Privacy Policies and Notices
The Right to be Informed
One of the most important functions of modern data protection legislation is to ensure transparency. If you are using someone’s personal data, they should know that you are using it, what for, and why. The UK GDPR sets out a range of data subject rights, including the right to be informed.
To comply with this right, you must furnish individual data subjects with certain key information including:
- Your purpose or purposes for processing their personal data;
- How long you will hold their personal data; and
- Who you will share their personal data with.
This is known as privacy information. If you are collecting personal data directly from people, they should be given this information at the time of collection. Alternatively, if you collect personal data from another source, individuals must be furnished with privacy information within a reasonable period (not later than one month) of you obtaining their personal data.
There are limited exceptions to the requirement to provide privacy information. For example, if an individual may already have the information or if it would involve “disproportionate effort” to provide it (but this should not be used as an easy excuse).
Privacy information can be provided in a variety of ways, but it is important to ensure that it is easily accessible and user-friendly.
Privacy Policies and Privacy Notices
One way to provide privacy information is to use what is commonly called a privacy policy or a privacy notice. These terms mean the same thing in this context. Within our range of document templates, we use the term “privacy policy” for website-based privacy information and “privacy notice” for offline privacy information, such as that provided at the point of sale, on your premises, with an order form, etc.
Document Templates Available
We offer a range of different website privacy policy templates, each designed to cater for different data use cases. All but the most basic explain your data use and individuals’ rights and how to exercise them:
- Our Website Privacy Policy – Basic – Limited Data is designed for use on simple websites that collect little or no data from or about their users save for basic contact details obtained when a user sends you an email or data that is collected automatically such as an IP address.
- Our Website Privacy Policy – Basic – No Cookies is the next step up, designed for use on websites that gather some data (via a contact form, for example) but do not employ cookies or similar technologies.
- Our Website Privacy Policy – First Party Cookies is designed for sites that collect information from or about users and employ first-party cookies (i.e., those set directly by your website) in the process.
- Our Website Privacy Policy – First Party Cookies + Analytics is a variant of the template above for sites that also use analytics to measure performance, study user behaviour, and so on.
- Our Website Privacy Policy – First & Third Party Cookies is designed for websites which use first-party cookies set by the website itself and third-party cookies which are set by other sites, domains, or services.
- Finally, our Website Privacy Policy – First & Third Party Cookies + Analytics adds to the previous template on the list with provisions for websites that use analytics for functions such as measuring performance and tracking user behaviour.
For offline data collection, we offer two different privacy notice templates. These follow a very similar structure to the website privacy policies listed above and are designed to assist you in providing the privacy information required by the UK GDPR:
- Our Privacy Notice Template is designed for general application and can be used in a variety of situations, including point of sale and on display in retail premises.
- Our Employment Agency Privacy Notice is a version of the template above which has been tailored to provide job applications with important information about how their personal data will be used during the recruitment process when using an employment agency.