What is a privacy policy?

Posted on March 16, 2022
Posted by Frankie Mundy

what is a privacy policyA privacy policy is a document that explains how and why a business uses personal data, for example information about their customers or website users. It might also be called a privacy notice. A privacy policy might be produced as a combined document with your cookie policy, or it might be provided as two separate documents. 

Personal data is widely defined and includes any information that can be used to identify someone. This includes information that cannot be used to identify someone on its own, but can when used in combination with other information. For example, personal data includes an individual’s name, contact details, IP address and cookie identifiers.


Why a privacy policy is important

When your business does anything with an individual’s personal data, you must be transparent with them what you are doing and why. This is a legal requirement under data protection law. It’s common practice to set this privacy information out in a policy that can be easily accessed through your website. 

If you don’t comply with your data protection law obligations, which include providing privacy information to anyone whose data you process, you could face significant fines from the ICO (Information Commissioner’s Office). The ICO can fine businesses up to £17.5 million, or 4% of their global annual turnover, whichever is higher. On top of this, your business could also face reputational damage if it breaches data protection law. 


When a privacy policy is required

You need to provide privacy information whenever your business processes an individual’s personal data. For example:

  • Your business employs staff

    If you employ staff, your business will always hold data about them, which will inevitably contain personal data. For example, you’re likely to need to collect and store their contact details, payroll details, information about their right to work and other HR records. Equally, when your business is carrying out a recruitment exercise, you will need to process certain personal data about job applicants, and you must provide them with your privacy policy before they send you this information.

    For a template privacy policy you can provide to your staff, see our Staff privacy notice, and for a template policy you can provide to job applicants, see our Staff recruitment privacy notice.
  • Your business runs an ecommerce websiteIf you run an ecommerce website, you will inevitably be processing information about your customers and other website users. This might include their names, contact details, payment information, IP addresses etc. See below for a template policy you can use on your ecommerce website.


Although the privacy information you’re legally required to provide to individuals doesn’t have to be provided in a privacy policy or privacy notice, it’s often easier for your business to set it all out together in one place, which you can signpost people to. 


Privacy policy ecommerce template

Our template privacy policy will help you to comply with your legal obligations when running an ecommerce website. It can be customised to your business, allowing you to set out clear and transparent information about what personal data you are processing and how you are processing it. You can find out more about what should be in a privacy policy in this blog


How to provide your privacy policy

Your privacy information must be provided to users of your website at the point at which you collect their personal data, so that they know what you will be doing with it. You also need to make sure your policy is easy to access (eg by including a hyperlink on your website) and that you draw your users’ attention to relevant parts of it when they provide their personal data. For guidance about how to display a privacy policy on your website, read this blog.


Keeping your policy up-to-date

You must make sure that you regularly review your privacy policy and that you keep it up-to-date. For instance, you must review it if you change the way you collect or use personal data through your website. 


What about cookies?

If your website uses cookies or similar technologies (eg flash cookies, tracking pixels, plugins etc), you’ll also need to give your users and/or customers information about what you do with them. You can do this by providing them with a cookie policy or a cookie notice.

You may also need to get consent to your use of cookies too. 

To find out more about cookies in our Q&A on Privacy and cookies. If you’re looking for a template policy, use our Cookie policy.  


The content in this article is up to date at the date of publishing. The information provided is intended only for information purposes, and is not for the purpose of providing legal advice. Sparqa Legal’s Terms of Use apply.