This privacy policy template can be easily edited for the website of any Irish business or organisation.
It helps you comply with data protection law, notably the Data Protection Act and General Data Protection Regulation or GDPR. It has also been designed to give reassurance to your website visitors that you take issues of privacy seriously.
We provide this document for download and use completely free of charge.
Microsoft Word DOCX
Apple Pages
RTF
If the document isn’t right for your circumstances for any reason, just tell us and we’ll refund you in full immediately.
We avoid legal terminology unless necessary. Plain English makes our documents easy to understand, easy to edit and more likely to be accepted.
You don’t need legal knowledge to use our documents. We explain what to edit and how in the guidance notes included at the end of the document.
We offer free support by email in respect of editing the document. You can also use our Document Review Service if you want to our legal team to check that the document will do as you intend.
Our documents comply with the latest relevant law. Our lawyers regularly review how new law affects each document in our library.
Most businesses and organisations collect data about the people who visit their websites.
Often it is clear to visitors what data is collected and when it happens, for example, when they request that you send them information about your products or services. However, at other times, it might be less obvious, such as when you track their browsing behaviour to measure website and page performance.
From May 2018, the General Data Protection Regulation or GDPR comes into force. This aims to harmonise data protection law across the European Union and strengthen the rights of individuals to know what personal data about them is collected, used and managed.
This template provides the basis for your own privacy policy in a way that allows you to show that you comply with every aspect of the law.
Your privacy statement should reflect the way that your business or organisation collects and uses data.
Although this will differ from organisation to organisation enough to make each privacy notice unique, there are common elements to every policy.
By giving you options for wording these common situations, we hope that we have done as much of the work for you as we can.
However, you will need to spend time editing this policy template. There are advantages to this.
While considering how data is collected, used, and managed, the task of editing should prompt you to think about data handling processes might need to change. For example, you might need to separate access to different types of information.
One aspect of the GDPR that has caught the headlines is the ability of a supervisory body (the Data Protection Commissioner or DPC in Ireland) to hand out large fines for non-compliance.
Based on past action, our opinion is that the DPC is unlikely to use its full powers against smaller businesses and organisations from day one. More likely, a warning will be issued before a fine with time to make good, especially if it can be shown that there was an intention to comply with the law.
Your privacy statement is likely to be the first thing that the DPC will consider when judging whether you have made an attempt to comply with the GDPR and other law. A well written notice is therefore likely to reduce the likelihood of immediate punitive action.
We provide this template completely free of charge.
We don't ask you to acknowledge our copyright in it, mention us in any way or link to our site in return for using it.
The document is written in plain language that is visitor friendly, and structured so that it is both easy to read and easy to edit.
The first part of the privacy notice explains the legal bases you have chosen for processing different types of information and how these types are used.
The second part deals with specific uses – less designed to comply with the GDPR and more for the purposes of reassuring customers and protecting you under different law (for example, regarding copyright).
The third part sets out requirements under GDPR once again: whether data is shared with other organisations; how it can be reviewed; and other miscellaneous matters.
In places we have provided a number of options, where you choose the most appropriate and delete the others. In other places, we have provided ideas and the most common scenarios. The notice may require a little customisation to reflect fully your policy, but because it is written in plain English, editing it is easy.
This notice can be used by a wide range of types of business and non-profit organisations. Examples of those currently using it include:
The contents of the document cover:
