Date of publication:
29 Mar. 25How to Properly Draft a Public Offer and Privacy Policy on the Website
Imagine the situation: you launched an online store, everything is going great, customers are placing orders, and advertising is generating profit. But suddenly, a request comes from regulatory bodies or, even worse, from lawyers of a dissatisfied customer. You are being presented with claims: “You don’t have a public offer,” “Your privacy policy doesn’t comply with the laws.” Facing threats of fines, court proceedings, and even website blocking.
Can this be avoided? Yes! A correctly formatted public offer and privacy policy are not just “another document on the site,” but your legal shield. They help:
- protect the business from unfounded claims;
- reduce legal risks;
- increase trust from clients and partners.
But here’s the problem: many entrepreneurs don’t know how to correctly draft them, what should be in these documents, and where to place them.
In this article, we will thoroughly examine:
- what a public offer and privacy policy are, and who needs them;
- what requirements are set by Ukrainian legislation and international regulations (GDPR, CCPA);
- real cases of companies that received fines due to violations;
- a step-by-step guide for your site: what, how, and where to add.
If you own a business or plan to launch a site, this material will help you avoid costly mistakes. Let’s figure it out together!
Public Offer: What It Is and Who Needs It
A public offer is a contract that the customer automatically enters into with you just by making a purchase. No papers are signed; everything happens online. However, legally it is still a full-fledged agreement.
Do you specifically need it:
- If you sell products or services online — yes.
- If you accept payments on the website — yes.
- If you have a subscription service, membership, online courses — yes.
Even if you simply post a card number and receive transfers in direct messages, formally this is already commercial activity, which means you also need an offer.
Why It’s Important to Have a Public Offer and Privacy Policy
Imagine: you launch an online store, the advertising works, customers are placing orders, money is flowing into your account. And suddenly — a letter from a lawyer or even a lawsuit. The customer is outraged, claiming, “I did not agree to these terms,” or worse — you are accused of illegally collecting personal data.
You panic, you open the website and realize: there’s not a word about the terms on which the business operates. Privacy policy? Offer? Yes, there seemed to be some templates, but who thought it was important?
And it is important. Here’s why:
- You avoid misunderstandings with clients. The offer clearly defines the terms under which the client purchases a product from you or uses services.
- You protect yourself from lawsuits. If all terms are documented, claims like “I didn’t know” won’t work.
- You do not break the law. And fines for violations can be astronomical. In Europe, companies have paid millions of euros for failing to comply with GDPR, and this is no exaggeration.
These documents are your legal shield. And even if you only sell homemade cakes through Instagram, it’s better to take care of them in advance than to deal with it in court later.
What should be in the offer
To have legal force, the document must clearly outline key points:
- What exactly you are selling. Products, services, consultations — anything.
- How payment is processed. Available methods, fees, crediting time.
- Shipping and returns. How quickly you send orders, whether an item can be returned, and if so, how.
- Who is responsible for what. For example, if the postal service loses a package, who compensates for the loss?
Without this, your offer is just text on a website, not a legal document. In short: an offer is necessary for anyone conducting business online, and its absence is like running a red light. It might work out, or it might not.
One of the most striking examples is the case with the online store Rozetka. A customer demanded a refund for an item that had already been used. However, the store’s terms clearly stated that products of proper quality are non-returnable after use. The court sided with Rozetka.
If the document had been improperly drafted or was entirely missing, the result could have been entirely different.
Privacy Policy: What It Is and Why Your Business Is a Sitting Duck Without It
Let’s get straight to the point. A privacy policy is a document that explains to customers what data you collect, why you do so, and who you might share it with. If this document is missing or written like a rocket operation manual, you’re in trouble.
Why? Because people have become more attentive to their personal data. No one wants their email addresses, phone numbers, or even purchase histories to fall into the hands of advertising agencies or fraudsters. And if your site doesn’t explain what happens to these data, there will be no trust.
Moreover, there is a legal aspect to consider. In the EU, it’s GDPR, in the USA, it’s CCPA, and in Ukraine, it’s the ‘Law on Personal Data Protection.’ These aren’t just fancy abbreviations, but laws that envision huge fines for violations.
So, a privacy policy is not just another item in the website footer. It is a document that protects you and your business.
What data you collect without even suspecting it
Think your site doesn’t handle personal data? Think again.
Here’s what you receive from customers almost automatically:
- Name, phone, email (during registration or purchase).
- IP address (logged by the site’s server).
- Messages in feedback forms (everything a person wrote to you).
- Cookies (which can reveal user behavior on the site).
- Payment information (if there is online payment).
Even a simple landing page website that only collects applications through a form already handles personal data. And here’s the question: what do you do with these data?
What must be included in the privacy policy
To ensure your document is not a formality but actually works, the following points must be clearly outlined:
- What data you collect. The more specific, the better.
- Why you collect them. For order processing, improving site performance, marketing mailings, etc.
- Whether you share data with third parties. For example, with delivery services or payment systems.
- How users can delete their data. This is an important point, as people have the right to request the deletion of their information.
- How security is ensured. What measures you take to protect customer information.
A big mistake is simply copying the privacy policy from another site. For example, if you sell cosmetics and copy the document from a SaaS service, it may contain completely different requirements that do not match your business.
What happens if you simply ignore this document
“Who needs it?” — that’s what most site owners think until they face problems.
Without a privacy policy, the following risks are possible:
- Loss of customer trust. People have become more cautious. If they don’t see their data being protected, they will simply go to a competitor.
- Legal claims. In Europe, companies are obliged to explain how they handle user data. If this is not done, fines are possible.
- Site blockage. Some advertising systems (for example, Google Ads or Facebook Ads) may block your site if you don’t have a privacy policy.
Is it worth the risk? Unlikely.
How to make a privacy policy simple and clear
Most companies make the same mistake: they write this document in complex legal language that no one understands.
Here are some tips on how to make it accessible:
- Write simply. If you can say “we collect your email to send updates,” then write that way, rather than “the collection of personal data is carried out for the purpose of user information service.”
- Make the structure clear. Highlight blocks so users can quickly find the information they need.
- Add explanations. For example, if you use cookies, explain why and what they are needed for.
- Give people choices. If they want to opt-out of newsletters or delete data, make it a very simple process.
Privacy Policy: For or Against
A privacy policy is not just a mandatory legal document but also a tool to increase customer trust.
If it is done correctly:
- People understand that their data is protected.
- Your business avoids legal risks.
- Advertising systems do not block the site.
And most importantly, you do not receive surprises in the form of fines or complaints from clients.
It’s time to check if you have this document and if it meets the real requirements. If not, it’s better to fix the situation now rather than dealing with the consequences later.
Legal Risks and Penalties: What Happens if You Ignore the Documents
Let’s get straight to the point: what happens if a website has neither a public offer nor a privacy policy? Well, initially, probably nothing. The site will operate, clients will place orders, and money will keep flowing into the account. But then one day…
- One of the buyers decides to return a product but can’t find clear terms. They start complaining.
- Someone notices that you collect data but don’t explain what you do with it. They file a complaint.
- Competitors or ‘well-wishers’ report to regulatory authorities that you lack legal documents. An inspection begins.
And this is where the real chaos begins.
What the Law Says
Data protection laws exist worldwide, and they’re no joke:
- The GDPR operates in the EU. If your site has at least one European customer and doesn’t explain what it does with their data, you may be fined up to 20 million euros or 4% of annual turnover.
- The CCPA in the USA gives users the right to request the deletion of their data and allows companies to face massive lawsuits for violations.
- In Ukraine, the Law ‘On Personal Data Protection’ also provides for liability for improper storage or use of customer information.
And most importantly — the laws apply not only to large corporations. There have already been cases where small companies faced serious fines due to breaches of data processing rules.
Real cases: who has already paid the price
Okay, it might seem that multi-million euro fines are only a problem for Google, Amazon, or Facebook. But there are also small business stories, and they are very telling.
In 2021, a small online store in France received a fine of 20,000 euros for not explaining how it handled cookies. A customer decided to file a complaint — and that was the end of peaceful business.
Another interesting case involves a British company that stored customer data without their consent. Consequently, they were fined £90,000.
Now imagine the situation: a customer in Ukraine decides to file a complaint because your site lacks a clear privacy policy. If the regulator decides that you are breaking the law, they could block the site or impose a fine.
Conclusion? If you’re doing business online, you need to take care of legal documents to avoid becoming the next ‘hero’ of similar cases.
How to protect yourself from fines and claims
It’s simple. You just need a few things:
- Publish a public offer. It should explain the terms under which customers buy goods or use services.
- Create a clear privacy policy. Explain what data you collect, why, and how it’s protected.
- Place documents in an accessible location. The link should be in the website footer or during the checkout process.
- Obtain user consent. Add a checkbox for people to confirm that they have reviewed the documents.
And most importantly — do not copy template texts from other sites. This can only complicate things if, upon verification, it turns out that your document does not reflect reality.
Do not ignore legal documents
Ignoring legal documents is like playing roulette. Nothing may happen for a long time, but at some point, things will change, and fines may become the least of your problems.
What you should do right now:
- Check if you have a public offer and a privacy policy.
- Update the documents if they are poorly written or simply copied from another site.
- Ensure that clients can easily review them.
Legal nuances are not the most fascinating part of running a business, but without them, you might lose the business altogether.
Where to place the offer and privacy policy so that they actually work and not just hang for show
We have reviewed this question in our article before, but now let’s examine it in more detail. So, you have documents. Clearly and understandably written, without fluff and legal jargon. But what next? Just upload them to the site and forget? Not quite.
A common mistake of many entrepreneurs is hiding these documents so well that even Indiana Jones couldn’t find them in the footer. Then they wonder why clients are unaware of the purchase terms or raise complaints. Let’s figure out where and how to place the offer and privacy policy so that it is convenient and useful for everyone.
Website footer — a classic that works
Yes, it’s the most obvious place. Most people (especially lawyers and regulators) know that key legal documents are usually placed there.
What needs to be done:
- Add separate links in the website footer: “Public Offer” and “Privacy Policy”.
- Use clear names. No “legal documents” or “important information.” People should immediately understand where they are going.
- Ensure that the pages open without errors, especially on mobile devices.
It’s a simple and logical option but insufficient if you want to avoid legal issues.
Checkout — a moment when a person must see the documents
If you have an online store or service where the client buys something, it is important to add a checkbox with confirmation of agreement. What does this mean? Before clicking the “Place Order” or “Subscribe” button, the user should see a phrase like:
“By placing an order, you accept the terms of the public offer and privacy policy.” And most importantly — there should be clickable links here. Because just plain text without the ability to view the document is a legal trap that won’t help in the event of a dispute.
Registration or Subscription Form
Here, everything works on the same principle as when placing an order. If you ask the client to leave their email, phone, or other personal data, they need to understand exactly how you will use it. What you should do:
- Add a short text under the form: “By registering, you agree to our privacy policy.”
- Make the link active — people should be able to review the document before providing you with their data.
Many companies neglect this, and it is bad. Because if a client says they didn’t know their email would be added to your mailing list, they can file a complaint.
Consent checkbox — not just a tick, but legal protection
If you truly want to protect yourself from misunderstandings, make sure the user actively checks a box to give consent.
For example, before completing registration or finalizing a purchase. It might look like this:
“I have read and agree to the terms of the public offer and the privacy policy.”
This method works much better than just a textual mention. If a dispute arises, you’ll be able to prove that the customer explicitly agreed to the terms.
Privacy Policy in the Cookies Notification
If your website uses cookies (and it almost certainly does), you need to inform users about it. What you should do:
- Add a banner that appears upon the user’s first visit.
- Clearly state that the site uses cookies and include a link to your privacy policy.
- Include buttons like “Accept” or “Customize Cookies” so users can manage their preferences.
In the EU, this is already a standard — and it’s quickly becoming the norm in Ukraine as well.
How to check if your documents comply with the law
Okay, you’ve written your public offer and privacy policy, placed them on your website, and even added checkboxes where needed. But is everything really done right?
Many business owners assume that simply copying text from another website or using a template is enough. But here’s the issue: every business is unique, and your documents should reflect the way your business actually operates. To avoid unnecessary risks, it’s worth doing a final review.
What you absolutely need to check
Before breathing a sigh of relief, make sure your documents don’t just exist — but actually work. Here are the key points you need to review:
- Do they truly reflect your business? If you run an online store but borrowed a privacy policy from a SaaS service, that could be a critical mistake.
- Are there any contradictory or illogical statements? For example, if you say “we do not share data with third parties” and then mention working with payment systems and delivery services — that doesn’t add up.
- Does the text contain specific details? Saying “we collect some data” means nothing. But “we collect name, email, and phone number to process your order” — that’s clear and accurate.
Check these points and you’re already halfway to success. This will help you avoid many potential issues.
How to review your legal documents without a lawyer
If you don’t have the budget for legal support, here are a few life hacks to help you review your documents on your own:
- Read through the eyes of a customer. Imagine visiting your website for the first time without knowing how your business works. Are your terms clear? Is important information easy to find?
- Try to find weak spots. Imagine you’re an unhappy customer trying to find a loophole to complain or sue. Are there any statements that could be used against you?
- Go through a checklist.
To make it easier, here’s a short list to help you assess your documents:
- Does your privacy policy clearly list the data you collect?
- Does your public offer explain how payment, delivery, and returns work?
- Are there any contradictions in your texts?
- Are the documents easy to locate on your site?
- Is there a mention of cookies and how users can manage them?
- Is there a checkbox for agreeing to the documents during checkout or registration?
If you answered “yes” to all — well done, your business is on the safe side. If there are any gaps, it’s better to fix them now than wait for problems to appear.
How to check your documents without a lawyer
If you run a large business or work in a regulated industry (finance, healthcare, insurance), a lawyer is essential. They will help tailor your documents to the legal requirements and consider all the necessary nuances. But if you’re just starting out or running a small business, you can manage on your own using proper templates and common sense.
Important reminder
A public offer and privacy policy aren’t just “decoration” for your website — they’re real protection for your business. And the worst thing you can do is simply download a random template without checking whether it actually fits your needs.
What you should do right now:
- Read your documents through the eyes of a customer.
- Make sure there are no contradictions.
- Go through a checklist and fill in any gaps.
- Consult a lawyer if possible.
If you get it right, you won’t have to worry about legal issues — you can focus fully on growing your business.
Conclusion: legal documents aren’t just a formality — they bring peace of mind
Let’s be honest. If you still haven’t taken care of your public offer and privacy policy, it doesn’t mean everything’s fine — it just means the problems haven’t started yet. To avoid them, make sure you do three things:
- Ensure you have a public offer and a privacy policy. Not just any templates, but ones that truly reflect your business.
- Place them in the right locations. Don’t hide them in your site’s footer — make them easily accessible during registration, checkout, and in your cookie banner.
- Read them yourself. Does everything make sense? Will a customer clearly understand what they’re agreeing to? Are there any contradictions between different sections?
If you’ve already got this covered — great, you’re one step ahead of most business owners. If not — now is the perfect time to fix it, before the consequences catch up with you.
