Forgotten password?

Privacy and cookies policy (social networking)

A website privacy and cookies policy can have more than one purpose. From a lawyer's perspective, the primary concern is compliance with disclosure of data protection legislation. Across the EU, that means compliance with the General Data Protection Regulation (GDPR) and related legislation. In the UK, that means compliance with the UK's adapted version of the GDPR. However, there are also marketing and user relations perspectives.

Users expect website privacy policies and practices to be fair. For some users, unfair policies and practices may be enough to turn them away from a website or service. This is particularly true in the case of social networking websites and services, which process lots of personal information. This privacy and cookies policy template has been created with social networking websites specifically in mind. It is an adapted version of our standard privacy and cookies policy template, and contains many of the same provisions.

The key aspects of the policy are as follows.

Collection: what personal data are collected by the website? Typically, social network operators will collect, store and process usage data, profile information, information submitted in the course of using website services such as friendship data and private messaging data, and information imported from third party services such as Facebook and LinkedIn.

Use: for what purposes will the personal data be used? In addition to the obvious purposes such as enabling the operation of the website and the provision of website services, an operator may wish to use personal data for marketing and other potentially less-welcome activities. Where marketing activities require specific consent, a consent statement buried in the legal documentation will not be sufficient.

Disclosure: to whom may personal information collected through the website be disclosed? For instance, will it be disclosed to subcontractors, suppliers, professional advisors or other group companies? Personal information published on the website may, of course, be disclosed to the entire world.

Transfer: to which countries may personal data be transferred? The rationale for providing this information is that countries outside the UK and/or EEA may not have data protection laws equivalent to those within.

Retention: for what period or periods will personal data be retained by the operator? Some information may be required for so long as the website continues to operate, while other information may quickly lose its usefulness.

In addition to these "core" provisions, the section concerning personal data disclosures also covers amendments to the policy, data subjects' statutory rights and third party privacy policies.

The section concerning cookies is designed to aid compliance with the ePrivacy Directive and, in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as subsequently amended). In this section, the website operator should disclose information about the cookies used on the website, including analytics cookies and third party cookies. You will also need to consider how to comply with the consent requirements in the Regulations.

Ask about this document

Privacy and cookies policy (social networking) contents

  1. Introduction: commitment to privacy; document applies to controlled personal data; website privacy controls; consent to use of cookies; data controller name.
  2. The personal data that we collect: introduction to categories; processing of contact data; processing of account data; processing of profile data; processing of service data; processing of communication data; processing of usage data; processing of other data; disclosure of third party personal data.
  3. Purposes of processing and legal bases: setting out purposes etc of personal data processing; processing for operations (website and services); processing for publications; processing for communications (contact data, account data and communication data); processing for personalisation; processing for direct marketing (contact data, account data and profile data); processing for research and analysis (usage data and service data); processing for record keeping; processing for security; processing for insurance and risk management; processing for legal claims; processing for legal compliance and vital interests protection.
  4. Automated decision-making: personal data used in automated decisions; logic involved in automated decisions; significance of automated decisions.
  5. Providing your personal data to others: intra-group disclosures of personal data; disclosure of personal data to insurers etc; disclosures of personal data to subcontractors; disclosure of personal data to third party suppliers; disclosure of personal data necessary for legal compliance etc.
  6. International transfers of your personal data: introduction to international personal data transfers; UK to EEA and EEA to UK personal data transfers; international transfers within business; international transfers to hosting services provider; international transfers to subcontractors; publication of personal data on internet.
  7. Retaining and deleting personal data: data retention introduction; personal data retention default rule; personal data retention specific rules (social networking); personal data retention criteria; personal data deletion exception.
  8. Your rights: introduction to data subject rights list; list of data subject rights; learn more about data subject rights; exercise of data subject rights.
  9. Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
  10. Personal data of children: website targeted at persons over specified age; deleting personal data of children.
  11. Updating information: correcting or updating personal information.
  12. Acting as a data processor: acting as a data processor; not applicable as data processor.
  13. About cookies: what are cookies?; persistent and session cookies; cookies and personal data.
  14. Cookies that we use: purposes for which cookies are used.
  15. Cookies used by our service providers: use of cookies by services providers; google Analytics cookies; google advertising cookies; meta pixel; service provider cookies (generic).
  16. Managing cookies: how to manage cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
  17. Cookie preferences: managing cookie preferences.
  18. Amendments: amendment by publication; check for changes to
    ; notification of changes to 
  19. Our details: website operator name; company registration details; place of business; contact information.
  20. Representatives: identity and contact details of EU representative of data controller; identity and contact details of UK representative of data controller.
  21. Data protection officer: data protection officer contact details.
Privacy and cookies policy (social networking) document editor previewPrivacy and cookies policy (social networking) document editor previewPrivacy and cookies policy (social networking) document editor previewPrivacy and cookies policy (social networking) document editor previewPrivacy and cookies policy (social networking) document editor preview
This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.
Privacy and cookies policy (social networking) document previewPrivacy and cookies policy (social networking) document previewPrivacy and cookies policy (social networking) document previewPrivacy and cookies policy (social networking) document previewPrivacy and cookies policy (social networking) document preview
This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.