Privacy Notice Template

Website privacy notice – why is it necessary?

Legal requirement: In the digital age, most businesses collect personal information through a website. This might be traffic data from website visitors, or simply when a potential customer enters information into a website form. If your website collects personal data it is a legal requirement to have a privacy notice (sometimes called a ‘fair processing notice’) posted on your website. UK data protection laws are no joke, and lack of compliance can result in hefty fines – so it’s important to use Docue’s privacy notice template to ensure compliance.

Required if controller: A business will need to have a privacy notice where it is a “controller” of personal data. A controller of personal data means they make decisions about how personal data will be used. For example, website owners will usually be a controller of website visitors’ personal data as they will decide what personal data is collected from website visitors, why it needs to be collected and how it is used.

Risks of getting it wrong! It is a legal requirement to give certain information to data subjects via a privacy notice (under Article 13 of the UK GDPR). Failure to do so and breaching data protection laws could have a huge impact on your business, both financially and reputationally:

• Reputational damage: Mismanaged data protection practices can lose the hard-earned trust of your customer base - having a privacy notice in place is an obvious way to demonstrate to others that you take their privacy seriously and have safe and secure procedures in place;
• Big fines: In the event of a non-compliance with data protection laws, your business could be exposed to multi-million-pound fines and other legal action (e.g. claims from data subjects); and
• Regulatory investigations: Data subject complaints could lead to an ICO (the data protection regulator in the UK) investigation. Such an investigation would cause the ICO to look into your data protection practices and procedures in detail, and potentially take action where non-compliances are identified.

Find out more about privacy notices by reading this comprehensive guide.

What does a website privacy notice need to include?

Key content: This privacy notice template is considered to be a “transparency notice”, meaning that its main focus is to provide information to individuals. It explains how you gather, use, disclose and manage a customer's or visitor's data when they browse your website. The privacy notice template confirms what personal information is gathered by your site and how it is used, including the legal justification for its use – a particularly important consideration when complying with UK data protection laws.

Make sure it is compliant: To comply with the requirements of UK data protection laws, there are strict requirements that must be followed and a privacy notice must include the following information according to Article 13 of the UK GDPR:

• Controller details - the identity and the contact details of the controller of the personal data (which will usually be the website owner in the case of a website privacy notice);
• Data protection officer (DPO) - if the company has a DPO, the contact details of the DPO must be included on the website privacy notice;
• Purpose and lawful basis - the purposes of the processing for which the personal data are intended as well as the legal basis for the processing (and where legitimate interests are relied upon as the lawful basis, details of the specific legitimate interests);
• Data sharing - details of the recipients or categories of recipients of the personal data, if any;
• International transfers - where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation, including reference to the appropriate or suitable safeguards being used for the transfer;
• Retention period - the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period;
• Data subject rights - a privacy notice must tell data subjects what their rights are under data protection laws. This includes the right to request access to and rectification or erasure of personal data, the right to request the restriction of processing concerning the data subject or to object to processing, the right to data portability, the right to withdraw consent at any time and the right to lodge a complaint with the ICO; and
• Automated-decision making - if automated decision-making, including profiling, is being used by your company, you must tell data subjects about it in your privacy notice.

You can easily include all of the matters listed above (plus more!) in Docue’s dynamic privacy notice template. Find out more about what to include by using this checklist.

How is a website privacy notice used?

Place on your website: A privacy notice is a legal requirement if you collect personal information from website visitors, and you will need to place this privacy notice somewhere that is easily accessible on your website. You should include this document on any websites under the control of your company or business. Find out other top tips for drafting and using your privacy notice here.

Keep up to date: Data protection laws are a rapidly changing area of law where there has been a lot of movement over recent years. Docue’s website privacy notice template will be constantly kept up to date to ensure it remains compliant. You should regularly check your privacy notice and update it where changes are required to comply with changes in the law. If your processing activities change, you should also update your privacy notice to reflect the new processing taking place.

What else do I need on my website?

Make sure you are cookie compliant too: Almost every website uses some form of cookies (which are tracking technologies). As cookies collect personal data, you are required to tell website visitors about the types of cookies that you use and also get their consent to cookies being used. For more information, please see Docue’s cookie notice template. Find out about the differences between privacy notices and cookies notices here.

Other terms: Your website should also contain terms that cover how a customer can use the website, and any restrictions you want to impose on their use. This can protect the content of your website. You should have separate website terms of use in place to deal with that.

Why Docue?

Legal expertise: With Docue, you can create a top-quality website privacy notice in minutes. The privacy notice template includes model clauses designed by data protection lawyers to help you draft the notice yourself and tailor it to your needs. And don’t worry if you get stuck along the way - Docue’s lawyer-drafted guidance notes are there to help you, with detailed guidance on each section and question.

Full contract process: Signatures can be collected electronically, and all contracts you make are securely saved in your company's own contract account, Docue Drive.

Tags: privacy notice template, fair processing notice, transparency notice