How to Write your Author Website Privacy Policy

A Privacy Policy is a document that discusses the ways in which data is used, and since the drastic circumstance GDPR (General Data Protection Regulation) brought in 2018 it’s more important than ever. In this blog, I’ll walk you through who needs a privacy policy, how you can display it and what to include in it.

How to write my author website privacy policy

Who needs a Privacy Policy?

Not every author with a website will need a Privacy Policy shown, you’ll only need one if you're collecting a users data in some way. This can be from the following:

• Collecting emails as part of any promotional email marketing

• Collecting shipping information as part of shipping your book

• Collecting non-personal data used to better a users experience such as what device they use, location and what browser they use.

Parts of a Privacy Policy

The parts of a Privacy Policy include:

• Personal Data

• Non-Personal Data

• Internet Cookies

• Data Security and Protection

• Email Marketing and Subscriptions

• Third Party

• Acceptance of Terms

• Questions?

You may not need to use all the points above, only the ones relevant to your site.

Personal Data

GDPR applies when Personal Data is processed, controlled or stored and is any information related to an identifiable person. You need to clearly state what Personal Data is collected, how it is collected and how it is stored.

Examples of Personal Data can be:

• Any part of a name (First Name, Middle Name(s), Surname, Initials)

• A personal email address (a registered company email address is not considered Personal Data)

• A home address

• An identification card number

• Location data

• IP address

Example Personal Data section from my own Privacy Policy:

‘Under the GDPR we control and process information about you electronically. If you voluntarily sign up for Melissa Hawkes’s newsletter or blog, then this site will record your email address, and in some cases first name and last name. You can refuse to supply such information but that will exclude you from having access to email communication such as, but not limited to, blog updates, monthly newsletter and latest news. When subscribers click on any provided links in one of my emails, the site may record this information.’

Non-Personal Data

Under GDPR, Non-Personal Data is any kind of data that doesn’t fall into the Personal Data category. It is any data that doesn’t relate to an identifiable person.

Examples of Non-Personal Data could be:

• Browser name

• Means of connection to the site (such as where the user has been referred from, any links that may have been clicked)

• Phone Device

Example Non-Personal Data section from my own Privacy Policy:

‘This site may collect non-personal information about visitors when they interact with this site. This information may include browser name, means of connection to the site, and other non-identifying information.’

Internet Cookies

Internet Cookies are not a form of delicious treat. They are messages that are passed to your web browser when you visit sites and include information such as which pages you access whilst on the site. They can also tell if you’re a returning visitor or not. You must state whether you use cookies on your site and how you track them, this could be from asking users to accept cookies before entering.

Example Internet Cookies section from my own Privacy Policy:

‘We use cookies on this site to provide you with a better experience. We do this by placing a small text file on this website which when visited can track how you use the website, to record or log whether you have seen messages that we display or to display relevant adverts or content.’

Data Security and Protection

You must let users know how you ensure the security of their data. For example, I have used Wix to create my author website, so I state in my Privacy Policy that they have their own security protocols.

Example Data Security and Protection section from my own Privacy Policy:

‘We ensure the security of any personal information we hold by using secure data storage technologies provided by in how we store, access and manage that information.’

Email Marketing and Subscriptions

If you collect email addresses and send email marketing then you must state what exact data is collected and what secure provider you use to send these messages with. You must also state ways in how a user can unsubscribe or cancel their subscription.

Example Email Marketing and Subscriptions section from my own Privacy Policy:

‘Under the General Data Protection Regulation we use the consent lawful basis for anyone subscribing to our newsletter or marketing email list. We only collect certain data about you as detailed in the "Processing of personal data" section above. Any email marketing messages we send are done so through a website and email marketing service provider. We use You can opt out of receiving emails or ask to see the data we hold for you, or request we remove your data at any time by the following methods;

• Unsubscribe at the bottom of the email sent •Contact us using the contact form provided here

Third Party

Third Party counts for any person, public authority, agency or body other than the controller (owner of the author site) who are under direct authority from the controller to process Personal Data.

Example Third Party section

‘Sometimes [Your Name] will include third-party links through email or on the website. These sites have their own policies and you should read those before giving any Personal Data.’

Acceptance of Terms

You must clearly state that by the user visiting and engaging with the site they automatically agree to these terms and conditions. You must also state what the user can do if they do not agree.

Example Acceptance of Terms section from my own Privacy Policy:

‘By visiting and using, you signify your acceptance of this Privacy Policy. If you do not agree, you can simply not use this site. Continues use of the site means you accept the policy and any periodic changes.’


You must clearly state the ways in which a user can contact you about any questions they have regarding the Privacy Policy.

Example Questions? section from my own Privacy Policy:

‘If you have any questions about this Privacy Policy or anything else on, please use the contact form provided here.

Where to display your Privacy Policy

The best way to display your Privacy Policy is through a hidden landing page on your website. Include all the above relevant information and then take the URL link and include it on your footer. Other ways could also including making it a visible page in your top menu or creating a PDF version of your Privacy Policy and linking to it that way.

To view my full Privacy Policy go to