Privacy Policy

This policy explains how [COMPANY LEGAL NAME] (“we”, “us”, “our”) collects and uses personal data. We are the data controller responsible for your personal data. We are registered in [COUNTRY / JURISDICTION] under company number [COMPANY NUMBER], with our registered office at [REGISTERED ADDRESS].

Include if applicable: Our Data Protection Officer / privacy contact can be reached at [DPO / PRIVACY CONTACT EMAIL]. If you offer services to the EU from outside it, name your Article 27 representative here: [EU / UK REPRESENTATIVE NAME AND CONTACT].

This policy applies to personal data we process about visitors and users of our website and services (the “Service”). It does not apply to third-party websites or services we link to, which have their own privacy policies.

Depending on how you use the Service, we may collect:

We collect this data when you provide it directly, automatically as you use the Service, and from third parties such as [analytics providers, payment processors, social login providers]. We do not knowingly collect special category data [unless you operate in health, etc. — describe and add an appropriate Article 9 condition].

Under the GDPR we must have a lawful basis for each use of your personal data. Our uses and bases are:

Where we rely on legitimate interests, we have balanced those interests against your rights. You can ask us for more detail at [CONTACT EMAIL].

We use cookies and similar technologies to operate the Service, remember your preferences, and (where you consent) measure usage and personalise content. Non-essential cookies are set only with your consent through our cookie banner, which you can change at any time via [COOKIE SETTINGS LINK]. For full details of the cookies we use, their purpose and duration, see our [Cookie Policy / table here].

We share personal data with: service providers acting as our processors (e.g. [hosting, email, analytics, payment, customer support providers]); professional advisers; and authorities where required by law. We require processors to protect your data and to act only on our instructions. We do not sell your personal data. In the event of a merger, acquisition or asset sale, data may be transferred to the relevant party subject to this policy.

Where we transfer personal data outside the UK / EEA, we ensure an appropriate safeguard is in place — such as an adequacy decision, the UK International Data Transfer Agreement, or the EU Standard Contractual Clauses with any required addendum. You can request a copy of the safeguards we use by contacting us at [CONTACT EMAIL].

We keep personal data only as long as necessary for the purposes set out above, including to satisfy legal, accounting or reporting requirements. As a general rule we retain account data for the life of your account and for [X months/years] afterwards, and transaction records for [e.g. 6/7 years] to meet tax obligations. When data is no longer needed, we delete or anonymise it.

We use appropriate technical and organisational measures — including [encryption in transit, access controls, regular backups] — to protect personal data against unauthorised access, loss or misuse. No system is completely secure; if a breach affects your rights we will notify you and the relevant supervisory authority as required by law.

Subject to conditions in the law, you have the right to: be informed about how we use your data; access a copy of it; rectify inaccurate data; erase data (“right to be forgotten”); restrict processing; data portability; object to processing (including direct marketing); and not be subject to solely automated decisions with legal effects. Where we rely on consent, you may withdraw it at any time without affecting prior processing.

To exercise any right, contact us at [CONTACT EMAIL]. We will respond within one month. There is usually no charge, and we may need to verify your identity.

The Service is not directed at children under [16 / the age of digital consent in your country]. We do not knowingly collect their data. If you believe a child has provided us data, contact us and we will delete it.

We may update this policy from time to time. We will post the updated version with a new “Last updated” date and, where changes are significant, notify you by [email / in-app notice].

For any privacy question or to exercise your rights, contact [COMPANY LEGAL NAME] at [CONTACT EMAIL] or [REGISTERED ADDRESS].

If you are in the UK and are unhappy with how we handle your data, you can complain to the Information Commissioner’s Office (ICO) at ico.org.uk. If you are in the EU, you can complain to your local data protection authority. We would, however, appreciate the chance to address your concerns first.