Designed to help you to comply with UK and EU data protection law, these privacy policies are, in essence, shorter and simpler versions of our privacy and cookies policy templates. Although cookies are not referenced in the titles of these documents, cookies-related disclosures are included, albeit in summary form.
Our anti-spam policy template come in free and paid versions, with a Docular credit included in the former but not the latter. The policies include a broad definition of "spam", warnings about spam filters, prohibitions on user spam and information about receipt of unwanted messages.
Linking policies are not a common sight on the internet nowadays - at least, outside the affiliate / partner marketing space - but some businesses and organisations do still wish to assert control over the ways in which others link to their websites.
Designed for use in relation to an ecommerce website, these delivery policies describe the delivery methods used as well as delivery timetables. They should be used alongside our terms and conditions of sale via website documents. They can be used for both B2B and B2C stores.
These policies should be used to document discretionary returns and refund offers in relation to website sales. They are not intended to regulate statutory returns, which are covered by our terms and conditions of sale via website documents. If you are not proposing to offer customers rights going beyond the statutory basics, you do not need any of these policies.
These are internal cyber security policies, intended to control the use of IT systems by employees of a company and company sub-contractors. See also our supply chain cyber security policies, through which contractual obligations relating to information security can be applied to suppliers. These policies were created and are maintained by Emma Osborn of OCSRC.
This acceptable use policy document is designed to regulate the use of a website or other online service. The bulk of the policy is concerned with prohibiting certain actions and certain types of content. The policy naturally covers unlawful actions and content, but may also cover actions and content that are undesirable but not unlawful.
This policy provides organisations with a pre-structured way of describing their policy in the event of a cyber security incident. Policy users may be a small group within an organisation, or this policy may be given to all personnel as guidance in the event of an incident. Unlike an employee, contractor or B2B cyber security policy this is not intended to be a legal ...
This is a personal data breach notification policy, which sets out the procedures to be followed by a business in the event that personal data stored or processed by the business is subject to a breach. The policy has been created with SMEs in mind. The policy is designed to aid compliance with the General Data Protection Regulation or GDPR, and takes account of the ...
These cyber security policies should be used by a customer purchasing services and wanting to impose contractual obligations upon the supplier in relation to cyber security. The policies can be adapted to focus on specific risks or to apply general standards. These policies were created and are maintained by Emma Osborn of OCSRC.
This management-level data retention policy should be used to codify the policies and procedures of an organisation in relation to the archiving and deletion of data. The driving force behind the adoption of many retention policies is the General Data Protection Regulation (GDPR), but the suggested drafting in this document covers non-personal as well as personal data. To make effective use of this ...