Template · PRIVACY POLICY

Privacy policy · EU/EEA baseline (GDPR Art 13/14)

Template body

# Privacy Policy

**Effective date:** {{effective_date}}
**Last reviewed:** {{last_reviewed}}

## 1. Who we are
{{controller_name}} ("we", "us"). Registered office: {{controller_address}}. Contact: {{controller_email}}. Data Protection Officer (if appointed): {{dpo_email}}.

## 2. What data we collect

| Category | Source | Purpose | Legal basis (GDPR Art 6) |
|---|---|---|---|
| Account data (name, email) | You | Provide the service | Contract, Art 6(1)(b) |
| Usage analytics | Auto-collected via {{analytics_tool}} | Improve the service | Consent, Art 6(1)(a) |
| Marketing email | You + opt-in | Send updates | Consent, Art 6(1)(a) |
| Support correspondence | You | Respond to enquiries | Legitimate interest, Art 6(1)(f) |

## 3. How we share data
We share data with the following sub-processors:
- {{hosting_provider}} (hosting, EU-region)
- {{email_provider}} (transactional email)
- {{analytics_tool}} (analytics)
- {{cdn_provider}} (CDN, edge caching)

## 4. International transfers
{{transfer_section}}

## 5. Retention
- Account data: until account deletion + 30 days backup retention
- Analytics: 14 months (configurable per IAB TCF v2.2 vendor list)
- Marketing email: until unsubscribe
- Support correspondence: 24 months

## 6. Your rights (GDPR Art 15–22)
- Access, rectification, erasure
- Restriction of processing
- Data portability
- Object to processing based on legitimate interest
- Not be subject to automated decision-making
- Withdraw consent at any time

To exercise: email {{dsr_email}}. We respond within 30 days.

## 7. Right to complain
You may lodge a complaint with your national supervisory authority. Contact details for all EU/EEA DPAs: https://edpb.europa.eu/about-edpb/about-edpb/members_en

## 8. Changes
We will notify users of material changes by email and update the "Last reviewed" date.

## 9. Cookies
See our [Cookie policy](/cookies/) for the full list of cookies and trackers.

Variables to fill in