Website Policies: Which Ones You Need And Why They Matter 2019


By: Drew McManus

A little more than two years ago, we took some time to review the type of website policies your organization should maintain and since then, the topic of online personal data collection and related policies has exploded. Everything from sweeping reforms such as the European Union’s (EU) new General Data Protection Regulation (GDPR) regulations and data breach policies in the wake of massive corporate hacks mean it is more important than ever to have your policy ducks in a row.

Fortunately, everything from the original 2017 article is just as applicable today as it was then.

  1. Terms of Service (TOS) Policy: Defines the rules by which an individual agrees to use a service. These are often called Terms of Use or Terms and Conditions. Although not always required by law, they are typically legally binding agreements that certainly help protect your organization and users.
  2. Privacy Policy: Discloses the type of data you collect along with how it is stored and managed. This is a policy every arts organization should have.
  3. Disclaimer Policy: Indicates a site owner is not responsible for advice or information and limits liability. If your site includes content of a technical or legal nature, this is a must-have policy. Interestingly enough, this is one of the policies you’ll often find embedded into individual page alongside the respective content in addition to a general policy page or section.
  4. Return/Refund Policy: If your site has an ecommerce component, you need a refund policy. Even if you don’t offer refunds, that’s still a policy and it needs to be made clear to users.
  5. Delivery/Shipping Policy: Informs users about related details via how you ship your goods and products (this includes printed tickets) along with related costs. This policy is not required by law in most areas but strongly recommended.

In addition to those items, you can include the following:

  1. Cookie Policy: Outlines the types of cookies and other tracking technologies used on your website, what they do, and how they are used. This is one of those items now required by EU’s GDPR law: you must have a cookie policy and notify visitors your site uses them.
    1. Cookie Consent Banners: While not strictly a mutually exclusive policy, it is a shorter version that displays on your website upon the visitor’s arrival. It includes a call to action (link or button) the visitor uses to acknowledge and accept the policy.
  2. Data Breach Policy:
    1. Data Breach Notice Letters: The first cousin to the policy, the letter is a template you would use in the event of a data breach. It’s a required element of GDPR and an overall smart thing to have on hand regardless if GDPR compliance is necessary for your website or not.

Online Policy Generators

First and foremost, if your organization has the resources to consult with an attorney who specializes in website legal agreements, that’s awesome and you should absolutely go that route first and foremost.

Having said that, most nonprofits will need to explore other options and to that end, online policy generators are a great option.

They’ve come a long way since 2017. They are far more comprehensive and consider the broader range of privacy issues.

One provider I recommend to clients frequently is

Self-described as an “attorney-level legal policies generator to make your websites and apps compliant with the law.” They have some of the most inclusive generators around. There’s enough detail that we often warn clients beforehand to schedule time so we can be available to provide some of the tech info they’ll need to complete the policies.


Additional resources include:

WordPress Privacy Policy Tools

If you’re a WordPress user, you have a host of new integrated tools at your disposal.

Privacy Settings

Located at Settings > Privacy, the settings admin panel provides the ability to assign or create a privacy policy page. WordPress will add some special markup language to this page to search engines recognize this is where your privacy policy lives.

Privacy Policy Guide

You can locate a comprehensive guide, by selecting the “Check out our Guide” link on the above Privacy Settings admin panel or by going to /wp-admin/tools.php?wp-privacy-policy-guide#wp-privacy-policy-guide-introduction (just add your primary domain name to the beginning of that URL).

Once there, you’ll find an exhaustive amount of reference material and sample language you can use to create a basic privacy policy.

Export and Erase Personal Data

A large part of GDPR compliance is making personal data available to users upon request and to erase it from your system. To that end, WordPress offers to dedicated tools for those tasks located at Tools -> Export Personal Data and Tools -> Erase Personal Data admin panels.

WordPress provides a thorough overview of each tool at their documentation page. It will walk you through the entire process an end user experiences along with providing instructions on how to use both tools.

Disclaimer: What is a blog post about a legal topic without a disclaimer? This is not legal advice. You should not be getting your legal advice from a blog post. The purpose of this post is to give you things to think about. Speak to a lawyer about specifics.

Drew McManus
Drew McManus
In addition to my consulting business, I'm also the Principal of Venture Industries Online but don’t let that title fool you into thinking I'm just a tech geek. I bring 20+ years of global broad-based arts consulting experience to the table to help clients break the cycle of choosing one-size-fits-none solutions and instead, deliver options allowing them to get ahead of the tech curve instead of trying to catch up by going slower. With the vision of legacy support strategy and the delights of creative insights, my mission is to deliver a sophisticated next generation technology designed especially for the field of performing arts. The first step in that journey began in 2010 when The Venture Platform was released, a purpose-designed managed website development solution designed especially for arts organizations and artists. For fun, I write a daily blog about the orchestra business, provide a platform for arts insiders to speak their mind, lead a team of intrepid arts pros to hack the arts, lead an arts business incubator, and love a good coffee drink.
Author Archive

Leave a Comment