• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Adlex Solicitors

UK internet and domain name lawyers

Call us now: 0207 317 8404   Email us now

Request Callback

  • Home
  • What We Do
    • Website and App Terms & Conditions
    • Privacy and GDPR
      • Intro
      • Privacy Policies
      • Cookies and GDPR
    • Contracts
      • Intro
      • Influencer Contracts
      • Website / App Design and Development Contracts
      • Web Hosting Contracts
      • White Label and Content Distribution Contracts
      • SEO Contracts
      • Internet Affiliate, Advertising and Marketing Contracts
    • Disputes
      • Intro
      • Domain Name Disputes and Cybersquatting
        • Introductory Guide to Domain Name Disputes
        • UDRP
        • Nominet’s DRS
        • Cybersquatting
        • Domain Name Hijacking
        • Domain Name Law
        • Domain Names and Trade Marks / Passing Off
        • Adlex’s Domain Name Legal Expertise
        • Free Legal Opinion
      • Online Copyright Infringement
      • Internet Trade Mark Infringement and Passing Off
    • Content Removal
      • Intro
      • Removal From Google Search Results
      • Internet Defamation
      • Right to be Forgotten
      • Removing Google reviews
      • Removal From Websites
      • Removal From Facebook and Other Social Media
  • Who We Are
  • Testimonials
  • Blog
  • Contact Us
Home  ›  What We Do  ›  Privacy and GDPR  ›  Privacy Policies

Website / App Privacy Policies and the GDPR

If you operate a website or app, a starting point for GDPR compliance is to include a detailed privacy notice or privacy policy which explains in detail:

  • What kind of personal data you collect via your website or app.
  • The legal basis for collecting it.
  • How you use it.
  • To whom you send it.
  • How long you keep it..

The GDPR sets out various requirements for privacy notices including that they be “clear and transparent”.

In some cases – e.g., if you want to use contact details for email or other marketing – the GDPR dictates that you have to go further. Here, you need to get appropriate consent from web users at the point where you collect the data. Generally, this must be “unambiguous and involve a clear “affirmative action”, i.e. “opt in”. This is a stricter requirement than before. You must keep careful records. Also, make it as easy for people to withdraw their consent as to give it. Rlying on an unsubscribe option in a marketing email won’t do! If you don’t get the right consent, then you can be sued by data subjects or subject to regulatory enforcement action.

However, where you are only promoting your own goods or services to people who have expressed an interest, the GDPR may allow you to use a different legal basis – “legitimate interests”. Under this, you need only provide a more relaxed “soft opt in” notice. This is half-way between “opt in” and “opt out”.  In fact, it’s more like “opt out” than “opt in”.

If you are collecting “special category data” (e.g., racial or ethnic origin or physical or mental health), you will need to take additional protective steps. Likewise if acquiring personal data from children,

Another factor which lawyers drafting privacy policies need to think about is whether you are transferring personal data outside the UK. Say one of your technology providers is storing personal data of your customers (including IP addresses) outside the UK. Examples: your website host, Google Analytics, Mailchimp email services etc. There are various ways round this including export to various countries that are recognised by the UK as providing an adequate level of data protection (e.g., the EU) or including certain provisions sanctioned by the Information Commissioner’s Office (ICO),  the UK data protection regulator.

The GDPR also requires that your privacy policy tells your users about their various data protection rights, including:

  • To access personal information.
  • To rectify mistakes.
  • To delete, restrict or object to its use in certain circumstances.
  • Data portability.
  • How to complain to the ICO. (As internet privacy lawyers, we’ll help you minimise the risk that users will have a reason to complain!)

See Cookies and GDPR for information about how the GDPR affects cookies and cookie consent notices.

Contact us

Primary Sidebar

Blog Categories

  • Domain Name Disputes
  • Internet Content Removal
  • Online Child Safety
  • Online Reviews
  • Online Terms and Conditions
  • Privacy and GDPR

Twitter

  • Twitter

Recent Blog Posts

  • New UK Fake Review Rules: What Businesses Need to Know
  • New UK Online Subscription Rules and Regulations: A Guide for Website/App Operators
  • Online Child Safety Compliance: What UK Businesses Need to Know
  • 10 Tips for Defending a Domain Name Dispute Complaint
  • Guidance on Designing your Website / App for Children’s Privacy

How Adlex Solicitors Can Help You

For a free initial chat, call Adam of Adlex now on 0207 317 8404 or request a callback or email.

  • Home
  • Sitemap
  • Website Terms of Use
  • Privacy and Cookies Policy
  • Complaints

© Adlex Solicitors 2001 - 2025. Authorised and regulated by the Solicitors Regulation Authority (SRA number 344672).

Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}