Website privacy policy template – why is it necessary?
Legal requirement: In the digital age, most businesses collect personal information through a website. This might be traffic data from website visitors, or simply when a potential customer enters information into a website form. If your website collects personal data it is a legal requirement to have a website privacy policy (sometimes called a ‘fair processing notice’) posted on your website. UK data protection laws are no joke, and lack of compliance can result in hefty fines – so it’s important to use Docue’s website privacy policy template to ensure compliance.
Required if controller: A business will need to have a website privacy policy where it is a “controller” of personal data. A controller of personal data means they make decisions about how personal data will be used. For example, website owners will usually be a controller of website visitors’ personal data as they will decide what personal data is collected from website visitors, why it needs to be collected and how it is used.
Risks of getting it wrong! It is a legal requirement to give certain information to data subjects via a website privacy policy (under Article 13 of the UK GDPR). Failure to do so and breaching data protection laws could have a huge impact on your business, both financially and reputationally:
- Reputational damage: Mismanaged data protection practices can lose the hard-earned trust of your customer base - having a website privacy policy in place is an obvious way to demonstrate to others that you take their privacy seriously and have safe and secure procedures in place;
- Big fines: In the event of a non-compliance with data protection laws, your business could be exposed to multi-million-pound fines and other legal action (e.g. claims from data subjects); and
- Regulatory investigations: Data subject complaints could lead to an ICO (the data protection regulator in the UK) investigation. Such an investigation would cause the ICO to look into your data protection practices and procedures in detail, and potentially take action where non-compliances are identified.
Find out more about website privacy policies by reading this comprehensive guide.
What does a website privacy policy need to include?
Key content: This website privacy policy template is considered to be a “transparency notice”, meaning that its main focus is to provide information to individuals. It explains how you gather, use, disclose and manage a customer's or visitor's data when they browse your website. The website privacy policy template confirms what personal information is gathered by your site and how it is used, including the legal justification for its use – a particularly important consideration when complying with UK data protection laws.
Make sure it is compliant: To comply with the requirements of UK data protection laws, there are strict requirements that must be followed and a website privacy policy must include the following information according to Article 13 of the UK GDPR:
- Controller details - the identity and the contact details of the controller of the personal data (which will usually be the website owner in the case of a website privacy policy);
- Data protection officer (DPO) - if the company has a DPO, the contact details of the DPO must be included on the website privacy policy;
- Purpose and lawful basis - the purposes of the processing for which the personal data are intended as well as the legal basis for the processing (and where legitimate interests are relied upon as the lawful basis, details of the specific legitimate interests);
- Data sharing - details of the recipients or categories of recipients of the personal data, if any;
- International transfers - where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation, including reference to the appropriate or suitable safeguards being used for the transfer;
- Retention period - the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
- Data subject rights - a website privacy policy must tell data subjects what their rights are under data protection laws. This includes the right to request access to and rectification or erasure of personal data, the right to request the restriction of processing concerning the data subject or to object to processing, the right to data portability, the right to withdraw consent at any time and the right to lodge a complaint with the ICO; andf
- Automated-decision making - if automated decision-making, including profiling, is being used by your company, you must tell data subjects about it in your website privacy policy.
You can easily include all of the matters listed above (plus more!) in Docue’s dynamic website privacy policy template. Find out more about what to include by using this checklist.
How is a website privacy policy used?
Place on your website: A website privacy policy is a legal requirement if you collect personal information from website visitors, and you will need to place this website privacy policy somewhere that is easily accessible on your website. You should include this document on any websites under the control of your company or business. Find out other top tips for drafting and using your website privacy policy here.
Keep up to date: Data protection laws are a rapidly changing area of law where there has been a lot of movement over recent years. Docue’s website privacy policy template will be constantly kept up to date to ensure it remains compliant. You should regularly check your website privacy policy and update it where changes are required to comply with changes in the law. If your processing activities change, you should also update your website privacy policy to reflect the new processing taking place.
Why Docue?
Legal expertise: With Docue, you can create a top-quality website privacy policy in minutes. The website privacy policy template includes model clauses designed by data protection lawyers to help you draft the notice yourself and tailor it to your needs. And don’t worry if you get stuck along the way - Docue’s lawyer-drafted guidance notes are there to help you, with detailed guidance on each section and question.
Full contract process: Signatures can be collected electronically, and all contracts you make are securely saved in your company's own contract account, Docue Drive.
Tags: website privacy policy template, fair processing notice, transparency notice