Register
Forgotten password?

Privacy and cookies policy (online shop)

This privacy and cookies policy template has been designed for online stores selling goods, including B2B stores, B2C stores and those supplying goods both B2B and B2C. The policy sets out details of the processing of personal data by the online store in accordance with UK/EU laws concerning the protection of personal information - including (from 25 May 2018) the General Data Protection Regulation.

The core of the policy covers the categories of personal information which may be processed, the sources of that information (where it is not collected from the data subject), the legal basis for the processing and, where the legal basis is the store operator's legitimate interests, details of those legitimate interests.

In addition, the template includes information about disclosures that the store operator may make. For instance, personal information may be disclosed to hosting services providers, payment services providers and other suppliers and subcontractors.

Businesses that operate overseas, or outsource parts of their operation abroad, may need to transfer personal information to other countries, and in the case of extra-EEA transfers information about those transfers should be included in the policy.

Store operators will need to decide on data retention policies. In general, a data controller is not allowed to retain personal information obtained for a particular purpose or purposes for longer than is necessary for that purpose or those purposes. Appropriate disclosures relating to retention policies are included in this document.

Finally, almost all ecommerce websites will use cookies to improve the user experience: these enable the website to remember the user and track the user as he or she navigates the website. The website should identify the cookies it stores in a user's computer, and the third-party cookies that may be stored as a result of the use of the website.

Ask about this document

Privacy and cookies policy (online shop) contents

  1. Introduction: commitment to privacy; consent to use of cookies; website privacy controls.
  2. How we use your personal data: introduction to categories, purposes and legal bases of processing; processing of usage data; processing of account data; processing of publication data; processing of enquiry data; processing of transaction data; processing of notification data; processing of correspondence data; processing of other data; general purposes of processing personal data.
  3. Providing your personal data to others: intra-group disclosures of personal data; disclosure of personal data to insurers etc; disclosures of personal data to subcontractors; disclosure of personal data to payment services providers; disclosure of personal data to third party suppliers; disclosure of personal data necessary for legal compliance etc.
  4. International transfers of your personal data: introduction to international personal data transfers; international transfers within business; international transfers to hosting services provider; international transfers to subcontractors; publication of personal data on internet.
  5. Retaining and deleting personal data: data retention introduction; personal data retention default rule; personal data retention specific rules; personal data retention criteria; personal data deletion exception.
  6. Amendments: amendment by publication; check for changes to policy; notification of changes to policy.
  7. Your rights: subject access requests; subject access: withholding personal information; no marketing instructions; consent to marketing communications.
  8. Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
  9. Personal data of children: website targeted at persons over specified age; deleting personal data of children.
  10. Updating information: correcting or updating personal information.
  11. About cookies: what are cookies?; persistent and session cookies; cookies and personal information.
  12. Cookies that we use: purposes for which cookies are used (including shopping cart).
  13. Cookies used by our service providers: use of cookies by services providers; google Analytics cookies; google AdSense cookies; service provider cookies (generic).
  14. Managing cookies: how to manage cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
  15. Cookie preferences: managing cookie preferences.
  16. Our details: website operator name; company registration details; place of business; contact information.
  17. Representative within the European Union: identity and contact details of representative of data controller.
  18. Data protection officer: data protection officer contact details.
Privacy and cookies policy (online shop) document editor previewPrivacy and cookies policy (online shop) document editor previewPrivacy and cookies policy (online shop) document editor preview
This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.
Privacy and cookies policy (online shop) document previewPrivacy and cookies policy (online shop) document previewPrivacy and cookies policy (online shop) document previewPrivacy and cookies policy (online shop) document preview
This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.