Website Privacy Policy

What is a website privacy policy?

A website privacy policy will be used by a UK-based website to provide website users with key information about the collection, use and storage of their personal data.

Is it mandatory to have a privacy policy?

Yes. Data protection laws and regulations say that a website operator should tell their users what they will do with their data in simple and clear terms. It is therefore best to set this out in writing.

What does 'personal data' mean?

Personal data means any information relating to an identified or identifiable natural person (a data subject). It is therefore information from which a person may be identified directly or indirectly. Examples of personal data include a person's:

• name
• address
• email address
• telephone number
• IP address
• health information
• criminal information

What should be done after a privacy policy has been finalised?

It is not necessary to sign a privacy policy. It can be finalised and placed on the website, in an easily accessible location. The website operator should ensure that important privacy information is placed at suitable places throughout the website, with a link to the privacy policy in appropriate places.

What other documents might be required alongside a privacy policy?

A website may also hold other policies and documents, which refer to or may be read alongside the privacy policy. This might include:

• terms and conditions of use
• a cookie policy
• terms and conditions of sale
• an acceptable use policy
• a complaints policy

How long should a privacy policy last for?

A privacy policy can remain in place indefinitely. However, the policy must be reviewed and kept up to date, as appropriate. The website operator should ensure the policy is updated if it changes how it collects, stores, shares or uses personal information. Typically, a policy of this nature will be reviewed annually.

What must a privacy policy contain?

A privacy policy will include information about:

• the website operator – including contact details
• the type(s) of personal data collected by the website
• how the information is collected
• how the personal data is used
• the lawful basis relied upon for the data processing
• whether the information will be shared with any third parties
• how the information will be stored and for how long it will be stored

Which laws apply to a privacy policy?

The main legal provisions which apply to a privacy policy are:

• The Data Protection Act 2018
• The retained EU General Data Protection Regulation 2016/679 (UK GDPR). Article 12 explains how information should be provided to data subjects. Article 13 sets out the key rights of data subjects and the information they must be provided with.

The governing/supervisory body for upholding data protection rights is the Information Commissioner's Office (the ICO).

Help from a lawyer

You can choose to consult a lawyer if you need help.

The lawyer can answer your questions or help you through the process. You will be offered this option when you complete the document.

How to modify the template?

You fill out a form. The document is created before your eyes as you respond to the questions.

At the end, you receive it in Word and PDF formats. You can modify it and reuse it.