Skip to content
Archived content. You are viewing v1 of SME Digital Advisor — the original multi-section site (risks, scenarios, policies, OWASP, flashcards). Go to current site →

Public-facing notice

Privacy Notice (for your website)

A starter template for the customer-facing privacy notice on your website.

Have this reviewed by a solicitor before publishing. A privacy notice creates legal obligations and a public commitment to your customers — it is more legally consequential than the internal policies above. The starter below is a working draft, not legal advice. Use it as a structure, edit thoroughly for your business, then have a competent legal reviewer check it.

How to use this: The bracketed items like [Company Name] are placeholders — replace them with your own details. Edit the wording to suit your business. This is a starter, not legal advice.

Who we are

[Company Name] (we, us, our) is the data controller for personal data described below. Our registered office is [address]. Contact: [privacy@yourcompany.co.uk].

What this notice covers

It explains what personal data we collect about you, what we do with it, who we share it with, how long we keep it, and your rights under UK GDPR.

Data we collect

  • Information you give us: name, email, phone, company, any information you put in a contact or order form.
  • Information we collect automatically: your IP address, browser type, pages visited, referrer, basic device information via cookies and similar technologies.
  • Information from third parties: [e.g. payment processor, marketing platform].

Why we use your data (legal basis)

  • To answer enquiries you send us — legitimate interest.
  • To fulfil orders or contracts — contract.
  • To send marketing emails (only if you've agreed) — consent.
  • To meet legal obligations — legal obligation.

Who we share it with

We share your data with [named sub-processors, e.g. Microsoft 365, Xero, HubSpot]. We do not sell your data.

Where your data is held

Most of our data is held in the [UK / EU]. Some sub-processors operate from the United States under appropriate safeguards.

How long we keep it

Details in our Data Retention Policy.

Your rights

  • Access the data we hold about you.
  • Correct inaccurate data.
  • Ask us to delete it (where we're not legally required to keep it).
  • Object to certain processing.
  • Withdraw consent for marketing at any time.
  • Complain to the ICO: ico.org.uk, 0303 123 1113.

Cookies

We use cookies as described in our cookie banner. You can change your choices at any time via the cookie settings link in the footer.

Changes to this notice

This notice was last updated on [date].

Tips for adoption

  • This is a starter, not legal advice. Get it reviewed by a solicitor.
  • Match it to what your site actually does.
  • Update whenever you add a new sub-processor or change a retention period.