A Clear Ownership Statement
You need to identify the individual or team that is responsible for the privacy of the visitors on your site. For this you need to have a a clear understanding of the various regulations, compliances and collaboration of teams and products, so that you have a set point that needs to be contacted if and when an issue arises.
Reviewing of Privacy Policies of Other Ecommerce Websites
Check what all do they state in their privacy policies. Go through the procedure the customers have to take up and have a keen eye on the data being asked for, shared and used. Also research the different software systems they use for the purpose. You should not blindly copy their statements.
Understand Your Own Privacy Policies
Now that you have a strong baseline of knowledge you can check your own procedures. Take a look at what all data you collect from your visitors and your customers when they purchase a product. This will also account for the information that may not be stored in your database at all and just pass through your site like transaction details that channelize through a gateway.
Keep your disclosure concise and easily understandable for your customers. Set them up in clear sections and link them to other pages for more detailed information on the topic.
The marketing techniques and your business practice on the whole are subjected to changes regularly. In that scenario, you should update your privacy policies too accordingly and notify all your subscribers. Also do not forget to mention it in your privacy section on your website. And even if there are no changes in the marketing practice whatsoever, you must still review and maintain your these policies and involve all the departments handling the customer data, marketing, legal etc.