If you use retargeting on Facebook such as with Facebook Pixel or another Website Custom Audiences tool, you're going to need to create a Privacy Policy or update your current Policy to inform users of your use of retargeting.
This is because whenever personally identifying user information is collected from users, a Privacy Policy is legally required, and retargeting collects identifying personal information about users.
Retargeting can be excellent for your business, but it does come with increased compliance requirements.
In retargeting, personal information is collected and then used across the internet to show targeted advertisements based on the collected information.
Retargeting also uses cookies to track and access users, which triggers a legal requirement for a Privacy Policy as well.
Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:
-
At Step 1, select the Website option or App option or both.
-
Answer some questions about your website or app.
-
Answer some questions about your business.
-
Enter the email address where you'd like the Privacy Policy delivered and click "Generate."
You'll be able to instantly access and download your new Privacy Policy.
The Law
A Privacy Policy is required by a number of international laws and directives including:
- CalOPPA (the California Online Privacy Protection Act)
- PIPEDA (The Personal Information Protection and Electronics Documents Act)
- The Australian Privacy Act
- The EU's Data Protective Directive and the ePrivacy Directive, and
- The UK's DPA (Data Protection Act)
Cookies
The use of cookies in retargeting triggers the requirements of the EU Cookies Directive. If your business reaches EU citizens and places cookies on their devices (which your Facebook retargeting does), you're going to need to inform your users:
- That you use these cookies,
- How you use them as part of retargeting, and
- Obtain consent before using cookies
Most businesses meet the requirements of the EU Cookies Directive by including a section about cookies usage within a Privacy Policy, or through a separate Cookies Policy page.
Here's an example of how Sleep Train includes a Cookies section in its main Privacy Policy:
You can also create a separate Cookies Policy if you prefer, such as this one from Wabco:
A Privacy Policy is Required by Facebook
Before you can activate and start using Facebook retargeting, you'll have to agree to Facebook's Terms For Conversion Tracking, Custom Audiences From Your Website, and Custom Audiences From Your Mobile App.
These terms from Facebook include a section that requires that you provide:
"clear and prominent notice on each webpage where Facebook Tools are used that links to a clear explanation (a) that third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive information from your websites and elsewhere on the internet and use that information to provide measurement services and target ads, (b) how users can opt-out of the collection and use of information for ad targeting, and (c) where a user can access a mechanism for exercising such choice."
Here it is:
This can be easily accomplished by updating your Privacy Policy to inform users about your use of retargeting.
Note that Facebook also requires Facebook Page admins to have a Privacy Policy.
Examples of Facebook retargeting in Privacy Policies
Here's how a few different businesses that participate in Facebook retargeting with Facebook Pixel let users know of this in their Privacy Policies.
Cvent
Cvent includes a section in its Privacy Policy called "Advertising and Analytics".
This is where users are informed that Cvent uses:
"Facebook Custom Audiences to deliver advertisements to Website Visitors on Facebook based on email addresses" and that Cvent may use information they collect from users "to display advertisements from our Customers to their target audience of users."
Here's a screenshot:
Sleep Train
Sleep Train's Privacy Policy has a separate section specifically for Facebook Custom Audience Ads. This section lets users know about the use of interest-based ads, how personal information is used, and how a user can opt out of these ads:
Goodgame Studios
Goodgame Studios includes a section in its Privacy Policy titled "Cookies of third party providers and tracking."
A sub section titled "Facebook Conversion Tracking Pixel" includes information about the Facebook tool, including that the tool allows Goodgame Studios to "follow the actions of users after they are redirected to a provider's website by clicking on a Facebook advertisement."
Facebook's own Privacy Policy is linked here, as well as a link to where a user can revoke consent to be tracked:
Meininger Hotels
The Meininger Hotels' Data Privacy Statement has a paragraph about the use of "Custom Audience Pixel."
These pixels are defined and explained, letting users know that they're "a tiny piece of JavaScript code that we have incorporated into each of our web pages" and that "this piece of code provides a series of functions for transmitting application-specific events and user-defined data to Facebook."
Users are further informed that "this pixel records information about the user's browsing session, which it sends to Facebook, along with a hashed version of the Facebook ID and the URL viewed" and that this is all so that Meininger can advertise its services to people on Facebook:
Glitch Festival
Glitch Festival has a Facebook Pixel section in its Privacy Policy.
This short paragraph summarizes in a really basic way how Facebook Pixel works by letting users know that pixels track what actions people take after viewing ads, and that these tracking pixels are added to pages where conversions will happen.
An opt-out link is provided, and users are informed that no personal information is collected or contained in the pixels.
Spotify
Spotify's Privacy Policy includes a chart that very clearly breaks down what types of cookies and other tracking technologies are used, and for what purpose:
A separate section immediately following this chart lets users know how they can manage their cookie preferences:
Zynga
Zynga's Privacy Policy includes a bullet-point list of some kinds of technical information it collects via its tracking technologies, such as Facebook Pixel.
An opt-out link is also provided, as well as a link to more detailed information about Third Party Advertising Including Tailored Advertising and Analytics.
As you can see, there isn't one correct way to present cookie and retargeting information for your Facebook retargeting in your Privacy Policy.
This can be done in so many ways and formats, so long as the following information is included and users are informed:
- That third parties, including Facebook, may use cookies, web beacons, and other storage technologies to collect or receive specific types of information and use that information to provide targeted ads,
- How they can opt-out of this data collection and use of information for ad targeting, and
- Where they can actually opt out of this, such as an actual link to an opt-out form.
This will keep you compliant with privacy and data laws, as well as the Facebook Website Custom Audiences Terms.
Comprehensive compliance starts with a Privacy Policy.
Comply with the law with our agreements, policies, and consent banners. Everything is included.