Union, aims to strengthen cybersecurity. Significantly, it broadens protection against cyber threats. Let us therefore examine the entities concerned and the resulting legal obligations.

5 min

DORA Regulation: notifying major IT security incidents
The DORA Regulation, or Digital Operational Resilience Act, is one of the key pieces of legislation aimed at strengthening the digital resilience of financial entities in the face of growing threats to their infrastructures. With this regulation entering into force on 17 janvier 2025, IT secur

7 min

Does the protection of personal data limit freedom of expression?
The protection of personal data has become a crucial issue in the digital age, where freedom of expression is also essential to ensuring open dialogue within society. This duality, however, raises a fundamental question: does the GDPR, which aims to regulate the process

6 min

Order of 14 March 2025: regulation of nutritional declaration
The order of 14 March 2025 marks a crucial step in the evolution of nutritional regulation in France. In response to the growing importance of food transparency and the need to inform consumers, this order establishes the rules governing the supplementary form of presentation to the

14 min

Internationalizing your franchise network: a complete legal guide for ambitious franchisors
Internationalizing your franchise network is the natural culmination for a franchise network. Read this complete guide!

7 min

Restaurants: rights and obligations of professionals
In restaurants, it is essential to know the rights that protect you as a consumer and the obligations of professionals.
Prendre rendez-vous
Book an appointment