GDPR Privacy Policy Example

In this post:  we’ll highlight what personal data can be collected and why, transactional emails, forms, Google Analytics, email, marketing, third party websites, cookies, data we share, how long we store the data, what rights you have over your data, sharing and disclosure, security, privacy policy.

Note: We are not attorneys or lawyers but rather marketers who have reviewed multiple websites. The GDPR privacy policy example provided below should help users comply with the European Union’s (UE) General Data Protection Regulation (GDPR) as it incorporates required content. 

GDPR Privacy Policy Example

This page explains the privacy practices for this website – [insert your web address].

What Personal Data We Collect and Why We Collect It

In order to provide services and support, we collect information about you when you submit a contact us, reservation, appointment or eNewsletter sign-up form, or email us directly. The information we ask you to provide may include your name, email address, etc. [Insert your company name] may use the information to fulfill your request, process your order, manage your account and, if you agree, email you about other products, services and information we think may be of interest to you.

We also collect information when you voluntarily comment on our blog posts or provide feedback. See Comments (below).

We may also contact you directly to follow up on the service and user experience we provide.

We use your information collected from the website to personalize your repeat visits to our website. Website usage information is collected using cookies.

If [insert your company name] is ever sold to another company, your contact information will be passed on to this new party.

  1. Forms

    When you submit a question, we collect your first name, last name and email address so that we can correspond with you. When you subscribe to our newsletter, we collect your name (only when provided) and your email address so that we can correspond with you. Your personal data will be stored in the website’s database but also in [insert your email software vendor’s name], the application we use to use to send our newsletters and campaigns.

  2. Google Analytics

    We use Google Analytics to track visitors to this site. Google Analytics uses cookies to collect this data. In order to be compliant with the new regulation, Google included a data processing amendment. The data we collect will be processed anonymously and “data sharing” is disabled. We don’t use other Google services in combination with Google Analytics cookies.

  3. [Insert your email software vendor’s name]

    We use [insert your email software vendor’s name] for our newsletters and campaigns. IF compliant, [insert your email software vendor’s name] is GDPR compliant. In [insert your email software vendor’s name] we only store your email address and any information you voluntarily provided. With your permission, we may send you emails about our services and news.

We will take cautionary measures to ensure we do not collect any personal data from you we do not need in order to provide and oversee the above services to you.

While [insert your company name] automatically logs information from a user’s browser, such as the user’s IP address, the pages visited and similar information, it does not collect any personal information during that process.

Third-Party Websites

[Insert your company name] may link to other third-party websites. In using such links, you as a user should be aware that each third-party website will vary in its terms and conditions of use and privacy policies, and we encourage you to read those respective statements. [Insert your company name] does not take responsibility for the privacy policies of, and usage of, personal information collected by others including, without limitation, those of any third party provider or distributor.

Embedded Content From Other Websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.


When visitors leave comments on the [insert your company name] site, we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service, allowing your avatar or image and profile to follow you from site to site. The Gravatar service privacy policy is available here. After approval of your comment, your profile picture is visible to the public in the context of your comment.


A cookie is a small data file that can only be read by the website that gave it to you. It functions as your identification card and is used to recognize you each time you visit. It cannot be executed as code or deliver viruses. This information is used to track visitor use of the website and to compile statistical reports on website activity.

Most browsers are initially set to accept cookies. You can set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. Portions of this website, may not be accessible if cookies are turned off.

If you leave a comment on our site, you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

Who We Share Your Data With

When you purchase a product, your personal data are shared with well know payment companies, [insert your own payment company, such as PayPal and Stripe] if you pay via credit card.

You can check their privacy policy here: [insert your own payment company privacy links, such as PayPal].

How Long Will We Store Your Data?

The information we use for marketing purposes will be kept with us until you notify us that you no longer wish to receive this information.

How Long Will We Retain Your Data?

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website, we also store the personal information they provide in their user profiles. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.


We would like to send you updates and information about our products and services and other companies which may be of interest. If you have consented to receive promotional information, you may opt-out at a later date. You have a right at any time to stop us from contacting you for marketing purposes. If you no longer wish to be contacted for marketing purposes, click the unsubscribe link on the email or click here. [link to Contact Us form]

What Rights You Have Over Your Data

You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information, please click here. [Link to a form like the one below.]

Request for Personal Data

[Field to enter name and email address]

[   ] I consent to having [insert your company name] collect my email so that they can send me my requested information. For more details, check our Privacy Policy for information on where, how and why we store data.

[Submit button]

We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.

If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you.

You can request to view, update, download or delete your personal data at any time from this page: Request for personal data. 

Sharing & Disclosure

[Insert your company name] may share information about you with others, under the following circumstances: 1) when necessary to third parties who work with [insert your company name] in order to process your requests, 2) when you consent to the disclosure, 3) to comply with the law, court orders, subpoena or legal process or 4) for security purposes.

Where We Send Your Data

Visitor comments may be checked through an automated spam detection service.


To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

If you provide us with your credit card information, the information is encrypted using secure socket layer technology (SSL) and stored with AES-256 encryption. Although no method of transmission over the Internet or electronic storage is 100% secure, we follow all PCI-DSS requirements and implement additional generally accepted industry standards.

Changes to This Privacy Policy

We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

How to contact us

Please use our Contact Us form, if you have any questions about our privacy policy or information we hold about you. [Link to Contact Us form.]

For more information on the European Union’s (UE) General Data Protection Regulation (GDPR), click here.

If you’re a nonprofit organization, quasi-government agency or business and need help in developing a website and customer engagement tools that meet the GDPR, please Contact Us at Flying Compass to learn how we can help.

Skip to content