Privacy and cookies policy (lead generation)
This privacy and cookies policy template has been adapted for websites that earn money by passing leads or prospects to third party suppliers or service providers.
Generating leads inevitably involves the collection of personal data. Typically, a lead generation website will collection users' names, email addresses, postal addresses and telephone numbers, as well as information about the products or services that they have an interest in.
Much of the collected information will need to be passed on to third party suppliers or service providers. This policy is intended to help with the disclosures that are required under data protection law in relation to the passing of personal data to third parties, and data protection compliance more generally.
The template assumes that there are no financial transactions taking place between users and the website operator. If there are, additional disclosures will be required.
This document reflects the requirements of the GDPR or General Data Protection Regulation.Ask about this document
Privacy and cookies policy (lead generation) contents
- How we use your personal data: introduction to categories, purposes and legal bases of processing; processing of usage data; processing of account data; processing of profile data; processing of publication data; processing of enquiry data; processing of notification data; processing of communication data; processing of other data; processing for legal claims; processing for risk management; general purposes of processing personal data; disclosure of third party personal data.
- Automated decision-making: personal data used in automated decisions; logic involved in automated decisions; significance of automated decisions.
- Providing your personal data to others: intra-group disclosures of personal data; disclosure of personal data to insurers etc; disclosures of personal data to subcontractors; disclosure of personal data to third party suppliers; disclosure of personal data necessary for legal compliance etc.
- International transfers of your personal data: introduction to international personal data transfers; international transfers within business; international transfers to hosting services provider; international transfers to subcontractors; publication of personal data on internet.
- Retaining and deleting personal data: data retention introduction; personal data retention default rule; personal data retention specific rules (lead generation); personal data retention criteria; personal data deletion exception.
- Your rights: introduction to data subject rights summaries; list of data subject rights; summary of right to access personal data; summary of right to rectification of personal data; summary of right to erasure of personal data; summary of right to restrict processing of personal data; summary of right to object to processing of personal data; summary of right to object to processing of personal data for direct marketing; summary of right to object to processing of personal data for research purposes; summary of right to personal data portability; summary of right to complain to data protection supervisory authority; summary of right to withdraw consent to personal data processing; exercise of data subject rights.
- Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
- Personal data of children: website targeted at persons over specified age; deleting personal data of children.
- Updating information: correcting or updating personal information.
- Acting as a data processor: acting as a data processor; not applicable as data processor.
- About cookies: what are cookies?; persistent and session cookies; cookies and personal data.
- Cookies that we use: purposes for which cookies are used.
- Managing cookies: how to manage cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
- Amendments: amendment by publication; check for changes to policy; notification of changes topolicy.
- Our details: website operator name; company registration details; place of business; contact information.
- Representative within the European Union: identity and contact details of representative of data controller.
- Data protection officer: data protection officer contact details.