Compliance Essentials · Lesson 4 of 9
44% complete
← Course Home
Compliance Essentials
1Privacy Law Basics for B2B 2Company vs Personal Data 3What Kopimore Collects (and Doesn't) 4Your Privacy Policy 5Consent Banner Configuration 6Data Retention Policies 7DSARs and Opt-Outs 8Privacy Impact Assessments 9Training Your Team
Lesson 4 of 9

Your Privacy Policy

Your privacy policy is a legal document and a user-facing communication. It needs to accurately describe your data collection practices — including visitor intelligence — in a way that satisfies regulators and is understandable to a non-lawyer reader.

What Your Privacy Policy Must Cover

Under GDPR Article 13/14, a compliant privacy policy must include: what data you collect and why, the legal basis for processing, who you share data with (including third-party tools), how long you retain data, what rights users have (access, deletion, portability), and how to exercise those rights.

The Visitor Intelligence Disclosure

Add a specific section (or subsection) covering visitor intelligence. A compliant template:

"We use a third-party service (Kopimore) to help us understand which companies visit our website. This service identifies the company associated with an IP address using IP-to-company resolution technology. We receive company-level information including the company name, industry, approximate size, and pages visited on our website. This information is used to inform our sales and marketing activities. Individual visitor identities are not determined by this process. You can learn more about Kopimore's data practices at kopimore.com/privacy."

Legitimate Interests Statement

If you're relying on legitimate interests as your lawful basis (most B2B teams are), document this explicitly: "We process company-level visitor intelligence data under our legitimate interest in understanding and communicating with potential business customers. We have assessed that this interest is not overridden by the rights and interests of website visitors, given the company-level (rather than individual-level) nature of the identification."

Key Takeaways
  • Privacy policy must cover: what you collect, why, legal basis, retention, and data subject rights
  • Add an explicit visitor intelligence section — vague language about 'analytics' is insufficient
  • Use the legitimate interests basis for B2B visitor intelligence with a documented LIA
  • Link to Kopimore's privacy documentation to complete the disclosure chain
← What Kopimore Collects (and Doesn't)Consent Banner Configuration →