Simply Business homepage
  • Business insurance

    • Business Insurance FAQs

    Business insurance covers

  • Support
  • Claims
  • Sign In
Call Us0333 0146 683
Chat With UsChat support 24/7

Website privacy policy template UK – what should I include?

2-minute read

Business man working on a computer
Sam Bromley

Sam Bromley

27 October 2023

Share on FacebookShare on TwitterShare on LinkedIn

It’s a legal requirement to have a website privacy policy if you run a business website. Here’s what you need to include in yours.

Privacy policy for website: do I need one?

The short answer is yes, if you have a website for your business (or run any other website that collects data on visitors) then you need a website privacy policy (also called a website privacy notice).

The website privacy policy is a legal requirement that lets your website’s visitors know about how you collect, handle, store and potentially also share their personal data. It needs to comply with the UK General Data Protection Regulation (GDPR), which is now part of the Data Protection Act 2018.

Whatever the purpose of your business website, it’s likely to collect data on visitors. Even if your website is just a ‘shop window’ featuring a blog and your contact details, it’s still collecting data on visitors (for example, if you use website analytics tools, these usually give you details like how much time a user has spent on a particular page).

If your business website is an online shop, meaning that you collect personally identifiable data and take payments, then your website privacy policy will need to go into more detail. That’s because you’ll need to give your visitors details like how long you store this data.

You’ll also have responsibilities around securing this data and how to approach data breaches.

Ultimately, under the GDPR, a person has the ‘right to be informed’ about how their data are being used. This is one of the most important transparency principles of the legislation and your website privacy policy should explain this in a clear and simple way.

What do I put in my website privacy policy?

Firstly, it’s important to get to grips with the key themes of the GDPR. These should help you understand the ‘whys’ behind your website privacy policy.

Your privacy notice isn’t simply a box-ticking exercise, because as customers become more savvy about their data, they’ll favour businesses that are open and transparent about how that data is being used.

You should do a data mapping (or data audit) exercise, which will establish:

  • the types of data you hold
  • why you use them
  • the legal basis for using them
  • details of when and how you share the data

After doing this exercise, you’ll be in a good position to fill out your own website privacy policy.

Website privacy policy terms and definitions

In a typical website privacy policy template, you may come across general categories of data. You should explain which data you collect and how long you retain it, this includes:

  • identity information (including name, gender, marital status, date of birth)
  • contact information (including email addresses and phone numbers)
  • account information (including usernames and passwords)
  • payment information (including bank account and card details)
  • transaction information (including details of goods and services)
  • survey information (including information collected in surveys and feedback)
  • marketing information (including a user’s marketing and communications preferences)
  • website, device and technical information (including browsers and IP addresses)

You can also detail which ‘special information’ (if any) that you collect on your users. This is data that need more protection because they’re sensitive, and includes information like race, politics and religion.

Your website privacy policy should then outline the purpose behind collecting the data, along with the legal reason. There’s also sections on how you share the data, as well as your visitor’s rights under data protection law.

Not all parts of this privacy policy example will be applicable to all businesses. As data protection is a complex and important topic to get right, be sure to take legal advice on your business’s privacy policy and your wider data controlling activities.

More policy guides for your small business

Take a look at some of our other guides designed to help you and your small business.

Other useful resources for your website privacy policy

Data protection is a huge subject, so it’s a good idea to do all the research necessary to make sure you’re getting your website privacy policy right. Check out more guides here:

Small business guides to running an online business

Looking for employers' liability cover?

As the UK's biggest business insurance provider, we specialise in employers' liability insurance. We'll run you a quick, tailored quote right now online, and let you decide if we're a good fit.

Start your quote
Photo: Jacob Lund/
Sam Bromley

Written by

Sam Bromley

Sam has more than 10 years of experience in writing for financial services. He specialises in illuminating complicated topics, from IR35 to ISAs, and identifying emerging trends that audiences want to know about. Sam spent five years at Simply Business, where he was Senior Copywriter.

We create this content for general information purposes and it should not be taken as advice. Always take professional advice. Read our full disclaimer

Find this article useful? Spread the word.

Share on Facebook
Share on Twitter
Share on LinkedIn

Keep up to date with Simply Business. Subscribe to our monthly newsletter and follow us on social media.

Subscribe to our newsletter


HomePopular articlesGeneral businessGuestInsuranceLandlordLandlord resourcesLegal and financeMarketingNewsOpinionProperty maintenanceTradesmanCovid-19 business support hub


Public liability insuranceBusiness insuranceProfessional indemnity insuranceEmployers’ liability insuranceLandlord insuranceTradesman insuranceSelf-employed insuranceRestaurant insuranceVan insuranceInsurers


About usOur teamAwardsPress releasesPartners & affiliatesOur charitable workModern Slavery ActSection 172 statementSocial mediaSite map

Customer support

Contact & supportPolicy renewalMake a claimProof of policyComplaintsAccessibility


6th Floor99 Gresham StreetLondonEC2V 7NG

Northampton 900900 Pavilion DriveNorthamptonNN4 7RG


Careers at Simply BusinessTech careersCurrent opportunities


BenefitsRefer a friend


Terms & conditionsPrivacy policyCookie policyVuln Disclosure policy


Knowledge centreOpinionsMicrosites

© Copyright 2024 Simply Business. All Rights Reserved. Simply Business is a trading name of Xbridge Limited which is authorised and regulated by the Financial Conduct Authority (Financial Services Registration No: 313348). Xbridge Limited (No: 3967717) has its registered office at 6th Floor, 99 Gresham Street, London, EC2V 7NG.