Skip to content

Template · PRIVACY POLICY

Privacy policy · EU/EEA baseline (GDPR Art 13/14)

Transparency-clause scaffold per statute. Adapt to your processing operations and sub-processor list; do not deploy without counsel review.

Scope law GDPR Variables 12 to substitute Last reviewed
Editorial research — not legal advice

Template body

12 placeholders · 10 sections

Privacy Policy

Effective date: {{effective_date}} Last reviewed: {{last_reviewed}}

1. Who we are

{{controller_name}} ("we", "us"). Registered office: {{controller_address}}. Contact: {{controller_email}}. Data Protection Officer (if appointed): {{dpo_email}}.

2. What data we collect (GDPR Art 13–14)

This section satisfies our transparency duty under GDPR Art 13 (data collected directly from you) and Art 14 (data obtained from third parties — see "Source" column).

Category Source Purpose Legal basis (GDPR Art 6)
Account data (name, email) You Provide the service Contract, Art 6(1)(b)
Usage analytics Auto-collected via {{analytics_tool}} Improve the service Consent, Art 6(1)(a)
Marketing email You + opt-in Send updates Consent, Art 6(1)(a)
Support correspondence You Respond to enquiries Legitimate interest, Art 6(1)(f)

3. How we share data

We share data with the following sub-processors:

  • {{hosting_provider}} (hosting, EU-region)
  • {{email_provider}} (transactional email)
  • {{analytics_tool}} (analytics)
  • {{cdn_provider}} (CDN, edge caching)

4. International transfers

{{transfer_section}}

5. Retention

  • Account data: until account deletion + 30 days backup retention
  • Analytics: 14 months (configurable per IAB TCF v2.2 vendor list)
  • Marketing email: until unsubscribe
  • Support correspondence: 24 months

6. Your rights (GDPR Art 15–22)

  • Access, rectification, erasure
  • Restriction of processing
  • Data portability
  • Object to processing based on legitimate interest
  • Not be subject to automated decision-making
  • Withdraw consent at any time

To exercise: email {{dsr_email}}. We respond within one month (GDPR Art 12(3)); for complex or numerous requests, we may extend by two further months and will notify you within the first month with reasoning.

7. Right to complain

You may lodge a complaint with your national supervisory authority. Contact details for all EU/EEA DPAs: https://edpb.europa.eu/about-edpb/about-edpb/members_en

8. Changes

We will notify users of material changes by email and update the "Last reviewed" date.

9. Cookies

See our Cookie policy for the full list of cookies and trackers.

Variables to substitute

Replace each {{token}} in the body before deploying.

VariableType
{{dpo_email}} string
{{dsr_email}} string
{{cdn_provider}} string
{{last_reviewed}} date
{{analytics_tool}} string
{{effective_date}} date
{{email_provider}} string
{{controller_name}} string
{{controller_email}} string
{{hosting_provider}} string
{{transfer_section}} string
{{controller_address}} string
How to use this template · Methodology

Adapt, then deploy. Editorial reading as of 2026-05-05; not legal advice. This template is a starting point — drafted against the named statute and the relevant regulator's published guidance, not your specific facts.

Substitute every placeholder. Tokens like {{controller_name}} must be replaced with your concrete values. Leaving placeholders unsubstituted is a recurring failure mode in published compliance documents; reviewers and regulators tend to read partially-completed disclosures as a documentation problem in itself.

Verify the assumptions. The "Assumes" block above lists the prerequisites we drafted against. If your facts differ — different processor list, different audience, different sub-processors — adapt the template, don't deploy it as-is.

Counsel review before going live. Templates are scaffolding, not finished artefacts. Route the final pass through counsel admitted in the jurisdiction where you operate.

Full methodology → · All templates → · Scope law: GDPR →

Editorial research, not legal advice. SetupAnalytics is a free, ad-free public utility maintained by independent editors. This template does not establish a lawyer-client relationship and is not warranted for accuracy or currency. Consult qualified counsel admitted in the relevant jurisdiction for any specific deployment. Report an inaccuracy →