Last revision: 17/12/2020
Size: 6 to 8 pages
Available formats: Word and PDF
Option: Help from a lawyer
Rating: 4.6 - 63 votes
Fill out the templateAnswer a few questions and your document is created automatically.
Your document is ready! You will receive it in Word and PDF formats. You will be able to modify it.
You can choose to get help from a lawyer after filling out the document.
This document can be used as the privacy policy for a website based in the European Economic Area. It has been updated to reflect the requirements of the General Data Protection Regulation ("GDPR") and sets out the website's policies with regards to a number of key issues concerning personal information and privacy:
It should be noted that this document only includes a privacy policy. Further documents such as a terms and conditions of use, a terms and conditions of sale and a separate cookie policy may also be required. However, such documents are not included and must be obtained separately.
Further, please note that prior to completing the document, users should consider the lawful bases for their processing of personal information. The lawful bases for processing are set out in Article 6 of the GDPR. Further information can be found on the ICO website's page on the lawful basis for processing.
How to use the document
In order for the privacy policy to be effective, the user will have to actually be made aware of the policy. So firstly, it will need to be published on the website.
However many websites will also refer to the privacy policy within their terms and conditions of use, such that the user can be considered to be agreeing to the privacy policy.
If the website deals with "sensitive personal information" it will also be necessary for the website to display a separate notice (e.g. a popup box with checkbox) for the user when collecting such information which will:
If user details are used for marketing purposes either by the website operators, group companies or by 3rd parties with whom the website operators share such information, users should be given an opportunity to opt-in and thereafter opt-out of any such marketing messages when such details are collected.
If personal information will be transferred to non-EEA countries by the website or its operators, entities will need to consider the safeguards surrounding such transfers and may need to use an EU commission approved model contract or EU commission approved corporate binding rules.
If the website relies upon consent as a lawful basis for processing any personal information, such consent must also be expressly collected and recorded by the website (e.g. through a checkbox), in circumstances where the user is fully informed about the nature of their consent. Indeed, the user should also confirm that they are old enough to provide any such consent.
Further information, guidance and a code of practice can be found on the Information Commissioner's Office website.
Any applicable law
General Data Protection Regulation
Data Protection Act 2018
Equality Act 2010
Help from a lawyer
You can choose to consult a lawyer if you need help.
The lawyer can answer your questions or help you through the process. You will be offered this option when you complete the document.
How to modify the template
You fill out a form. The document is created before your eyes as you respond to the questions.
At the end, you receive it in Word and PDF formats. You can modify it and reuse it.
Other names for the document: Website Privacy Policy - New GDPR Copy, GDPR Privacy Notice, Privacy Notice, GDPR Website Privacy Policy, Privacy Notice for a Website
Country: United Kingdom