Has this document been updated for the GDPR?
Yes, it was updated for the GDPR in October 2017.
I manage a range of different websites, including ecommerce stores, social networking sites and forums. Can the general version of this template be used on all these different types of website?
The relevant rules on disclosures are the same across different types of website. For example, you need to tell users about what you do with their personal details. This template covers the general rules on disclosure, with specific suggested text for the different types of website you mention.
Many different possible uses of personal details are listed in the template, including:
- sending statements and invoices to the customer;
- enabling the use of website services; and
- publishing information on the website.
So, in respect of the different websites that you operate, you will need to delete/edit different clauses. In some cases you may need to add a clause to clarify exactly what it is you do. The template prompts you where you need to do so. This should be relatively straightforward - it is a factual rather than a legal matter.
Does this template included a section concerning the collection of email addresses for use in marketing?
Yes it does, although you cannot necessarily rely upon a section in a privacy and cookies policy to generate adequate consent for such marketing. Such disclosures are necessary, but not necessarily sufficient.
Can I use this template in respect of a website based outside the UK?
All four versions of this template privacy and cookies policy are designed for use by businesses based in the UK. Although the UK data protection regime derives from EU law, there are differences in how that EU law has been implemented in the different member states of the EU.
Does the privacy and cookies document need editing?
Yes, you will need to edit the template, to ensure that it reflects the practices of your business and website in relation to both personal information and cookies. You should regularly review your policy to ensure that it remains up to date, both with respect to the law and to your business's use of personal data.
I need to pass on personal information of customers to our payment services provider. Is this covered?
The privacy and cookies policy includes a suitable disclosure.
I'm designing a client's new company website and was looking if this privacy and cookies policy would be enough or if my client should consider any other policies, such as website T&Cs?
Privacy and cookies policies, and website T&Cs, have quite different purposes.
- Privacy and cookies policies: these help you make the required disclosures under data protection, privacy and cookies laws
- Website T&Cs: these help with other statutory disclosures, cover the rules for using the website, limit the liability of the website operator, and generally structure the legal relationships between operators and users.
Most websites should have both.
I'm setting up a web store with social networking type features. Should I use the social network template or the privacy and cookies policy for online shops?
Probably neither. I suggest you use the general privacy and cookies policy template. Both the social networking and online shop templates are adapted versions of that general template. The general template is more flexible than either, although at the cost of being more work to adapt.
Ask a question