TrustYourWebsite

Free Tool

Privacy Policy Builder for UK websites

Create a GDPR-compliant privacy policy for your UK website in 2 minutes. The template references the ICO and the cookie rules in PECR regulation 6.

This privacy policy template is provided as a starting point. It is not legal advice. We recommend having your policy reviewed by a solicitor familiar with the rules in the UK before publishing.

1
2
3

About your business

Enter your website so we can pre-fill some answers about third-party services.

How it works

1

Tell us about your business

Enter your business name, country, and website. We can auto-detect third-party services.

2

Select what your site does

Check what visitors can do: contact forms, newsletter, payments. No technical knowledge needed.

3

Get your privacy policy

Review your generated policy, copy it, or have us email you the ready-to-upload HTML file.

What your privacy policy includes

  • Who you are

    Business name, country, contact details, and registration number.

  • What data you collect and why

    Specific sections for contact forms, newsletters, accounts, bookings, and payments — with legal basis for each.

  • Cookies and tracking

    Cookie types, consent requirements, and how visitors can manage preferences.

  • Third-party services

    Each service you use, what data it processes, and a link to their privacy policy.

  • Data retention periods

    How long you keep each type of data, with reasonable defaults for each category.

  • Visitor rights under GDPR

    Access, rectification, erasure, portability, objection — with the correct supervisory authority for your country.

  • International data transfers

    If any service transfers data outside the EEA, with the correct legal framework referenced.

Country-specific templates

Each generated policy references the correct supervisory authority for your country — for the UK: the ICO — plus the applicable cookie legislation and registration requirements like your Companies House number.

France

CNIL

SIREN/SIRET, Loi Informatique et Libertés

Netherlands

Autoriteit Persoonsgegevens

KvK number, Telecommunicatiewet

Belgium

Gegevensbeschermingsautoriteit (GBA)

KBO number, Belgian Electronic Communications Act

United Kingdom

ICO

UK GDPR (post-Brexit), PECR

Ireland

Data Protection Commission

S.I. 336/2011

Denmark

Datatilsynet

Cookie Order

Sweden

IMY

LEK

Norway

Datatilsynet

Ekomloven

Finland

Data Protection Ombudsman

Electronic Communications Act

Frequently asked questions

Do I need a privacy policy for my website?

Yes. Under the GDPR, any website that collects personal data (contact forms, analytics, cookies) must have a privacy policy. In the UK, the ICO is the supervisory authority that handles complaints about missing or incomplete policies.

Is this privacy policy legally binding?

This tool generates a privacy policy template as a starting point. It is not legal advice. While the template covers common requirements for UK websites, every business processes data differently — have a solicitor review it before you rely on it.

Can I use a privacy policy generator to meet GDPR requirements?

A privacy policy generator can help you create a solid starting point that covers the key requirements under GDPR Articles 13 and 14. For a simple UK SMB website that's often most of the work — but review the generated text against what your site actually does.

What should a UK privacy policy include?

A UK privacy policy must include: your identity and contact details (including your Companies House number), what personal data you collect and why, the legal basis, retention periods, who you share data with, and the visitor's rights — including the right to complain to the ICO.

A privacy policy is just the start

Our full scan checks 150+ points across cookies, privacy, accessibility, security and image licensing — aligned with what the ICO enforces on UK sites.

Run Full Website Scan →

When you need professional help

This template is designed for simple UK SMB websites with basic data collection. If any of the following apply to your business, we strongly recommend professional legal review:

  • You process sensitive data (health, biometric, racial, political, religious data)
  • Your website or service is aimed at children under 16
  • You process employee data through your website
  • You operate in multiple EU/EEA jurisdictions
  • You engage in large-scale profiling or automated decision-making