Privacy and cookies policy (lead generation)
This privacy and cookies policy template has been adapted for websites that earn money by passing leads or prospects to third party suppliers or service providers.
Generating leads inevitably involves the collection of personal data. Typically, a lead generation website will collection users' names, email addresses, postal addresses and telephone numbers, as well as information about the products or services that they have an interest in.
Much of the collected information will need to be passed on to third party suppliers or service providers. This policy is intended to help with the disclosures that are required under data protection law in relation to the passing of personal data to third parties, and data protection compliance more generally.
The template assumes that there are no financial transactions taking place between users and the website operator. If there are, additional disclosures will be required.
This document reflects the requirements of the GDPR or General Data Protection Regulation, in both its EU and UK forms.Ask about this document
Privacy and cookies policy (lead generation) contents
- The personal data that we collect: introduction to categories; processing of contact data; processing of enquiry data; processing of account data; processing of communication data; processing of usage data; processing of other data; disclosure of third party personal data.
- Purposes of processing and legal bases: setting out purposes etc of personal data processing; processing for operations (website and lead generation); processing for publications (account data); processing for communications (contact data, enquiry data, account data and communication data); processing for personalisation (enquiry data, account data and usage data); processing for direct marketing (contact data, enquiry data and account data); processing for research and analysis (enquiry data, usage data and communication data); processing for record keeping; processing for security; processing for insurance and risk management; processing for legal claims; processing for legal compliance and vital interests protection.
- Automated decision-making: personal data used in automated decisions; logic involved in automated decisions; significance of automated decisions.
- Providing your personal data to others: intra-group disclosures of personal data; disclosure of personal data to insurers etc; disclosures of personal data to subcontractors; disclosure of personal data to third party suppliers; disclosure of personal data necessary for legal compliance etc.
- International transfers of your personal data: introduction to international personal data transfers; UK to EEA and EEA to UK personal data transfers; international transfers within business; international transfers to hosting services provider; international transfers to subcontractors; publication of personal data on internet.
- Retaining and deleting personal data: data retention introduction; personal data retention default rule; personal data retention specific rules (lead generation); personal data retention criteria; personal data deletion exception.
- Your rights: introduction to data subject rights list; list of data subject rights; learn more about data subject rights; exercise of data subject rights.
- Your rights: introduction to data subject rights summaries; list of data subject rights; summary of right to access personal data; summary of right to rectification of personal data; summary of right to erasure of personal data; summary of right to restrict processing of personal data; summary of right to object to processing of personal data; summary of right to object to processing of personal data for direct marketing; summary of right to object to processing of personal data for research purposes; summary of right to personal data portability; summary of right to complain to data protection supervisory authority; summary of right to withdraw consent to personal data processing; exercise of data subject rights.
- Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
- Personal data of children: website targeted at persons over specified age; deleting personal data of children.
- Updating information: correcting or updating personal information.
- Acting as a data processor: acting as a data processor; not applicable as data processor.
- About cookies: what are cookies?; persistent and session cookies; cookies and personal data.
- Cookies that we use: purposes for which cookies are used.
- Managing cookies: how to manage cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
- Amendments: amendment by publication; check for changes to policy; notification of changes topolicy.
- Our details: website operator name; company registration details; place of business; contact information.
- Representatives: identity and contact details of EU representative of data controller; identity and contact details of UK representative of data controller.
- Data protection officer: data protection officer contact details.