Profile information Account settings
Sign up Log in

MAKE YOUR FREE Privacy policy

  • Make your document in minutes
  • Access from any device
  • Securely sign online
Make document

How to make a Privacy policy

A website privacy policy sets out the purpose of data collection on your website, the types of information collected and the scope and limitation of data processing on your website. It should outline your business' practices in relation to the collection, storage and use of personal data gathered on your website. Examples of data include names, dates of birth, contact details or credit card details.

Use this General Data Protection Regulation (GDPR) compliant privacy policy template for any e-commerce, blog or other website that asks users to disclose personal information. As well as reassuring online customers and users, it can also ensure that you have their permission to store cookies on their computer. The website privacy policy aims to make your internet business compliant with UK and EU data privacy laws. It covers key issues such as the use of personal data, links to other websites, passwords and security.

This document is GDPR compliant.

Use this website privacy policy:

  • when you collect personal information on the website
  • to make sure you comply with data privacy legislation

This website privacy policy covers:

  • the nature of data collected by the site
  • the use of data
  • linked websites
  • data security and access
  • cookies
  • transfers of data outside the UK and Europe

The collection and use of personal data by online businesses in the UK must comply with the UK data protection laws and the GDPR. This policy is designed to allow the website operator to comply with the fair processing obligation and to obtain the user's consent to that processing as required by law.

A Data Protection Officer (DPO) is a person who assists your business with data protection compliance. DPOs can inform or advise you regarding your data protection obligations, provide recommendations regarding any data protection impact assessments, and act as a contact point for data subjects and the Information Commissioner's Office (ICO).

You only have to have a DPO if you undertake certain types of data processing (eg large scale processing or systematic online monitoring). You may choose to voluntarily appoint a DPO. 

For more information, read Data protection officers (DPOs).

It depends on the purpose for which the data is gathered. If you are selling and trading on your website, you may wish to collect your customers' personal data such as names and credit card details. However, data protection law defines personal data as broad as to include information about personal opinions and IP addresses.

Cookies are small text files placed on a user's computer, which are commonly used to collect personal data. Most website operators place cookies on the browser or hard drive of their user's computer. Cookies can gather information about the user's use of the website or enable the website to recognise the user as an existing customer when he returns to the website at a later date. The law protects users of your website and lets them opt-out from the use of cookies on their website browser.

This document allows you to specify the types of cookies, their purpose and how consent will be gained for the use of these cookies.

If you are the UK registered business you will need to disclose certain information about your company on your website or website privacy policy. You must display registered information such as:

  • company name
  • registered number
  • place of registration
  • registered office address
  • contact details, including an email address
  • details of how to contact the business

For sole traders and individuals, you must display the address of the principal place of business.

An IMSS is a set of principles and procedures for systematically managing an organisation's data. The goal of an IMSS is to minimise the risk for the business and ensure business continuity by proactively limiting the impact of a security breach. These practices relate to the protection of information and are developed in accordance with the business' position.

The UK GDPR replaced the General Data Protection Regulation (EU) 2016/679 when the UK left the European Union. The UK GDPR includes the same provisions as the previously applied GDPR. 

Ask a lawyer for:

  • websites collecting sensitive personal data

This privacy policy is governed by the law of England and Wales or the law of Scotland and complies with UK and EU data privacy legislation.

Other names for Privacy policy

Privacy policy for a website, Data protection policy, Online privacy policy.