Cookie notice vs privacy policy: key differences explained

What is a cookie notice?

A cookie notice is a document that tells website visitors or device users information about the cookies in use e.g. how you use cookies, for what purpose, and the cookie types you are using.

For more information about cookie notices, read this comprehensive guide.

What is a privacy notice?

A privacy notice contains information like why you need to use individuals’ personal data, what you are using it for, and how long you're going to keep it for. A privacy notice is sometimes known as ‘fair processing information’, ‘privacy information’, or a ‘privacy policy’.

It is a requirement of UK data protection law to provide certain information to individuals when you collect or process personal data about them. To comply with UK data protection laws, this information must include:

• Controller details - the identity and the contact details of the controller of the personal data;

• Data protection officer (DPO) - if the company has a DPO, the contact details of the DPO must be included;

• Purpose and lawful basis - the purposes of the processing for which the personal data are intended as well as the legal basis for the processing (and where legitimate interests are relied upon as the lawful basis, details of the specific legitimate interests);

• Data sharing - details of the recipients or categories of recipients of the personal data, if any;

• International transfers - where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation, including reference to the appropriate or suitable safeguards being used for the transfer;

• Retention period - the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;

• Data subject rights - a privacy notice must tell data subjects what their rights are under data protection laws. This includes the right to request access to and rectification or erasure of personal data, the right to request the restriction of processing concerning the data subject or to object to processing, the right to data portability, the right to withdraw consent at any time and the right to lodge a complaint with the ICO; and

• Automated-decision making - if automated decision-making, including profiling, is being used by your company, you must tell data subjects about it in your privacy notice.

You can easily include all of the matters listed above (plus more!) in Docue’s dynamic privacy notice template.

What are the key differences between a privacy and cookie policy?

Privacy and cookie policies are both documents that communicate to your website visitors, customers, and users different aspects of how you use their personal information. But there are some differences between the two:

• Cookies notice/policy - this document is intended to tell website visitors about the specific cookies being used on a website, why they are being used and the purpose for them.

• Privacy notice/policy - a privacy notice is broader in purpose, and covers how all personal data is being collected and used by a website. Data protection laws include a prescribed list of information that must be included in a privacy notice - see section above.

If your website uses cookies, you should provide both a privacy and cookies policy to website visitors in order to comply with UK data protection laws. This is because cookies collect personal data, so a privacy notice is required as well as a cookies notice.

How can Docue help? Use our privacy and cookie policy templates!

Docue’s dynamic privacy and cookie policy templates have been drafted by privacy lawyers to help you comply with UK data protection laws. Both templates are easily customisable to suit your requirements - all you have to do is answer a series of simple questions and you will have a tailored privacy and cookie policy in no time.

Sign up now to use Docue’s cookie notice and other privacy templates.