Do I need an address for my blog’s privacy policy?
This is a question I get asked on a regular basis. And it’s a really great question!
There are several laws that can have an impact on the answer.
While the privacy policy requirements differ from country to country, it’s likely that your blog or business will still be impacted by the laws in place outside your area.
In this post, you’ll learn what laws may require you to divulge your physical address in both your privacy policy and your email marketing.
Before we go any further, please let me clarify something.
Although I have worked as a lawyer specializing in International and EU Law (LLB, LLM, PhD) for over 15 years and helped more than 30,000 bloggers and online entrepreneurs create their blog legal pages and policies with my plug-and-play legal templates, this article is meant for educational and informational purposes only.
It does not constitute legal advice and does not create an attorney-client relationship. I will not be held liable for any damages or losses caused by acting or failing to act on the ground of the content of this article. Should your circumstances require, I encourage you to seek legal advice through other avenues. Please read my full disclaimer for further information.
What you will learn today is quite important but if you’re in a rush at the moment, don’t sweat it! You can always download this post about the requirements for an address in your privacy policy and email marketing as a PDF for later.
This post may contain affiliate links, which means we may receive a commission, at no cost to you, if you make a purchase through a link. Please see our full disclosure for further information. If not otherwise stated, all prices are intended in US$.
Before we dive into what laws may require you to provide a physical address in your privacy policy and emails, let’s start with the basics.
What IS a privacy policy?
Your privacy policy is a legal document used to inform your readers about how you collect, use and store their personal information. Basically, this lets your audience know why you need their information and how you intend to use it.
It’s a legally binding agreement that helps you maintain transparency, create a sense of trust, and protect you legally from hefty fines.
Similar to other legal pages that you may need on your blog, you are required by law to provide a privacy policy to your website visitors if you are collecting any personal data.
Some ways you may collect a reader’s personal info include (but are not limited to):
• Contact forms
• Subscriber forms
• Google analytics
• Cookies
• Comment systems
Laws that may impact your privacy policy
To understand how to properly prepare your blog’s privacy policy, you should be aware of the following laws:
GDPR – General Data Protection Regulation
PIPEDA – Canada’s Personal Information Protection and Electronic Documents Act
CalOPPA – California Online Privacy Protection Act
CCPA – California Consumers Privacy Act
Let’s look at each law in greater detail and learn how they affect the contents of your privacy policy:
GDPR – General Data Protection Regulation
If your website targets and collect information from readers in the EU (European Union), you are required by law to ensure your privacy policy complies with the GDPR guidelines.
You must include:
- the actual location where you will process and store consumer information.
- the name and contact info of the person in charge of processing this data.
- the contact details for your representative in the EU (where applicable).
- the reason why you’ll be processing personal information
- a list of third-party organizations you may use to process this data (example: Facebook Ads)
- how long you’ll be storing your users’ personal data
- The users’ right to file a complaint or extract their data
To fully clarify this, even if you do not reside in the EU, chances are you have some blog readers who do and you collect any personal information from them. If you target users based in the EU or monitor their behavior, you must comply with the GDPR.
This means you will in fact need to provide your physical location within your privacy policy. Preferably as close to the beginning of the policy as possible.
And if you think you don’t collect EU resident’s personal information, ask yourself:
“Does my site use cookies, have a contact form, offer a newsletter/freebie sign up, have a comment section?” If you answer yes to any of those, you need to comply.
If you’re not sure how to make your site compliant, you might want to check out my popular GDPR Compliance Action Plan + Checklist.
PIPEDA – Canada’s Personal Information Protection and Electronic Documents Act
Similar to the GDPR, this law impacts companies that process the personal data of Canadian residents for commercial purposes.
To clarify, you don’t have to be residing or operating in Canada for this law to affect you. You must comply if your blog targets Canadian consumers.
In order to comply with PIPEDA guidelines, you must provide a link to your privacy policy anywhere you collect personal information, it must be written in an easy-to-understand manner, and must be kept up to date.
Your policy must provide the name of the person in charge of your company’s privacy policies, as well as their contact information.
You’ll also need to offer the name and contact info of the person in charge of access requests if it’s different from the individual in charge of the privacy policy.
Under PIPEDA, you are not required by law to provide your physical location. An email address or contact form within your privacy policy is sufficient.
CalOPPA – California Online Privacy Protection Act
This law impacts businesses that collect the personal data of residents from California.
And if your website targets traffic from all over the world, chances are some of your readers will reside in the state of California. So it’s best to make sure your site is CalOPPA compliant.
To comply, your privacy policy must include very clear instructions on how your readers can contact you about making changes to the personal information you’ve collected.
In order to do this, you can provide an email address or contact form from which they can request changes to the information you’re storing about them. You do not need to give a physical address.
Alternatively, you can offer an online portal for them to view/change their data.What IS an Online Portal? This is usually a link to a page or site that takes users to a variety of information, tools, and other resources.
CCPA – California Consumer Privacy Act
This law is basically aimed at larger corporations. However, individuals, non-profit organizations, and small or medium-sized businesses may also need to comply if they meet some revenue or traffic thresholds.
If you do need to comply with the CCPA, you can simply provide an email, contact form, or online portal within your privacy policy.
Just like CalOPPA, a physical address is not required.
To learn more about the CCPA, you may find this article helpful:
5 Common Myths & Misconceptions about CCPA Compliance For Bloggers
These are the key legislations that your privacy policy must follow. Because your blog readers can come from anywhere in the world, it’s best to ensure your policy complies with all of them.
If you are not comfortable giving your address, keep reading for some easy alternative physical address ideas.
Do I need a physical address for my email newsletters?
This is another common question. And it’s an important factor when it comes to email marketing legally.
We live in a world that is constantly trying to sell and exploit. For this reason, anti-spam legislation exists. The most common one being the CAN-SPAM Act.
CAN-SPAM Act – Controlling the Assault of Non-Solicited Pornography And Marketing
If you send emails to US residents, this law will apply to you. The purpose of this law is to protect individuals from receiving fraudulent/deceptive emails from illegitimate sources.
How do you prove you’re a valid business?
You must include a physical postal address and an unsubscribe link in every commercial email you send. Doing this will let your subscribers know you are in fact a real person, running a trustworthy business.
Not providing a physical address can result in fines up to $46,517 for every email sent without one!
Yikes.
What if I don’t want to give my physical address?
Unfortunately, all legitimate email service providers (ConvertKit, MailerLite, MailChimp, Active Campaign, etc) require you to provide an actual location where you can be reached.
It’s the law.
And it’s not uncommon for bloggers to feel hesitant to provide their subscribers with their address. Since most bloggers work from home and don’t have an office address, it can make them feel uncomfortable offering up their exact location.
However, there are a few ways around this.
Alternative Physical Address Ideas
The law states that you need to provide a valid, physical address where you can be reached by mail. But it does not necessarily need to be your home address.
PO Box
If you don’t feel comfortable sharing your personal location, you can always use a PO Box. This is usually an easy and affordable alternative. Contact your local postal service for pricing.
Mail Forwarding Service
Another affordable alternative is a mail forwarding service. You can purchase a virtual address for $9.99 a month. Optional services include mail scanning, physical mail forwarding, phone call forwarding and more.
Email Service Provider
This is my favorite option and is also one of the many reasons I recommend ConvertKit. If you choose ConvertKit as your email service provider, you can actually use THEIR address!
I use ConvertKit for my email marketing but I don’t take advantage of this feature as I have a business address. However, this is a fantastic solution if you only have your home address.
Here is how it works:
ConvertKit allows its users to use their physical address for free in your emails! Doing this will meet the legal requirement of having an address in each email. How great is that?
Though it’s not a common occurrence, IF someone reaches out with written correspondence or legal notice, ConvertKit will open it, scan it, identify which of their customers it was addressed to, and email you a PDF of the scan.
They offer a free plan if you’re just getting started. Check out ConvertKit’s available plans.
In conclusion
If you have a blog or a website out there in the online universe, it’s open to the possibility of having visitors from every corner of the globe! While not all the laws I mentioned require you to add a physical address to your privacy policy, the GDPR does. And there’s a very good chance you are impacted by it.
And although not everyone has an email list, those that do are definitely required by law to provide subscribers with a physical address.
If you want to be sure you’re protecting yourself and your business from potential fines, it’s important you have a legally compliant privacy policy in place and a valid address you can be contacted at.
If you need help crafting a legitimate privacy policy for your site, I offer an easy to use, GDPR compliant Privacy Policy Template + Workshop that can help you have your policy ready in 10 minutes or less or for massive savings and complete peace of mind, you can get my best-selling Legal Bundle Value Pack™.
Related reading
4 Critical Legal Pages You Must Have On Your Blog
Does the GDPR Apply to Bloggers?
How to Make Your Blog ADA Compliant
5 Common Myths & Misconceptions about CCPA Compliance For Bloggers
2 thoughts on “Do You Need an Address for Your Privacy Policy and Email Marketing?”
Very helpful information about alternative physical addresses, didn’t hear about it earlier. Thank you!
Great information and resources. Thank you!