Website Privacy Policy - First & Third-Party Cookies + Analytics

This template has been updated to reflect changes made by the Data (Use and Access) Act 2025, including new wording on data protection complaints, compatible further use of personal data, reasonable and proportionate searches when responding to subject access requests, automated decision-making and profiling, analytics, and cookies and similar technologies.

This Website Privacy Policy - First & Third-Party Cookies + Analytics is designed for websites that collect personal data from or about users and use first-party cookies, third-party cookies, and website analytics.

First-party cookies are set directly by the website itself. Third-party cookies are set by another site, domain, or service. Website analytics tools are used to collect and analyse usage information so that website operators can better understand how their site is used.

Suitable for websites using first-party cookies, third-party cookies, and analytics

This template is aimed at websites that need to explain general privacy information, different types of cookies, and the use of analytics tools. It can be used to describe what personal data is collected, what cookies and analytics tools are used, what they are used for, why they are used, and how users can control them.

Where more detailed cookie information is needed, the template can instead refer to a separate Cookie Policy.

What this website privacy policy covers

• the personal data collected by the website and how it is collected;
• how personal data is used and the lawful basis relied on;
• how individuals can raise concerns or complaints about the use of their personal data;
• compatible further use of personal data;
• data subject rights, reasonable and proportionate searches when responding to subject access requests, and how individuals can exercise control over their personal data;
• retention of personal data, storage, transfers, and data security;
• sharing personal data with third parties;
• the use of first-party cookies, third-party cookies, analytics cookies, and related controls or consent;
• the use of website analytics services; and
• contact details and changes to the privacy policy.

Important scope points

This template has been written with the UK GDPR, the Data Protection Act 2018, and related data protection legislation in mind, but specific legal advice may be needed if your website handles special category personal data, data relating to criminal convictions, or children’s personal data, as additional measures may be required.

It is also important to ensure that the finished policy accurately reflects your actual use of personal data, cookies, analytics tools, and related procedures. The template is drafted broadly and will not necessarily fit every website without adjustment.

The policy is designed to support clear explanations of matters such as third-party data sources, lawful basis, automated decision-making or profiling with legal or similarly significant effects, retention periods, the measures used to keep personal data secure, cookie use, cookie consent, analytics, and how individuals can raise data protection complaints.

This template does not include recognised legitimate interests as a standard lawful basis for ordinary website processing. This is deliberate: recognised legitimate interests are limited to specific purposes under data protection law and should not be treated as a general alternative to ordinary legitimate interests. They should be used with care and professional advice should be taken where there is uncertainty.

Related guidance and alternatives

For broader guidance on transparency, privacy information requirements, and data protection complaints, see the Privacy Information Guidance Notes. For practical guidance on cookie compliance, consent, analytics, and user control, see the Cookie Law Guidance Notes.

If your website does not use analytics, or only uses first-party cookies, one of the simpler website privacy policy templates may be more suitable, such as Website Privacy Policy - First Party Cookies, Website Privacy Policy - First Party Cookies + Analytics, or Website Privacy Policy - First & Third-Party Cookies.

Website Privacy Policy - First & Third-Party Cookies + Analytics is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.