Forgotten password?

Privacy and cookies policy

From a lawyer's perspective, the key purpose of a website privacy and cookies policy is to help a website operator comply with data protection and cookies legislation. In the UK, from 25 May 2018, that will mean compliance with the General Data Protection Regulation (GDPR).

A privacy policy which complies with the GDPR will in most respects comply with the current law. However, there is one important exception to this rule.

Under current data protection law and under the GDPR, data controllers have an obligation to provide information to data subjects about the data subjects' legal rights. As those legal rights differ between the current law and the GDPR, two different sections relating to data subjects' rights are included in this document. If you use this policy, you should swap the sections in May 2018.

European legislators are planning to update the law relating to cookies at the same time as the GDPR comes into force. However, as at the date of writing the new cookies law is not in definite form. Accordingly, there may be further updates to this document before May 2018.

Ask about this document

Privacy and cookies policy contents

  1. Introduction: commitment to privacy; document applies to controlled personal data; consent to use of cookies; website privacy controls; data controller name.
  2. How we use your personal data: introduction to categories, purposes and legal bases of processing; processing of usage data; processing of account data; processing of profile data; processing of service data; processing of publication data; processing of enquiry data; processing of transaction data; processing of notification data; processing of correspondence data; processing of other data; processing for legal claims; processing for risk management; general purposes of processing personal data; disclosure of third party personal data.
  3. Automated decision-making: personal data used in automated decisions; logic involved in automated decisions; significance of automated decisions.
  4. Providing your personal data to others: intra-group disclosures of personal data; disclosure of personal data to insurers etc; disclosures of personal data to subcontractors; disclosure of personal data to payment services providers; disclosure of personal data to third party suppliers; disclosure of personal data necessary for legal compliance etc.
  5. International transfers of your personal data: introduction to international personal data transfers; international transfers within business; international transfers to hosting services provider; international transfers to subcontractors; publication of personal data on internet.
  6. Retaining and deleting personal data: data retention introduction; personal data retention default rule; personal data retention specific rules; personal data retention criteria; personal data deletion exception.
  7. Security of personal data: appropriate technical and organisational security measures; personal data stored on secure servers and computers; encrypted storage of personal data; security of server-browser communications; unencrypted data sent over internet is insecure; password security.
  8. Amendments: amendment by publication; check for changes to policy; notification of changes to policy.
  9. Your rights: subject access requests; subject access: withholding personal information; no marketing instructions; consent to marketing communications.
  10. Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
  11. Personal data of children: website targeted at persons over specified age; deleting personal data of children.
  12. Updating information: correcting or updating personal information.
  13. Acting as a data processor: acting as a data processor; not applicable as data processor.
  14. About cookies: what are cookies?; persistent and session cookies; cookies and personal information.
  15. Cookies that we use: purposes for which cookies are used (including shopping cart).
  16. Cookies used by our service providers: use of cookies by services providers; google Analytics cookies; google AdSense cookies; service provider cookies (generic).
  17. Managing cookies: how to manage cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
  18. Cookie preferences: managing cookie preferences.
  19. Our details: website operator name; company registration details; place of business; contact information.
  20. Data protection registration: registered with ICO; data protection registration number.
  21. Representative within the European Union: identity and contact details of representative of data controller.
  22. Data protection officer: data protection officer contact details.
Privacy and cookies policy document editor previewPrivacy and cookies policy document editor previewPrivacy and cookies policy document editor previewPrivacy and cookies policy document editor previewPrivacy and cookies policy document editor preview
This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.
Privacy and cookies policy document previewPrivacy and cookies policy document previewPrivacy and cookies policy document previewPrivacy and cookies policy document previewPrivacy and cookies policy document preview
This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.