Privacy Policy Template

The data controller responsible for the processing of your personal data is [companyName], located at [companyAddress]. You can contact us at [companyEmail].

We collect and process the following categories of personal data: identification data (name, email address, phone number), technical data (IP address, browser type, device information), usage data (pages visited, features used, time spent), and any other data you voluntarily provide to us through forms, correspondence, or account creation on [websiteUrl].

We process your personal data for the following purposes: (a) to provide and maintain our services, (b) to communicate with you regarding your enquiries, (c) to comply with legal obligations, (d) to improve our services and user experience, (e) to send marketing communications where you have given consent, and (f) to protect our legitimate interests including fraud prevention and security.

We process your personal data on the following lawful bases under Article 6(1) GDPR: (a) your consent, where you have given clear consent for a specific purpose; (b) contractual necessity, where processing is necessary for the performance of a contract with you; (c) legal obligation, where processing is necessary for compliance with a legal obligation; (d) legitimate interests, where processing is necessary for our legitimate interests and does not override your fundamental rights and freedoms.

We may share your personal data with the following categories of recipients: (a) service providers who assist us in operating our business (hosting, email, analytics), (b) professional advisors (legal, accounting), (c) regulatory authorities when required by law, and (d) business partners with your explicit consent. All third-party recipients are contractually obligated to protect your data in accordance with GDPR requirements.

Where we transfer personal data outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, including: (a) transfers to countries with an adequacy decision from the European Commission, (b) Standard Contractual Clauses (SCCs) approved by the European Commission, or (c) other legally recognised transfer mechanisms. You may request a copy of the relevant safeguards by contacting us at [companyEmail].

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected. Our standard retention period is [dataRetentionPeriod]. After this period, your data will be securely deleted or anonymised. Certain data may be retained longer where required by law (e.g., tax records, contractual documentation).

Under the GDPR, you have the following rights regarding your personal data: (a) Right of access (Article 15) — to obtain a copy of your data; (b) Right to rectification (Article 16) — to correct inaccurate data; (c) Right to erasure (Article 17) — to request deletion of your data; (d) Right to restriction (Article 18) — to limit how we process your data; (e) Right to data portability (Article 20) — to receive your data in a structured, machine-readable format; (f) Right to object (Article 21) — to object to processing based on legitimate interests or direct marketing; (g) Right to withdraw consent at any time without affecting the lawfulness of prior processing. To exercise any of these rights, contact us at [companyEmail]. We will respond within 30 days.

Our website [websiteUrl] uses cookies and similar technologies to enhance your experience. We use: (a) strictly necessary cookies for the operation of our website, (b) analytical cookies to understand how visitors interact with our site, and (c) functional cookies to remember your preferences. You can manage your cookie preferences through your browser settings. For more details, please refer to our Cookie Policy.

Our Data Protection Officer can be contacted at: Name: [dpoName] Email: [dpoEmail] The DPO is responsible for overseeing our data protection strategy and ensuring compliance with applicable data protection laws.

If you believe that our processing of your personal data infringes the GDPR, you have the right to lodge a complaint with a supervisory authority. The relevant supervisory authority is [supervisoryAuthority]. You may also lodge a complaint with the supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

We may update this privacy policy from time to time to reflect changes in our practices, legal requirements, or operational needs. The latest version will always be available on [websiteUrl]. We encourage you to review this policy periodically. This policy is effective as of 2026-04-26.