Privacy policy

This website privacy policy template has been designed to help website owners comply with European Union and United Kingdom data protection legislation. This includes compliance with the General Data Protection Regulation (GDPR) in both its original EU and derivative UK forms.

The policy covers all the usual ground: the categories of personal data that are collected, the purposes for which that personal data may be used, the legal bases for processing, the persons to whom the personal data may be disclosed, international transfers of personal data, the security measures used to protect the personal data, individual rights and website cookies.

First published in 2008, this policy and its antecedents have been used on hundreds of thousands of websites. It is frequently since to reflect the GDPR and the developing regulatory guidance from the EU and UK data protection authorities.

You may want to use this privacy policy in combination with our free website T&Cs template. If you are running an online shop, you might also find our T&Cs of sale, returns policy and delivery policy templates useful.

If you’re new to data protection law, then before downloading the policy you might want to review the questions and answers below, which provide a introduction to both the legal and practical issues around the use of privacy policies.

*Get a licence to use this privacy policy without the credit/attribution text.

Eye and data

Why do I need a privacy policy?

The law probably requires that you publish a privacy policy (or similar document) on your website.  

Ask yourself this: do I collect or use personal data for non-personal / non-household activities in relation to my website? 

If you do and your activities relate to the EU or UK, then data protection law requires that you provide information to individuals about how you use their data. The best way of providing that information is via a privacy policy.

The GDPR and, in the UK, the Data Protection Act 2018 are the key pieces of legislation – but these legislative requirements are not the only considerations in play. There are at least three other reasons to publish a privacy policy on your website.

  • First, your contracts with services providers may require that you publish an appropriate privacy policy.  For example, the Google Analytics terms and conditions require that you “have and abide by an appropriate Privacy Policy … You must post a Privacy Policy and that Privacy Policy must provide notice of Your use of cookies that are used to collect data. You must disclose the use of Google Analytics, and how it collects and processes data.”
  • Second, a clear and open privacy policy will help you to build trust with some of your users. Users may refuse to register with a website if they aren’t confident that their personal data will be protected. Just as bad, they may provide unreliable information when doing so.
  • Third, one of the key functions of many websites is the projection of a serious and professional image.  A website without the necessary legal documentation may have a negative effect on the image of the business behind it.

We drafted this website privacy policy template with all of these goals in mind, although the legal compliance requirements are overriding.

Should I use a template or ask a lawyer to prepare a policy for me?

Data protection law is not straightforward. Indeed, since the GDPR came into force in 2018, it is difficult for many organisations to be confident that they comply.

Ideally, all privacy policies would be prepared by, or under the supervision of, experts in data protection law. However, data protection expertise can be expensive: you might pay anything from £500 to £5,000 or more for a UK data protection lawyer to prepare a privacy policy.

As with many business investments in legal services, you will need to balance the risks of a DIY approach against the costs of using a professional. In general, you should always use a professional if there are significant amounts of money at stake or material risks of liability. 

Is this the right template privacy policy for me?

A legal template is both never and always potentially suitable for a particular job: never suitable because adaptation is always needed; always potentially suitable because, with enough adaptation, one document can be transformed into any other document.

That said, some jobs will require more adaptation than others, and sometimes the adaptations will require specialist legal knowledge.

You should only use this template in relation to the following purposes if you are confident that you understand the applicable law can make the necessary adaptations:

  • the personal data of minors;
  • sensitive personal data / special categories of personal data;
  • large-scale processing of personal data;
  • any complex or unusual personal data processing; and
  • any personal data processing that is likely to have a significant impact on individuals’ rights and freedoms.

What information should I provide in my privacy policy?

Articles 13 and 14 of the GDPR set out the core disclosures required by the regulation.

Article 13 sets out the information that must be provided where personal data are collected from the individual.  Article 14 sets out the information that must be provided where personal data are collected from some other source.

The main categories of information are:

  • identity and contact information of the controller;
  • where personal data is not collected from the individual, the source and nature of that data;
  • the purposes of the processing;
  • the legal bases for the processing, including details of applicable legitimate interests;
  • the recipients or categories of recipients of the personal data;
  • details of international transfers of personal data that require legal protections, and details of those protections;
  • the periods for which the personal data will be stored, or at least the criteria used to determine those periods;
  • individuals’ legal rights with respect to their personal data;
  • whether the provision of personal data is a legal requirement;
  • the existence of automated decision-making, including profiling.

Should information about cookies be included in the privacy policy or elsewhere?

There’s a degree of overlap between the laws relating to cookies and those relating to the processing of personal data: cookies may themselves contain personal data; and even where cookies don’t themselves contain personal data, the reading of cookies will often result in the linking of cookie data to other personal data held by the operator.

Because of this overlap, it is common to include cookie disclosures in a privacy policy, and this template does include relevant disclosures – although not in so much detail as in our premium privacy and cookie policy templates.

The key legal instruments currently applicable to cookies are:

The latter is the UK’s implementing legislation for the former. The consolidated version of the UK regulations is not available on the legislation.gov.uk website and the text of the relevant Regulation (No 6) has been updated since 2003 – so use with care.

New legislation on cookies is currently going through the EU legislative process.

In addition to the information disclosure requirements, you may need to get user consent to cookies. This privacy policy template includes an optional statement to the effect that users consent to the use of cookies. However, this will not alone satisfy the cookies consent requirement under the cookie laws.

How do I edit the privacy policy?

After you have downloaded the policy, you will need to open it in your word processing software for editing.

The first thing you should decide is how to categorise the personal data that you process. Your categorisation should reflect how data is handled in practice. For example, you might differentiate between analytics data, enquiry data, customer relationship data and transaction data. The template privacy policy includes a suggested categorisation.

With respect to each of your categories of personal data, you will need to determine the purposes for which the data is processed and – this is often the hard bit – the legal basis for processing. Possible legal bases are individual consent, the performance of a contract, and your legitimate interests.

You will also need to identify recipients or categories of recipients, as well as relevant data retention periods.

Guidance notes are included in the template to help with the editing process.

After editing, you should add the privacy policy text to your website, either via your content management system or directly after converting it to HTML.

Why is your privacy policy is longer / more complicated than some other policy templates?

This policy is intended to be easy to use, but data protection law in general and the GDPR in particular are difficult to use.

Data protection law is necessarily built of abstractions, but some of the abstractions at the heart of the GDPR do not map easily onto the real world. The European Data Protection Board (EDPB) has produced voluminous guidance on the application of the GDPR, but the very existence of this guidance highlights the problem. If the law was clear, the guidance wouldn’t be needed.  In many cases, the guidance either overreaches or dodges the difficult issues.

Another reason for the length of our templates is that … they are templates.  They are intended to be edited before use, and it is much easier to delete unwanted provisions from a template than to add novel provisions. After you have finished editing our template, it should be materially shorter than when you started.

If you do plan to use a simpler template from another website, you should take care to ensure that it covers all the necessary ground. If you can create a privacy policy from a template in a few minutes, there may well be something wrong with the template.

What other privacy and cookies documents are available?

We supply a range of privacy and cookie documents on our ecommerce websites, Website Contracts and Docular.

Title Description Get the document on…
Cookies policy  A simple policy covering cookies disclosures. Get on Website Contracts Get on Docular
Privacy policy A short-form privacy policy for data protection disclosures, identical to this policy except that it omits the SEQ Legal credit. Get on Website Contracts Get on Docular
Privacy and cookies policy  A document combining the provisions of our privacy policy and cookies policy. Get on Website Contracts Get on Docular

Do I also need a data protection or GDPR policy?

“Privacy policy” is not a term of art.

Documents with the same function will sometimes be called “privacy notices”, “data protection statements”, “personal data processing policies”, “GDPR policies” – or something different entirely.

Worse, there is a different type of document that shares the same pool of possible names. 

Whilst our free privacy policy is concerned with the disclosure of information about personal data handling, this other type of document is concerned with specifying the policies and procedures that regulate how employees and non-employed personnel conduct themselves in relation to personal data handled by the organisation. This other type of document will typically form part of a staff handbook and/or the set of policies provided to freelances and other subcontractors engaged by the organisation to provide services.

I usually refer to this other type of document as a “data protection policy” – but don’t assume that other professionals will do so.

In most cases, you will want to keep these documents separate.

Do I need a data processing agreement?

A privacy policy is concerned with an organisation’s role as a controller of personal data; whereas a data processing agreement is concerned with an organisation’s role as a processor of personal data.

This distinction can be confusing and tricky to apply.

Both controllers and processors process personal data. Just because you are processing personal data, that doesn’t make you a processor. You might be a processor, but equally, you might be a controller. Confused yet?

The distinction is tricky to apply because the definitions are highly abstract. A controller is defined as a person who determines the purposes and means of processing personal data. A processor is a person who processes personal data on behalf of a controller. In practice, the determination of purposes is more significant than the determination of means.

An example might help.  A business providing website hosting services would usually be a processor with respect to personal data contained in the website databases of its customers. It would, however, usually be a controller with respect to personal data contained in its customer relationship management system. For some classes of data – for example, data collected when providing support services to customers – the correct classification may not be clear.

In any case, if you are a processor, then the GDPR requires that you enter into a specific set of contractual clauses with your controller. A data processing agreement is a document that contains those clauses, sometimes elaborating and/or supplementing them.  Processors should not produce privacy policies with respect to that data because the production of a privacy policy is the responsibility of the controller.

Comments

I am starting a patient consultant (advocate) service. What disclaimer, privacy policy and terms and conditions would I need to put on my blog?

I’d need to know a little more about the blog before commenting on this. Can you give me an idea of the type of content that would be included in the blog, and also whether there is any non-blog functionality on the website?

Hello,

I am quite confused with the privacy thing in general. We are lettings agency and we just had our website created and I believe we need a privacy policy license. How do we obtain it? And how do I put it on our website?

Thanks.

There are various options.

1. You can download this document (click the button above) and use it free of charge, providing you retain the section in the document that credits us as the source of the document (“This policy is based on a template published by SEQ Legal…”).

2. If you want to project a more professional image, you can buy a licence to use this template without the credit text, here:

https://www.website-contracts.co.uk/privacy-policy.html

3. If you want to edit the document online with our online editor, which makes teh job easier, use:

https://docular.net/documents/template/12/privacy-policy

4. Finally, you could ask a lawyer to produce the document for you.

The method of getting the text on to the website depends upon the technology used to create the website.  NB Docular allows you to export in HTML format which can make this process quicker.

Thank you for your response. So just to clarify, as long as we have this document dispayed on our website and we a registered with Information 
Commisioners office, we are compliant with the privacy policy act? What about cookies? Do we need that poping up in our website too? Many thanks for your help! 

No, a template will never guarantee compliance. It’s merely a tool. To ensure compliance you or a professional adviser needs to understand both the legislation and your business and then make the relevant disclosures and handle any other compliance points, including the best way to get consent for the use of cookies.

Hello, I am developing a good game for Android that integrates some Facebook plugins and ask for some permissions (user profile, name, picture and publish permissions). Facebook requires that my app have a web page and in that web page should be the privacy policy (this web page is created via wix.com).

Would your privacy policy template be good enough for my needs?

Thanks in advance for the help.

I can never say that a template will alone be good enough. In legal terms, a privacy policy being “good enough” means enabling the business in question to comply with all relevant data protection / privacy disclosure laws. The information that needs to be disclosed by a business will vary from case to case. For example, the geographical location of your service providers might affect this.  A template cannot know anything about your business, so cannot ensure compliance. You should take legal advice if you want to ensure compliance and you don’t know how to do this yourself.

I have an Android mobile app that accesses the camera and so as such Googles terms require that I have a privacy policy. I store no information from the camera between sessions so this is just a requirement of compliance with Google as I don’t store or use any personal information. Would you have a template to cover such situations? I think this would be very useful to many.

Thanks for your comment Chris.

I’m hoping to do some mobile app-specific legal templates at some point, but it won’t be soon I’m afraid.

The template has now been updated for GDPR, with an choice of DPA and GDPR compliant “your rights” clauses.

Hello, i just launched the website of my record label, a net label. Mainly I’ll be offerening music distribution, remix and mastering and a promotion blog where people and artists will submit their music, photos, links of their social media, links to videos, biography, information about the artist like name, country, age.

I’m not registered as an offical company as I’m just starting and maybe in a future I will start as self employed. So basically I’m like a sole trader where I will be in charge of all the website management and deciding which artists I will be promoting. I download the privacy policy but in some points I dont have the information like:

15.2 We are registered in [England and Wales] under registration number [number], and our registered office is at [address].

15.3 Our principal place of business is at [address].

Section 15.2 can be removed as you do not have a company.

Section 15.3 however should be retained. You presumably however still have an address from which you conduct the business, even if this is your home address. You should also include your name “Joe Bloggs trading as XYZ” in the legal docs, so that users and customers can identify who they are dealing with.

I’m assuming English law applies.

Good day, I’m based in South Africa and I’m working on developing a music website that will serve all music fans all over the world. I want to know which policy I can use or download for the site. Does it only works for Europe citizens only?

Our documents are all designed to help compliance with English law (including EU law as applicable/implemented in the UK). As your business is based in SA, you should start with documents designed to help with SA law.

(However, in some circumstances you may also need to comply with foreign law.)

I would like to know if I can use your template for my website even if I need to translate in French.

My organisation is a limited registered in the UK, my website will be provided information about sports in France. do you think your document can support my requirement.

The SEQ licence allows you to do this, but you may need to ensure that the translated document is compliant with applicable French law.  (Although data protection law is in theory harmonised across the EU, in practice there are differences.)

Useful template thanks. I notice your templates says people can access their data subject to “(a) the payment of a fee (currently fixed at GBP 10)”.

I thought GDPR made it illegal to request a fee unless the request was unduly onerous or made repeatedly. Could you clarify?

Thanks

There are two alternative sections in the privacy policy dealing with data subject rights. The first is designed to help with compliance under the Data Protection Act 1998 (DPA), and should be used until the General Data Protection Regulation (GDRP) comes into force. The second is designed to help with the compliance under hte GDPR, and should be used after the GDPR comes into force. See the sections numbered 8.

The reason for including both sections is that a GDPR-compliant section would be non-compliant under the DPA, while a DPA-compliant section would be non-compliant under the GDPR. We will remove the DPA section from the template in mid-May.

My website promotes and advertises my range of services.

I am not a registered company, just a freelancer.   There is no data collection. People can contact me directly should they have use of my services.   

Am I obliged to include the privacy policy and if so which one?

Thank you

If you didn’t collect personal data and if you don’t use cookies on your website, then you will have nothing to say in a privacy policy. However, as people can contact you, you do in fact collect personal data (which includes names, email addresses and so on). The website may also collect personal information (which can include IP addresses).

With the GDPR, privacy policy templates almost always need heavy adaptation to fit with the particular way in which a business (acting as data controller) processes personal information. I can’t really give a sensible answer to the question of “which one” without knowing much more about the website, and what you do with personal data – in practice I would need to take you on as a client to give useful guidance here.

Thank you for all the great templates and free stuff you have on your site.  You have answered lots of my questions just on this blog here.  Very helpful.  I will need the website privacy policy when I upgrade later in the year but for now I just need a basic privacy policy which covers the collection of contact details for written records and email newsletters.  I’ve been to the ICO website to find a template but its a very complicated site and haven’t managed to locate one on there.   Your information is so much clearer and easier to navigate.

Which would be the best for GDPR we are a partnership delivering training services to care providers. Many thanks Pete

Hi, If my website is purely informational but we provide links to other websites that do collect personal data how much detail does my privacy policy require? Should it cover the personal data collected by teh other sites (they provide services on our behalf). 

Thanks

I am a life coach based in South Africa serving customers globally.
I do have a website and am sole owner, no other staff.
I have a general terms, conditions and disclaimer (when clients book and use my services) on my website, but I understand I have to include a standalone data privay policy page and link in the footer it?
All I have on my website is a general contact form if a reader if a client/reader on my website wants to conatct me which.

Website is designed with Weebly and I have update the forms  Weebly suggestes. Seems like double-opt in with picture verification.

All other client intake forms etc are done via Acuity Online Scheduler with intake forms (Not sure how to go about there), SurveyMonkey (Not sure how to go about there), and MailChimp (I have set up GDPR forms ans auto emails as they suggest)

Do I require to do anything else?

Hi I am so confused, we are a very small construction company and we have an email address that we contact people and they contact us through, I have I still to ensure this is GDPR compliant, we would keep email addresses for contact only, so have I to send all my contacts this to say we are being GDPR compliant, if this is the case should we not be doing the same with our personal email addresses where we keep contacts, any help be appreciated

 

Hi there,

I run a couple of very small businesses (limited companies) One makes corporate films and the other supplies web design and web hosting for SMEs. We are totally word of mouth and do not advertise or use any form of email marketing or telesales except to our existing customers whenever we chase them for payment. We do not deal at all with the general public so only keep business data and that’s kept exclusively in our password protected off-line accounts package. Yes, we have simple email forms on our websites but not ones that populate a database, they simply send an email with the most basic of information. And the computers we use are password protected. And no, we do not have e-commerce so no need for opt-in or opt-out web-based systems.

I understand that we should mention this somehow on our websites but not sure what is necessary. Thanks for this service by the way. It’s refreshing as al I have had this last couple of weeks is people trying to sell me what I deem to be unnecessary and you kindly offer this. Impressed 🙂 

Hello – thank you very much for the free template! What is the best way to deal with the portions that don’t apply to us? Instead of deleting all of them (I saw a note somewhere you don’t recommend doing that), can we write “Not Applicable” at the beginning of the section?

For example the portions about selling/giving/receiving data from 3rd parties, we don’t do that. Also parts about tracking their activity (page views, etc).

Thank you,

Tina

I’m have blogs where I share most of my stories.This thing about GDPR compkianco is really confusing. What do I need to add or write in my Privacy Policy for my blog to be a GDPR compliance.

 

Thank you

Hello,

I was wondering if the template would serve for my purposes. I will only collect very basic personal information (name, email address) and use that information for follow-up purposes, etcetera. Obviously I will use cookies. I would appreciate any advice. Thank you!

Templates are merely tools, and always and to be adapted. So, if you adapt the document appropriately, it will serve your purposes. I appreciate that this isn’t very useful guidance. However, in order to assess whether a document is helping a business to comply with the law I would need to: (i) know a good deal about the business; and (ii) see the final version of the document, post editing. This is not a service I can provide alongside the templates.

Hi, I had started a book promo business, but deleted it, when I heard about the privacy policy. I don’t have any money (long story) and it’s the only way for me to make any. It will be awhile before I can afford a business license. I’m only collecting emails and using PayPal for payment. Do I really need a privacy policy? Is a free template enough? Thanks, I miss the old days … lolsighs.

To the extent that the business will operate under English or other EU law, then yes you do need a privacy policy or similar notice. However templates – free or otherwise – cannot guarantee compliance, and always need some level of adaptation.

The privacy policy template that you have is really very well written. But is there any email template that we send it to customers informing them about the update in our privacy policy?

Hi, my websites are all in portuguese language. Can I use your free version and translate it into portuguese? Also want to make some changes. Do you allow me to do the changes. thank you

Yes, you are welcome to translate the document, although assuming Portuguese law applies remember to account for any differences between English law and Portuguese law.

 Hi, i have a new online system which requires users to register with name/email address, company and phone number.

I have looked at your template, but this seems to be overly complicated for my scenario. There is no marketing, cookies or onward distribution or transfer of any details.

The data stored is for internal purposes only. The only time the email address is used is for signon and to update software changes. 

Do you have a less comprehensive template.

Thanks, Alex

I don’t have anything shorter right now, although it is on the list. If you go over to https://docular.net you can get access to this template through the Docular online editor, which makes removing unwanted material very easy.

Hello, I am starting an on-line store selling food supplement products based in the UK but selling in other EU countries as well.  Which policy documents available here do I need to put on my website?  There are quite a few versions so I am a bit confused.  Thank you!

Typically, an online store will need at a minimum: (i) T&Cs of sale, to govern the contract of sale itself; (ii) T&Cs of use, to govern the relationship between the website operator and users, who may or may not be purchasing goods; and (iii) a privacy and cookies policy, to help with disclosures relating to data protection law.

Whilst we don’t currently have a free version of (i) on this website, you can find free versions of all three documents on our Docular website: https://docular.net

I understand.  However, I would appreciate if you gave me a link to specific versions, especially of (i) as there are a few I can see on docular.net with different prices.  Which one would be the most suitable for my on-line store?  I assume the food supplements do not require any specific clauses that other products don’t have?  Thanks so much again!

I suggest you look at these documents: 

https://docular.net/documents/template/173/free-website-terms-and-conditions

https://docular.net/documents/template/5194/free-terms-and-conditions-of-sale-via-website-

https://docular.net/documents/template/174/free-privacy-policy

These are all free, but there are paid versions if you want to remove the Docular credit/link.

This may also prove useful:

https://docular.net/documents/template/5578/consumer-contracts-model-instructions-for-cancellation

These do not contain any special terms regarding food supplements.  If I were preparing the documents, I would expect to add some special disclaimers for the product type.

Hi,  I went through your suggested documents, however, there are quite a few things that are unclear there for a non-expert  like myself.  Are there any explanatory notes for these doucments at all?   For example, in Website Terms & Conditions par. 6.1 specifies that a visitor should be a resident in the UK whereas my website is targetting other countries in the EU so how is this relevant to anyone who is a resident in other such countries? Par. 19.2 gives you a choice between “exclusive” and “non-exclusive”.  What is the difference and which option to choose?  The Privacy Policy doc is full of the unclear choices and “specify basis” “identify URL” and “sources” to fill in…. Could you explain perhaps how to fill in these as I have no idea what basis or sources I should quote…. 🙁  Thanks so much in advance!

If you click on the little notes / document icons in Docular, then notes corresponding to the relevant provisions will appear in the right-hand column.

The templates tend to include lots of optional / removable provisions, because it is easier to remove an unwanted clause than to write a missing one. The residency clause in the T&Cs can for most websites be removed.

Regarding exclusive / non-exclusive jurisdiction: the former should be used where you want ONLY the identified courts to adjudicate disputes; the latter where you want the identified courts PLUS any others who may have jurisdiction under the applicable rules of private international law. Even where you choose exclusive jurisdictions, the courts in a different country may sometimes ignore this (e.g. to apply their own consumer protection law).

I’m just reading through the document I bought yesterday and it says it’s for England and Wales.  I thought it was for the UK (all included) and just wondered if it’s ok to use them for Northern Ireland as that’s where my business is based….?!  All this is such a headache and I thought I found the perfect solution when I was recommended your site yesterday … 🙂

While Northern Ireland does have a distinct legal system from England (see https://en.wikipedia.org/wiki/Northern_Ireland_law), the legal rules that affect the T&Cs and privacy policy are largely EU rules or UK-wide rules. For instance, the data protection rules that regulate privacy notices are contained in the GDPR (an EU instrument) and the Data Protection Act 2018 (a UK-wide instrument). There may be relevant differences – e.g. in the principles of contract law – but I would be surprised if any differences had a significant impact on the text of the documents. However, I have not studied NI law and if you want a more certain answer to this question you should consult a NI qualified lawyer.

Hi

I am creating a website that is based on my hobby.  There are no commercial aspects to it; I do not sell anything and neither do I provide any chargeable services.  There is no membership and/or registration requirements on my website.  The website is purely me giving information about the subject for educational and/or personal interest reasons. 

I do have a contact form and a comments page where people can write and upload comments to my posts, such as the one you have on this website. When I have tested the comments section on my site, and I look at the details of the comment via my website admin panel, I can see the following information about people who add comments: name (not required, they can post anonymously) and email (not required, again they can post anonymously.) Obviously, if they do provide a name and/or email address, then I can see that information in my admin panel.  I am, however, provided with an IP address of the sender if they submit a comment (whether anonymously or not).  Again, if somebody uses the contact form I will receive an email with their email address, and possibly name, contained within. 

Would I need a privacy policy page for this site of mine?  

Very many thanks for your time and assistance. 

GDPR makes much mention of ‘personal’ data. If a business only carries out business with other businesses, not individuals, does GDPR still have to be complied with?

Also if yes then the privacy policy for business and personal privacy policy would be the same or they both to be different? Also how to get privacy policy for business?

Even if you are only dealing with other businesses, you will still be handling personal data. For example: the personal data of supplier and customer personnel, the personal data of employees and subcontractors, and the personal data of persons on your marketing lists. Wherever you are handling personal data, the GDPR will apply (subject to jurisdictional limitations).

You could either try to cover all the personal data that you handle (as a controller) under one privacy policy, or create different policies for different classes of data subject.  Larger business may have many different privacy policies; smaller business may have few or one (or, quite commonly, none at all…).

Hi, I have my personal website where I write novels, stories and rhymes etc.  I publish those link to my facebook account and people visits my site to read my writings. I don’t use any kind of Ad in my site. Only issue is I have a contact form where visitors can put their name, e-mail address and messages. That’s how sometimes I get some of the visitors e-mail address.

So do I need to have a privacy policy or disclaimer etc?

Thanks a lot in advance.

The obligation to publish a privacy notice in the context of personal data collection will not apply in relation to processing “by a natural person in the course of a purely personal or household activity” (Reg 2(2)(c) GDPR). Your website might well fall within this exception – although NB the European courts seem to be interpreting it narrowly.

As regards a disclaimer, you probably have no obligation under UK law to publish the information that is typically included in a disclaimer, as the website is non-commercial.  However, if there are any risks relating to the use of the information published on the website (eg health information or exercise information) then it might be a good idea to publish a disclaimer nonetheless.

Hi, I’m starting up a new business so at the moment I’ll be a sole trader, planning of becoming a limited company in a year or so. (I’m already running another business as sole trader “Cooking Tutor”). With this new venture, I will provide accomodation (reserved hotel’s rooms), transports (hired company that will supply their service) and guided tour (with a licenced guide). I will no providing flights. Would you be able to tell me if this template would be fine for me and what section I will not need if any? I’ll be collecting data like names, emails, addresses, phone number, for communication with those people. I will also need to give their data to the italian autority, when in Italy, for the purpose of paying city taxes. 

I’ll be very grateful for any advise.

Fulvia

Hi Fulvia – Even if you were in the UK, I wouldn’t be able to provide this kind of assistance, unless you became a client of my law firm. Templates always need to be adapted for the circumstances in which they are used. You should consult an Italian IT/privacy lawyer about this.

Thank you for replying to me. I do live in the UK and selling the tour to UK, that’s why I was looking at this template. 🙂

… for the mistaken assumption.  My general point still stands, however: whilst a template privacy policy can highlight the main categories of information that a business will need to disclose, it is always possible that due to some particular circumstances it does not highlight all categories.  This document is a general website template, and doesn’t for example contain disclosures that are specific to tour operators.

I have a website that only collects names and emails. People sign up to recieve the newsletters. What template do I need for this? Thank you!

You can use this privacy policy to help with your data protection disclosures here, although you will be able to delete many of the optional provisions, to produce a significantly shorter document.

Can you help with which privacy policy I need as a new startup wedding planning business, I am the only staff member. I have a Wix website which is under construction and has a contact page which requests only name and email address, it is optional to leave a phone number. I also have a facebook page which I would want to paste the link to the privacy policy there. 

I am starting a website which will contain free downloadable educational resources. Visitors to the site do not need to sign up to download nor provide their name. There is no comment or feedback section. The purpose of the website is just to share resources that people could use. Do I still need a privacy policy? If so I am not sure what other data collection I need to disclose as I am not asking for any information. I am assuming the privacy policy may need to contain information about third party plugins or cookies. 

Strictly (but subject to certain exceptions) you need to provide information to data subjects about how you handle any personal data that you collect and use in the course of your business. In the case of this type of limited functionaltiy website, possible sources of personal data are: (i) website analytics systems (not all of this will be personal data, but some may be); and (ii) any communications you receive from users, eg via email. If the website uses “non-necessary” cookies (whether yours or from a third party), you should also be disclosing  information to users about those cookies.  All these disclosures are usually contained in a privacy and/or cookies policy.  

Hi,

My web supplier tells me I need a privacy policy, but this was never mentioned in our 1st telephone conversation.

My web site WHEN up and running is for double glazing suppliers and fitters; I’m a sole trader and trade under the name raysglaze.

Do i need the policy they are trying to sell me.

Kind regards, Ray 

Assuming that you collect some personal data via the website ( e.g. through a contact form) then you will need privacy policy, although not necessarily the one the website supplier is trying to sell to you. There are lots of free templates online, including our own.

Add a new comment

Your email address will not be published.

SEQ Legal
Copyright © 2021 Docular Limited | All rights reserved