If your business runs a website and/or otherwise deals with customer data, then you are legally required to provide your users with certain information about their privacy and your collection and use of their personal data. Although you are not required to set this out in a privacy policy, using our customisable Privacy policy template collates all legally required information into one location that can then be signposted to your users.
This blog explains the key terms contained in privacy policies generally and outlines how you can use our template to suit the needs of your business.
For full details of when and how to use this policy, see Guidance: Privacy and cookies.
Key terms in a privacy policy
Legally, your clients and customers must be told:
- What personal data your business collects about them
- The specific reason for its collection
- What will be done with the data
- What their rights are in relation to the data.
This information must be provided to your users at the point at which your business collects their personal data.
You should make sure your privacy policy is easy to access – eg by including a hyperlink on your website and drawing your users’ attention to relevant parts of the policy. For more guidance, see How to tell people about a privacy policy and a cookie policy.
Using our privacy policy template
Our privacy policy template is UK GDPR compliant, which means that it is suitable only for UK-based businesses carrying out data-processing activities in the UK. If your business:
- has an office or establishment in the EEA;
- offers goods or services to individuals in the EEA; or
- monitors the behaviour of individuals in the EEA,
then your privacy notice will also need to comply with the EU GDPR (which is outside the scope of this service).
Step-by-step
- Follow the Privacy policy link.
- Read the background information and Q&A.
- Click ‘Get Started’.
- After you have filled in the details of your business, click ‘next’. Read the information contained in the ‘What you need to know’ box carefully.
- Complete the questionnaire with details of your business and intended privacy policy (see below for examples of information you will need to consider and provide).
- Download the finished document and read through it carefully to ensure it covers your situation appropriately. You must read through all of the provisions of the privacy policy and ensure you understand them. If you are unsure, seek legal advice. You can access a specialist lawyer in a few simple steps using our Ask a Lawyer service.
- Print the policy and keep the original in a safe place.
Information required to complete the template policy
In order to complete the template, you will need the following information to start with:
- Your business details;
- What date your policy will be published;
- Who will be responsible for queries regarding your business’s use of data or the privacy policy more generally;
- Whether your business uses automated decision-making or profiling activities;
- Whether your business carries out other forms of data-sharing and whether your business shares personal data with countries outside the UK; and
- Whether you want to include specific provisions setting out how your business protects children’s privacy.
Once these preliminary fields have been completed, you will progress to a series of questions that will help you set out:
- What different categories of personal data you collect (What);
- Why you are using each type of data, including whether you will share it with any third parties (Why);
- Your lawful basis for collecting and using each category of data (How); and
- The length of time you will keep the data.
Answers to these questions will be used to build a table which will appear at the end of your privacy policy. You must conduct a proper analysis of your business and processing activities to make sure you have included information specific to your business. If you do not do this, you will be in breach of data protection law.
1. The What
Categories of personal data include:
- Name and contact details
- Date of birth
- Payment information
- Purchase history
- Information from linked accounts
- Responses to surveys, competitions and promotions
- Customer comments and product reviews
- Information collected through cookies and similar technologies
2. The Why
Reasons for collecting different types of personal data include:
- Sales and returns
- Marketing
- Customer service
- Website functionality
- Business development
- Legal, risk and due diligence
3. The How
Lawful bases for processing personal data include:
- Performance of contract
- Compliance with a legal obligation
- Legitimate interests
- Consent
Important things to note
Make sure you keep your policy updated if you change the way you collect or use personal data through your website.
You can purchase our privacy policy template as part of our Data protection policy toolkit or Starting an online business toolkit. Our privacy policy template is designed to be used in conjunction with our Cookie policy template.
See Guidance: using personal data, policies and record-keeping for more information on privacy policies generally.
The content in this article is up to date at the date of publishing. The information provided is intended only for information purposes, and is not for the purpose of providing legal advice. Sparqa Legal’s Terms of Use apply.
Marion joined Sparqa Legal as a Senior Legal Editor in 2018. She previously worked as a corporate/commercial lawyer for five years at one of New Zealand’s leading law firms, Kensington Swan (now Dentons Kensington Swan), and as an in-house legal consultant for a UK tech company. Marion regularly writes for Sparqa’s blog, contributing across its commercial, IP and health and safety law content.