This statement should tell the consumer how the merchant will be using the personal data they have collected.
“We respect and are committed to protecting your privacy. We may collect personally identifiable information when you visit our site. We also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the page(s) you visited. We will not sell your personally identifiable information to anyone.” (And so on…) Or, if they do pass along personal information for whatever reasons, they would state this instead. This policy should be tailored to how the merchant intends to use the information they are given.