1. Start with identifying who you are - controller or processor. The first one collects data independently, the second one processes data on behalf of the controller.
2. Identify specific collection methods you use gathering personal information on the website and types of data.
3. Provide comprehensive information about data subject rights. However, do not forget to prescribe the acceptance of conditions in your policy.
4. As far as your privacy notice stands, it's a rather intricate document that covers many legal aspects. Your users would benefit from it is very well structured, so do place a table of contents in the beginning.
5. Address your website visitors in a polite and prudent fashion.
7. Your policy document should have an appealing design and reflect your corporate style.
8. Provide information related to data security - what kind of measures you use to protect the data. For example, it might be HTTPS/TLS data protocol for transmission, and encryption at the database level.
9. Tell your visitors about the ways they can withdraw their consent at will.