Data Processing Agreement (DPA) Template
Use our free Data Processing Agreement (DPA) template to outline how data is handled between you and your data processor
Create a tailored Privacy Policy, Terms & more in under 5 minutes.
The template is for individuals and businesses that need a little help creating a compliant privacy policy. It’s suitable for websites of all types (ecommerce Stores, small businesses, email marketers, and bloggers) as well as mobile apps and SaaS apps.
If you’re fairly new to the exciting world of privacy and data compliance, we’ve gone ahead and included some additional reading. To get the best results from our template, we recommend reading this first.
While using a template is a perfectly acceptable way to create a privacy policy, you can never be sure of compliance. A privacy policy generator will get the job done in a fraction of the time and with less room for human error.
If you like simplicity, give ours a go. After asking you a few quick questions, our generator will create any of the legal document’s your business requires.
Trusted by 500k customers. Unlimited policy edits. 100% money-back guarantee.
Try our privacy policy generator
If it’s easier, download our privacy policy template in the below word document. Simply replace the bracketed placeholder text with your business information and adapt the policy to suit your business practices.
Your privacy is important to us. It is [company name]‘s policy to respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our website, [https://yoursite.com], and other sites we own and operate.
This policy is effective as of [date created] and was last updated on [date last updated].
Information we collect includes both information you knowingly and actively provide us when using or participating in any of our services and promotions, and any information automatically sent by your devices in the course of accessing our products and services.
When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your device’s Internet Protocol (IP) address, your browser type and version, the pages you visit, the time and date of your visit, the time spent on each page, other details about your visit, and technical details that occur in conjunction with any errors you may encounter.
Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.
We may ask for personal information which may include one or more of the following:
We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.
We may collect personal information from you when you do any of the following on our website:
We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:
Please be aware that we may combine information we collect about you with general information or research data we receive from other trusted sources.
When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use, or modification.
Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security. We will comply with laws applicable to us in respect of any data breach.
You are responsible for selecting any password and its overall security strength, ensuring the security of your own information within the bounds of our services.
We keep your personal information only for as long as we need to. This time period may depend on what we are using your information for, in accordance with this privacy policy. If your personal information is no longer required, we will delete it or make it anonymous by removing all details that identify you.
However, if necessary, we may retain your personal information for our compliance with a legal, accounting, or reporting obligation or for archiving purposes in the public interest, scientific, or historical research purposes or statistical purposes.
We may disclose personal information to:
The personal information we collect is stored and/or processed where we or our partners, affiliates, and third-party providers maintain facilities. Please be aware that the locations to which we store, process, or transfer your personal information may not have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.
You always retain the right to withhold personal information from us, with the understanding that your experience of our website may be affected. We will not discriminate against you for exercising any of your rights over your personal information. If you do provide us with personal information you understand that we will collect, hold, use and disclose it in accordance with this privacy policy. You retain the right to request details of any personal information we hold about you.
If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.
If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time. We will provide you with the ability to unsubscribe from our email-database or opt out of communications. Please be aware we may need to request specific information from you to help us confirm your identity.
If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading, or out of date.
If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
We use “cookies” to collect information about you and your activity across our site. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our site. This helps us serve you content based on preferences you have specified.
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.
If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.
For any questions or concerns regarding your privacy, you may contact us using the following details:
[Contact name]
[Contact details]
This privacy policy was created using the GetTerms Privacy Policy Generator
Your privacy policy is your chance to provide transparency around how your organization handles personal information. This might not sound important, but it absolutely is. Maybe you’re one of the good ones, using personal data for good, not evil. Sadly, some companies don’t have your moral compass, so we need data protection and privacy laws to keep them in check. By forcing everyone to provide a privacy policy, we can hold companies accountable if they misuse personal data. It’s as simple as that.
Consider it your moment to tell your customers how much you respect their privacy; they’ll love you for it.
The exact contents of your privacy policy will always depend on where your users are located. For example, you may need to address requirements of several legal jurisdictions if your user base is multinational. Our template includes the most common requirements from around the world, these are addressed below. It’s important that you understand each section, why it’s important, and what it needs to include.
Being transparent about how you handle personal data is incredibly important, particularly in the EU, Great Britain, Australia, and the USA. If you collect data through tools like Google analytics or contact forms, make sure you include this here.
You’ll need to cover:
Laws like the GDPR, CCPA, PIPEDA and The Privacy Act require you to clearly state the individual rights of your users and provide instructions for your users to follow if they wish to exercise their rights.
Your users have the following rights:
Cookies and cookie consent are now heavily regulated in many countries. Most privacy laws and regulations require you to include the following cookie related information in your privacy policy:
You’ll want to include a disclaimer explaining the extent of your privacy policy. This limits your exposure to potential legal issues. For example, we know that not everyone cares about privacy as much as we do, but, on occasion we need to link to external sites. Some of these sites might not take good care of our users’ data.
To protect ourselves, and inform our readers, we state in our privacy statement that we have no control over the content and policies of those sites and therefore cannot accept responsibility or liability for their respective privacy practices.
GDPR, CCPA, CalOPPA, and PIPEDA all require you to notify users if you update privacy policy. To comply, your privacy policy needs to clearly state your chosen notification method, whether that’s an update clause in your privacy policy, an email announcement, or a pop-up notice on your website.
If any of your users are from the USA, EU, GB, or Australia, then they have the right to access the personal data you’ve collected from them. Make sure your privacy policy includes a way for them to reach out if they wish to exercise this right.
If you collect data from citizens of any of the below countries, having a privacy policy is a legal requirement.
Global privacy laws require you to make certain inclusions in your privacy policy for compliance. Below are the laws that affect most people around the world. If you’d like a deeper look at global privacy laws by country, checkout our article that covers global privacy laws by country.
If your users are protected by the GDPR, your privacy policy must clearly explain how you collect, use, and protect personal data, and outline individuals’ rights under GDPR.
If your users are protected by the ePrivacy Directive, your privacy policy should mention cookie usage, explain how you obtain consent, and outline your practices for electronic communications and data minimization.
If your users are protected by the CCPA, your privacy policy will need to disclose what personal information you collect, how you use it, and explain consumers’ rights to access, delete, and opt-out of data sales.
If your users are protected by the CalOPPA, your privacy policy needs to disclose what data you collect, how you use it, and how users can control their information.
If your users are protected by the COPPA, there are a few lines you’ll need to add to your privacy policy.
It also needs to include:
If your users are protected by the PIPEDA, your privacy policy must explain how you handle personal data, get consent, and allow individuals to access their information, as required by PIPEDA.
If your users are protected by The Privacy Act, your privacy policy needs to explain how you handle personal data, the rights of your users, and how users can lodge a privacy related complaint, along with how you’ll handle the complaint.
If your users are protected by the LGPD, your privacy policy must include details on data collection, purpose, retention, legal basis, and user rights. It should also explain how individuals can exercise their data rights.
If your users are protected by the DPDP, you’ll need to include details on data categories collected, processing purposes, complaint procedures, and how individuals can exercise their rights under the DPDP Act.
Below you’ll find two very different examples of compliant privacy notices.
The BBC’s privacy policy is a perfect example of writing in easy-to-understand, plain language. They even went a step further and added humor!
With readers all around the world, the BBC must comply with a mind-boggling number of privacy laws, so their privacy policy needs to be extremely comprehensive.
We recommend looking at the types of clauses they include and the clever way they inform users about their data collection practices.
Netflix’s privacy policy is much drier than the BBC’s in its presentation, but what it lacks in entertainment value, it makes up for with carefully worded clauses.
Like the BBC, Netflix have customers around the world, so their privacy policy has been carefully written with global privacy laws in mind.
Unlike the BBC, Netflix share their user’s data with a large number of 3rd parties, including advertising companies and marketing providers. This makes their clause on how they share personal data quite valuable if your business also shares personal data.
You’ll also find a carefully worded disclaimer setting age restrictions for account holders and clarifying that children can only use Netflix under adult supervision and with parental controls. If you expect children to interact with your business or service, you might find this valuable.
Legally speaking, where you present your privacy policy isn’t incredibly important, as long as it’s easily accessible, free, and delivered in a timely manner (no you cannot post it upon request).
We recommend that you publish a new page specifically for your privacy policy. We also suggest that you link to it from the footer of your website as this is where most people expect to find it.
Our privacy policy generator offers several methods you can use to publish your policy on your website.
Once you’ve published your policy on your website or app, we suggest that you set a reminder in your calendar to come back every year and read over it again. We’d suggest that you check our blog for any changes to privacy laws that affect your business.
If you’re using our privacy policy generator, no need to set a reminder, we’ll notify you when any laws change, and help you make any required changes to your policy.
You won’t need to drastically change your privacy policy very often. There are only a few instances where a change may be required.
To comply with current privacy laws, you just need to notify your users if you update your privacy policy. We would suggest that you add a clause stating that when you update your privacy policy, it will be posted to the same URL as your current policy along with the date it was updated.