Skip to Navigation Skip to Content

🔥 BLACK FRIDAY: 30% off everything. Use code BLKFRI24 at checkout 🔥

Who is this template for?

The template is for individuals and businesses that need a little help creating a compliant privacy policy. It’s suitable for websites of all types (ecommerce Stores, small businesses, email marketers, and bloggers) as well as mobile apps and SaaS apps.

Getting the most out of our template

If you’re fairly new to the exciting world of privacy and data compliance, we’ve gone ahead and included some additional reading. To get the best results from our template, we recommend reading this first.

How to use our privacy policy template

  1. Replace any [Placeholder Text], with your specific details.
  2. Ensure that your Privacy Policy accurately reflects your data collection and usage practices and complies with the laws relevant to your business.
  3. Regularly review and update your privacy policy to stay compliant with evolving regulations.
  4. It’s advisable to seek legal counsel to customize this template to your specific circumstances if you want to ensure full compliance.

The better way to create a privacy policy

While using a template is a perfectly acceptable way to create a privacy policy, you can never be sure of compliance. A privacy policy generator will get the job done in a fraction of the time and with less room for human error.

If you like simplicity, give ours a go. After asking you a few quick questions, our generator will create any of the legal document’s your business requires.

  • Privacy policyâś…
  • Terms and conditionsâś…
  • Acceptable use policyâś…
  • Cookie policyâś…

Trusted by 500k customers. Unlimited policy edits. 100% money-back guarantee.

Try our privacy policy generator

Download our free privacy policy template

If it’s easier, download our privacy policy template in the below word document. Simply replace the bracketed placeholder text with your business information and adapt the policy to suit your business practices.

Download the template

[Company Name] Privacy Policy

Your privacy is important to us. It is [company name]‘s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, [https://yoursite.com], and other sites we own and operate.

This policy is effective as of [date created] and was last updated on [date last updated].

Information We Collect

Information we collect includes both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, other details about your visit, and technical details that occur in conjunction with any errors you may encounter.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Personal Information

We may ask for personal information which may include one or more of the following:

  • Name
  • Email address
  • Social media profiles
  • Date of birth
  • Phone/mobile number
  • Home/mailing address

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

Collection and Use of Information

We may collect personal information from you when you do any of the following on our website:

  • Enter any of our competitions, contests, sweepstakes, and surveys
  • Sign up to receive updates from us via email or social media channels
  • Use a mobile device or web browser to access our content
  • Contact us via email, social media, or on any similar technologies
  • When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to enable you to customize or personalize your experience of our website
  • to contact and communicate with you
  • for analytics, market research, and business development, including to operate and improve our website, associated applications, and associated social media platforms
  • for advertising and marketing, including to send you promotional information about our products and services and information about third parties that we consider may be of interest to you
  • to consider your employment application
  • to enable you to access and use our website, associated applications, and associated social media platforms
  • for internal record keeping and administrative purposes
  • to run competitions, sweepstakes, and/or offer additional benefits to you
  • to comply with our legal obligations and resolve any disputes that we may have
  • for security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use

Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. We will comply with laws applicable to us in respect of any data breach.

You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.

How Long We Keep Your Personal Information

We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. If your personal information is no longer required, we will delete it or make it anonymous by removing all details that identify you.

However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • a parent, subsidiary, or affiliate of our company
  • third party service providers for the purpose of enabling them to provide their services, for example, IT service providers, data storage, hosting and server providers, advertisers, or analytics platforms
  • our employees, contractors, and/or related entities
  • our existing or potential agents or business partners
  • sponsors or promoters of any competition, sweepstakes, or promotion we run
  • courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you third parties to collect and process data

International Transfers of Personal Information

The personal information we collect is stored and/or processed where we or our partners, affiliates, and third-party providers maintain facilities. Please be aware that the locations to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

Your Rights and Controlling Your Personal Information

You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.

If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.

If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.

If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Use of Cookies

We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.

Limits of Our Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to This Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

Contact Us

For any questions or concerns regarding your privacy, you may contact us using the following details:

[Contact name]

[Contact details]

This privacy policy was created using the GetTerms Privacy Policy Generator

 

The purpose of your privacy policy

Your privacy policy is your chance to provide transparency around how your organization handles personal information. This might not sound important, but it absolutely is. Maybe you’re one of the good ones, using personal data for good, not evil. Sadly, some companies don’t have your moral compass, so we need data protection and privacy laws to keep them in check. By forcing everyone to provide a privacy policy, we can hold companies accountable if they misuse personal data. It’s as simple as that.

Consider it your moment to tell your customers how much you respect their privacy; they’ll love you for it.

Understanding the key sections in our template

The exact contents of your privacy policy will always depend on where your users are located. For example, you may need to address requirements of several legal jurisdictions if your user base is multinational. Our template includes the most common requirements from around the world, these are addressed below. It’s important that you understand each section, why it’s important, and what it needs to include.

How you handle personal data

Being transparent about how you handle personal data is incredibly important, particularly in the EU, Great Britain, Australia, and the USA. If you collect data through tools like Google analytics or contact forms, make sure you include this here.

You’ll need to cover:

  • What personal data do you collect?
  • How do you collect personal data?
  • How do you use the personal data you collect?
  • The security measure in place to protect collected data
  • How do you store personal data you collect?
  • Do you share the personal data you collect?

The data protection rights of your users

Laws like the GDPR, CCPA, PIPEDA and The Privacy Act require you to clearly state the individual rights of your users and provide instructions for your users to follow if they wish to exercise their rights.

Your users have the following rights:

  • The right to be informed: Your users have the right to know why their data is being gathered, who’s in charge of it, and what rights they have over their own information.
  • The right to access: Your users can ask you for details regarding the personal info you hold about them, and you must provide it.
  • The right to rectification: If your users think any information you have on them is wrong or outdated, they can tell you, and you must fix it.
  • The right to erasure: Your users can ask you to delete their personal info, and you must do your best to remove it from your records.
  • The right to restrict processing: Your users can ask you to limit how you use their data in certain situations, like if they’re worried about its accuracy.
  • The right to object to processing: Your users can tell you to stop using their info for things like marketing, and you must respect their wishes to be anonymous unless you have a compelling legitimate reason not to.
  • The right to data portability: Your users can request a copy of their data in a format that’s easy to use. They also have the right to request that you send their data to a third party.

How you use cookies

Cookies and cookie consent are now heavily regulated in many countries. Most privacy laws and regulations require you to include the following cookie related information in your privacy policy:

  • An explanation of what cookies are
  • A list of the cookies your website uses
  • The data you collect through cookies and how it is used
  • Instructions for changing cookie choices or opting out of cookie data collection

The limits of your privacy policy

You’ll want to include a disclaimer explaining the extent of your privacy policy. This limits your exposure to potential legal issues. For example, we know that not everyone cares about privacy as much as we do, but, on occasion we need to link to external sites. Some of these sites might not take good care of our users’ data.

To protect ourselves, and inform our readers, we state in our privacy statement that we have no control over the content and policies of those sites and therefore cannot accept responsibility or liability for their respective privacy practices.

What happens when you make changes to your privacy policy

GDPR, CCPA, CalOPPA, and PIPEDA all require you to notify users if you update privacy policy. To comply, your privacy policy needs to clearly state your chosen notification method, whether that’s an update clause in your privacy policy, an email announcement, or a pop-up notice on your website.

How your users can contact you in regard to privacy

If any of your users are from the USA, EU, GB, or Australia, then they have the right to access the personal data you’ve collected from them. Make sure your privacy policy includes a way for them to reach out if they wish to exercise this right.

Countries that require businesses have a privacy policy

If you collect data from citizens of any of the below countries, having a privacy policy is a legal requirement.

  • Australia
  • Brazil
  • Canada
  • China
  • France
  • Germany
  • Greece
  • Hong Kong
  • India
  • Ireland
  • Japan
  • Malaysia
  • Mexico
  • New Zealand
  • Philippines
  • Russia
  • Singapore
  • South Africa
  • Sweden
  • Switzerland
  • Taiwan
  • Thailand
  • United Kingdom
  • United States

What global privacy laws require you to include in your privacy policy

Global privacy laws require you to make certain inclusions in your privacy policy for compliance. Below are the laws that affect most people around the world. If you’d like a deeper look at global privacy laws by country, checkout our article that covers global privacy laws by country.

European Union and United Kingdom

GDPR

If your users are protected by the GDPR, your privacy policy must clearly explain how you collect, use, and protect personal data, and outline individuals’ rights under GDPR.

The ePrivacy Directive

If your users are protected by the ePrivacy Directive, your privacy policy should mention cookie usage, explain how you obtain consent, and outline your practices for electronic communications and data minimization.

United States

CCPA

If your users are protected by the CCPA, your privacy policy will need to disclose what personal information you collect, how you use it, and explain consumers’ rights to access, delete, and opt-out of data sales.

California Online Privacy Protection Act (CalOPPA)

If your users are protected by the CalOPPA, your privacy policy needs to disclose what data you collect, how you use it, and how users can control their information.

Children’s Online Privacy Protection Act (COPPA)

If your users are protected by the COPPA, there are a few lines you’ll need to add to your privacy policy.

  • You must disclose whether your website collects data from children under the age of 13.
  • Your policy should explain when and how you seek verifiable consent from parents or guardians.
  • You need to outline your responsibilities to protect children’s privacy and safety online.
  • The policy should mention restrictions on marketing to children under 13.

It also needs to include:

  • How you use the personal information collected from children
  • Your disclosure practices for the information collected from children
  • How parents can access or request deletion of their children’s personal information
  • How parents can withdraw consent for future collection of their children’s information

Canada

PIPEDA

If your users are protected by the PIPEDA, your privacy policy must explain how you handle personal data, get consent, and allow individuals to access their information, as required by PIPEDA.

Australia

The Privacy Act 1988

If your users are protected by The Privacy Act, your privacy policy needs to explain how you handle personal data, the rights of your users, and how users can lodge a privacy related complaint, along with how you’ll handle the complaint.

Brazil

Lei Geral de Proteção de Dados (LGPD)

If your users are protected by the LGPD, your privacy policy must include details on data collection, purpose, retention, legal basis, and user rights. It should also explain how individuals can exercise their data rights.

India

Digital Personal Data Protection Act (DPDP)

If your users are protected by the DPDP, you’ll need to include details on data categories collected, processing purposes, complaint procedures, and how individuals can exercise their rights under the DPDP Act.

Privacy policy examples

Below you’ll find two very different examples of compliant privacy notices.

The BBC

The BBC’s privacy policy is a perfect example of writing in easy-to-understand, plain language. They even went a step further and added humor!

With readers all around the world, the BBC must comply with a mind-boggling number of privacy laws, so their privacy policy needs to be extremely comprehensive.

We recommend looking at the types of clauses they include and the clever way they inform users about their data collection practices.

The BBC’s Privacy Policy

Netflix

Netflix’s privacy policy is much drier than the BBC’s in its presentation, but what it lacks in entertainment value, it makes up for with carefully worded clauses.

Like the BBC, Netflix have customers around the world, so their privacy policy has been carefully written with global privacy laws in mind.

Unlike the BBC, Netflix share their user’s data with a large number of 3rd parties, including advertising companies and marketing providers. This makes their clause on how they share personal data quite valuable if your business also shares personal data.

You’ll also find a carefully worded disclaimer setting age restrictions for account holders and clarifying that children can only use Netflix under adult supervision and with parental controls. If you expect children to interact with your business or service, you might find this valuable.

Netflix’s Privacy Policy

Where to display your privacy policy

Legally speaking, where you present your privacy policy isn’t incredibly important, as long as it’s easily accessible, free, and delivered in a timely manner (no you cannot post it upon request).

We recommend that you publish a new page specifically for your privacy policy. We also suggest that you link to it from the footer of your website as this is where most people expect to find it.

Our privacy policy generator offers several methods you can use to publish your policy on your website.

How to maintain your privacy policy

Once you’ve published your policy on your website or app, we suggest that you set a reminder in your calendar to come back every year and read over it again. We’d suggest that you check our blog for any changes to privacy laws that affect your business.

If you’re using our privacy policy generator, no need to set a reminder, we’ll notify you when any laws change, and help you make any required changes to your policy.

When to make changes

You won’t need to drastically change your privacy policy very often. There are only a few instances where a change may be required.

  • If there are changes in laws and regulations
  • If there are significant changes to your business operations
  • If you start working with a partner or 3rd party service and sharing personal information with them.
  • If your data processing activities change or if you start collection new types of personal data

What to do when you make a change

To comply with current privacy laws, you just need to notify your users if you update your privacy policy. We would suggest that you add a clause stating that when you update your privacy policy, it will be posted to the same URL as your current policy along with the date it was updated.

Your policy has been copied to the clipboard.