top of page

Here’s a UK-specific privacy policy template aligned with the UK GDPR and the Data Protection Act 2018. You can adapt this directly for your site:

Privacy Policy

Last updated: [Insert Date]

1. Who We Are

[Your Business Name] (“we”, “us”, “our”) operates [yourwebsite.com].

We are the “data controller” responsible for your personal data under the UK GDPR.

Contact details:
Email: [your email]
Address: [your address]

2. What Data We Collect

Personal Data

We may collect:

  • Name

  • Email address

  • Phone number

  • Account details (if applicable)

  • Any information you provide via forms

Technical Data

  • IP address

  • Browser type and version

  • Time zone setting

  • Pages visited and usage data

Marketing & Communications Data

  • Preferences for receiving marketing

  • Communication history

3. How We Collect Your Data

We collect data when you:

  • Fill in forms

  • Contact us

  • Subscribe to emails

  • Use our website (via cookies and analytics)

4. How We Use Your Data

We use your data to:

  • Provide and manage our website

  • Respond to enquiries

  • Send updates or marketing (where consent is given)

  • Improve our website and services

  • Comply with legal obligations

5. Legal Bases for Processing

Under UK GDPR, we rely on:

  • Consent – for marketing emails and optional cookies

  • Contract – to provide services you request

  • Legal obligation – to comply with the law

  • Legitimate interests – to improve our services and website

6. Cookies

We use cookies to:

  • Make the website work properly

  • Analyse traffic

  • Remember your preferences

You can manage cookies through your browser or via our cookie banner.

(Consider adding a separate Cookie Policy if you use analytics or ads.)

7. Sharing Your Data

We may share your data with:

  • Hosting providers

  • Analytics providers (e.g. Google Analytics)

  • Email/marketing platforms

  • Payment processors (if applicable)

We require all third parties to respect your data and process it securely.

8. International Transfers

If we transfer your data outside the UK, we ensure appropriate safeguards are in place (such as adequacy regulations or standard contractual clauses).

9. Data Retention

We keep your data only as long as necessary for:

  • The purposes it was collected

  • Legal or regulatory requirements

10. Your Legal Rights

Under UK data protection law, you have the right to:

  • Access your personal data

  • Correct inaccurate data

  • Request deletion (“right to be forgotten”)

  • Restrict processing

  • Object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact us at [your email].

11. Complaints

You have the right to complain to the UK supervisory authority:
Information Commissioner's Office
Website: https://ico.org.uk

We would, however, appreciate the chance to deal with your concerns first.

12. Data Security

We use appropriate security measures to prevent your personal data from being lost, misused, or accessed without authorisation.

13. Third-Party Links

Our website may include links to third-party websites. We are not responsible for their privacy policies.

14. Children’s Data

Our website is not intended for children under 13, and we do not knowingly collect data from them.

15. Changes to This Policy

We may update this policy from time to time. Updates will be posted on this page with a revised “Last updated” date.

Optional Sections (Add if relevant)

  • User accounts/login systems

  • E-commerce/payments

  • Newsletter/email marketing tools

  • Advertising/remarketing (important for GDPR compliance)

If you want something more precise (and legally safer), tell me:

  • what your website does

  • whether you use cookies/analytics (like Google Analytics)

  • whether you collect payments or user accounts

…and I’ll customise this into a fully compliant version tailored to your setup.

bottom of page