Guide to Template
Total Page:16
File Type:pdf, Size:1020Kb
Guide to our Privacy Policy
Our Privacy Policy template is for use by a business trading online. It provides a basic outline of the ways in which you will deal with customer’s (including here any users of your website) personal data and, as it states that use of the website and the supply of their personal data to you constitutes agreement for you to use it in accordance with this privacy policy, by implication you have their consent to do so. If you use personal data in other ways not mentioned in the template, then you may need to adapt the policy.
In handling personal data you must comply with the Data Protection Act 1998 and the “8 Principles of Data Protection” it imposes which are:
1. Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless: (a) at least one of the conditions in Schedule 2 [of the Act] is met, and (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 [of the Act] is also met.
2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
4. Personal data shall be accurate and, where necessary, kept up to date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
6. Personal data shall be processed in accordance with the rights of data subjects under this Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Clauses in this Privacy Policy - Numbered clauses
1. Fill in your business/company name, domain name(s) and the name of the person/company who is nominated as your data controller where indicated (the latter could be an individual at your business or the name of the company itself). As the clause notes, you will generally need to be registered with the Information Commissioner’s Office if you handle personal data for marketing purposes. If in doubt it is better to register, as the cost of being registered is £35 per year and this will generally mean you avoid prosecution for not being registered (although you still have to comply with the 8 principles of data protection). For more information on data protection and to register (called “making a notification”) go to www.ico.org.uk. 2. If you do not offer an e-newsletter, delete the words in square brackets. Add any other purposes for which you might process their personal data.
3. This clause states that you do not receive (and therefore do not retain) their payment details. If you use certain payment agencies to take card payments for you this should be correct, but you will need to check this and make amendments if it is not the case. On line 4 fill in your business/company name.
4. This clause says what you use the personal data for (i.e. to run your business) and states that you will not sell, etc the personal data to third parties. If correct remove the square brackets. If this is not correct, then delete the words in square brackets.
5. This clause warns customers that their data may not be secure as they transmit it to you, but that, once received, you will then do your best to keep it safe (this is one of the 8 data protection principles you must comply with). In clauses 5.5 and 5.6, if you will not transfer personal data to third parties, delete the words in square brackets.
6. You must give customers an easy opportunity to opt out of your using their data for marketing. Fill in your contact email for this purpose. If you do not share data with third parties, then delete the words in square brackets. You may need to adapt this clause to suit how you collect personal data.
7. This clause is a note about use of statistics.
8. As the Data Protection Act 1998 states that personal information must not be transferred to other countries without adequate protection (this is one of the 8 data protection principles you must comply with), although you can warn people that you might be transferring their data abroad, and therefore they consent to it by implication, the onus is still on you to ensure that any parties hosting your data on overseas servers that are outside of the EEA (as is common) agree to abide by similar restrictions to those imposed by the Data Protection Act 1998. Within the EU, member states are under similar laws to the Data Protection Act 1998, as it originates from the EU, so transfers to other EU countries are covered.
9. You are not permitted to process sensitive personal data without the owner’s explicit consent. Most online businesses would have no need to gather or use such information.
10. This clause gives you the right to transfer the personal data in the event that your business is sold. Fill in the name of your business/company on line 4.
11. This clause advises customers that you can also process/disclose personal data where required by law.
12. You have to offer people the right to opt out of marketing material in the future. Fill in your preferred contact email address. Ideally any marketing emails you send should repeat this opt-out provision.
13. Security - This clause warns customers that data while being transmitted to you might not be secure.
14. This warns your customers to choose a secure password and to keep it secure.
15. Third party links - This clause warns customers that you are not responsible for how other websites that have links on your site might handle personal data.
16. Use of cookies - this is a brief cookie use policy.
17. Access to information - As required by the Data Protection Act, you must permit a person you hold personal data about to check and inspect that personal data, but you can make a nominal charge for such access.
18. Changes to this policy - This clause provides that you can amend the policy over time. Fill in your preferred contact postal address and email address in the unnumbered clause that follows. Then at the end of the document fill in the month and year when you adopt this policy. If you update it again in the future, update this date.
Final note - Once you have chosen all the options and filled in all the details, remove any square brackets that might still exist in the document.
The Privacy Policy and this guide have been provided by the legal resource www.legalo.co.uk.
Legal Disclaimer
In accordance with Legalo’s terms, the legal document template and this guide are provided "as is", without warranty or condition of any kind. Legalo disclaims all warranties and conditions with regard to the legal document template and this guide, including all implied warranties or conditions of merchantability, fitness for a particular purpose, title and non-infringement. Legalo is not a law firm, does not practice law, does not give legal advice and is not acting as your solicitors at any time. The template and guide are not a substitute for the legal advice of a solicitor. We aim to update the template and guide regularly, but they may not always be fully up-to-date at all times, since the law can change rapidly at times. The legal information in this guide is not legal advice; it is not guaranteed to be correct or complete; in many cases will be an abbreviated and simplified summary for general use or general guidance only; and is not a substitute for detailed and specific legal advice on your own situation from a solicitor. No legal tool like Legalo provides is suitable for every situation. The template and guide are reasonably fit to use as a starting point for the preparation of a legal document. They are only intended to be used as general templates, which ought to be properly adapted by you to meet your specific requirements. You are reminded of the need to take specific legal advice for your specific situation and to consult a suitably qualified lawyer.