Privacy Notice Template (A217)

£8.50 plus VAT
Buy Excluding 0% tax

This Privacy Notice template – previously known as a Privacy Policy – is for use on a website where the website owner collects data on visitors or customers. It meets the basic requirements of the EU’s GDPR (General Data Protection Regulation) and the UK’s Data Protection Act.

This Privacy Notice template is primarily for SMEs that sell goods and/or services from their website. In accordance with the GDPR requirments, the Privacy Notice explains what personal data the business collects, the reasons and legal basis for collecting and processing personal data, who else might receive the data, how long it will be kept and what rights the individual has to access, amend or erase their personal data. It also explains when consent is needed from the individual.

Read more about GDPR on our blog or sign up for our free email guide here.

You may also find these contracts of use:

Free Download

Use this free GDPR Data Collection form to begin compiling the information you need to comply with the General Data Protection Regulations.

£19.50 Plus VAT

This Data Protection  Policy is for internal use by a business that sells goods and/or services and has a website from which sales can be made and/or on which personal data can be collected.   It…

Add to cart Excluding 0% tax

£29.50 Plus VAT

Who can use this Data Processor Appointment? This Data Processor Agreement is for use by a company or organisation that wants to appoint an outsider as data processor. What is this contract for? This data…

Add to cart Excluding 0% tax

Explanatory Notes

Under the UK’s Data Protection Act 1998, any business processing data that it collects about individuals must comply with a number of requirements, including eight Data Processing principles. Among them is the requirement that information must be ‘fairly and lawfully processed’. In addition there are European Regulations on privacy and electronic communication which apply throughout the EU. A Privacy Policy can set out the way in which you will collect information on visitors to your website in conformity with the law.

If you run a business and process data – which can involve no more than collecting the name and email address of visitors to your website – you may also have a legal duty to register as a ‘Data Controller’ with the Information Commissioner, the Government official who administers the Data Protection Act.

To find out more, there is a lot of helpful guidance on the Information Commissioner’s website:

Specific comments on the paragraphs in our privacy policy template are set out below:


There is no necessity for an introduction but it helps to identify your business and, if you use it, you should fill in the blanks appropriately.


Here you should adapt the wording as necessary to explain what information you are collecting. If, for example, you do not sell anything from your website, then our paragraph about credit card payments should be omitted. If you collect and handle sensitive information about your visitors, then our wording is not appropriate and needs to be strengthened.


This explains what you will do with the information. The paragraph also picks up on one of the duties of a Data Controller, namely to take precautions to keep data secure.


If you do not use cookies, then this paragraph can be omitted.


Here again, try to set out what you will do with the information that you collect (within the limits laid down by the Data Protection Act) and alter our wording as appropriate to meet your own objectives.


This is a reminder for you as well as your visitors – if you change your policy you should inform the people whose data you hold and get their consent.


You are required to keep up to date all information that you hold, and this paragraph explains how visitors can contact you.


Your Privacy Policy should be easily accessible on your website and drawn to the attention of visitors so they can see the policy before they provide you with personal information.

If you send out newsletters or maintain regular (or irregular) contact with the individuals whose information you hold, you should make it clear in all your communications that they are entitled to have their details removed from your list. And do remember it is in your interests to have a procedure to do this – quite apart from the legal implications, there is nothing more irritating for someone than to keep receiving material from an organization that is of no interest after he/she has asked tot be removed from the mailing list.

Finally, please remember:

(1) It is recommended that you obtain legal advice before using our template or publishing a Privacy Policy.

(2) If you like this document please acknowledge on your website that this Privacy Policy was supplied by ContractStore, with a link to our website: