Do UK websites need a privacy policy?

A Privacy Policy Is a Legal Requirement for UK Websites

Under UK GDPR, if you collect any personal information about your customers, then a privacy policy, aka a privacy notice, is a legal requirement for any UK business and their website.

What is Personal Information?

Personal information is any data which could be used to identify an individual personally. Personal information includes their name, email address, home address and telephone number. These are commonly collected through enquiry forms on your website. Other information that could be considered personal information includes age, sex, religion and date of birth. Something often overlooked is the IP address of the computer the user uses to contact you. An IP address is a unique identifier on the internet which could be used to trace a user. An IP address is also considered personal information. 

What should a UK privacy policy include?

The privacy policy needs to inform your customers of:

  • What personal information you are collecting
  • What purpose you are collecting it for
  • How long you will be storing their personal information
  • Who, if anyone, you share the personal information with

The purpose of UK GDPR is to make it transparent to customers what you are collecting, why you are collecting it and what you will do with it. 

What Personal Information can I collect? 

UK GDPR states that you can only collect personal information required to deliver the services the customer is signing up for. So if a customer is purchasing a product from you and you need to email them a receipt, collecting their email address is a valid business reason.

However, if the product being sold does not have any age restrictions associated with it, then asking for the customers' age is illegal as you do not have a valid business reason to ask for it. 

How can I create a UK compliant Privacy Policy?

As a privacy document is a legal requirement, you can engage the services of your lawyers to create a privacy policy for you. However, this is likely to be an expensive exercise and often unnecessary.

The best way to generate a compliant privacy policy for the UK market is to use a UK privacy policy generator such as the one from Termageddon

What are the benefits of the Termageddon Privacy Policy Generator?

Termageddon has been crafted by lawyers specialising in privacy law. It will walk you through a series of questions about the personal information you collect and how you process it. Once completed, you will have a UK compliant privacy policy. But, if you deal with customers from multiple countries, Termageddon will develop a privacy policy that caters to regulations from many leading nations including the UK, USA, Canada and Australia. 

The great thing about Termageddon is that if the privacy laws change, your policy will automatically update to reflect the current privacy regulations. Even without changing regulations, if your business changes, you can modify your Termageddon policy as often as you want.

What about free privacy policy templates?

You may have seen free templates for privacy policies on the internet. While these may be suitable for some, for most, you should tread cautiously:

  • Templates do not help you identify what privacy laws actually apply to you. One size most definitely does not fit all when it comes to legal policies. Are you sure the template covers your legal needs?
  • Templates do not comply with all privacy laws. Does the template explicitly tell you which laws it complies with? What if you are serving customers from multiple territories? Does the generic template cover them all?
  • A template has to try to cover all eventualities. You have to pick and choose which entries are relevant to your business. Are you sure you have the knowledge to modify a generic template?
  • Templates do not update your Privacy Policy when the laws change and require new disclosures. Right now, the UK is considering changes to UK GDPR after Brexit, and our privacy laws will likely change in the next few years. If you use a template, you'll be stuck with an outdated policy as the laws change.
  • Who wrote the Privacy Policy template? Do you know who wrote the privacy policy template? Was it a practising privacy lawyer? If you don't know, then don't use it.

Is it illegal to not have a privacy policy in the UK?

The answer is almost certainly yes. If you collect a single piece of personal information about your customers, i.e. their name, then you need a privacy policy. Otherwise, you will be in breach of UK GDPR, which carries fines of up to 4% of turnover (note, turnover, not profit).

Where do I need to display my privacy policy?

You must display the privacy policy in a clear line of sight of your customers; it must not be hidden away. If you have a website, most privacy policies are linked to from the footer of your site so that any prospective customers can easily view them. 

In the unlikely event that you do not have a website, then you could consider printing out the policy and handing it to your customers. 

Where can I see an example of a UK Privacy Policy?

You can view the privacy policy of Web X Design Studio here, or by clicking the link in the footer. This is an example of a policy that covers multiple territories as we have customers in the UK and the USA.

How can I write my own compliant UK privacy policy?

Web X Design Studio is a reseller of the Termageddon privacy policy generator. For only £75 (that's cheaper than going to Termageddon direct!), you can create a privacy policy tailored to your company's specific needs. Whilst it is a simple and intuitive questionnaire, if you need guidance in completing the questions, all purchases come with a free 30-minute consultation. (note that while we've dealt with privacy issues for more than seven years, we are not lawyers, so any advice has to be taken as guidance only). 

You can purchase your UK compliant privacy policy here

crossmenu
linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram