A Privacy Policy aims to inform users of their rights in relation to the collection of their personal data, and how those rights can be exercised.

To achieve this, your Privacy Policy should provide a clear summary of how you collect users' personal data, what you do with the personal data you collect, and users' rights in relation to this.

The best way to incorporate this into your Privacy Policy is with a "What Are Your Privacy Rights" clause, which this article will explore deeper.

Our Privacy Policy Generator makes it easy to create a Privacy Policy for your business. Just follow these steps:

  1. At Step 1, select the Website option or App option or both.

    TermsFeed Privacy Policy Generator: Create Privacy Policy - Step 1

  2. Answer some questions about your website or app.

    TermsFeed Privacy Policy Generator: Answer questions about website - Step 2

  3. Answer some questions about your business.

    TermsFeed Privacy Policy Generator: Answer questions about business practices - Step 3

  4. Enter the email address where you'd like the Privacy Policy delivered and click "Generate."

    TermsFeed Privacy Policy Generator: Enter your email address - Step 4

    You'll be able to instantly access and download your new Privacy Policy.



What is a "What Are Your Privacy Rights" Clause?

A What Are Your Privacy Rights clause is a statement summarizing:

  • The kind of personal data you collect
  • Users' rights in relation to their personal data
  • How users can raise any concerns or otherwise exercise their privacy rights

It's mandatory to include a What Are Your Privacy Rights clause in your Privacy Policy under certain legislation.

Is a "What Are Your Privacy Rights" Clause Required in a Privacy Policy?

Is a

If you have users in the UK, EU, or California, you are required to inform users of their privacy rights under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA).

Regardless of whether it's legally required, including a What Are Your Privacy Rights clause in your Privacy Policy is best practice when it comes to ensuring your users fully understand their data rights.

Including this clause enhances your organization's transparency around data processing, a subject of increasing importance to users. It reassures users that you handle their personal information ethically and responsibly.

How to Incorporate a "What Are Your Privacy Rights" Clause into Your Privacy Policy

You can incorporate a What Are Your Privacy Rights clause in your Privacy Policy in a variety of ways. Like all sections of a Privacy Policy, the key is to ensure it's clearly written and easy for readers to understand.

Here's how Bankuet includes a What Are Your Privacy Rights clause in its Privacy Policy's table of contents:

Bankuet Privacy Policy Table of Contents with What Are Your Privacy Rights link highlighted

Users can quickly and easily jump to that part of the Privacy Policy and find out more, as seen in Bankuet's clause below:

Bankuet Privacy Policy: What are your privacy rights clause

If you're including a What Are Your Privacy Rights clause in compliance with UK or Californian data protection laws, you can also directly refer to the relevant legislation.

For example, Claridge's Privacy Notice refers to this clause as "Your California Privacy Rights." It goes on to list five CCPA-specific user rights and provides an email address users can contact to exercise their rights under the CCPA:

Claridges CCPA Privacy Notice: Your California Privacy Rights clause excerpt

Regardless of how you present a What Are Your Privacy Rights clause in your Privacy Policy, it should clearly and succinctly explain users' rights and how they can exercise them. Let's look at that in more detail.

What Information Should a "What Are Your Privacy Rights" Clause Include?

What Information Should a

A What Are Your Privacy Rights clause should include the following points of information:

  • An explanation of users' privacy rights
  • An explanation of how users can exercise their rights
  • Information about how you handle cookies, or a link to your Cookies Policy, if applicable

Explanation of Users' Privacy Rights

A What Are Your Privacy Rights clause should clearly set out and explain users' fundamental privacy rights in relation to their personal information.

For example:

  • Users have eight rights under the GDPR including the right to be informed, the right to request their information be deleted, and the right to access their personal information.
  • Users have five rights under the CCPA including the right to know what personal information is being collected and how it's being used and the right to opt-out of the sale of their personal information.

This information can be presented in several different ways.

In its What Are Your Privacy Rights clause, Quitain lists users' rights in a table format with a detailed explanation of each right:

Quintain Privacy Policy: What are your privacy rights clause excerpt

In comparison, Modo's Privacy Policy includes a concise but comprehensive bullet-point list of users' data rights:

Modo Privacy Policy: What are your privacy rights clause excerpt

MullenLowe Profero's "What Are Your Privacy Rights" clause includes a brief statement of the users' main data protection rights under the GDPR:

MullenLowe Profero Privacy Policy: What are your privacy rights clause excerpt

As you can see, you can format this section as you wish, as long as it clearly informs users about their rights under your Privacy Policy.

How Users Can Exercise Their Rights

Your What Are Your Privacy Rights clause should also tell users how they can exercise these rights in relation to their data. This includes correcting and accessing personal information as well as opting out of the sharing or sale of their personal information.

Oracle does this by providing a link to a form where users can contact Oracle's Privacy Team with their concerns or personal data requests:

Oracle Privacy Policy: What are your privacy rights clause with inquiry form link highlighted

Hologo has a separate clause for California residents and informs them of how to exert their rights by submitting a request in writing to the provided contact information:

hologo-privacy-policy-california-residents-specific-rights-clause

Verbolia explains how European users can make a complaint to their local data protection supervisory authority:

Verbolia Privacy Policy: What are your privacy rights clause excerpt with contact information highlighted

Including an email address in your What Are Your Privacy Rights clause that users can contact with any privacy-related issues, complaints, or requests would also be sufficient.

Your Cookies Policy

If your site collects cookies, you must notify users of this, and inform them that they can opt out of this. A What Are Your Privacy Rights clause is a good place to do this, especially if you don't have a separate standalone Cookies Policy.

The Millennial Money Woman includes a short paragraph explaining its use of cookies and providing a link for users to opt out:

Millennial Money Woman Privacy Policy: What are your privacy rights clause - Cookies and similar technologies excerpt

Summary

If your site or service has users in the UK, EU, or California, you're legally required to include a What Are Your Privacy Rights clause in your Privacy Policy. Even where it's not mandatory, doing so ensures users are fully informed about their data rights when engaging with your site or service.

A What Are Your Privacy Rights clause should use clear and simple language to explain users' privacy rights, how they can exercise their rights, and your Cookies Policy.

Privacy Policy Generator
Comprehensive compliance starts with a Privacy Policy.

Comply with the law with our agreements, policies, and consent banners. Everything is included.

Generate Privacy Policy