Writing a user-friendly privacy policy

In summary, a privacy policy sets out who you are, how you will collect, use and store personal data and how a customer/contact can control that use of their personal data.

The law requires that you display a clear link to your privacy policy on your website, at all points of online data collection. Your privacy policy is your opportunity to build customer confidence and trust and make them feel good about doing online business with you.

A good privacy policy is easy to find, easy to read and explains all the web visitor needs to know about your approach to handling the personal data they supply you. It also serves as a promise to your visitors and customers that you will act according to the statements laid out in the policy. So be sure not to promise what you can’t (or won’t) deliver!

Below is an outline of the content you should include in your privacy policy to ensure it is user-friendly and regulation compliant:

  • State what data you collect, e.g.
    • name and job title
    • contact information including email address
    • demographic information such as postcode, preferences and interests, transactional data
  • Explain what you do with personal data – and what you do NOT do.
  • State the physical address of the Data Controller.
  • List out your group companies, where applicable.
  • Explain how the personal data you hold is handled and processed.
  • State your policy on the use of cookies, ie how you use them and why.
  • Your policy on transfer of data overseas (i.e if you don’t do it, then state this).
  • Subject access arrangements – how can a customer/contact gain access to the personal data you hold on them.
  • Data security guarantees – ie the physical, electronic and business procedures in place to safeguard and secure the information you collect.
  • Links to other sites – ie where your privacy policy ends, e.g. “such sites are not governed by this privacy statement”.


Personal data

Personal data is defined as information about a living, identifiable individual – identifiable either from that data, or from other information which is likely to come into the possession of the Data Controller. It includes an expression of opinion about the individual and any indication of intention in respect of the individual.


Data Controller

The Data Controller is a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed.

Here’s our privacy policy for you to check out. 

How to write the perfect email marketing copy

Email marketing requires you to wear many hats – you have to be a designer, a data analyst, a workflow expert, and more. And, after all of that, you’re left with one of the hardest jobs of all:…

Marketing events to inspire your next campaign

dotlive is our free marketing event series designed to give marketers top tips and tricks to get the best results possible from their marketing efforts. For almost 7 years we’ve hosted dotlives to help keep you at…

How all omnichannel merchants can use their offline data to drive conversions online

In our 21one features release, dotdigital has released a new insight data importer. This new feature makes it easy to get point-of-sale (POS) data straight into the platform without building an integration, and every merchant with a…

This site uses cookies to improve your user experience. By using this site you agree to these cookies being set. To find out more see our cookies policy.