We’ll tackle all these questions and more in this how-to guide, but first — since this guide covers legal topics — we need to include our “this is not legal advice” disclaimer. Be advised:
Disclaimer: since the content on this page refers legal topics we must make clear, the content presented here is not legal advice and should not be treated as such. Any information on this Website should be used solely as a guide and does not replace the advice of a licensed attorney. You should always contact an attorney for help with your specific legal needs and issues.
This personal information is typically referred to as Personally Identifiable Information (PII), and includes:
- Phone numbers
Some laws also include non-personal data in the definition of PII, such as:
- IP addresses
- Financial transaction or ecommerce order IDs
- Location data
- Personal data that has been de-identified, encrypted or pseudonymised but could be used to re-identify a person
Here are some examples of laws that may impact your organization, both in the US and beyond:
- California Online Privacy Protection Act of 2003 (“CalOPPA”)
- The California Privacy Rights Act (CPRA)
- Nevada Revised Statutes Chapter 603A
- Delaware Online Privacy and Protection Act (“DOPPA”)
- Virginia Consumer Data Protection Act (“VCDPA”)
- Colorado Privacy Act
- Utah Consumer Privacy Act
- Connecticut SB6
Outside the US:
- European Union: General Data Protection Regulation (“GDPR”)
- UK: UK Data Protection Act (UK DPA)
- Canada: Personal Information Protection and Electronic Documents Act (“PIPEDA”)
- Australia: Australia Privacy Act of 1988
It’s important to understand that privacy policies are not focused on where the website owner (e.g. your nonprofit organization) is located. Instead they are focused on where the website user is located. This means that a website owned and based in the US may need to comply with privacy laws from jurisdictions outside the US, in order to protect the privacy rights of visitors who live in those other countries.
The simple answer to this question is Yes: nonprofit websites need privacy policies in the same way other websites do.
- Contact form
- Donation form
- Volunteer sign-up form
- Email subscription form (more on email sign-up forms here)
- Website analytics
Build trust with your audience
Help your organization plan and maintain data hygiene
Compliance with online privacy laws
- A list of visitor data collected (e.g. name, email address, etc.). Remember to include both data that is actively submitted by visitors, and other data that is collected directly like website analytics data.
- How the data is stored and protected.
- Whether the data is shared with third-parties (this might include your email marketing platform, or your donation processing platform).
- What tracking or data collection tools your website uses (e.g. Google Analytics, Hotjar, Facebook pixel).
- Whether, and how, users can opt-out or withdraw consent for their data to be stored or processed.
Disclosure: some of the links below are affiliate links, meaning that at no cost to you, we will earn a commission if you click through and make a purchase. Learn more about the products and services we recommend here.
Our recommendation: Try Termageddon
As a Termageddon partner, we can share a 10% discount on your first year of service, which you can access by signing up using this link.
If the Termageddon onboarding questionnaire recommends that you also need a cookie Consent Management Platform for your website, your Termageddon license will also provide free access to the entry-level tier of the UserCentrics cookie consent platform.