Wix is seen as one of the top user-friendly & all-in-one website builders. With a reputation for easy-to-use software and affordable plans, and over 100-million users worldwide, it's no surprise that you chose Wix to build your company website.

You may also be aware that Wix does not technically require users to post a Privacy Policy on their Wix-generated websites. But does this mean you can skip posting a Privacy Policy?

Keep reading to find out.

Wix is an online WYSIWYG website creation software that offers basic page-building packages for free, making the brand incredibly popular among users and small business startups.

Even the premium professional packages are affordable when compared to similar website-building services, and although the platform is not open-source, Wix makes up for it in usability and security. No wonder it was voted the most popular.

Wix also places minimal requirements on customers and leaves the responsibility up to each user to comply with privacy and internet regulations according to their location. In other words, Wix does not state that website customers are required to post a Privacy Policy.

This can be misleading, however, because most Wix users are required to post a Privacy Policy, even if it is not specifically stated by Wix.

Wix Recommendations Regarding Privacy

Wix Recommendations Regarding Privacy

While Wix does not specifically require a public Privacy Policy, they have quite a lot to say about end-user privacy and privacy law in general. For example, in the Wix Market Terms of Use, you will find the following recommendation:

"Wix recommends, and in some circumstances requires, that all Third Party Developers for the Apps in its App Market post a privacy policy or other statement describing the applicable App's privacy practices regarding how personally identifiable information is collected, shared, and used by or through an App and its respective App provider, whether Wix or a Third Party Developer."

Wix App Market Terms of Use: Excerpt of Data Protection clause

The Wix Privacy Policy goes into further detail about customer responsibilities regarding end-user privacy. In this paragraph, consent measures and applicable regulations are mentioned:

Wix Privacy Policy: Excerpt of Users of Users Information clause

Finally, the general Wix Terms of Use requires users to actively agree to follow any applicable regulations according to their own geographical location, as well as the locations of end users:

Wix Terms of Use: Excerpt of Your Obligations clause - You undertake and agree to comply with applicable laws

In short, it's clear that while Wix does not expressly require a Privacy Policy, they do expect all customers to uphold international and local privacy laws, the majority of which require a public and accessible Privacy Policy.

What Does Wix Mean by "Applicable Laws"?

What Does Wix Mean by "Applicable Laws"?

The pertinent question to ask now is, "Which privacy laws apply to me?" You might be surprised.

Here is a list of national and international privacy regulations that apply to most US-based online businesses:

General Data Protection Regulation (GDPR) - Applicable to any entity that collects data from European Union residents, the GDPR requires businesses to post a clear, easy-to-understand Privacy Policy that is accessible to all end users.

In regard to Privacy Policies, the GDPR also calls for the following to be included in the Policy:

  • The physical location and contact information for your business
  • Disclosure of EU users' rights concerning their personal information
  • Which personal data you collect, how and why it's obtained, and whether or not the data is shared with third parties
  • Disclosure of your legal basis for obtaining EU personal information
  • Details about international data transfers, if relevant

The Children's Online Privacy Protection Act (COPPA) - Even if you don't intentionally collect personal information from children, this regulation will need to be addressed in your Privacy Policy, meaning you must have one published. If you do have users who are children (under the age of 13), you will need to take extra steps to make your Privacy Policy COPPA-compliant.

The California Online Privacy Protection Act (CalOPPA) - Although this regulation is from California, it applies to any company that collects personal information from California residents.

CalOPPA calls for a prominently posted Privacy Policy that incorporates the following information:

  • What kinds of personal data you obtain as well as which third-parties have access to that information
  • A simple, straightforward way for end users to view and revise their personal data
  • How users will be notified when the Privacy Policy is revised or updated
  • A visible effective date of the Privacy Policy
  • An account of how your website answers "Do Not Track" signals from web browsers

These might not be the only privacy laws that will apply to your business. Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), for one, applies to most US-based businesses as well.

However, if you follow the statutes outlined above, your business will end up likely being compliant with PIPEDA and most other privacy regulations.

As you can see, Wix's condition to "fully comply with all applicable laws" will definitely require most Wix websites to publish a Privacy Policy.

What to Include in Your Wix Privacy Policy

What to Include in Your Wix Privacy Policy

A Privacy Policy generally has two goals:

  • To maintain transparency with your customers about the way your company handles personal data
  • To comply with all relevant privacy laws as laid out in the previous section

In order to meet these goals, we have outlined some of the most important clauses to include in a well-written Privacy Policy for Wix websites.

An Introduction

You can knock out several requirements with an introductory section. This is where you can state the name, location and contact information for your business, an effective date for the Policy, and what you'll do to update your users about material changes to the Policy.

Including all of these elements helps you meet several stipulations of the GDPR and CALOPPA.

Hubspot includes these elements as well as an explanation of the Privacy Policy's general purpose within the introduction:

HubSpot Privacy Policy: Full introduction section

Here you can clearly see which company is represented by the Privacy Policy, where they are located, and how to contact them, as well as the effective date of the policy.

What Information is Collected

It is imperative to be transparent here. Let your users know exactly what information you will be collecting from them and how it will be collected. This includes anonymous information like IP addresses and geolocation data.

A lot of companies separate this section according to the methods by which data is collected. For example, automatically collected data could be one paragraph, and information collected directly from the user would be another section.

Getty Images illustrates a good example of this approach:

Getty Images Privacy Policy: Collection of Personal Information clause excerpt

Notice how Getty points out that information is collected:

"with your consent and/or as necessary to provide the products you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests."

This is Getty's way of naming their legal basis for collecting user data, thereby complying with the GDPR.

This part of your Privacy Policy is an appropriate place to name your legal basis for processing personal data.

How Consumer Information is Used

Next, let consumers know exactly how their data is used. It is important to list out each use of consumer data in detail to prevent possible privacy disputes. Especially if you use consumer data to provide personalized advertising or marketing, you will want to make this clear to your customers.

Getty lays out all the ways it uses consumer data in an organized list format:

Getty Images Privacy Policy: Use of Your Personal Data clause

Cookies

If you use cookies to collect data about visitors (even if they are third-party cookies) you will need to let your users know this.

Many websites incorporate a cookies banner into their homepage, as well as as a separate Cookies Policy to list out which cookies they use. However, it is also recommended that you include a brief cookies clause in your Privacy Policy to let users know that you are using this technology to collect customer data.

Hubspot fulfills this with one short paragraph that includes a link to its Cookie Policy:

Hubspot-privacy-policy-cookies-clause

Third-Party Sharing

Almost every major privacy regulation requires that you inform users if you share their data with third parties.

You can create a separate clause for this topic and make sure you explain why third-party sharing is necessary.

Shutterfly explains why it shares data with third parties in simple, plain language:

Shutterfly Privacy Policy: Information Sharing With Third Parties clause

If you share consumer data with third parties for purposes of personalized advertising or remarketing, make sure to mention it in this section, as Shutterfly has done here.

User Preferences

More than one international privacy regulation requires that customers be provided with an easy way to opt-out of marketing communications, personalized advertising, and remarketing campaigns.

Adobe handles all of this efficiently with detailed instructions and a preferences link within a clause that's clearly labeled as being about "withdrawing consent":

Adobe Privacy Policy: Withdrawing consent or otherwise objecting to direct marketing clause

If you click the link at the end of the clause you're presented with this marketing preferences interface that gives users complete control over advertising and marketing communications:

Intro section of Adobe Privacy: Your data your choices to control your information and opt out

Data Retention and Security

Consumers want to know how their data is handled. This clause is your chance to explain everything about your data processing practices, such as:

  • How data is protected
  • How long data is retained

Adobe's Privacy Policy organizes these points into different clauses.

First, a brief but adequate security clause lets users know that Adobe does its best to keep personal information secure, but that no security controls are 100% effective:

Adobe Privacy Policy: Is my personal information secure clause

Data retention practices are addressed in a separate clause, which covers certain GDPR stipulations:

Adobe Privacy Policy: Data retention clause

European Consumers' Rights

The GDPR requires some specific language regarding European Union consumer rights. If you did not cover this in any previous section, it will need its own clause.

This clause should include a list of EU user rights and a method to exercise these rights, as well as contact information for your Data Protection Officer or European Representative, if applicable.

Adobe's users are told what their rights are when it comes to their personal information and how to go about exercising them, including accessing and making changes to the information Adobe holds:

Adobe Privacy Policy: User rights clause

By explaining how customers can access and edit their personal information, Adobe is meeting both GDPR and CALOPPA regulations.

Here's how Sony UK provides multiple contact methods including a web form, standard mail and international phone numbers:

Sony UK Privacy Policy: Contact clause

Children Under 13

Whether your content is targeted to children or not, you will need to make it clear that your business respects COPPA regulations. If you do not offer services or content targeted to children, all you have to do is say so, as Shutterfly does here:

Shutterfly Privacy Policy: Children's Information clause

A clause like this one will cover you in case a child submits information without your knowledge, since you have plainly stated that you have no intention of collecting information from minors.

If you do offer services that are targeted to children, you will need to follow the strict guidelines set by COPPA in order to collect any personal information at all from children under 13 years old.

International Transfers of Data

If your business transfers data between countries, the GDPR requires that you state which legal framework you use to safely transfer data over international borders, such as the EU-U.S. Privacy Shield.

Getty explains its international transfer mechanisms here:

Getty Images Privacy Policy: Location of Personal Data and Privacy Shield clause excerpt

Do Not Track Signals

CalOPPA requires that all websites disclose how they respond to browser "Do Not Track" signals.

Even if your website does not recognize DNT signals, it is still necessary to say so, as Apple has done below:

Apple Privacy Policy: DNT clause exerpt from 2019

Changes to Your Privacy Policy

Also in accordance with CalOPPA, it is necessary to let consumers know how they will be informed of any changes that take place to the Privacy Policy in the future.

Hubspot demonstrates this clause well:

HubSpot Privacy Policy: Updates to Policy clause

These are a few of the main clauses that your Wix website's Privacy Policy should include.

How to Create a Privacy Policy

FreePrivacyPolicy: Privacy Policy Generator - Steps How to Create Privacy Policy

Our Privacy Policy Generator helps you create a custom Privacy Policy for your website and mobile app. Just follow these few simple steps and your Privacy Policy will be ready to display.

  1. Start the Free Privacy Policy Generator, located at the top of the website.
  2. Select where your Privacy Policy will be used:
  3. FreePrivacyPolicy: Privacy Policy Generator - Select where your Privacy Policy will be used - Step 1

  4. Answer a few questions about your business:
  5. FreePrivacyPolicy: Privacy Policy Generator - Answer a few questions about your business - Step 2

  6. Add your website or app information:
  7. FreePrivacyPolicy: Privacy Policy Generator - Add your website or app information - Step 3

  8. Answer a few questions about what information you collect from your users:
  9. FreePrivacyPolicy: Privacy Policy Generator -  What information you collect - Step 4

  10. Select options for how your users can contact you:
  11. FreePrivacyPolicy: Privacy Policy Generator - How your users can contact - Step 5

  12. Select whether or not you wish to create a Professional Privacy Policy that would include wording for GDPR and CalOPPA:
  13. FreePrivacyPolicy: Privacy Policy Generator - Select what Privacy Policy you want to create - Step 6

  14. Enter your email address where you'd like your new Privacy Policy sent:
  15. FreePrivacyPolicy: Privacy Policy Generator - Enter your email address - Step 7

  16. Click Create Privacy Policy and you're done. Now you can copy and paste your Privacy Policy code into your website, or link to your hosted Privacy Policy.
  17. FreePrivacyPolicy: Privacy Policy Generator - Copy or link to your hosted Privacy Policy - Step 8


How to Upload a Privacy Policy to Your Wix Website

How to Upload a Privacy Policy to Your Wix Website

Now that you have an excellent, ultra-compliant Privacy Policy, it's time to upload it to your Wix website. Here are some basic instructions on how to do so, straight from the Wix website.

  1. Add a new page to your website using the "Menus and Pages" interface:
  2. Wix Support: Add a Privacy Policy - Menus and Pages button

  3. Click Add Page at the bottom.
  4. Name your new page "Privacy Policy" and click Done.
  5. Next, use the "Text" element to add a new text box to the page. Click Add on the left side of the Editor interface.
  6. Click Text and drag the text element of your choice to where you want it to be on your page.
  7. Copy/paste your Privacy Policy into this text field and adjust how you want it to look on the page.
  8. Now, add the Privacy Policy page to your footer navigation by adding a new text box to the footer of your site's homepage. Click Add on the left side of the Editor interface.
  9. Click Text and drag the text element of your choice to the bottom of the page, as close to the footer as possible.
  10. Click Move to Footer.
  11. In the text box, enter "Privacy Policy"
  12. Wix Support: Add a Privacy Policy - Step to name the footer link

  13. Create a link from that text box to the Privacy Policy page by using the "Edit Text" function. Click "Edit Text" and highlight Privacy Policy.
  14. Click the Link icon.
  15. Choose Page and then find Privacy Policy in the "Which page?" dropdown menu. Click Done.
  16. Wix Support: Add a Privacy Policy - Step to link the Privacy Policy page

That should do it! Once you have completed the steps above, your Wix website will be complete with its own respectable Privacy Policy. Now you can rest assured that your website follows Wix requirements as well as international privacy laws, at least as far as the Privacy Policy goes.