Privacy and cookies policy (online shop)

This privacy and cookies policy template has been designed for online stores selling goods, including B2B stores, B2C stores and those supplying goods both B2B and B2C. The policy sets out details of the processing of personal data by the online store in accordance with UK and EU laws concerning the protection of personal information - including the General Data Protection Regulation in both its UK and EU forms.

The core of the policy covers the categories of personal information which may be processed, the sources of that information (where it is not collected from the data subject), the purposes of processing, the legal basis for the processing and, where the legal basis is the store operator's legitimate interests, details of those legitimate interests.

In addition, the template includes information about disclosures that the store operator may make. For instance, personal information may be disclosed to hosting services providers, payment services providers and other suppliers and subcontractors.

Businesses that operate overseas, or outsource parts of their operation abroad, may need to transfer personal information to other countries, and in the case of extra-UK/EEA transfers information about those transfers should be included in the policy.

Store operators will need to decide on data retention policies. In general, a data controller is not allowed to retain personal information obtained for a particular purpose or purposes for longer than is necessary for that purpose or those purposes. Appropriate disclosures relating to retention policies are included in this document.

Finally, almost all ecommerce websites will use cookies to improve the user experience: these enable the website to remember the user and track the user as he or she navigates the website. The website should identify the cookies it stores in a user's computer, and the third-party cookies that may be stored as a result of the use of the website.

Ask about this document

Privacy and cookies policy (online shop) contents

Introduction: commitment to privacy; document applies to controlled personal data; website privacy controls; consent to use of cookies; data controller name.
The personal data that we collect: introduction to categories; processing of contact data; processing of account data; processing of customer relationship data; processing of transaction data; processing of communication data; processing of usage data; processing of other data.
Purposes of processing and legal bases: setting out purposes etc of personal data processing; processing for operations; processing for publications (account data); processing for communications; processing for personalisation (account data and usage data); processing for direct marketing (contact data, account data, customer relationship data and transaction data); processing for research and analysis (usage data and transaction data); processing for record keeping; processing for security; processing for insurance and risk management; processing for legal claims; processing for legal compliance and vital interests protection.
Automated decision-making: personal data used in automated decisions; logic involved in automated decisions; significance of automated decisions.
Providing your personal data to others: intra-group disclosures of personal data; disclosure of personal data to insurers etc; disclosures of personal data to hosting services providers; disclosures of personal data to subcontractors; disclosure of personal data to payment services providers; disclosure of personal data to third party suppliers; disclosure of personal data necessary for legal compliance etc.
International transfers of your personal data: introduction to international personal data transfers; UK to EEA and EEA to UK personal data transfers; international transfers within business; international transfers to hosting services provider; international transfers to subcontractors; publication of personal data on internet.
Retaining and deleting personal data: data retention introduction; personal data retention default rule; personal data retention specific rules (online shop); personal data retention criteria; personal data deletion exception.
Security of personal data: appropriate technical and organisational security measures; personal data stored on secure servers and computers; encrypted storage of personal data; security of server-browser communications; unencrypted data sent over internet is insecure; password security.
Your rights: introduction to data subject rights list; list of data subject rights; learn more about data subject rights; exercise of data subject rights.
Your rights: introduction to data subject rights summaries; list of data subject rights; summary of right to access personal data; summary of right to rectification of personal data; summary of right to erasure of personal data; summary of right to restrict processing of personal data; summary of right to object to processing of personal data; summary of right to object to processing of personal data for direct marketing; summary of right to object to processing of personal data for research purposes; summary of right to personal data portability; summary of right to complain to data protection supervisory authority; summary of right to withdraw consent to personal data processing; exercise of data subject rights.
Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
Personal data of children: website targeted at persons over specified age; deleting personal data of children.
Updating information: correcting or updating personal information.
About cookies: what are cookies?; persistent and session cookies; cookies and personal data.
Cookies that we use: purposes for which cookies are used (including shopping cart).
Cookies used by our service providers: use of cookies by services providers; google Analytics cookies; google advertising cookies; meta pixel; service provider cookies (generic).
Managing cookies: how to manage cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
Cookie preferences: managing cookie preferences.
Amendments: amendment by publication; check for changes to
policy
; notification of changes to
policy
.
Our details: website operator name; company registration details; place of business; contact information.
Data protection registration: registered with ICO; data protection registration number.
Representatives: identity and contact details of EU representative of data controller; identity and contact details of UK representative of data controller.
Data protection officer: data protection officer contact details.

Privacy and cookies policy (online shop) document editor preview

This is a shortened preview of the editor interface; once you create your instance you'll be able to edit the full document in our online editor.

Privacy and cookies policy (online shop) document preview

This is a shortened preview of the DOCX output; once you create your instance you'll be able to download the full document in PDF, HTML, RTF and/or DOCX (Microsoft Word) format.

Which licence should I choose?

Version	3.3
First published	1 Sep 2016
Last updated	14 Jun 2023
Law	English law and EU law
Language	English (UK)
^†Word count	10,297
^†Template pages	15

† These figures are approximations.

Data protection law Cookies law Internet law Internet and ecommerce Online services Online legal notice Policy

Privacy and cookies policies

	Free licence	Standard licence	Extended licence	Professional licence
Number of document instances	1	1	5	25
Number of websites or digital products	1	1	5	25
Sub-licences permitted	None	1	5	25
Document licence period	No expiry	No expiry	No expiry	No expiry
Credit for Docular	Yes	No	No	No

Number of document instances

Document templates are the products available for sale on this website; whereas document instances are "clones" of the templates, which you can edit using Docular's online editor and export from the website.

We will update our document templates from time to time, but this will not affect your document instances. When you create a document instance, it will be based upon the latest version of the underlying document template at the time of creation of the instance, irrespective of your date of purchase.

You can save your document instance to our servers at any time, and return to editing later. Once you are happy with your editing, you can export the document and save it to your computer.

Number of websites or digital products

The licences include numerical limits upon: (a) the number of websites (including cloud services) on which documents may be published; and (b) the number of digital products (such as software programs) with which documents may be distributed.

Sub-licences permitted

All of our paid licences allow you to sub-license to a client of yours the right to use a document created using Docular.

When you sub-license that right, it becomes attached to the particular client. The number of sub-licences you may grant is numerically limited and, again, the limitation corresponds to the document instance limitation.

Document licence period

This is the period of the licence to use documents created using and exported from the Docular online editor. In short, the licences do not expire. There are no ongoing licence fees.

Credit for Docular

Each free template includes a textual credit for Docular (eg "this document was created using Docular") and you must retain that credit in all versions of the document.

Legal T&Cs

For full details of the licensing rules governing the use of Docular templates, instances and exports, see our terms and conditions.

Privacy and cookies policy (online shop)

Privacy and cookies policy (online shop) contents

Privacy and cookies policies

Related documents