Privacy Policy: what it is, its relationship to Marketing and Sales strategies and how to comply with the LGPD

LGPD, in addition to regulating the use of personal data, also brings a new look at the Privacy Policies. Learn more in this article

Privacy Policy is the document that contains the Privacy and Security practices and measures adopted by a certain organization. Its purpose is to provide information about how the company obtains, uses, stores and protects the personal data it collects, in order to bring transparency to the owners of the personal data it holds.

The purpose of this post is for information purposes only – we do not provide legal advice nor are we responsible for measures that may be taken by third parties.

You may have already noticed that the new Brazilian General Data Protection Law (LGPD) has been one of the issues of the moment. The law stipulates a series of obligations for companies and organizations regarding the collection, storage, processing and sharing of personal data, both online and offline.

Although the LGPD brings news about the regulation of the use of personal data, the law also emphasizes familiar themes, such as the Privacy Policies . In this article, we are going to demystify the Privacy Policies, in addition to talking a little about the relationship of this document with Marketing and Sales strategies.

What are the Privacy Policies?

The Privacy Policy is nothing more than a document containing the Privacy and Security practices and measures adopted by a certain company or organization.

In general terms, the purpose of the Policy is to provide information on how the company obtains, uses, stores and protects the personal data it collects , in order to bring transparency to the owners of the personal data it has.

The Privacy Policies gained more visibility after the creation of the LGPD, but the subject is not new. The Marco Civil da Internet, in force since 2014, already talked about it:

The Marco Civil da Internet says that access to the internet is essential to the exercise of citizenship, and guarantees the user the right to publicity and clarity of any policies for the use of organizations that provide services through the internet (art. 7, II, MCI ). 

The LGPD reinforces what was already foreseen since the MCI . The principle of transparency determines that your company provides data subjects (users, leads, customers, etc.) with clear, accurate and easily accessible information about the operations and practices it carries out with personal data.

Além disso, a LGPD também determina que:

In order for companies and organizations to comply with the Principle of Transparency and the Principle of Security, they may implement a privacy governance program that, at a minimum, demonstrates the controller’s commitment to adopting internal processes and policies that ensure compliance, in a comprehensive manner, of norms and good practices regarding the protection of personal data (art. 50, § 2, I, LGPD).

What you can’t miss when making a Privacy Policy in accordance with the LGPD

clarity and transparency

Have you ever stopped to think about how many Privacy Policies you have read in your life? Unless you’re from the legal world, possibly not many. No wonder: a study by researchers at Carnegie Mellon University estimated that, for an average person to read all the Policies of the websites they access in one year, they would spend an average of 201 hours, the equivalent of US$ 3,354 dollars.

Another study by GPEN found that of the Privacy Policies analyzed, 85% fail to provide adequate information about the use of personal data, 59% are difficult to understand, 1/3 collects too much personal data, and 43% have an inadequate interface (letters too small, or texts too long, for example).

With LGPD, that will change. Building a Privacy Policy is not enough . It is necessary that the information be brought to the consumer in a clear , precise and easily accessible way , in accordance with the transparency requirements of the new law.


There is no specific or mandatory standard for companies to build their Privacy Policies. However, some recommendable items for building a good Privacy Policy are:

  • General information about the company/organization;
  • Information on data processing:
  • What personal data is collected (including data not provided by the user, such as IP, location, etc.);
  • Where data is collected (source);
  • For what purposes the data is used;
  • Where data is stored;
  • What is the data storage period (retention);
  • Use of cookies and/or similar technologies ;
  • With whom this data is shared (partners, suppliers, subcontractors);
  • Information about security measures adopted by the company;
  • Information on exercising rights:
  • Guidance on how the company/organization meets users’ rights;
  • Information about how the data subject can request and exercise his rights;
  • Contact information for the organization’s Data Protection Officer (DPO) or data protection officer.

To facilitate the creation process, you can use tools such as the Privacy Policy Generator , created by Cloudshop and, according to the company, already adapted to LGPD.

The relationship of Privacy Policies with Marketing and Sales strategies

In the construction of the Policy

The Privacy Policy can be seen as a document that reflects an organization’s practices and processes. As it is important that the Privacy Policy contains information about the processing of personal data, it is essential that the Marketing and Sales teams collaborate in building a good policy. Only in this way will it be possible to build a transparent document on how data is collected, how and for what purposes it is used, cookie practices, monitoring, profiling, etc.

Therefore, building a good Privacy Policy is not just the responsibility of the legal team. The contribution of all areas of the organization directly involved in flows that contain personal data is essential.

In the communication of the Policy

We already know that Policies need to be clear, transparent, and easy to access and understand. To guarantee this, did you know that Marketing can help much more than you think ?

In adapting lead acquisition strategies

After drafting the Privacy Policy, it is necessary to ensure that this content is easily accessible to people who interact with your business.

  • Either through a consent checkbox for the Privacy Policy
  • Be informative text in the form, with a visible link to the Privacy Policy.


Generally speaking, it is time to rethink the way Privacy Policies are written and viewed inside and outside an organization. Much more than a legal document that nobody reads, your company’s Privacy Policy needs to be thought of as an instrument capable of generating trust for people who interact with your brand.