Non-government organizations or NGO websites can fall under the scope of data privacy laws and may legally be required to have a privacy policy.
If your NGO website collects any personal data, it’s worth verifying if any laws apply to you and making a compliant privacy policy that aligns with those laws.
Below I provide an overview of privacy policies for NGO websites and explain how you can make your own.
Creating a Privacy Policy for NGO Websites
There are a few legitimate ways you can make a privacy policy for your NGO site.
Use a Privacy Policy Generator
One of the simplest ways to make an NGO website privacy policy is to use Termly’s free Privacy Policy Generator.
Our legally-backed comprehensive solution asks easy questions about your NGO-site to help you align with applicable laws and makes a unique policy based on your answers that you can embed directly on your site.
We’re also fully committed to protecting the privacy of our users.
Note that NGOs may be subject to additional laws that might not impact for-profit businesses. Industry-specific statutes and regulations may also apply.
Use a Privacy Policy Templates
You can also use Termly’s free privacy policy template to make a custom agreement for your NGO website.
When using a template, fill in the blank sections with unique, accurate details about your NGO and how it collects, processes, and uses personal information.
Take extra time to remove any clauses that might not apply to your NGO and/or add other details as necessary.
Write It Yourself
You can also write your own privacy policy for your NGO website, but you should only do so if you have a lot of technical knowledge and a strong understanding of data privacy laws.
It’s important you’re extra thorough, and you might consider consulting a privacy lawyer or attorney to vet the document.
Because these are legal documents impacted by privacy laws, your site could be held accountable if you accidentally leave something out or make a mistake.
How NOT To Make an NGO Website Privacy Policy
Now that you know some viable ways to make a privacy policy, I want to briefly cover some options to avoid.
- Don’t copy another business’s privacy policy. This is considered a form of plagiarism and is illegal. Besides, it goes without saying that another business’s policy will not accurately account for how your NGO collects and processes personal data. NGOs and businesses in general just shouldn’t take this risk.
- Don’t use AI to generate a privacy policy. AI is exciting, but it shouldn’t be used to make legal policies, especially when they need to include nuanced, personalized information about how your NGO collects, processes, and uses personal information. An AI has no way of knowing all of these specific details, and it might hallucinate or include falsities in your policy. It’s best to use a privacy solution or consult a lawyer and privacy experts.
- Don’t use an insecure or unreliable ‘generator’ or ‘template’. Avoid using generators that claim to cover privacy laws but actually don’t, generators that up-charge for common features typically included even in free templates, and generators that are never updated or maintained by a legal team or data privacy experts. There are better, reliable options out there, like Termly!
Remember, privacy policies are living documents that change with your company, they are not a one-size-fits all policy.
Being lax about the contents of your policy and using workarounds like an LLM or an insecure “free” tool that’s too good to be true can put your business at risk.
For example, you might face fines for violating privacy laws or cause irreparable harm to your brand’s reputation and lose consumer trust.
Do NGO Websites Need a Privacy Policy?
Some NGO websites legally need to have a privacy policy, including those that fall under any consumer data privacy laws.
But having a privacy policy is more than a legal issue. It also helps show internet users that your NGO website is safe, secure, and reliable.
Presenting your users with a privacy policy lets them know exactly what you do with their data, and this transparent communication helps increase trust.
Laws That Impact Non-Government Organization’s Privacy Policies
There are several laws that might impact non-government organizations, especially if your NGO is a for-profit entity.
For example, the following data privacy laws exist around the world and impact organizations of all kinds:
- General Data Protection Regulation
- California Consumer Privacy Act
- Australia Data Privacy Act 1988
- New Zealand Privacy Act 2020
- South Africa Protection of Personal Information Act
- U.S. state-level consumer privacy laws
Some U.S. state laws even apply to non-profits, like the Colorado Privacy Act.
In addition, your NGO might need to follow industry-specific laws, depending on your focus. Keep all of this in mind when making your privacy policy.
Information to Include in an NGO Privacy Policy
To help you make your NGO privacy policy, I’ve summarized the most common clauses that appear in these necessary legal documents.
What Data You Collect
Your privacy policy must explain what data your NGO collects from users, both online and physically in person, like from any events you might participate in or host.
You should list this information in a clear format so it’s easy for users to read and understand, like in a bullet list or a neatly organized table.
Why You Collect The Data
Your NGO privacy policy also must explain why you collect personal data, which is referred to as your legal basis under the GDPR.
The GDPR limits you to specific legal purposes for processing.
Other laws, like thos ein the U.S., limit you to collecting data for what is necessary to complete the purposes you state directly in your privacy policy.
How You Collect The Data
Explaining how you collect personal data is another legally required clause that belongs in your NGO privacy Policy.
For example, you need to explain if you collect data:
- Directly from the consumer
- From publicly available information
- Through social media
- Through forms on your website
- Through sign-up forms
- In person flyers or paperwork
- In any other way
Third Party Data Sharing Clause
If your NGO shares or sells personal data to any third-party entities, you need to disclose this to your users in a clause in your privacy policy.
You need to state what categories of data you share with third parties, and what categories of third parties you share the data with.
For example, if you use Google Analytics, you’ll need details about any cookies it uses in your policy as well as an explanation about what the analytics are used for.
Consumer Rights Over Their Data
You also need a clause in your NGO privacy policy that explains what rights consumers have over the personal data and how they can act on those rights.
This is required under several U.S. state level privacy laws, like the CCPA, and it’s mandated by the GDPR.
If multiple laws apply to your NGO, consider having multiple clauses for each one to make it extra easy for your users to find the right information that applies to them.
Children’s Data Clause
Your NGO privacy policy needs a children’s data clause regardless of whether you actually target children or not.
If you don’t target children, this clause should explain to legal guardians how they can contact you if they believe you’ve accidentally collected information from their child.
This is necessary because children use the internet, sometimes without supervision, and there’s a chance they may accidentally end up on your website.
If your NGO is oriented towards children, there are other strict laws in place to protect minors that you’ll need to follow, like the Children’s Online Privacy Protection Act (COPPA).
Cookies and Other Trackers
If your NGO site uses cookies, you should disclose this to internet users and include a clause in your privacy policy that links to your official cookie policy.
Privacy laws like the GDPR and the CCPA consider cookies to be a form of personal data, so using them falls under the scope of privacy laws.
Your NGO Contact Information
Finally, make sure there’s a clause in your privacy policy that provides contact information for your NGO so users know how to contact you if they have privacy questions or concerns.
This is also required by privacy laws like the GDPR.
Where to Display Your NGO Privacy Policy
Display your NGO privayc policy in a few prominent places across your website, for example:
- Website footer: This is an ideal place to post a privacy policy because it’s a static part of your website, so users can always access it.
- Payment screens: Payment portals often collect personal data from consumers, so post your privacy policy there so they can read and agree to it.
- Account creation pages: If users can create accounts on your NGO site, include a link to your policy, so they know how you use their data when they create a login.
- Wherever data collection occurs: A rule of thumb if to post a link to your privacy policy wherever data collection occurs, which aligns with laws like the GDPR.
How Termly Helps
Privacy policies can seem like long, overwhelming, and burdensome documents for NGOs to make and maintain.
Tools like Termly’s privacy policy generator make it easier to have a customized document for your site that you can update as needed directly form the Termly dashboard.
More about the author
Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP
Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author
