Privacy policy on your website: which templates actually work?

Your privacy policy doesn't need to be 15 pages of legal jargon. Readable, honest, complete — here's the structure that works.

A privacy policy on your website needs to tell visitors what you do with their data. In plain language. The Dutch Data Protection Authority has explicitly stated that legal jargon is not the goal.

A structure that works

\n
1. Who are we? Company name, Chamber of Commerce number, contact details, DPO (if you have one).
\n
2. What data do we collect? Per channel (website, newsletter, contact form, client portal).
\n
3. Why? Legal basis for each processing activity.
\n
4. How long do we keep it? Per data category.
\n
5. Who do we share it with? Suppliers, authorities, third parties.
\n
6. Do we transfer data outside the EEA? Yes/no — if yes, what safeguards are in place.
\n
7. Your rights. Access, rectification, erasure, objection, data portability.
\n
8. How do we secure it? TLS, access controls, ISO, etc.
\n
9. Cookies. Link to cookie statement.
\n
10. Complaints. Contact details for the supervisory authority.
\n
11. Changes. How you communicate updates.
\n

What not to do

\n
• Blindly copy a €99 template from a template site — it probably won't match your actual processing activities.
\n
• Say "We do not sell your data" without explaining what you DO do with it.
\n
• Link to a 20-page PDF with no web page version.
\n

Update when things change

New processor, new data category, new cookie? Update your privacy policy. Add a version number and date at the top.

See also: GDPR pillar, cookies & consent.