Register
Forgotten password?

Data protection law

Privacy policy

FROM

£12

OR

10

CREDITS
2.4
This privacy policy is a shorter and simpler version of our privacy and cookies policy document, and may be used in relation to a wide variety of different kinds of website. The primary purpose of a privacy policy is to assist a website operator to comply with information disclosure obligations under data protection legislation. From 25 May 2018 in the UK and elsewhere in the ...

Privacy and cookies policy (lead generation)

FROM

£19.20

OR

16

CREDITS
2.4
This privacy and cookies policy template has been adapted for websites that earn money by passing leads or prospects to third party suppliers or service providers. Generating leads inevitably involves the collection of personal data. Typically, a lead generation website will collection users' names, email addresses, postal addresses and telephone numbers, as well as information about the products or services that they have an interest ...

Privacy and cookies policy (social networking)

FROM

£19.20

OR

16

CREDITS
2.4
A website privacy and cookies policy can have more than one purpose. From a lawyer's perspective, the primary concern is compliance with disclosure of data protection legislation, in particular, from 25 May 2018, the General Data Protection Regulation. However, there are also marketing and user relations perspectives. Users expect website privacy policies and practices to be fair. For some users, unfair policies and practices ...

Privacy and cookies policy (online shop)

FROM

£19.20

OR

16

CREDITS
2.6
This privacy and cookies policy template has been designed for online stores selling goods, including B2B stores, B2C stores and those supplying goods both B2B and B2C. The policy sets out details of the processing of personal data by the online store in accordance with UK/EU laws concerning the protection of personal information - including the General Data Protection Regulation. The core of the policy ...

Privacy and cookies policy

FROM

£19.20

OR

16

CREDITS
2.7
From a lawyer's perspective, the key purpose of a website privacy and cookies policy is to help a website operator comply with data protection and cookies legislation. In the UK, from 25 May 2018, that will mean compliance with the General Data Protection Regulation (GDPR) as well as the Privacy and Electronic Communications Regulations. One of the principles of the GDPR is transparency: data ...

Cyber security incident response policy

FROM

£24

OR

20

CREDITS
1.0
This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident. Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal ...

Personal data breach notification policy

FROM

£36

OR

30

CREDITS
1.0
This is a personal data breach notification policy, which sets out the procedures to be followed by a business in the event that personal data stored or processed by the business is subject to a breach. The policy has been created with SMEs in mind. The policy is designed to aid compliance with the General Data Protection Regulation or GDPR, and takes account of the ...

Data protection information notice for freelances

FROM

£36

OR

30

CREDITS
1.1
Under data protection law, data controllers have obligations to provide to data subjects (i.e. individuals) information about how they process personal data. This data protection information notice is designed to help controllers to meet those obligations with respect to individual subcontractors and freelances appointed by the controller. The principal provision in the notice cover: (a) the purposes of processing and the legal bases of ...

Data protection information notice for suppliers

FROM

£36

OR

30

CREDITS
1.0
It is relatively unusual - as at January 2018 - for organisations to issue data protection information notices to their suppliers. However, organisations do usually act as data controllers with respect to some of the personal data provided by suppliers, and there is an obligation under data protection law to notify data subjects, individuals whose personal data is being processed, about the parameters of that processing. With ...

Data protection information notice for customers

FROM

£36

OR

30

CREDITS
1.0
This notice is designed to help data controllers to comply with the disclosure requirements of the General Data Protection Regulation (GDPR) with respect to customers. This notice sets out the categories of personal data that may be processed and, with respect to each category of personal data, the legal basis of that processing. Where the legal basis is "legitimate interests", then the specific interests should ...

Data processing addendum (controller-processor)

FROM

£36

OR

30

CREDITS
1.0
This addendum may be used to supplement and amend an existing contract, with the aim of bringing the contract into line with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). The GDPR requires that all contracts between those organisations that control personal data and those organisations that process personal data include certain clauses. This requirement is set out in Article 28 of the ...

Data processing addendum (processor-sub-processor)

FROM

£36

OR

30

CREDITS
1.0
A pre-existing contract may be rendered compliant with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) using this data processing addendum. Under the GDPR, contracts between "processors" of personal data and their "sub-processors" must contain a set of provisions designed to promote privacy and security. For instance, processors must only process personal data at the direction of their controllers, and it ...

Supply chain cyber security policy (standard)

FROM

£36

OR

30

CREDITS
1.0
This is a standard-length supplier cyber security policy designed to help businesses to create contractually enforceable obligations on suppliers with respect to cyber security. This flexible template can be edited either to focus on specific, identified risks, or to apply a general benchmark across a supplier's systems. Before or while editing the policy, you should establish what the relevant risks are, your general ...

Data processing agreement (controller-processor)

FROM

£48

OR

40

CREDITS
1.5
This data processing agreement has been designed to help data controllers to transfer personal data to data processors in a way that complies with the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR). The GDPR will come into force on 25 May 2018. If you have a subsisting data processing agreement that will be replaced by this document, you should specify the effective date ...

Data retention policy

FROM

£48

OR

40

CREDITS
1.0
This management-level data retention policy should be used to codify the policies and procedures of an organisation in relation to the archiving and deletion of data. The driving force behind the adoption of many retention policies is the General Data Protection Regulation (GDPR), but the suggested drafting in this document covers non-personal as well as personal data. To make effective use of this ...

Data processing agreement (processor-sub-processor)

FROM

£48

OR

40

CREDITS
1.1
This agreement can be used to enable the transfer of personal data from data processors to sub-processors in a way that complies - or may comply - with the GDPR or General Data Protection Regulation (Regulation (EU) 2016/679). This document can sit alongside a services agreement, and can be used to supplement a services agreement that has been previously executed. The substantive terms are very ...

Supply chain cyber security policy (premium)

FROM

£48

OR

40

CREDITS
1.0
Increasingly, organisations are recognising cyber security as a strategic risk, touching every aspect of their business, including the way they interact with suppliers and customers. This supplier cyber security policy is intended to assist your organisation in producing a contract, or a schedule or addendum to a contract, describing the cyber security requirements a supplier (or other person) must comply with before it can do ...

Data sharing agreement (mutual)

FROM

£60

OR

50

CREDITS
1.1
This agreement will help you to regulate the sharing of personal data by two companies or other organisations, where each party will act as a controller with respect to the shared data. The document may be used whether the parties will exercise their authority as controllers independently or jointly. Unlike in the case of controller-to-processor transfers, there is no mandated set of clauses ...