The My Agile Privacy Policy Assistant was designed to simplify the creation of Privacy and Cookie Policies that are truly compliant with applicable regulations.
The process is intuitive and guided: by answering a series of questions about your business and your website’s features, the Policies will be updated based on your specific use case. The whole process only takes a few minutes and just a handful of simple steps.
It’s time to prepare and gather the information you will need.
Take a moment to make sure you have your company details handy, a list of your website’s features, and a clear idea of where your customers are located.
The progress bar at the top shows you the entire journey and your current status.
Each step comes with clear explanations and practical examples.
This step is essential to determine which laws apply to your business. It’s important to define both where your business is based and where your clients and users are located, in order to correctly identify which regulations apply.
Where you are based: this determines the main jurisdiction under which you operate. Select the country where your company is legally registered from the dropdown menu.
Where your customers are located: here you have two main options. If your business is purely local, you can choose “Only in my country.” But if your horizons are broader, you’ll need to select “Choose countries” and specify the regions where you intend to operate.
When you specify that your customers are in multiple regions, you’ll see a list of geographic areas appear.
You’ll need to select the regions where your customers are located (Any EU country, United Kingdom, Canada, Switzerland, Brazil, United States, etc.).
Since each U.S. state adopts its own privacy regulations, for the United States you can select individual states such as California, Colorado, Connecticut, and others.
Based on your selections, the assistant automatically identifies which regulations may apply to your case, from the list below:
You’ll see colored info panels for each regulation, with key details for each: you’ll need to confirm which ones apply to your specific case.
This step determines the entire legal framework of your Policies.
The assistant uses this information to tailor texts, obligations, and rights specific to each jurisdiction.
This way, your Privacy Policy will reflect your real situation.
Here we collect the essential information about the Data Controller.
Legally speaking, you (or your company) decide how and why personal data is collected and used. For this reason, users must clearly know who is managing their personal data. You’ll need to fill out:
Company or website owner’s name: this becomes the “Data Controller” in your Policies. This field clearly identifies who is responsible for the collected data.
Business email: this is the main channel through which users can contact you regarding their Privacy rights.
Company address and VAT number are not mandatory fields—you may be an individual. But if you’re a company, this information completes the picture and provides users with everything they need to be informed about data collection.
As you can see, there’s a checkbox asking if you have a Data Protection Officer (DPO).
The DPO is a professional role that oversees privacy compliance, acts as a liaison with supervisory authorities, and advises the company on data protection matters.
Not every business is legally required to have one: it is generally mandatory for public bodies, companies that conduct large-scale systematic monitoring, or that process large amounts of special categories of data (such as health or judicial data).
However, even smaller companies may choose to appoint one, to ensure greater security in privacy management.
So, if you have one, tick the box and fill in the additional fields with your DPO’s information. Otherwise, move on.
Here you specify exactly what happens on your website: from the list of features, you must select only those that are actually active.
The resulting Policies will also be tailored based on this information.
Each entry represents a different way of interacting with your users, and therefore a different type of data collection:
Contact forms: probably the most common feature. If your website has even a simple “Contact Us” page or a request form, this box must be selected.
Online payments: covers the entire e-commerce world. From selling physical products to digital services, subscriptions, and one-time payments.
If you process transactions, manage financial data, and billing information, this option must be selected.
Account registration: covers any system that allows users to create a profile: reserved areas, personal dashboards, login systems.
Newsletter and email marketing: includes not only classic newsletters, but also promotional SMS, direct mail, and any direct marketing communication.
Reviews and feedback: includes rating systems, customer testimonials, satisfaction surveys, and any mechanism to collect user opinions.
Two options deserve particular attention:
Minors’ personal data: if your site collects data from individuals under 18, you must select this option.
Minors’ data has special protections under all major regulations.
Special categories of personal data: these are so-called “sensitive data”—information on health, political orientation, religion, sexual orientation, biometric or genetic data. If your site collects this type of information, it requires even stricter legal protections.
Warning: select only the features that you have actually activated. It’s important to be accurate and avoid providing incorrect information, in order to prevent confusion and legal issues.
Each feature you select will result in specific sections being included in the Policies, explaining:
- Which data is collected for that feature;
- Why it is necessary (the legal basis);
- How it is used;
- What rights users have regarding that data.
Rarely does a website operate in complete isolation: you probably use hosting, analytics, email marketing, or other services that may have servers in countries different from yours.
Do you use providers located outside the EU, Switzerland, or other countries recognized as adequate?
International transfers aren’t just the obvious ones (like using a U.S. server) but may be hidden in seemingly harmless services:
Your hosting service may have globally distributed data centers, and data could automatically end up on non-European servers to optimize performance.
The European Union maintains a list of countries considered “adequate,” meaning with protection standards essentially equivalent to European ones. If your data is exported only to these countries, you can proceed to the next step (you can find the list of adequate countries here).
But if you use services based in other countries not considered adequate, you must select the option. A list of countries will appear, and you’ll need to select the ones where your data is shared.
The final step focuses on the concrete measures you’ve put in place to protect your users’ data.
All the options you have implemented must be selected.
Encrypted communications (HTTPS): probably the most universal measure. If your site uses HTTPS protocol (and it always should), this box must be selected. It means all communications between users’ browsers and your server are encrypted, preventing interception during transfer.
Log monitoring: refers to the ability to track who accesses systems and when. If you have systems that log access, detect suspicious activity, or track changes to data, tick this box.
Regular backups: one of the most concrete protections against data loss. If you have automated or manual procedures that create backup copies of data, regularly tested for restoration, select this option.
Security audits and checks: represent a more sophisticated level of protection. If you regularly commission penetration tests, vulnerability checks, or third-party security audits, this option should be selected.
Data access limitation: concerns your internal policies. If you’ve implemented granular authorization systems, staff training on security procedures, and controls over who can access which data, this is an important organizational measure and the box should be selected.
Once this step is completed, you can click on “Finish configuration” to move to the final step, which automatically generates the Policies and guides you through the next step: publishing the Policies on your site.
It’s time to add the policies to pages on your site that users can access.
From the menu item my Agile Privacy > Privacy Settings, go to the POLICIES AND REGULATIONS tab.
Here, link the pre-filled texts to the Personal Data Policy and Cookie Policy pages. Select the correct page from your site and insert the provided shortcode to display the updated policy.
Privacy Settings
This website uses cookies to improve your experience while you navigate through the website.
