Website Privacy Policy - First & Third Party Cookies

This template has been updated to reflect changes made by the Data (Use and Access) Act 2025, including new wording on data protection complaints, compatible further use of personal data, reasonable and proportionate searches when responding to subject access requests, automated decision-making and profiling, and cookies and similar technologies.

This Website Privacy Policy - First & Third Party Cookies is designed for websites that collect personal data from or about users and use both first-party and third-party cookies.

First-party cookies are set directly by the website itself. Third-party cookies are set by another site, domain, or service. This template is intended to help website operators explain their use of personal data, cookies, and related technologies in a way that supports UK GDPR and cookie compliance.

Suitable for websites using first-party and third-party cookies

This template is aimed at websites that need to explain both general privacy information and the use of different types of cookies. It can be used to describe what cookies the site uses, what they are used for, why they are used, and how users can control them.

Where more detailed cookie information is needed, the template can instead refer to a separate Cookie Policy.

What this website privacy policy covers

• the personal data collected by the website and how it is collected;
• how personal data is used and the lawful basis relied on;
• how individuals can raise concerns or complaints about the use of their personal data;
• compatible further use of personal data;
• data subject rights, reasonable and proportionate searches when responding to subject access requests, and how individuals can exercise control over their personal data;
• retention of personal data, storage, transfers, and data security;
• sharing personal data with third parties;
• the use of first-party and third-party cookies and related controls or consent; and
• contact details and changes to the privacy policy.

Important scope points

This template has been written with the UK GDPR, the Data Protection Act 2018, and related data protection legislation in mind, but specific legal advice may be needed if your website handles special category personal data, data relating to criminal convictions, or children’s personal data, as additional measures may be required.

It is also important to ensure that the finished policy accurately reflects your actual use of personal data, cookies, and related procedures. The template is drafted broadly and will not necessarily fit every website without adjustment.

The policy is designed to support clear explanations of matters such as third-party data sources, lawful basis, automated decision-making or profiling with legal or similarly significant effects, retention periods, the measures used to keep personal data secure, cookie use, cookie consent, and how individuals can raise data protection complaints.

This template does not include recognised legitimate interests as a standard lawful basis for ordinary website processing. This is deliberate: recognised legitimate interests are limited to specific purposes under data protection law and should not be treated as a general alternative to ordinary legitimate interests. They should be used with care and professional advice should be taken where there is uncertainty.

Related guidance and alternatives

For broader guidance on transparency, privacy information requirements, and data protection complaints, see the Privacy Information Guidance Notes. For practical guidance on cookie compliance, consent, and user control, see the Cookie Law Guidance Notes.

If your website also uses analytics, a more suitable document may be Website Privacy Policy - First Party Cookies + Analytics or Website Privacy Policy - First & Third-Party Cookies + Analytics.

Website Privacy Policy - First & Third Party Cookies is part of Business . Just £38.50 + VAT provides unlimited downloads from Business for 1 year.