Website Privacy Policy

What is a website privacy policy?

A website privacy policy will be used by a UK-based website to provide website users with key information about the collection, use and storage of their personal data.

Is it mandatory to have a website privacy policy?

Yes. Data protection laws and regulations say that a website operator should tell website users what they will do with their data in simple and clear terms. It is therefore best to set this out in writing.

What does 'personal data' mean?

Personal data means any information relating to an identified or identifiable natural person (a data subject). It is therefore information from which a person may be identified from directly or indirectly. Examples of personal data include a data subject's:

• name
• address
• email address
• telephone number
• IP address
• health information
• criminal information

What should be done after the website privacy policy has been finalised?

It is not necessary to sign the website privacy policy. It can be finalised and placed on the website, in an easily accessible location. The website operator should ensure that important privacy information is placed at suitable places throughout the website, with a link to the privacy policy in appropriate places.

What other documents might be required alongside a website privacy policy?

A website may also hold other policies and documents, which refer to or may be read alongside the privacy policy. This might include:

• terms and conditions of use
• a cookie policy
• terms and conditions of sale
• an acceptable use policy
• a complaints policy

How long should a website privacy policy last for?

A website privacy policy can remain in place indefinitely. However, it is important to make sure that the policy is reviewed and kept up to date, as appropriate.

The website operator should ensure the policy is updated if it changes the way in which it collects, stores, shares or uses personal information. The website operator should also ensure that the policy is generally updated and reviewed at regular intervals to ensure that the legal content is kept up-to-date. Typically, a policy of this nature will be reviewed at least annually.

What must a website privacy policy contain?

A website privacy policy will include information about:

• the website operator – including contact details
• the type(s) of personal data collected by the website
• how the information is collected
• how the personal data is used
• the lawful basis relied upon for the data processing
• whether the information will be shared with any third parties
• how the information will be stored and for how long it will be stored

Which laws apply to a website privacy policy?

The main legal provisions which apply to a website privacy policy are:

• The Data Protection Act 2018
• The retained EU General Data Protection Regulation 2016/679 (UK GDPR). Article 12 explains how information should be provided to data subjects. Article 13 sets out the key rights of data subjects and the information they must be provided with.

The governing/supervisory body for upholding data protection rights is the Information Commissioner's Office (the ICO).

Help from a lawyer

You can choose to consult a lawyer if you need help.

The lawyer can answer your questions or help you through the process. You will be offered this option when you complete the document.

How to modify the template?

You fill out a form. The document is created before your eyes as you respond to the questions.

At the end, you receive it in Word and PDF formats. You can modify it and reuse it.