Answered Mar 3, 2021
Two, you should be disclosing how you use that information inside your organization. For example, for fulfilling purchases, providing customer service, processing payments, product improvement, marketing analytics, etc.
Third, you should be disclosing how you share information with parties outside your organization. For example, you might use contractors and vendors to process payments, analyze website traffic, provide marketing analytics, etc.
Another useful topic is how you protect information. You don't want to get so detailed that you give hackers a road map, but you can make general statements about using encryption, etc. And depending on the nature of your website and business, you may need to address GDPR or collecting information from children.