When to use
when you collect personal information on the website
to make sure you comply with data privacy legislation
What it covers
the nature of data collected by the site
the use of data
data security and access
transfers of data outside Europe
The collection and use of personal data by online businesses in the UK must comply with the UK data protection laws and the GDPR. This policy is designed to allow the website operator to comply with the fair processing obligation and to obtain the user's consent to that processing as required by law.
Who is a Data Protection Officer (DPO)?
A Data Protection Officer assists your business with internal compliance and can inform or advise you of your data protection obligations, provide recommendations regarding any Data Protection Impact Assessments and act as a contact point for data subjects and the Information Commission Office (ICO).
What types of information will be collected from users?
It depends on the purpose for which the data is gathered. If you are selling and trading on your website, you may wish to collect your customers personal data such as names & credit card details. However, the data protection law defines personal data as broad as to include information about personal opinions and IP addresses.
What are cookies?
Do I need to display my personal details?
Place of registration
Registered office address
Contact details, including an email address
Details of how to contact the business
For sole traders and individuals, you must display the address of the principle place of business.
What's an Information Management Security System (IMSS)?
An IMSS is a set of principles and procedures for systematically managing an organisation's data. The goal of an IMSS is to minimise the risk for the business and ensure business continuity by pro-actively limiting the impact of a security breach. These practices relate to the protection of information, and are developed in accordance with the business position.
What is the General Data Protection Regulation (EU) 2016/679 ?
This is the GDPR which is a European piece of legislation. This regulation applied to all EU Member States in 2018. The '2016' is the year in which it was passed.