Privacy and cookies policy

Price:  £14.50(Inc. 20% VAT)(£12.08 Exc. VAT)
  (9 Reviews)

A GDPR-compliant privacy and cookies policy template in continuous development by us since 2007, and used on hundreds of thousands of websites.

Author: Alasdair Taylor
Updated: 15 June 2023
Length: 11 pages (min.)
Notes: 16 pages (min.)
Format: MS Word (.DOCX)

Most modern websites collect personal information and use cookies. Accordingly, most website operators will need to comply with data protection and cookie laws. The purpose of this privacy and cookies policy is to help you to comply with those laws.

This policy has been updated to take account of the changes to data protection law that will come with the GDPR (or General Data Protection Regulation) - including the new UK variant.

There are four different versions of the template.

  1. General: this is the most flexible version of the policy, and the other versions are all based on this one. A copy is included in our business pack.
  2. Online shop: for websites selling goods online. This version is included in our online shop pack.
  3. Social networking: for social networks and similar websites. A copy of this version is included in our social networking pack.
  4. Lead generation: for websites that gather lead information that is passed to third party suppliers.

General privacy and cookies policy

This privacy and cookies policy template was created by combining the provisions of our privacy policy with those of our cookies policy. The template is divided into three parts.

  • The first part of the template is concerned with the collection, storage and use of personal data, and is designed to aid compliance with legal disclosure requirements.
  • The second part of the template covers the use of cookies by a website, and is designed to aid compliance with the disclosure requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as variously amended).
  • The third and final part of the template should be used for disclosing information (eg contact details) about the website operator.

The template is designed for websites that collect standard kinds of personal data for standard kinds of use. It will not be suitable or sufficient for all websites.

Policy for online shops

This version of the privacy and cookies policy has been adapted for online shops: websites selling products to the public and to businesses. It covers the typical types of disclosure that an online shop will need to make, answering such questions as:

  • What personal data is held as account data?
  • How are payment details processed?
  • What marketing rights will the website operator have in relation to customers?

Policy for social networking websites

Social network services typically process large amounts of sometimes sensitive personal information. For this reason, social network users expect website privacy policies and practices to be fair, and a conscientious few even read them. For some users, unfair policies and practices may be enough to turn them away from a website or service. This version of our privacy and cookies policy is an adapted version of the general policy, incorporating those edits that will typically be required for a social networking website.

Policy for lead generation websites

The process of generating leads for third party suppliers necessarily involves the collection and handling of personal details: names, contact details, details of products or services, and so on. To ensure that such personal details can be lawfully passed on to third party suppliers, the website operator should disclose information about the process. This document will help you to do just that. In addition to terms dealing specifically with lead generation, this document includes standard privacy policy and cookie policy clauses.

  1. Introduction
  2. The personal data that we collect
  3. Purposes of processing and legal bases
  4. Automated decision-making
  5. Providing your personal data to others
  6. International transfers of your personal data
  7. Retaining and deleting personal data
  8. Your rights
  9. Third party websites
  10. Personal data of children
  11. Updating information
  12. Acting as a data processor lead generation and social networking only)
  13. About cookies
  14. Cookies that we use
  15. Cookies used by our service providers
  16. Managing cookies
  17. Cookie preferences (social networking and online shop only)
  18. Amendments
  19. Our details
  20. Data protection registration (online shop only)
  21. Representative within the European Union
  22. Data protection officer

Has this document been updated for the GDPR?

Yes, it was updated for the GDPR in October 2017.

I manage a range of different websites, including ecommerce stores, social networking sites and forums. Can the general version of this template be used on all these different types of website?

The relevant rules on disclosures are the same across different types of website. For example, you need to tell users about what you do with their personal details. This template covers the general rules on disclosure, with specific suggested text for the different types of website you mention.

Many different possible uses of personal details are listed in the template, including:

  • sending statements and invoices to the customer;
  • enabling the use of website services; and
  • publishing information on the website.

So, in respect of the different websites that you operate, you will need to delete/edit different clauses. In some cases you may need to add a clause to clarify exactly what it is you do. The template prompts you where you need to do so. This should be relatively straightforward - it is a factual rather than a legal matter.

Does this template included a section concerning the collection of email addresses for use in marketing?

Yes it does, although you cannot necessarily rely upon a section in a privacy and cookies policy to generate adequate consent for such marketing. Such disclosures are necessary, but not necessarily sufficient.

Can I use this template in respect of a website based outside the UK?

All four versions of this template privacy and cookies policy are designed for use by businesses based in the UK. Although the UK data protection regime derives from EU law, there are differences in how that EU law has been implemented in the different member states of the EU.

Does the privacy and cookies document need editing?

Yes, you will need to edit the template, to ensure that it reflects the practices of your business and website in relation to both personal information and cookies. You should regularly review your policy to ensure that it remains up to date, both with respect to the law and to your business's use of personal data.

I need to pass on personal information of customers to our payment services provider. Is this covered?

The privacy and cookies policy includes a suitable disclosure.

I'm designing a client's new company website and was looking if this privacy and cookies policy would be enough or if my client should consider any other policies, such as website T&Cs?

Privacy and cookies policies, and website T&Cs, have quite different purposes.

  • Privacy and cookies policies: these help you make the required disclosures under data protection, privacy and cookies laws
  • Website T&Cs: these help with other statutory disclosures, cover the rules for using the website, limit the liability of the website operator, and generally structure the legal relationships between operators and users.

Most websites should have both.

I'm setting up a web store with social networking type features. Should I use the social network template or the privacy and cookies policy for online shops?

Probably neither. I suggest you use the general privacy and cookies policy template. Both the social networking and online shop templates are adapted versions of that general template. The general template is more flexible than either, although at the cost of being more work to adapt.

Ask a question

A copy of this privacy and cookies policy is included in each of these packs:

Average rating (9 Reviews):  
write a review and share your opinions!

Great template, GDPR compliant
12 October 2023  | 

Bought this template as Google AdSense flagged my previous privacy policy as not wholly compliant with GDPR. This template contains the necessary GDPR disclosures and also nice that it contains AdSense specific text, which I wasn't necessarily expecting. Editing was easy to do, and after implementing, Google has now approved the policy as compliant.

Comprehensive, excellent quality and incredible value
22 June 2022  | 

Third template that I have purchased and every one has been excellent. Highly recommended.


Thanks for your very kind review and rating!

Hard to use for some people
23 September 2021  | 

As I bought it to add it quickly, its hard to do that. Need line by line checkup and don't have enough guideline. The guideline in the below of the document also wasn't clear enough. As example some places says [additional list items]. Now should we remove it? Or its part of the tos/pp?

If there was easy to use version was better. Where few elements marked that needed changes.


Thanks for your order and for the review - albeit it is not the sort of review I hope for!

The complexity of the document is almost wholly a function of the complexity of the underlying law. We do have a more basic privacy policy document, but even that suffers from the legal environment within which it is intended to be used.

As regards the "[additional list item]" sections - these are optional prompts for you to add additional list items. They can be removed if you do not need to add additional list items.

I note your comments regarding the need for additional guidance, and will look at this when the template is next updated.

Excellent policy document
13 November 2020  | 

Very clear, easy to use and excellent notes guiding me through. So many friends said they cut and pasted other companies I did not want to take such measures as not owning or understanding what I was legally obliged to do. I watched an hour course privacy4 before purchasing so I could understand my legal obligation as a new company and ensure the document met my obligation as a counsellor and my professional membership, insurance company and the data protection act. Thank you for providing an affordable support document to help reassure Iím heading in the right direction.


Thanks very much for this review. It's gratifying to know that the document works for users who really care about privacy and compliance.

Excellent product
01 June 2020  | 

Explanatory notes that accompany the template are clear. Easy to edit - that's important. Often the formatting and numbering get in the way. Not so with this document - all very straightforward. Perhaps a glossary of terms included with the template would be useful. Customer service is good - prompt replies. Highly recommended.


Thanks Paul. The glossary is a very good idea in this context, given the amount of rebarbative data protection jargon. I'll add it to my list.

Privacy & Cookies Policy
17 April 2020  | 

Relatively easy to edit to a version fit for my business. The guidance notes were very helpful. Very good value for money.


Thanks Lee - much appreciated.

Extensive and well documented
12 April 2020  | 

The document requires significant work to read and understand to a level necessary to feel sufficiently confident in its modification. However I'm sure this is due to the nature of the subject matter rather than any shortcoming in the document itself.

A good effort is made to provide explanations with references, however there remain a number of areas where establishing the meaning of phrases used in the document requires further work.

Happy overall.


Thanks for the review Alan. I'll be reviewing and updating the privacy documents at some point in the next few weeks, and will take your comments into account when I do so.

Very comprehensive!
02 August 2019  | 

The document is very comprehensive. While I am not a lawyer, I have looked at many major SAAS applications and compared the document to ensure we had everything and I was pleased with what we got here for a few bucks only.

Editing the document is very long, unfortunately because there are many brackets and some choices to do. But once done, we can be pretty happy with it!


Thanks for the review Maxime.

13 December 2018  | 

I purchased the Privacy policy for a simple site that I am working on. It soon became apparent that the structure of the Privacy document was far too complex for these particular needs. I started reducing the content to take out the irrelevant parts (could be more automated online like other services) but in the end went for another company fully online automated solution. This Privacy Policy is really comprehensive but is too complex for a small business. For larger businesses where this would be ideal, they really should be getting their own legal team in to do it.


Thanks very much for your review, Simon.

Our "Privacy policy" document is, in essence, a simpler version of this document - and it does include limited cookies provisions.

The complexity of this privacy and cookies policy reflects the complexity of the information disclosure requirements in the GDPR and the UK's Data Protection Act 2018. I appreciate, however, that for simple websites the policy requires quite a bit of cutting-down. On the other hand, many small businesses do have complex data processing operations and it is easier to remove material from a policy than to write it from scratch.

As regards automation, this policy (and almost all of our other templates) are also available on our Docular service ( which includes an online editor.