Website Privacy Policy
Last Modified: [Date]
1. INTRODUCTION. [Company Name] (“Company”) respects your privacy. This Privacy
Policy sets forth Company’s policy with respect to the types of information we may collect
from you or that you may provide when you visit [domain name] (“the Website”), including
any content, services, functionality, mobile applications, downloadable materials, and
courses (“the Services”). If you do not agree with our Privacy Policy, your choice is to not
use our Website. By accessing or using this Website, you agree to this Privacy Policy and
the Terms of Use found here: [link to Website Terms of Use].
2. CHILDREN UNDER THE AGE OF 16. All website users must be at least 16 years of
age. If we learn we have received information from a child under 16 we will delete the
information. If you have reason to believe that a child under the age of 16 has provided
Personal Data to us through the Website or Services, please contact us and we will endeavor
to delete the information from our database. If we learn a user is under 16 years of age, we
will not disclose any personal information to any third parties unless the user has given
opt-in consent. If you have reason to believe that a user is under 16 years of age, notify the
Company in order to prevent disclosure of any personal data without opt-in consent.
3. WHEN WE COLLECT INFORMATION FROM YOU. We collect data and process
data when you access our Website, fill out forms on our Website, register, make a purchase,
sign up for our newsletter, respond to a survey, surf the Website, or use or view our Website
via your browser’s cookies. Our Company may also receive your data indirectly from the
following sources: [List any other ways your company collects data]
4. WHAT TYPES OF INFORMATION WE COLLECT FROM YOU.
A. Voluntary Information
A. When you visit our Website or use our Services we collect certain types of
information from you. This includes your name, email address, mailing address,
phone number, credit card information, age, sex, marital status, race, nationality,
or other information you provide to us. [List any other data your company
collects].
B. Automatic Data Collection
A. We also collect information automatically through cookies and other tracking
technologies such as information about your internet connection, your IP
address, traffic and location data, logs and other information. The information
we automatically collect helps us to improve our Website and deliver a better
service.
C. The categories of consumer data we have collected within the past 12 months includes
[categories of consumer data].
2
5. HOW WE COLLECT INFORMATION FROM YOU. The data controller is [list the
name and contact info of the data controller and its representatives if Company uses data
controller1]. The technologies we use for automatic data collection include “cookies.”
Cookies are small files placed on the hard drive of your computer that enables the website
or service provider’s systems to recognize your browser and remember certain information.
We use functionality cookies to recognize you on our website and remember your
previously selected preferences. These could include what language you prefer and
location you are in. We use advertising cookies to collect information about your visit to
our website, the content you viewed, the links you followed and information about your
browser, device, and your IP address. Our Company sometimes shares some limited
aspects of this data with third parties for advertising purposes. We may also share online
data collected through cookies with our advertising partners. This means that when you
visit another website, you may be shown advertising based on your browsing patterns on
our Website. [List any other cookies Company uses]. You may refuse to accept browser
cookies by activating the appropriate setting in your browser, but if you do, you may not
be able to access certain parts of our Website or Services. We also use flash cookies or web
beacons for automatic data collection. You may also provide information that is public or
displayed on public areas of the Website, or transmitted to other users of the Website or
third parties (“User Content”). Your User Content is transmitted to others at your own risk.
6. HOW WE USE YOUR INFORMATION. Processing of your information is necessary
for the purpose of legitimate interests and does not infringe on any fundamental rights and
freedoms. Some of those legitimate interests include: [choose those that apply: direct
marketing, processing of client data, ensuring network and information security, and fraud
prevention], We use your information to understand and store information about visitor’s
preferences, to compile aggregate data about site traffic and site interactions, to provide
you with information, products, or services that you request from us or that we think you
may like, to provide you with notices about your account, to carry out billing and collection,
for customer support, for marketing purposes, and in any other way we describe when you
provide information to us. We [do/ do not] use automated decision-making in processing
your personal information for some services and products. You can request a manual
review of the accuracy of an automatic if you are unhappy with it. [We do/do not] sell
personal information or consumer data for monetary gain or valuable consideration. [The
categories of data that are sold are (include categories)]. [list any other way your company
uses data].
7. THIRD PARTY DISCLOSURES. Some content or applications on the Website are
served by third parties, such as advertisements. We do not control third parties’ tracking
technologies. You should consult the privacy policies of any such third party for more
detailed information on their practices. Our Company Website contains links to other
1 The data controller is a legal or natural person, an agency, a public authority, or any other body who determines the purposes of any personal
data and the means of processing it.
3
websites. Our privacy policy applies only to our Website, so if you click on a link to another
website, you should read their privacy policy.
8. HOW WE DISCLOSE YOUR INFORMATION.
A. We may disclose aggregated information about our users and information that does not
identify any individual without restriction.
B. We [do/do not] disclose personal information that we collect or you provide as
described in this Privacy Policy to third parties, including the following subsidiaries,
affiliates, service providers, and contractors: [list organizations that will receive data].
C. We use your provided data to prevent fraudulent purchases by sharing your data with
credit reference agencies.
D. We will release information when it is appropriate to comply with the law or enforce
our site policies.
E. Do Not Track Policy: Our site honors Do Not Track (“DNT”) browser settings. We
[do/ do not] track your online browsing activity on any other online service.
F. We [do/do not] transfer personal data collected from you to third party processors
located internationally. Please be aware that such counties may not have the same level
of data protection; however, our collection, storage and use of your personal data will
continue to be governed by this Privacy Policy.
9. HOW WE STORE AND PROTECT USER INFORMATION.
A. Company securely stores your data at/on [enter location, i.e. secured servers]. We have
implemented security measures designed to protect your visit to the Website. These
include: [select all applicable].
A. All payment information is encrypted.
B. All information you provide to us is stored on our secure servers behind
firewalls.
C. We use regular Malware Scanning.
D. No transmission over the internet or email is completely secure or error free.
Please keep this in mind when disclosing personal information over the internet.
B. We will keep your data for [enter time period]. Once this time period has expired we
will delete your data.
10.YOUR CALIFORNIA PRIVACY RIGHTS.
A. If you are a California resident, California law may provide you with additional rights
regarding our use of your personal information. To learn more about your California 
4
privacy rights, visit https://oag.ca.gov/privacy/ccpa [or most recent CCPA Privacy
Notice link].
B. Under the CCPA, California residents have the right to opt-out of the sale of personal
information about them or their household, such as their name, postal or email address,
and other personal identifying information. The right is subject to certain exceptions.
For example, it does not apply to information that we share with certain third-party
service providers so they can perform business functions for us or on our behalf. You
may opt out by calling [Company phone number] or by emailing [Company email
address].
C. In the preceding twelve months, we have not sold personal information. Our policy is
that we do not and will not sell your personal information, unless you give us your
consent or direct us to do so.
11. RIGHT TO OPT OUT. You have agreed to receive marketing material from the
Company and have consented to the Company disclosing your information to third parties
for marketing purposes. You may opt out at any time. If you no longer wish to be contacted
for marketing purposes, please click here [enter opt out link].
12. YOUR DATA PROTECTION RIGHTS.
A. The Right to be Informed: This means anyone processing your personal data must make
clear what they are processing, why, and who else the data may be passed to.
B. The Right to Access: This is your right to see what data is held about you by a Data
Controller.
C. The Right to Rectification: You have the right to have your data corrected and amended
if what is held is incorrect in some way. You can request that we correct any
information that you believe is inaccurate or request that we complete information that
you believe is incomplete.
D. The Right to Erasure: Under certain circumstances you can ask for your personal data
to be deleted. This is also called “The Right to be Forgotten.” This would apply if the
personal data is no longer required for the purposes it was collected for, or your consent
for the processing of that data has been withdrawn, or the personal data has been
unlawfully processed.
E. The Right to Restrict Processing: This gives the you the right to ask for a temporary
halt to processing of personal data, such as in the case where a dispute or legal case has
to be concluded, or the data is being corrected.
F. The Right of Portability: you have the right to ask for any data supplied directly to the
Data Controller by you, to be provided in a structured, commonly used, and machinereadable format. You may request copies of your personal data from us. You may
request that we transfer the data that we have collected to another organization, or 
5
directly to you, under certain conditions. We may charge a small fee for this service or
for any copies requested.
G. The Right to Object: You have the right to object to further processing of your data
which is inconsistent with the primary purpose for which it was collected, including
profiling, automation, and direct marketing.
H. Rights in Relation to Automated Decision-making and Profiling: You have the right
not to be subject to a decision based solely on automated processing.
I. Right Not to be Subject to Discrimination for the Exercise of Rights: The Company
will not refuse goods or services to individuals who exercise their consumer rights.
If you would like to exercise these rights, please contact us at [Company email address] or
[Company phone number].
13.CHANGES TO PRIVACY POLICY. The date the Privacy Policy was last revised is
identified on the first page of the Privacy Policy. We reserve to update this policy and if
we make material changes to how we treat our users’ personal information we will notify
you by email. You are responsible for periodically visiting our Website and Privacy Policy
to check for any changes.
14. CONTACT. You may send us an email to inquire about our Privacy Policy or to request
access to, correct or delete any personal information that you have provided to us at:
[Company Name]
[Representative Name]
[address]
[phone number]
[email address]
You may reach our Data Protection Officer by sending an email to [email address].
15.COMPLAINTS. Should you wish to report a complaint or if you feel that our Company
has not addressed your concern in a satisfactory manner, you may contact the Information
Commissioner’s office (if an individual located in the United Kingdom) or the European
Data Protection Board.
16. INDIVIDUALS LOCATED WITHIN THE UNITED KINGDOM.
A. Restricted Transfers: Our Company may make a restricted transfer if the receiver
is located in a third country or territory or is an international organization,
covered by UK “adequacy regulations.” If there are no adequacy regulations
about the country, territory or sector for the restricted transfer, our Company
should then find out whether you can make the transfer subject to ‘appropriate 
6
safeguards’ as listed in the UK GDPR. Before we rely on an appropriate
safeguard to make a restricted transfer, we must be satisfied that the data subjects
of the transferred data continue to have a level of protection essentially
equivalent to that under the UK data protection regime. We do this by
undertaking a risk assessment, which takes into account the protections
contained in that appropriate safeguard and the legal framework of the
destination country (including laws governing public authority access to the
data). If our assessment is that the appropriate safeguard does not provide the
required level of protection, we will include additional measures. Appropriate
safeguards may be: (1) A legally binding and enforceable instrument between
public authorities or bodies; (2) binding corporate rules as defined in Article 47
of the UK GDPR; (3) a contract incorporating standard data protection clauses
recognized or issued in accordance with the UK data protection regime; (4) a
code of conduct approved by the ICO; (4) Certification under an approved
certification scheme; (5) a bespoke contract governing a specific restricted
transfer which has been individually authorized by the ICO; or (6)
Administrative arrangements between public authorities or bodies. If none of the
criteria above apply for the transfer, we may still make the transfer if the transfer
is covered by an ‘exception’ set out in Article 49 of the UK GDPR.
B. CHILDREN UNDER THE AGE OF 13: All website users located in the United
Kingdom must be at least 13 years of age. If we learn we have received
information from a child under 13 we will delete the information. If you have
reason to believe that a child under the age of 13 located in the United Kingdom
has provided Personal Data to us through the Website or Services, please contact
us and we will endeavor to delete the information from our database. If we learn
a user is under 13 years of age, we will not disclose any personal information to
any third parties unless the user has given opt-in consent. If you have reason to
believe that a user is under 13 years of age, notify the Company in order to
prevent disclosure of any personal data without opt-in consent.
C. Local Representative in United Kingdom: We [do / do not] either offer goods or
services to individuals in the UK; or monitor the behavior of individuals in the
UK. Our local UK representative is listed below2
:
Company Name]
[Representative Name]
[address]
[phone number]
[email address]