Skip to main content
Have a Question?
< All Topics
Print

Privacy Policy Template

Posted
Updated
ByCyber Ready

Purpose and Use

This Website Privacy Policy explains how the organisation collects, uses, stores, and protects personal data obtained through its website. It is intended to provide clear and transparent information to website users about what personal data is collected, why it is collected, how it is used, and the rights individuals have in relation to their data.

This policy supports compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 and is commonly required to demonstrate transparency to users, regulators, customers, and business partners. It forms part of the organisation’s broader data protection framework and should be kept up to date to reflect how the website operates in practice.

This policy applies only to personal data collected via the website and should be read alongside other relevant notices or policies where applicable.

Who This Template For

This template is intended for UK organisations that operate a public-facing website and need a clear, proportionate Privacy Policy to explain website-related personal data processing.

It is suitable for organisations that:

  • Collect enquiries via contact or enquiry forms
  • Receive communications through website email addresses
  • Use cookies or basic analytics tools
  • Provide information about services or products online

It is not intended to replace internal Data Protection Policies or complex sector-specific privacy notices, but provides a solid baseline that can be extended where required.

Alternative names you may see

Organisations and frameworks do not always use the same terminology. This document may be referred to by different names depending on the business, industry, or compliance framework being followed.

Common alternative names for a Privacy Policy

  • Website Privacy Policy
  • Privacy Notice
  • Website Privacy Notice
  • Privacy Statement
  • Online Privacy Policy

Privacy Policy

This Privacy Policy explains how [Organisation Name] (“we”, “us”, “our”) collects and processes personal data through this website.

Organisation name: [Organisation Name]
Registered address: [Address]
Contact email: [Privacy or Contact Email]

Personal Data We Collect

We may collect and process the following types of personal data through our website:

  • Name
  • Email address
  • Telephone number
  • Information submitted via contact or enquiry forms
  • Communications sent to us via email or web forms
  • Technical information such as IP address, browser type, device information, and usage data

We do not intentionally collect special category personal data via our website unless explicitly stated.

How We Use Personal Data

Personal data collected via the website may be used to:

  • Respond to enquiries or requests
  • Communicate with users who contact us
  • Provide information about our services
  • Maintain the security and functionality of the website
  • Improve website performance and user experience

Personal data will not be used for purposes that are incompatible with those listed above.

Lawful Basis for Processing

We process personal data under one or more of the following lawful bases:

  • Legitimate interests – to respond to enquiries and operate our website
  • Consent – where users have actively provided consent (e.g. cookies, marketing where applicable)
  • Contract – where processing is necessary prior to entering into a contract

Where consent is used, it may be withdrawn at any time.

Cookies and Similar Technologies

This website may use cookies or similar technologies to ensure it functions correctly and to understand how visitors use the site.

Where required, users will be provided with clear information and choices about cookies.
Further details are provided in our [Cookie Policy / Cookie Notice].

Sharing Personal Data

We do not sell personal data.

Personal data may be shared with trusted third parties where necessary to:

  • Host or maintain the website
  • Provide IT or security services
  • Support analytics or website performance

All third parties are required to protect personal data and process it only in accordance with our instructions.

Data Retention

Personal data collected via the website will be retained only for as long as necessary to fulfil the purposes for which it was collected, after which it will be securely deleted or anonymised.

Data Security

We implement appropriate technical and organisational measures to protect personal data collected through the website, including access controls and secure hosting arrangements.

No website can be completely secure, but we take reasonable steps to protect personal data against unauthorised access, loss, or misuse.

International Transfers

We do not intentionally transfer personal data outside the UK.
Where third-party services result in international transfers, appropriate safeguards will be in place.

Your Data Protection Rights

Under UK data protection law, you have the right to:

  • Access your personal data
  • Request correction of inaccurate data
  • Request erasure of your data
  • Restrict or object to processing
  • Request data portability
  • Lodge a complaint with the Information Commissioner’s Office (ICO)

Requests can be made by contacting [Privacy Contact Email].

Changes to This Policy

This Privacy Policy may be updated from time to time to reflect changes to the website or legal requirements.
The latest version will always be published on this page.

Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, please contact:

[Organisation Name]
[Email Address]
[Postal Address]

Policy Addons

This policy provides a general privacy policy baseline. Some frameworks and obligations require additional, more specific policy statements. The add-on sections below identify where supplementary content may be needed so the policy can be adapted without rewriting it entirely, consider including these addon sections where applicable.

Affiliate Links and Referral Tracking (Add-On)

We use affiliate links on this website. When you click an affiliate link, a cookie or similar technology may be placed by the third party to record that you have visited their website via this site for referral or commission purposes. We do not receive personal data that identifies you from affiliate partners, but we may receive aggregated or anonymised information about referrals. Affiliate tracking is subject to the privacy policies of the relevant third parties.

Google Analytics (Add-On)

This website uses Google Analytics to help us understand how visitors use the site. Google Analytics collects information such as pages visited, time spent on the site, and general location data using cookies and similar technologies. This information helps us improve the website’s performance and content. Where available, privacy-protective settings such as IP anonymisation are applied. Data collected through Google Analytics is processed in accordance with Google’s privacy policy.

Google AdSense and Advertising Cookies (Add-On)

This website uses Google AdSense to display advertisements. Google and its partners may use cookies or similar technologies to show adverts based on your visits to this or other websites and to measure advertising effectiveness. You can manage your advertising preferences and opt out of personalised advertising through Google’s ad settings. Further information is provided in our cookie notice and Google’s privacy policy.

E-Commerce Functionality (Add-On)

WooCommerce

We use WooCommerce to provide e-commerce functionality on this website. Customer and order data is processed through the WooCommerce platform to manage products, orders, payments, and customer accounts. Transactional data is stored within our website hosting environment and may be shared with third-party services such as payment providers or delivery services where necessary to complete your order.

Shopify

We use Shopify to operate our online store. Personal data submitted through the website, including customer details and order information, is processed by Shopify as a third-party service provider to enable purchases, manage accounts, and process transactions. Shopify processes personal data in accordance with its own privacy and security standards.

Payments and Card Processing (Add-On)

We use third-party payment providers to process payments made through the website. Payment card details are processed securely by these providers, and we do not store full payment card information on our systems. Personal data associated with payments is used only to complete transactions, manage refunds, and meet legal or accounting obligations.

Tags:
Table of Contents