Website privacy policy template UK – what should I include?
2-minute read
It’s a legal requirement to have a website privacy policy if you run a business website. Here’s what you need to include in yours.
Privacy policy for website: do I need one?
The short answer is yes, if you have a website for your business (or run any other website that collects data on visitors) then you need a website privacy policy (also called a website privacy notice).
The website privacy policy is a legal requirement that lets your website’s visitors know about how you collect, handle, store and potentially also share their personal data. It needs to comply with the UK General Data Protection Regulation (GDPR), which is now part of the Data Protection Act 2018.
Whatever the purpose of your business website, it’s likely to collect data on visitors. Even if your website is just a ‘shop window’ featuring a blog and your contact details, it’s still collecting data on visitors (for example, if you use website analytics tools, these usually give you details like how much time a user has spent on a particular page).
If your business website is an online shop, meaning that you collect personally identifiable data and take payments, then your website privacy policy will need to go into more detail. That’s because you’ll need to give your visitors details like how long you store this data.
You’ll also have responsibilities around securing this data and how to approach data breaches.
Ultimately, under the GDPR, a person has the ‘right to be informed’ about how their data are being used. This is one of the most important transparency principles of the legislation and your website privacy policy should explain this in a clear and simple way.
What do I put in my website privacy policy?
Firstly, it’s important to get to grips with the key themes of the GDPR. These should help you understand the ‘whys’ behind your website privacy policy.
Your privacy notice isn’t simply a box-ticking exercise, because as customers become more savvy about their data, they’ll favour businesses that are open and transparent about how that data is being used.
You should do a data mapping (or data audit) exercise, which will establish:
- the types of data you hold
- why you use them
- the legal basis for using them
- details of when and how you share the data
After doing this exercise, you’ll be in a good position to fill out your own website privacy policy.
Website privacy policy terms and definitions
In a typical website privacy policy template, you may come across general categories of data. You should explain which data you collect and how long you retain it, this includes:
- identity information (including name, gender, marital status, date of birth)
- contact information (including email addresses and phone numbers)
- account information (including usernames and passwords)
- payment information (including bank account and card details)
- transaction information (including details of goods and services)
- survey information (including information collected in surveys and feedback)
- marketing information (including a user’s marketing and communications preferences)
- website, device and technical information (including browsers and IP addresses)
You can also detail which ‘special information’ (if any) that you collect on your users. This is data that need more protection because they’re sensitive, and includes information like race, politics and religion.
Your website privacy policy should then outline the purpose behind collecting the data, along with the legal reason. There’s also sections on how you share the data, as well as your visitor’s rights under data protection law.
Not all parts of this privacy policy example will be applicable to all businesses. As data protection is a complex and important topic to get right, be sure to take legal advice on your business’s privacy policy and your wider data controlling activities.
More policy guides for your small business
Take a look at some of our other guides designed to help you and your small business.
- Annual leave policy template (holiday policy sample)
Other useful resources for your website privacy policy
Data protection is a huge subject, so it’s a good idea to do all the research necessary to make sure you’re getting your website privacy policy right. Check out more guides here:
- a general privacy notice template, which goes beyond digital interactions
- the ICO's (Information Commissioner's Office) guide to the UK GDDPR
Small business guides to running an online business
Looking for employers' liability cover?
As the UK's biggest business insurance provider, we specialise in employers' liability insurance. We'll run you a quick, tailored quote right now online, and let you decide if we're a good fit.
Start your quote
Written by
Sam Bromley
Sam has more than 10 years of experience in writing for financial services. He specialises in illuminating complicated topics, from IR35 to ISAs, and identifying emerging trends that audiences want to know about. Sam spent five years at Simply Business, where he was Senior Copywriter.
We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer
Keep up to date with Simply Business. Subscribe to our monthly newsletter and follow us on social media.
Subscribe to our newsletterInsurance
Public liability insuranceBusiness insuranceProfessional indemnity insuranceEmployers liability insuranceLandlord insuranceTradesman insuranceSelf-employed insuranceRestaurant insuranceCommercial van insuranceInsurersAbout
About usOur teamAwardsPress releasesPartners & affiliatesOur charitable workModern Slavery ActSection 172 statementSocial mediaSite mapAddress
6th Floor99 Gresham StreetLondonEC2V 7NG
Sol House29 St Katherine's StreetNorthamptonNN1 2QZ
© Copyright 2023 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.