Search Icon

Tourism Best Practices

Is Your Tour Company Protected By Your Website’s Privacy Policy?


Have you given more than a moment’s thought to your website’s privacy policy? Are you certain you have one? For a great many people and companies, privacy policies are an afterthought at best — thrown in by web designers from goodness knows where, or copied from a template and never considered again.

But in an era when data leaks are frighteningly common, privacy policies matter. If you don’t know what yours says, you could be leaving your business open to trouble. The EU’s new data protection regulations makes this more true than ever, so it’s time to give your privacy policy the attention it needs.

What Does a Privacy Policy Do?

Most websites collect at least some information about their users — and your tour and activities booking site collects more than some, because you need guest data to do your job. A privacy policy is a public notice that tells visitors about that data collection.

Here are a few things privacy policies generally disclose:

  • What personal information your website collects from customers.
  • What personal information your website collects from other visitors.
  • How your website stores and protects that information.
  • How your company uses that information.
  • Who else may have access to that information.
  • Whether and how your company distributes that information.
  • How customers may access the data you’ve collected on them.

Does your privacy policy accurately cover all those points? Many don’t, and that can be a major issue. Privacy policies need to be accurate and current. A policy pulled from a template isn’t likely to be either, and that’s where things get tricky.

Why Do I Need a Privacy Policy?

It’s the law. An accurate privacy policy isn’t a legal requirement everywhere, but for any company that deals with international customers, that’s splitting hairs. In the US, California regulates and requires the use of privacy policies. Countries including Australia, India, Singapore, Malaysia, South Korea, and Vietnam have strict data protection laws as well.

And if you do business in the EU, it will soon be even more necessary to have a rock-solid privacy policy. The EU General Data Protection Regulation (GDPR) goes into effect on May 25, 2018, and it affects anyone who collects personal information or offers products or services to citizens of the EU. Now is a good time to read up on the requirements of the GDPR and learn how they apply to your business.

Inaccurate or misleading privacy policies are also risky. In the United States, the Federal Trade Commission (FTC) is empowered to act against companies who don’t follow their own privacy policies, and the FTC takes that job seriously.

Given how hazardous it is to have a privacy policy that you don’t keep updated, the alternative isn’t so bad. Putting together an accurate, up-to-date privacy policy has its own benefits:

You’ll be prepared for data protection. Tour and activities booking websites generally collect quite a bit of personally identifiable data, including customers’ names, their contact and billing information, and sensitive data like ages, health considerations, and more.

Losing track of that data can have serious consequences. To develop a comprehensive privacy policy, you’ll need to look into your data security, know who accesses data, and know how it’s used. That’s an excellent way to ensure that you’re keeping your customers’ data safe.

Customers appreciate transparency. The major data leaks of the past decade have made Internet users more aware of where their information is going. A 2016 Canadian survey found that 37 percent of respondents were “extremely concerned” about the protection of their privacy, with only 8 percent not concerned at all. An impressive 40 percent go so far as to read privacy policies before even downloading apps. A good privacy policy can help reassure customers like those that you’ll keep their data safe.

Web services require it. Google Analytics requires users to include certain details in their privacy policies. So do most app marketplaces. If you use a web service that requires a privacy policy and your website doesn’t have one, you be risking account suspension or other consequences.

How Do I Create a Privacy Policy?

Here’s the bad news: There isn’t an easy way to create a safe, accurate privacy policy that meets legal standards. Most free, online templates don’t meet legal standards, particularly considering the arrival of the GDPR. Generic policies are unlikely to cover your particular practices. Privacy policy generators may fare a little better, but it’s your responsibility to ensure that your policy meets all the required criteria.

Unfortunately, copying from someone in your field is also a risky proposition. Unless they share your practices exactly, they’re not likely to cover your specific needs. You might also violate copyright along with other laws and regulations in the process.

The ideal privacy policy is written by a lawyer who is familiar with international data protection issues, and is based on a careful internal audit of your privacy practices. That’s a lot of work for something most people don’t bother with, but it’s the only way to be sure you’re covering everything.

A lawyer can also help you avoid covering too much. Privacy policies that guarantee data security or promise other far-reaching protections can land you in trouble if you can’t follow through.

If you can’t get a lawyer’s immediate assistance with your policy, take the time to read the policy you’re using and make sure it’s accurate. Changing a policy comes with its own legal considerations, but having a policy you’re comfortable standing behind is a great end result.


Search The Blog