Privacy Policy for Wix Websites: How To Create One

Masha Komnenic CIPP/E, CIPM, CIPT, FIP

written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP September 20, 2023

Generate a Free Privacy Policy
Privacy-Policy-for-Wix-Websites-01

Wix is an easy-to-use, codeless website builder that’s very user-friendly — I like this, as it allows nearly anyone to create a website for their business.

But if you’re making a Wix website, you should also publish a privacy policy.

While Wix itself does not require you to have a privacy policy, several data protection laws worldwide require businesses that collect and process personal information to post one on their websites, and those regulations likely apply to you.

In this guide, you’ll learn how to create a privacy policy for your Wix website and link it to the appropriate places to comply with applicable privacy protection laws from around the globe.

Table of Contents
  1. How To Make a Wix-Ready Privacy Policy
  2. When Do You Need a Privacy Policy for Your Wix Site?
  3. What Must Go In Your Wix Site’s Privacy Policy?
  4. How To Add a Privacy Policy to Your Wix Site
  5. Where To Display a Privacy Policy on Your Wix Site
  6. Real Examples of Wix Website Privacy Policies
  7. Summary

How To Make a Wix-Ready Privacy Policy

You have a few different options when making a privacy policy for your Wix-hosted website:

  • Use a generator
  • Try out a free template
  • Write it yourself

I’ll walk you through these solutions so you can choose the one that best suits your needs.

Use a Generator

An automated solution, like our Privacy Policy Generator, is hands-down the quickest and simplest way to make a privacy policy for your Wix website.

I recommend this method more than others because it saves business owners time while helping them meet all relevant legal obligations outlined by laws like the GDPR, the CCPA, the VCDPA, PIPEDA, and so many more.

With a generator, you answer straightforward questions about your business and how you handle personal data. Our tool then uses your answers to create a compliant privacy policy for you to put anywhere on your Wix website.

See a sample of one of the questions it asks in the screenshot below.

Termly-Privacy-Policy-Generator

But wait, it gets better!

Our legal team and product engineers update the privacy policy generator whenever old laws change, or new ones occur and alert you via email.

You just need to pop back into your Termly dashboard, make any necessary updates, and rest easy knowing your Wix site is still compliant with applicable data privacy legislation.

Use a Template

You can also consider using our free privacy policy template, which takes more work but is still a fast solution, especially if you only process minimal amounts of data.

You just need to fill in the blank sections of the template with details about your business and modify any existing clauses and language as necessary. You can change as much or as little of it as you want.

Also backed by our legal team, we’ve included clauses to help you meet the obligations outlined by laws, including the GDPR, the CCPA, and more.

See a screenshot example of what our template looks like below.

Termly-free-privacy-policy-template

Do It Yourself

Finally, you can always write your own privacy policy for your Wix website from scratch.

However, I only recommend doing this if you have access to a lawyer, extensive knowledge of data privacy laws, or run a website that doesn’t collect personal information.

Writing one yourself takes a lot of time, effort, and legal knowledge. You’ll be held legally accountable if you leave something out, even by mistake.

When Do You Need a Privacy Policy for Your Wix Site?

Even though Wix doesn’t explicitly say you must post a privacy policy to use their platform, you’re most likely required to have one to comply with applicable data privacy laws.

Wix’s privacy policy explains that customers — in this case, you — are responsible for the integrity, security, and authorized use of their users’ personal information, as shown in the screenshot below.

Wix-privacy-policy

Additionally, in their terms of use, Wix includes an Indemnity Clause explaining that you’ll hold the company harmless if you violate your users’ privacy rights.

See the highlighted text in the screenshot below for more details.

Wix-Indemnity-Clause-terms-of-use

When You’re Required By Law

I’ll talk more about data privacy laws later in this guide.

But for now, know that legislation such as the EU’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) require websites with users residing in specific regions and states to provide legally compliant privacy policies — this means these laws may apply to you even if you’re located elsewhere.

When You Want to Build Trust

Having a comprehensive privacy policy shows that you care about protecting your users’ privacy rights and builds a culture of trust. Posting one proves that you’re dedicated to transparency and the customer experience, which is important in our current digital climate.

Every website user has the right to know how you use their personal information and what rights they have over the information they give you.

Even if you don’t think your site collects any personal data, section 6 of the Wix privacy policy clearly states that they may collect the personal information of their “users-of-users” — in other words, your website visitors. So it’s best to play it safe and post a policy so you know you’re appropriately protecting your business and your consumers.

What Laws Require a Wix Privacy Policy?

In the table below, learn more about the specific privacy policy requirements for all websites — Wix included — as outlined by various laws and regulations.

Data Privacy Law Privacy Policy Obligations
General Data Protection Regulation (GDPR)
  • Company’s name and contact details
  • Contact information for your Data Protection Officer
  • What personal information you collect
  • How you collect the information
  • Why you collect the information (aka, your legal basis)
  • Who you share the information with
  • Details of any transfers of information outside of the EU/EEA
  • How long you store the personal information for
  • Explain how consumers can access their information and request that it is erased or rectified, and how to object to it being used
  • Explain your consumers’ right to lodge complaints with their local regulator
  • Explain how consumers can withdraw consent
  • Explain when the information isn’t collected from the individual
  • Explain if you use automated decision-making or profiling
The Data Protection Act (UK GDPR)
  • Company’s name and contact details
  • Contact information for your Data Protection Officer
  • What personal information you collect
  • How you collect the information
  • Why you collect the information (aka, your legal basis)
  • Who you share the information with
  • How long you store the personal information for
  • Explain how consumers can access their information and request that it is erased or rectified, and how to object to it being used
  • Explain your consumers’ right to lodge complaints with their local regulator
  • Explain how consumers can withdraw consent
  • Explain when the information isn’t collected from the individual
  • Explain if you use automated decision-making or profiling
California Consumer Privacy Rights Act (CCPA/CPRA)
  • Description of consumer rights
  • Two or more methods for submitting verifiable consumer requests to act on their rights
  • List the categories of personal information collected about consumers
  • List the sources where you collect the personal data from
  • Say your business or commercial purpose for collecting the data
  • List the categories of or third parties whom you share the data with or if you don’t share any data
  • List the categories of personal information shared or sold to any third-party entities, if any
  • A separate list of the categories of data disclosed to others for business purposes
California Online Privacy Protection Act (CalOPPA)
  • Post the effective date
  • List the types of personally identifiable information you collect and how users can opt out of data collection
  • Explain how to request to review or delete user data
  • Explain how changes and updates to your privacy policy will be communicated
  • Say if you’ll share the information with any third parties
  • Say if Do Not Track “DNT” requests are honored or not
Children’s Online Privacy Protection Act (COPPA)
  • List the name, address, and phone number of the company
  • State the types of information collected
  • Explain how the information is collected
  • Explain how you use the information
  • State if you disclose the information to third parties and how those parties use it
  • Include a description of a legal guardian’s option to consent to the collection of their children’s information without agreeing to the disclosure of that information to third parties
  • Include an explanation of parental rights to avoid disclosure of more information about children under the age of 13 than is necessary, refuse to provide information about a child, and review information that has been submitted to the operator about the child in question
Connecticut Data Protection Act (CTDPA)
  • List the categories of personal data processed
  • State the purpose of processing personal data
  • Explain how consumers can exercise their rights, including their right to appeal
  • State the types of personal data shared with third parties
  • Include information about the third parties
  • Explain how consumers can contact the data controller online
Colorado Privacy Act (CPA)
  • Say what personal data you collect or process
  • Explain your purpose for collecting and processing the data
  • Include an explanation of users’ rights and how they can act on them
  • Include details about how a user can appeal your choice regarding their requests
  • List your company contact information
  • State what categories of data are shared with third parties, if any
  • State the categories of the third parties the data gets shared with, if any
  • Say if the personal data is sold to third parties for targeted advertising
  • Explain how users can opt out of the processing of their data for targeted advertising
Virginia Consumer Data Privacy Act (VCDPA)
  • Explain your purpose for processing personal data
  • List the categories of data processed
  • List the categories of data shared with or sold to third parties
  • Disclose the categories of third parties themselves
  • Explain how consumers can submit requests
  • Provide a mechanism for appeal of decisions related to consumer requests
  • Disclose the processing of personal data for targeted advertising
  • Explain and provide the right to opt-out of processing data
Australia’s Privacy Act of 1988
  • List your company name and contact details
  • State what personal information you collect and store
  • Explain how you collect the information, and where you store it
  • List the reasons why you need to collect the information
  • State how you use and disclose the information
  • State how users can access their personal information or ask for a correction
  • Explain how users can lodge a complaint if they think their data is mishandled, and how you respond to these complaints
  • Say if you’re likely to disclose user data outside of Australia, and if so, to what countries
New Zealand’s Privacy Act of 2020
  • Say why you collect the personal data
  • List who receives the data
  • State if giving the data is compulsory or voluntary
  • Explain what happens if users don’t share their data
  • Provide an explanation of users’ right to request to access or correct their data
South Africa’s Protection of Personal Information Act (PoPIA)
  • Include your company’s full name and address
  • List the categories of data you collect or process
  • Say if the data is not collected from the user and explain the source from which it’s collected
  • Say the purpose for why you collect and process the data
  • Explain if giving the information is compulsory or voluntary
  • Describe the consequences if a user does not share their data
  • Provide a list of other relevant laws authorizing (or requiring) the collection of data
  • State if you plan to transfer the data outside of South Africa
  • Say who you share the data with
  • Explain your users’ rights to access and rectify their personal data
  • Explain your users’ right to object to the processing of their data
  • Explain your users’ right to submit a complaint to the Information Regulator
Personal Information Protection and Electronic Documents Act (PIPEDA)
  • State your purposes for data collection
  • Explain and implement security measures to protect personal data
  • Explain transparent, open details about data handling practices
  • Say how you meet the 10 fair information principles outlined by the law

What Must Go In Your Wix Site’s Privacy Policy?

What you need to include in your privacy policy depends on the privacy laws you must follow. These laws are similar in scope but require slightly different things from businesses.

To help simplify this process, I briefly summarized the most common clauses relevant to Wix-specific privacy policies.

What Personal Information You Collect

Every data privacy law requires you to inform your users about what personal information you collect from them; this includes any sensitive personal information.

To keep this clause well-organized, consider using a table or a bullet list that features all categories of data you collect.

Below is a sample of how Wix writes this clause in their own privacy policy:

Wix-sensitive-personal-information-privacy-policy

I’ll keep using the Wix privacy policy as an example in this section since the company does a good job practicing what they preach with regard to privacy compliance.

How You Collect the Personal Information

Some data privacy laws mandate you to explain how you collect personal information from your users, including the Privacy Act of 1988, PoPIA, and the EU and UK GDPR.

For example, you may collect data that individuals give to you voluntarily. But you might also get information by placing cookies on their browsers, asking them to fill out online forms, or gathering it from external sources.

Put this information directly in a clearly titled clause in your privacy policy, like how Wix did in the screenshot below:

Wix-collect-personal-information

How You Use Personal Information

Under most data protection laws, you must explain how you use the personal information you collect. For example, you may use it for targeted advertising, marketing, and research purposes or to fulfill contractual obligations.

If you fall under laws like the GDPR or the CCPA, you must also state your legal basis for collecting and processing the data.

See how Wix handles this clause in their privacy policy below:

Wix-How-You-Use-Personal-Information

If You Share The Data With Any Third Parties

Most data privacy laws obligate you to tell users if any third parties can access their personal information. In some cases, you must also list the categories of third parties with whom you share data.

Put all of these details in your Wix site’s privacy policy, and consider using a table or bullet list to format these sections so they’re easy for your users to read through.

Below is a sample of how Wix writes this clause in their privacy policy:

Wix-privacy-policy-Third-Parties

User Rights Over Their Personal Data

Nearly every data privacy law requires you to explain what rights your users have over their personal information. You must also explain how users can follow through on those rights.

If you fall under multiple laws, you’ll need to list the rights of users for each of those regions.

A good way to format this section is to separate it by law or user location so anyone from the EU can read about their rights from the GDPR, and folks in South Africa see their rights outlined by PoPIA, etc.

See how Wix writes this clause in their privacy policy below:

Wix-privacy-policy-User-Rights-Over-Their-Personal-Data

Information About International Data Transfers

Wix websites that may transfer personal data internationally should include a clause explaining what protections are in place to protect that data and ensure the users retain their rights over the information.

Laws like the GDPR, PoPIA, and PIPEDA legally mandate this.

Below, read a sample of how Wix writes this clause in their privacy policy:

Wix-privacy-policy-Information-About-International-Data-Transfers

Protecting Children’s Privacy

If your Wix website targets children, you must ensure your privacy policy follows all obligations outlined by COPPA.

If your site doesn’t target minors, you should still include a clause in your privacy policy stating as much and explaining how legal guardians can contact you just in case they ever believe you’ve accidentally collected information from their child.

Privacy Policy Changes and Updates

If your data processing activities change, you must update your privacy policy and inform your users as soon as possible.

Laws like the CCPA require you to update your policy once every 12 months, and CalOPPA requires you to inform users about any changes or updates within your privacy policy.

Below, read an example of how Wix writes this clause in their privacy policy:

Wix-Privacy-Policy-Changes-and-Updates

Link to Other Relevant Legal Policies

Whether you run a Wix website or not, it’s a business best practice to link to other relevant legal policies within your privacy policy.

Link to your website’s terms and conditions, cookie policy, and other necessary documents you want your consumers to have access to directly in a clause in your privacy policy.

Wix-privacy-policy-cookies-clause

Company Contact Information

You’ll also need to include the proper contact information for your business somewhere in your Wix privacy policy.

Laws like COPPA, PoPIA, and Australia’s Data Privacy Act of 1988 obligate you to include these details directly in your policy. But it also streamlines the process if your users have any questions, comments, or concerns regarding the agreement.

Below, you can see how Wix does it in their own privacy policy.

Wix-privacy-policy-Company-Contact-Information

How To Add a Privacy Policy to Your Wix Site

Now that you know what goes into a Wix website privacy policy, let’s discuss how to add it to your website following a few easy steps.

Step 1

First, log into your Wix account and go to the “Editor Page.” Then, click the “Menu & Pages” icon on the left side, shown in the screenshot below.

Add-a-Privacy-Policy-to-Your-Wix-Site-Step-1

Step 2

Next, to add a new page to your Wix site, click “Add Page,” as pictured below.

Add-a-Privacy-Policy-to-Your-Wix-Site-Step-2

Step 3

Now, you can add a blank page by clicking “+ Blank Page” on the top left-hand corner of the screen or by picking a page template for your privacy policy.

Either way, it’s a business best practice to ensure your privacy policy page has the same look and feel as the rest of your website.

Add-a-Privacy-Policy-to-Your-Wix-Site-Step-3

Step 4

After creating your new page, it appears under the site menu. So type “Privacy Policy” into the title field and click “Done.” It should now appear in your site directory.

See a screenshot of this step below.

Add-a-Privacy-Policy-to-Your-Wix-Site-Step-4

Lastly, click out of the sidebar editor, and you should be inside your new blank “Privacy Policy” page (I recommend you double-check the top left corner to ensure you’re in the right place).

Click the blue “plus” sign in the blank space and use the “Text” insert to paste in your privacy policy, as shown for you in the following screenshot.

Add-a-Privacy-Policy-to-Your-Wix-Site-Step-sidebar-editor

And just like that, you should have a privacy policy on your Wix website. Way to go!

Where To Display a Privacy Policy on Your Wix Site

You must link your Wix website’s privacy policy in specific places to fully comply with certain data privacy laws.

For example, I recommend putting a link to your most updated version of the policy in all of the following places (assuming they apply to your business):

  • Website footer: You should link your privacy policy in the footer of your Wix-hosted site. This is a static part of your website that appears on every screen, ensuring your users always have access to the agreement no matter where on your site they end up.
  • Payment screens: Payment screens are one of the most common places where data collection occurs, so put a link to your Wix website’s privacy policy on the checkout page so your users can read and agree to it before placing an order.
  • Account creation pages: Account creation or new user pages also typically collect personal data from users, so put a link to your privacy policy for your Wix site on these screens so users can read about your protocols before any data collection occurs.
  • Consent banners: If you obtain consent as a legal basis for processing personal information, include a live link to your privacy policy for your Wix site directly on the banner so your users can read about your protocols before clicking the ‘I agree’ button.
  • Privacy center: It’s a business best practice to create a privacy center for your website that hosts all necessary websites and legal policies you want your consumers to read and access, including your Wix website privacy policy.
  • In other legal documents: You should link your Wix website’s privacy policy within other relevant legal policies, like your terms and conditions. Because these documents are all closely related, it helps your users quickly find the information they want.

Real Examples of Wix Website Privacy Policies

Let’s look at a few strong examples of Wix websites with well-written privacy policies to help inspire you when you go to make your own.

Woodpecker Instruments

The Dutch-based music company Woodpecker Instruments uses Wix to host their website and links to a concise yet comprehensive privacy policy.

This company collects minimal amounts of personal data from users primarily to carry out and fulfill orders, so it’s a good one to use as inspiration if you run a similar simple Wix website.

For example, the highlighted text in the screenshot below explains how Wix hosts their site and what that means regarding data storage.

Wix-Website-Privacy-Policies-Woodpecker-Instruments

Further in the policy, they explain their process for making changes to their privacy policy and how they’ll update their users, shown in the screenshot below.

Wix-Website-Privacy-Policies-Woodpecker-Instruments-update-users

Cuts & Bruises

Next, let’s look at the privacy policy from the Wix-hosted website of Cuts & Bruises, a London-based barbershop.

In the highlighted text below, read their explanation about data subject rights for their European visitors, a requirement under the GDPR.

Wix-Website-Privacy-Policies-Cuts-&-Bruises

At the end of the policy, there’s also a section informing users how to contact the company’s data controller, another GDPR obligation. Check it out below.

Wix-Website-Privacy-Policies-Cuts-&-Bruises-GDPR-obligation

Their privacy policy is minimalistic and divided into easy-to-read sections that users can quickly scan. But it still includes all relevant information to meet appropriate legal obligations.

Ensure your Wix website’s privacy policy achieves this balance so it’s accessible to as many readers as possible and also thoroughly meets all necessary data privacy requirements.

Summary

Now you know why your Wix website needs a privacy policy. Although Wix itself doesn’t explicitly require one, several data protection laws do, and they may apply to your business.

Having one also shows your users that you care about their privacy rights and are a transparent and honest company.

Thanks to solutions like Termly’s Privacy Policy Generator and free privacy policy template, making a privacy policy for your Wix website has never been easier.

Masha Komnenic CIPP/E, CIPM, CIPT, FIP
More about the author

Written by Masha Komnenic CIPP/E, CIPM, CIPT, FIP

Masha is an Information Security and Data Privacy Specialist and a Certified Data Protection Officer. She has been a Data Protection Officer for the past six years, helping small and medium-sized enterprises achieve legal compliance. She has also been a privacy compliance mentor to many international business accelerators. She specializes in implementing, monitoring, and auditing business compliance with privacy regulations (HIPAA, PIPEDA, ePrivacy Directive, GDPR, CCPA, POPIA, LGPD). Masha studied Law at Belgrade University, and she passed the Bar examination in 2016. More about the author

Related Articles

Explore more resources