Privacy Policy template

About this document

A privacy policy is a public-facing notice that tells individuals how an organisation collects, uses, shares, and protects their personal data. It explains people’s rights and how to exercise them. A clear and accurate privacy policy supports transparency and helps meet legal disclosure obligations.

Who needs one: Any business or website that collects personal data from customers, users, or visitors.

What a strong privacy policy covers

• Identity and contact details of the data controller
• Categories of personal data collected and their sources
• Purposes of processing and the lawful bases relied on
• Who data is shared with and any international transfers
• Retention periods and data security overview
• Individual rights and how to make a complaint

Regulations and frameworks this aligns to

PolicyKit references the standards relevant to your jurisdiction when it generates your privacy policy.

GDPR

The EU General Data Protection Regulation, governing how organisations collect, use, and protect personal data of people in the EU.

UK GDPR

The retained UK version of the General Data Protection Regulation, governing how organisations process the personal data of people in the UK.

CCPA

The California Consumer Privacy Act, granting California residents rights over how businesses collect, share, and use their personal information.

CPRA

The California Privacy Rights Act, which amends and expands the CCPA and established the California Privacy Protection Agency.

Data Protection Act 2018

The UK statute that supplements and implements data protection law alongside the UK GDPR, including law-enforcement and intelligence-service processing.

Frequently asked questions