On mobile, our contracts display better in landscape mode. Rotate your device for the best viewing experience.

Privacy Policy Editor

Fill in the details below to generate your GDPR & UK Data Protection compliant privacy policy

🎯 What type of business are you?

? Choose the closest match - this sets sensible defaults for data types, purposes, and security measures, but you can change any field.
This pre-fills sensible defaults - all fields remain fully customisable

🏢 Organization Details

Optional - Find at Companies House

👤 Data Controller & DPO

? Required for public authorities and organizations that process data on a large scale or monitor individuals systematically. Most small businesses don't need a DPO.
Required if you process personal data (check ICO website)

📊 Types of Data Collected

? Select all types of personal data your organization collects. This forms your data inventory under GDPR Article 30.

⚠️ Special Category & Criminal Data

? Special category data includes: racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetics, biometrics, health data, sex life, or sexual orientation. Requires explicit consent or another legal basis under GDPR Article 9.
? Processing criminal conviction data requires official authority or specific legal basis. Common for employers doing DBS checks or security companies.

⚖️ Processing Purposes & Legal Basis

? Why do you collect and use personal data? Be specific about your business purposes. Under GDPR, you must have a lawful basis for each purpose.
GDPR Legal Bases: Consent | Contract | Legal obligation | Vital interests | Public task | Legitimate interests

🍪 Cookies & Tracking Technologies

? UK PECR requires consent for non-essential cookies. Essential cookies don't need consent but must be disclosed.

🔄 Data Sharing & International Transfers

? List any third parties you share data with. This includes processors (act on your behalf) and other controllers (use data for their own purposes).
? Post-Brexit, transfers outside UK need safeguards. EU has adequacy decision for UK. US transfers need additional safeguards like SCCs or Data Privacy Framework.

Data Retention Periods

? GDPR requires data minimization - keep data only as long as necessary. Consider legal requirements (e.g., 6 years for financial records under UK law).

🛡️ Data Subject Rights

? GDPR requires response within one month, extendable by two months for complex requests. UK GDPR maintains same timeframes.
? Generally free under GDPR. Can charge reasonable fee for excessive/repeated requests or additional copies.
GDPR Rights: Access | Rectification | Erasure | Restrict processing | Data portability | Object | Not be subject to automated decisions

👶 Children's Privacy

? UK age of digital consent is 13. If targeting children under 13, need parental consent. Special protections apply to all under 18s.

🔒 Security Measures

? GDPR Article 32 requires appropriate security measures. Don't reveal specifics that could aid attackers, but give confidence in your security.

📝 Policy Management

? How will you notify users of privacy policy changes? Material changes require active notification under GDPR.

Your Privacy Policy is Ready

Review your GDPR & UK Data Protection compliant privacy policy below

Export to Word for bespoke situations where additional customization or manual editing is required beyond the standard template.

Instant Access

Unlock Your Privacy Policy Now

Get instant access to both the Interview Version (guided) and this Editor Version in Word & PDF formats

Editor Version (Manual)
Interview Version (Guided)
Word & PDF Formats
Lifetime Free Updates
Print Unlimited Copies
Use Forever
30-day money-back guarantee*
£20
One-Time Payment
No subscriptions, ever

Lifetime Access • Editor & Interview formats • Lifetime Updates • No subscription