Website Privacy Policy - Basic - No Cookies

This template has been updated to reflect changes made by the Data (Use and Access) Act 2025, including new wording on data protection complaints, compatible further use of personal data, reasonable and proportionate searches when responding to subject access requests, and automated decision-making and profiling.

This Website Privacy Policy - Basic - No Cookies is designed for basic websites that collect only limited personal data from users and do not use cookies. It is particularly suitable for simple websites, for example where users contact the website operator through a basic enquiry form.

The template has been drafted with the UK GDPR, the Data Protection Act 2018, and related data protection legislation in mind and covers key privacy information such as data subject rights, retention of personal data, data protection complaints, and data subject access requests.

Suitable for low-data websites that do not use cookies

This template is intended for websites with relatively straightforward data processing and no cookie use. It provides a practical starting point for explaining how personal data is collected, used, stored, transferred, and shared.

It is drafted broadly, so it should be checked carefully to ensure that the final policy reflects how your website actually handles personal data in practice.

Key privacy points this template addresses

• what personal data is collected and how it is obtained;
• how personal data is used and the lawful basis for processing;
• how individuals can raise concerns or complaints about the use of their personal data;
• compatible further use of personal data;
• how long personal data is kept;
• storage, transfers, and data security information;
• sharing personal data with third parties;
• access rights, reasonable and proportionate searches, and other data subject rights; and
• contact details and updates to the policy.

Important scope points

Specific legal advice may be needed if your website handles special category personal data, data relating to criminal convictions, or children’s personal data, as additional measures may be required.

The template also reflects the need to explain data use in clear, user-friendly language, including where personal data comes from, the lawful basis relied on, any automated decision-making or profiling that has legal or similarly significant effects, retention periods, the steps taken to protect personal data, and how individuals can raise data protection complaints.

This template does not include recognised legitimate interests as a standard lawful basis for ordinary website processing. This is deliberate: recognised legitimate interests are limited to specific purposes under data protection law and should not be treated as a general alternative to ordinary legitimate interests. They should be used with care and professional advice should be taken where there is uncertainty.

Related guidance and alternatives

For help with privacy information requirements, data protection complaints, and choosing the right template, see the Privacy Information Guidance Notes.

If your website uses cookies or similar technologies, this is unlikely to be the right document. In that case, you may need Website Privacy Policy - First Party Cookies, Website Privacy Policy - First Party Cookies + Analytics, or the Cookie Policy.

Website Privacy Policy - Basic - No Cookies is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.