Policy

Designed to help you to comply with UK and EU data protection law, these privacy policies are, in essence, shorter and simpler versions of our privacy and cookies policy templates. Although cookies are not referenced in the titles of these documents, cookies-related disclosures are included, albeit in summary form.

EU and UK law provide that, alongside information about the processing of personal data, website publishers must provide information to users about the cookies (or, more strictly, certain of the cookies) that the web application uses. This is the purpose of a cookies policy. Consent the use of cookies may also be required.

Our anti-spam policy template come in free and paid versions, with a Docular credit included in the former but not the latter. The policies include a broad definition of "spam", warnings about spam filters, prohibitions on user spam and information about receipt of unwanted messages.

Linking policies are not a common sight on the internet nowadays - at least, outside the affiliate / partner marketing space - but some businesses and organisations do still wish to assert control over the ways in which others link to their websites.

Designed for use in relation to an ecommerce website, these delivery policies describe the delivery methods used as well as delivery timetables. They should be used alongside our terms and conditions of sale via website documents. They can be used for both B2B and B2C stores.

These policies should be used to document discretionary returns and refund offers in relation to website sales. They are not intended to regulate statutory returns, which are covered by our terms and conditions of sale via website documents. If you are not proposing to offer customers rights going beyond the statutory basics, you do not need any of these policies.

These are internal cyber security policies, intended to control the use of IT systems by employees of a company and company sub-contractors. See also our supply chain cyber security policies, through which contractual obligations relating to information security can be applied to suppliers. These policies were created and are maintained by Emma Osborn of OCSRC.

This acceptable use policy document is designed to regulate the use of a website or other online service. The bulk of the policy is concerned with prohibiting certain actions and certain types of content. The policy naturally covers unlawful actions and content, but may also cover actions and content that are undesirable but not unlawful. As regards unlawful content, this can be addressed in detail ...

Almost every commercial website collects some personal data and few websites entirely eschew the use of cookies and similar technologies. In order to comply with the GDPR and other UK and EU data protection laws, website publishers need to disclose to users information about the personal data that they collect; and in order to comply with electronic privacy laws, website publishers need to disclose to users information about the cookies that they use. These template privacy and cookies policies will help you to comply with these laws.

This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident. Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal ...

This is a personal data breach notification policy, which sets out the procedures to be followed by a business in the event that personal data stored or processed by the business is subject to a breach. The policy has been created with SMEs in mind. The policy is designed to aid compliance with the General Data Protection Regulation or GDPR, and takes account of the ...

The General Data Protection Regulation (GDPR) and national data protection laws require that controllers of personal data disclose information about their processing of that personal data to data subjects. These data protection information notices will help an organisation that collects personal data relating to its freelances, supplier personnel and customer personnel to comply with the applicable disclosure requirements. These documents are similar to our privacy policy template, but intended for use offline rather than online.

These cyber security policies should be used by a customer purchasing services and wanting to impose contractual obligations upon the supplier in relation to cyber security. The policies can be adapted to focus on specific risks or to apply general standards. These policies were created and are maintained by Emma Osborn of OCSRC.

This management-level data retention policy should be used to codify the policies and procedures of an organisation in relation to the archiving and deletion of data. The driving force behind the adoption of many retention policies is the General Data Protection Regulation (GDPR), but the suggested drafting in this document covers non-personal as well as personal data. To make effective use of this ...