At one time I thought two separate notices was a good thing as the customer in the lobby didn't care if you had cookies mentioned, as one example. I have reconsidered this and now believe one notice is best.
The Privacy Policy need not be on your web site unless you open accounts there or deliver it via an E-Sign agreement. But I do think it is a good reference and would put it there for simplicity sake. And because I believe it is a stretch to think your customer will read it once, it is a real leap to think they'll read a second version on the web. So I'd go with one complete disclosure and let the customer base as a whole know your on line and off line policy in one single version. This makes updates easier too.
_________________________
AndyZ CRCM
My opinions are not necessarily my employers.
R+R-R=R+R
Rules and Regs minus Relationships equals Resentment and Rebellion. John Maxwell