Privacy law

Designed to help you to comply with UK and EU data protection law, these privacy policies are, in essence, shorter and simpler versions of our privacy and cookies policy templates. Although cookies are not referenced in the titles of these documents, cookies-related disclosures are included, albeit in summary form.

EU and UK law provide that, alongside information about the processing of personal data, website publishers must provide information to users about the cookies (or, more strictly, certain of the cookies) that the web application uses. This is the purpose of a cookies policy. Consent the use of cookies may also be required.

Non-disclosure agreements come in two basic flavours. First, there are unilateral or one-way agreements which protect the information of only one of the parties. Second, there are mutual or two-way agreements which protect the information of both parties. All of our non-disclosure agreements share the same core clauses, but with some extra optional provisions in the premium documents. Use these non-disclosure agreements to protection your confidential information and to facilitate open communications with business partners.

These are internal cyber security policies, intended to control the use of IT systems by employees of a company and company sub-contractors. See also our supply chain cyber security policies, through which contractual obligations relating to information security can be applied to suppliers. These policies were created and are maintained by Emma Osborn of OCSRC.

Data processing agreements between controllers of personal data and their processors, and between processors and sub-processors, have long been a requirement of EU and UK data protection law. With the coming of the General Data Protection Regulation (GDPR) they have become much more common. GDPR-friendly data processing agreements tend to be longer and more complex than pre-GDPR agreements. These template data processing agreements are designed to help you produce a compliant document with the minimum of fuss. They track the specific requirements of the GDPR closely, supplementing those requirements in a few important areas.

This is a template for a legal notice to be displayed in email communications. Although the enforceability of email disclaimers may be open to question, many businesses nonetheless incorporate a disclaimer in the footer of all email communications. However, there is no "standard" disclaimer, as different businesses face different compliance obligations and legal risks. This template may be used to create a document covering some ...

These letters are, in substance, identical to our unilateral non-disclosure agreements. The differences are purely of form. The letter templates provide that the letter recipient must protect the confidential information of the letter sender, and are flexible enough to be used in a wide range of circumstances.

This online non-disclosure agreement is intended to be published on a website. It is a unilateral agreement, protecting the confidential information disclosed by publishing organisation - but not the confidential information of other party. The other party can accept the agreement by completing and submitting an acceptance form published on the website, or you can define some alternative acceptance method. In editing this non-disclosure ...

These templates have been created from our general non-disclosure agreements, with adaptations designed for the particular purposes of the documents - namely, the protection of information disclosed in the context of: (a) discussions regarding an invention; (b) a proposed business venture; (c) pitching of a media concept discussion; and (d) the appointment of a web designer.

A business's confidential information may include information enabling others to solicit the business's customers, suppliers, contractor or employees, and thereby cause damage to the business. For this reason, you should consider including specific non-solicitation provisions in your non-disclosure or confidentiality agreement. This is a unilateral (or one-way) template, and so it will only serve to protect the information and business ...

Almost every commercial website collects some personal data and few websites entirely eschew the use of cookies and similar technologies. In order to comply with the GDPR and other UK and EU data protection laws, website publishers need to disclose to users information about the personal data that they collect; and in order to comply with electronic privacy laws, website publishers need to disclose to users information about the cookies that they use. These template privacy and cookies policies will help you to comply with these laws.

This agreement template has been designed for the situation where two parties wish to impose both confidentiality and non-solicitation obligations upon each other. In other words, the confidentiality and non-solicitation obligations will be mutual. The confidentiality provisions may restrict not just the disclosure of confidential information, but also the manner of its use. Flexible definitions of "confidential information" are included, allowing for both ...

This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident. Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal ...

Under each of these commission agreement templates, one party will pay the other party commission in relation to a particular event or type of event. For example, commission may be paid in relation to the introduction of a customer by one party to the other. The longer versions of the template also include clauses covering the confidentiality of information and/or the non-solicitation of connected persons.

This is a personal data breach notification policy, which sets out the procedures to be followed by a business in the event that personal data stored or processed by the business is subject to a breach. The policy has been created with SMEs in mind. The policy is designed to aid compliance with the General Data Protection Regulation or GDPR, and takes account of the ...

The General Data Protection Regulation (GDPR) and national data protection laws require that controllers of personal data disclose information about their processing of that personal data to data subjects. These data protection information notices will help an organisation that collects personal data relating to its freelances, supplier personnel and customer personnel to comply with the applicable disclosure requirements. These documents are similar to our privacy policy template, but intended for use offline rather than online.

These addenda should be used to complement an existing contract and bring it into line with the General Data Protection Regulation (GDPR). The GDPR is relatively prescriptive about the clauses that need to be included in contracts between controllers and processors and in contracts between between processors and sub-processors. The drafting of these documents follows the requirements of the GDPR closely.

These cyber security policies should be used by a customer purchasing services and wanting to impose contractual obligations upon the supplier in relation to cyber security. The policies can be adapted to focus on specific risks or to apply general standards. These policies were created and are maintained by Emma Osborn of OCSRC.

This management-level data retention policy should be used to codify the policies and procedures of an organisation in relation to the archiving and deletion of data. The driving force behind the adoption of many retention policies is the General Data Protection Regulation (GDPR), but the suggested drafting in this document covers non-personal as well as personal data. To make effective use of this ...

These agreements facilitate the lawful sharing of personal data between two controllers (as that term is defined in the General Data Protection Regulation). They can be used with respect to either joint controllers or independent controllers. They are not suitable for use in relation to controller-to-processor or processor-to-processor sharing.