Compliance

Privacy Policy

A public document that explains how an organisation collects, uses, stores, and shares personal data.

A privacy policy is a public-facing document that explains how an organisation collects, uses, stores, shares, and protects personal data. It is the primary way organisations meet their transparency obligations under data protection law.

What It Should Include

See privacy notice for detailed content requirements under GDPR.

Best Practices

  • Write in plain, clear language — avoid legal jargon
  • Be specific — name your sub-processors, list your cookies, state retention periods
  • Provide layered information — a short summary at the top, details below
  • Include concrete instructions for exercising rights
  • Keep it up to date — review and revise when processing changes
  • State the effective date and notify users of material changes

Related Terms

GDPRLegal

The General Data Protection Regulation — the EU's comprehensive data protection law, effective since May 2018.

Privacy NoticeLegal

A document informing individuals about how their personal data is collected, used, and protected — often used interchangeably with privacy policy.

Sub-ProcessorCompliance

A third party engaged by a data processor to process personal data on behalf of the data controller.

Terms of ServiceCompliance

A legal agreement between a service provider and its users, defining the rules and conditions for using the service.

Cookie PolicyCompliance

A document that explains what cookies and similar technologies a website uses, their purpose, and how users can control them.

Privacy NoticePrivacy Shield