Privacy and cookies policy (online shop)
This template has been designed for online stores, whether B2B, B2C or mixed. The policy explains why a website needs to collect personal information and how it will be collected, stored and used.
Whenever a customer provides personal information, a commercial website operator is legally obliged to use that information in accordance with all laws concerning the protection of personal information, including in particular the Data Protection Act 1998 (the "DPA").
The template includes information about disclosures which the data controller may make. Consider whether you will seek customers' express consent to share their information with any third party as this can be a matter of contention with customers, particularly where the third party sells dissimilar goods or are less reputable. Disclosing personal information to members within a group of companies may be done where necessary for the purposes set out in the document. In addition, businesses that operate overseas, or outsource parts of their operation abroad, may need to transfer personal information to other countries. Disclosure of information will also be necessary if requested by government bodies or law enforcement agencies, and if needed for legal proceedings or to protect your legal rights.
You will need to decide what types of personal information should be retained, and when personal data should be deleted. A data controller is not allowed to retain personal information obtained for a particular purpose or purposes "for longer than is necessary for that purpose or those purposes".
The section of the template dealing with security of personal information reflects what the data protection principles say about security. Security policies and procedures should be designed to suit the nature of the personal data. Information about health, for instance, will usually need more careful handling than postal address details.
Under the DPA, the customer has the right to request a copy of their personal information held by the data controller, and to have any inaccuracies corrected. It is permissible to charge a fee for this sort of information request.
Finally, data protection registration details and contact details should also be included in the policy.Ask about this document
Privacy and cookies policy (online shop) contents
- Collecting personal information: personal information collected (online shop); disclosure of third party personal information.
- Using personal information: general uses of personal information; specific uses of personal information (online shop); publication of personal information on website; no third party direct marketing; third party provider of financial transaction services.
- Disclosing personal information: persons to whom personal information may be disclosed; disclosure to group companies; legal and regulatory disclosures; no other disclosures of personal information.
- International data transfers: transferring data to operating countries; transferring data outside the EEA; publication of personal data on internet; consent to international data transfers.
- Retaining personal information: data retention introduction; personal data retention default rule; personal data retention specific rules; personal data deletion exception.
- Security of personal information: personal data: technical and organisational security measures; personal information stored on secure servers; security of electronic financial transactions; data sent over internet is insecure; keeping password confidential.
- Amendments: amendment by publication; check for changes to policy; notification of changes to policy.
- Your rights: subject access requests; subject access: withholding personal information; no marketing instructions; consent to marketing communications.
- Third party websites: hyperlinks to third party websites; no responsibility for third party privacy policies.
- Updating information: correcting or updating personal information.
- About cookies: what are cookies?; persistent and session cookies; cookies and personal information; cookie tracking.
- Our cookies: types of cookies used; cookies used on website and purposes.
- Third party cookies: use of third party cookies; google AdSense cookies; third party cookie details.
- Blocking cookies: how to block cookies; negative impact of blocking cookies; effects on website use of blocking cookies.
- Deleting cookies: how to delete cookies; effects of deleting cookies.
- Cookie preferences: managing cookie preferences.
- Data protection registration: registered with ICO; data protection registration number.
- Our details: website operator name; company registration details; place of business; contact information.