A Privacy policy is an official document in which you need to sum up the goals and commitments you've settled in terms of privacy and data protection regarding your clients', employees' or customers' personal data. This document is to be published on your website and tool for everyone to see and read, your data subjects, third parties as well as supervisory authorities.
Articles 13 and 14 of the GDPR oblige controllers to give transparent information to data subjects relating to the processing activity and how to exercise their rights.
If this obligation relies on controllers towards data subjects, processors have to make available to the controller all information necessary to demonstrate compliance with the obligations laid down in Article 28.
When writing a “website privacy policy”, you’re addressing data subjects about how you’re processing personal data on your website for commercial and marketing purposes.
When writing a “cloud privacy policy”, you’re addressing controllers and data subjects about how you’re processing personal data through your SaaS tool.
It must at least contain: your identity, contact details of the DPO, purposes and legal basis of the processing activities, the categories of recipients, intended transfers to a third country and legal safeguards on which they are based, data retention period, data subjects’ rights, and the existence of automated decision-making.