Mental Health First Aiders Network

MHFAN is a networking community for Mental Health First Aiders from all over the world.

The platform allows you to connect to others, message, post stories, share ideas, form private company groups and access the learning resources area.

MHFAN also provides group supervision from BACP accredited therapists.

What is MH-FAN

Is a network for all mental health first aiders to connect, network, support each other and get professional supervision, post what you are achieving as mental health first aiders, what projects your company is involved in, and most importantly join our webinars with access to our experienced instructors, counsellors and qualified therapists (see what is supervision) Its a network for everything mental health first aid, and information and new ideas powered by the members.

Membership will be free until the 15th of January 2021

The cost of membership has not been decided and we will  decide on this together as a community, the platform does endure costs and we need to ensure that we have top quality resources and BACP accredited therapists and other contributors going forwards.

There would be an individual rate and a corporate rate, for access to the platform, resources, toolbox, E-learning and supervision (see what is supervision) 

There will be  special rates available for charities and companies wishing to support their MHFAiders who have at least 20 MHFAiders, please enquire at hello@mh-fan.com

Absolutely is the answer, we appreciate there are several courses available such as MHFA Australia, MHFA England, MHFA Scotland, MHFA Wales MHFA Ireland, MHFA USA (please forgive us but the list is too big to list all of them) and there are the Nuco and Qualsafe level 1,2 and 3 courses, mental health in the workplace, there are also bespoke CPD courses and varieties of terminologies such as champions, mental health awareness, this network welcomes anyone who is a FAN of MH and supporting colleagues, friends and family and thus MHFAN.
Absolutely, MHFA instructors are welcome here and their advice and support are important, they also like to hear about their delegates success and ideas, and they too need support.

Mental Health First Aiders are not therapists, (some might be) yet they may often find themselves feeling overwhelmed by some of the content they have listened to and situations they have been involved in as a mental health first aider.

MH-FAN will have group support (supervision) that you can join in weekly, run by certified BACP therapists and experienced instructors, and as a member, you are advised to join in at least once a month.

For comparison, qualified therapists are required to have a minimum of 1,5 hours of supervision per month (and they have had years of expert training if they are BACP certified).

At MH-FAN we aim to provide as many resources and a global peer support platform with professional support and supervision when needed.

There are many wonderful courses to become a Mental Health First Aider.

Some are accredited and some are not, they all differ in certain ways, but what always remains the same is the MHFAiders passion in their hearts to help their colleagues and friends, all MHFAiders are welcome here at MH FAN.

What does MH-FAN membership include

Full access to the networking platform

Access to the weekly supervision meetings

Access to E-learning courses

Access to the Digital toolbox

Please read these Terms and Conditions carefully. All contracts that the Operator may enter into from time to time [for the provision of the Operator’s services] shall be governed by these Terms and Conditions, and the Operator will ask the Advertiser for the Advertiser’s express written acceptance of these Terms and Conditions before providing [any such services] to the Advertiser.

1. Definitions

1.1 In these Terms and Conditions[, except to the extent expressly provided otherwise]:

Advertisement” means [any and all advertisements provided by the Advertiser to the Operator for publication through the Advertisement Publication Services];

Advertisement Publication Services” means [the ongoing hosting and publication of the Advertisements by the Operator on behalf of the Advertiser on the Advertising Platform in accordance with these Terms and Conditions];

Advertiser” means the person or entity identified as such in Section 1 of the Order Form;

Advertiser Indemnity Event” has the meaning given to it in Clause 9.1;

Advertising Platform” means [the platform managed by the Operator and used by the Operator to provide the Advertisement Publication Services];

Business Day” means any weekday other than a bank or public holiday in [England];

Business Hours” means the hours of [09:00 to 17:00 GMT/BST] on a Business Day;

Charges” means the following amounts:

(a) [the amounts specified in Section 3 of the Order Form]; and

(b) [such amounts as may be agreed by the parties in writing from time to time];

[additional list items]

Contract” means a particular contract made under these Terms and Conditions between the Operator and the Advertiser;

Effective Date” means [the date upon which the parties execute a hard-copy Order Form; or, following the Advertiser completing and submitting the online Order Form published by the Operator on the Operator’s website, the date upon which the Operator sends to the Advertiser an order confirmation];

Force Majeure Event” means [an event, or a series of related events, that is outside the reasonable control of the party affected (including failures of the internet or any public telecommunications network, hacker attacks, denial of service attacks, virus or other malicious software attacks or infections, power failures, industrial disputes affecting any third party, changes to the law, disasters, explosions, fires, floods, riots, terrorist attacks and wars)];

Intellectual Property Rights” means [all intellectual property rights wherever in the world, whether registrable or unregistrable, registered or unregistered, including any application or right of application for such rights (and these “intellectual property rights” include copyright and related rights, database rights, confidential information, trade secrets, know-how, business names, trade names, trade marks, service marks, passing off rights, unfair competition rights, patents, petty patents, utility models, semi-conductor topography rights and rights in designs)];

Operator” means [[individual name] of [address]] OR [[company name], a company incorporated in [England and Wales] (registration number [registration number]) having its registered office at [address]] OR [[partnership name], a partnership established under the laws of [England and Wales] having its principal place of business at [address]];

Order Form” means a written order form agreed by or on behalf of each of the parties;

Term” means [the term of the Contract, commencing in accordance with Clause 2.1 and ending in accordance with Clause 2.2]; and

Terms and Conditions” means these terms and conditions, including any amendments to these terms and conditions from time to time.

2. Term

2.1 The Contract shall come into force upon the Effective Date.

2.2 The Contract shall continue in force indefinitely, subject to termination in accordance with Clause 12.

2.3 Unless the parties expressly agree otherwise in writing, each Order Form shall create a distinct contract under these Terms and Conditions.

3. Advertisement Publication Services

3.1 The Operator shall provide the Advertisement Publication Services to the Advertiser during the Term with reasonable skill and care and in accordance with these Terms and Conditions.

3.2 The Operator shall use [reasonable] OR [best] endeavours to maintain the availability of the Advertising Platform and the Advertisements [at the gateway between the public internet and the network of the hosting services provider for the Advertising Platform], but does not guarantee 100% availability.

3.3 For the avoidance of doubt, downtime caused directly or indirectly by any of the following shall not be considered a breach of the Contract:

(a) a Force Majeure Event;

(b) a fault or failure of the internet or any public telecommunications network;

(c) a fault or failure of the Advertiser’s computer systems or networks;

(d) any breach by the Advertiser of the Contract; or

(e) scheduled maintenance.

[additional list items]

3.4 The Operator may suspend the provision of the Advertisement Publication Services if any amount due to be paid by the Advertiser to the Operator under the Contract is overdue, and the Operator has given to the Advertiser at least [30 days’] written notice, following the amount becoming overdue, of its intention to suspend the Advertisement Publication Services on this basis.

4. Advertisements

4.1 The Advertiser shall supply to the Operator the Advertisements that are specified in the Order Form or that the parties otherwise agree in writing shall be supplied by the Advertiser.

4.2 The Advertiser shall supply the Advertisements in accordance with any timetable agreed in the Order Form or otherwise agreed by the parties in writing; providing that if no timetable for supply is so agreed the Advertiser shall supply the Advertisements within a reasonable time period taking into account the Operator’s obligations under these Terms and Conditions.

4.3 The Operator shall not be liable to the Advertiser in respect of any failure of the Operator to comply with its obligations under the Contract to the extent that such failure arises out of any breach by the Advertiser of this Clause 4, subject always to Clause 10.1.

4.4 The Advertiser hereby grants to the Operator a non-exclusive licence to [copy, reproduce, store, distribute, publish, export, adapt, edit and translate] the Advertisements to the extent reasonably required for the performance of the Operator’s obligations and the exercise of the Operator’s rights under the Contract[, together with the right to sub-license these rights [to its hosting, connectivity and telecommunications service providers] to the extent reasonably required for the performance of the Operator’s obligations and the exercise of the Operator’s rights under the Contract].

4.5 The Advertiser warrants to the Operator that the Advertisements will not infringe the Intellectual Property Rights[ or other legal rights] of any person[, and will not breach [the provisions of any law, statute, regulation or applicable code of conduct],] in [any jurisdiction and under any applicable law].

5. No assignment of Intellectual Property Rights

5.1 Nothing in these Terms and Conditions shall operate to assign or transfer any Intellectual Property Rights from the Operator to the Advertiser, or from the Advertiser to the Operator.

6. Charges

6.1 The Advertiser shall pay the Charges to the Operator in accordance with these Terms and Conditions.

6.2 All amounts stated in or in relation to these Terms and Conditions are, unless the context requires otherwise, stated [inclusive of any applicable value added taxes] OR [exclusive of any applicable value added taxes, which will be added to those amounts and payable by the Advertiser to the Operator].

6.3 The Operator may elect to vary [any element of the Charges] by giving to the Advertiser not less than [30 days’] written notice of the variation[ expiring [on any anniversary of the date of execution of the Contract]][, providing that no such variation shall result in an aggregate percentage increase in the relevant element of the Charges during the Term that exceeds[[ 2]% per annum over] the percentage increase, during the same period, in [the Retail Prices Index (all items) published by the UK Office for National Statistics]].

7. Payments

7.1 The Operator shall issue invoices for the Charges to the Advertiser [in advance of the period to which they relate] OR [from time to time during the Term] OR [on or after the invoicing dates set out in Section 3 of the Order Form].

7.2 The Advertiser must pay the Charges to the Operator within the period of [30 days] following [the issue of an invoice in accordance with this Clause 7] OR [the receipt of an invoice issued in accordance with this Clause 7][, providing that the Charges must in all cases be paid before the commencement of the period to which they relate].

7.3 The Advertiser must pay the Charges by [debit card, credit card, direct debit, bank transfer or cheque] (using such payment details as are notified by the Operator to the Advertiser from time to time).

7.4 If the Advertiser does not pay any amount properly due to the Operator under these Terms and Conditions, the Operator may:

(a) charge the Advertiser interest on the overdue amount at the rate of [8% per annum above the Bank of England base rate from time to time] (which interest will accrue daily until the date of actual payment and be compounded at the end of each calendar month); or

(b) claim interest and statutory compensation from the Advertiser pursuant to the Late Payment of Commercial Debts (Interest) Act 1998.

8. Warranties

8.1 The Operator warrants to the Advertiser that:

(a) [the Operator has the legal right and authority to enter into the Contract and to perform its obligations under these Terms and Conditions];

(b) [the Operator will comply with all applicable legal and regulatory requirements applying to the exercise of the Operator’s rights and the fulfilment of the Operator’s obligations under these Terms and Conditions]; and

(c) [the Operator has or has access to all necessary know-how, expertise and experience to perform its obligations under these Terms and Conditions].

[additional list items]

8.2 The Advertiser warrants to the Operator that it has the legal right and authority to enter into the Contract and to perform its obligations under these Terms and Conditions.

8.3 All of the parties’ warranties and representations in respect of the subject matter of the Contract are expressly set out in these Terms and Conditions. To the maximum extent permitted by applicable law, no other warranties or representations concerning the subject matter of the Contract will be implied into the Contract or any related contract.

9. Indemnity

9.1 The Advertiser shall indemnify and shall keep indemnified the Operator against any and all liabilities, damages, losses, costs and expenses (including legal expenses and amounts reasonably paid in settlement of legal claims) suffered or incurred by the Operator and arising directly or indirectly as a result of any breach by the Advertiser of [these Terms and Conditions] OR [[specify provisions]] (a “Advertiser Indemnity Event“).

9.2 The Operator must:

(a) upon becoming aware of an actual or potential Advertiser Indemnity Event, notify the Advertiser;

(b) provide to the Advertiser all such assistance as may be reasonably requested by the Advertiser in relation to the Advertiser Indemnity Event;

(c) allow the Advertiser the exclusive conduct of all disputes, proceedings, negotiations and settlements with third parties relating to the Advertiser Indemnity Event; and

(d) not admit liability to any third party in connection with the Advertiser Indemnity Event or settle any disputes or proceedings involving a third party and relating to the Advertiser Indemnity Event without the prior written consent of the Advertiser,

[without prejudice to the Advertiser’s obligations under Clause 9.1] OR [and the Advertiser’s obligation to indemnify the Operator under Clause 9.1 shall not apply unless the Operator complies with the requirements of this Clause 9.2].

9.3 The indemnity protection set out in this Clause 9 [shall] OR [shall not] be subject to the limitations and exclusions of liability set out in the Contract[, except [exceptions]].

10. Limitations and exclusions of liability

10.1 Nothing in these Terms and Conditions will:

(a) limit or exclude any liability for death or personal injury resulting from negligence;

(b) limit or exclude any liability for fraud or fraudulent misrepresentation;

(c) limit any liabilities in any way that is not permitted under applicable law; or

(d) exclude any liabilities that may not be excluded under applicable law.

10.2 The limitations and exclusions of liability set out in this Clause 10 and elsewhere in these Terms and Conditions: 

(a) are subject to Clause 10.1; and

(b) govern all liabilities arising under these Terms and Conditions or relating to the subject matter of these Terms and Conditions, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in these Terms and Conditions.

10.3 The Operator will not be liable to the Advertiser in respect of any losses arising out of a Force Majeure Event.

10.4 The Operator will not be liable to the Advertiser in respect of any loss of profits or anticipated savings.

10.5 The Operator will not be liable to the Advertiser in respect of any loss of revenue or income.

10.6 The Operator will not be liable to the Advertiser in respect of any loss of use or production.

10.7 The Operator will not be liable to the Advertiser in respect of any loss of business, contracts or opportunities.

10.8 The Operator will not be liable to the Advertiser in respect of any loss or corruption of any data, database or software.

10.9 The Operator will not be liable to the Advertiser in respect of any special, indirect or consequential loss or damage.

10.10 The liability of the Operator to the Advertiser under the Contract in respect of any event or series of related events shall not exceed the greater of:

(a) [amount]; and

(b) [the total amount paid and payable by the Advertiser to the Operator under the Contract in the [12 month] period preceding the commencement of the event or events].

10.11 The aggregate liability of the Operator to the Advertiser under the Contract shall not exceed the greater of:

(a) [amount]; and

(b) [the total amount paid and payable by the Advertiser to the Operator under the Contract].

11. Force Majeure Event

11.1 If a Force Majeure Event gives rise to a failure or delay in either party performing any obligation under the Contract[ (other than any obligation to make a payment)], that obligation will be suspended for the duration of the Force Majeure Event.

11.2 A party that becomes aware of a Force Majeure Event which gives rise to, or which is likely to give rise to, any failure or delay in that party performing any obligation under the Contract, must:

(a) promptly notify the other; and

(b) inform the other of the period for which it is estimated that such failure or delay will continue.

11.3 A party whose performance of its obligations under the Contract is affected by a Force Majeure Event must take reasonable steps to mitigate the effects of the Force Majeure Event.

12. Termination

12.1 Either party may terminate the Contract by giving to the other party [at least 30 days’] written notice of termination.

12.2 Either party may terminate the Contract immediately by giving written notice of termination to the other party if the other party commits a material breach of these Terms and Conditions.

12.3 Either party may terminate the Contract immediately by giving written notice of termination to the other party if:

(a) the other party:

(i) is dissolved;

(ii) ceases to conduct all (or substantially all) of its business;

(iii) is or becomes unable to pay its debts as they fall due;

(iv) is or becomes insolvent or is declared insolvent; or

(v) convenes a meeting or makes or proposes to make any arrangement or composition with its creditors;

(b) an administrator, administrative receiver, liquidator, receiver, trustee, manager or similar is appointed over any of the assets of the other party;

(c) an order is made for the winding up of the other party, or the other party passes a resolution for its winding up[ (other than for the purpose of a solvent company reorganisation where the resulting entity will assume all the obligations of the other party under the Contract)]; or

(d) [if that other party is an individual:

(i) that other party dies;

(ii) as a result of illness or incapacity, that other party becomes incapable of managing his or her own affairs; or

(iii) that other party is the subject of a bankruptcy petition or order.]

13. Effects of termination

13.1 Upon the termination of the Contract, all of the provisions of these Terms and Conditions shall cease to have effect, save that the following provisions of these Terms and Conditions shall survive and continue to have effect (in accordance with their express terms or otherwise indefinitely): [Clauses 1, 3.1, 4.2, 4.3, 7.2, 7.4, 9, 10, 13, 15 and 16].

13.2 Except to the extent that these Terms and Conditions expressly provides otherwise, the termination of the Contract shall not affect the accrued rights of either party.

14. Notices

14.1 Any notice from one party to the other party under these Terms and Conditions must be given by one of the following methods (using the relevant contact details set out in Clause 14.2 and Section 4 of the Order Form): 

(a) [[delivered personally or sent by courier], in which case the notice shall be deemed to be received [upon delivery]]; or

(b) [sent by [recorded signed-for post], in which case the notice shall be deemed to be received [2 Business Days following posting]],

[additional list items]

providing that, if the stated time of deemed receipt is not within Business Hours, then the time of deemed receipt shall be when Business Hours next begin after the stated time.

14.2 The Operator’s contact details for notices under this Clause 14 are as follows: [contact details].

14.3 The addressee and contact details set out in Clause 14.2 and Section 4 of the Order Form may be updated from time to time by a party giving written notice of the update to the other party in accordance with this Clause 14.

15. General

15.1 No breach of any provision of the Contract shall be waived except with the express written consent of the party not in breach.

15.2 If any provision of the Contract is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions of the Contract will continue in effect. If any unlawful and/or unenforceable provision would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect (unless that would contradict the clear intention of the parties, in which case the entirety of the relevant provision will be deemed to be deleted).

15.3 The Contract may not be varied except by a written document signed by or on behalf of each of the parties.

15.4 Neither party may without the prior written consent of the other party assign, transfer, charge, license or otherwise deal in or dispose of any contractual rights or obligations under these Terms and Conditions.

15.5 The Contract is made for the benefit of the parties, and is not intended to benefit any third party or be enforceable by any third party. The rights of the parties to terminate, rescind, or agree any amendment, waiver, variation or settlement under or relating to the Contract are not subject to the consent of any third party.

15.6 Subject to Clause 10.1, these Terms and Conditions shall constitute the entire agreement between the parties in relation to the subject matter of these Terms and Conditions, and shall supersede all previous agreements, arrangements and understandings between the parties in respect of that subject matter.

15.7 The Contract shall be governed by and construed in accordance with [English law].

15.8 The courts of [England] shall have exclusive jurisdiction to adjudicate any dispute arising under or in connection with the Contract.

16. Interpretation

16.1 In these Terms and Conditions, a reference to a statute or statutory provision includes a reference to: 

(a) that statute or statutory provision as modified, consolidated and/or re-enacted from time to time; and

(b) any subordinate legislation made under that statute or statutory provision.

16.2 The Clause headings do not affect the interpretation of these Terms and Conditions.

16.3 References in these Terms and Conditions to “calendar months” are to [the 12 named periods (January, February and so on) into which a year is divided].

16.4 In these Terms and Conditions, general words shall not be given a restrictive interpretation by reason of being preceded or followed by words indicating a particular class of acts, matters or things.

Order Form

1. Advertiser details

The Advertiser is [[individual name] of [address]] OR [[company name], a company incorporated in [England and Wales] (registration number [registration number]) having its registered office at [address]] OR [[partnership name], a partnership established under the laws of [England and Wales] having its principal place of business at [address]].

2. Specification of Advertisement Publication Services

[Specify Advertisement Publication Services and any relevant limitations]

3. Financial provisions

[Insert financial provisions]

4. Contractual notices

[Advertiser contractual notices address details]

The parties have indicated their acceptance of the Contract by signing below.

SIGNED BY [[individual name] on [……………], the Operator] OR [[individual name] on [……………], duly authorised for and on behalf of the Operator]:

………………………………….

SIGNED BY [[individual name] on [……………], the Advertiser] OR [[individual name] on [……………], duly authorised for and on behalf of the Advertiser]:

………………………………….

Website advertising terms and conditions: drafting notes

These T&Cs are designed to regulate the relationship between a business purchasing online advertisement publication services and the provider of those services.

The T&Cs include obligations to provide the services, limitations upon the scope of the services, warranties relating to the services and the advertisements supplied by the advertiser, a licence from the advertiser to the service provider in respect of the advertisements, in addition to all the usual boilerplate clauses.

The particulars of each contract should be set out in an order form, a skeleton version of which is provided with this document.

Clause 1: Definitions

Clause 1.1

Definition of Advertisement

Define “Advertisement”.

Definition of Business Day

The bank and public holidays of which jurisdiction should be excluded from the definition of “Business Day”?

Definition of Business Hours

What are business hours for the purposes of this document?

Definition of Charges

What charges are payable under this document?

Definition of Effective Date

From what date will the contract be in force?

Definition of Force Majeure Event

Specify particular examples of force majeure events.

Definition of Operator

Is the first party an individual, a company or a partnership?

What is the full name of the individual (including middle names)?

What is the postal address of the first party?

What is the full company name of the first party?

In which jurisdiction is the first party incorporated?

What is the registration number of the first party?

What is the registered office address of the first party?

What is the name of the first party partnership?

In which jurisdiction is the first party partnership established?

Where is the principal place of business of the first party?

Definition of Term

Define “Term”, the period during which the contract will subsist.

Clause 3: Advertisement Publication Services

Clause 3.2

Optional element.

At what point are the hosted services considered to be made available?

Clause 3.3

Optional element.

Clause 3.4

Optional element.

How much notice must the Operator give to the Advertiser of a suspension of services following non-payment?

Clause 4: Advertisements

Clause 4.3

Optional element.

Clause 4.4

What may the Operator do with the Advertiser’s materials?

Will the Operator have the right to sub-license its rights under this provision?

To whom may the licensed rights be sub-licensed?

Clause 4.5

Optional element.

Will this warranty extend to legal rights other than intellectual property rights?

Should a warranty of legality be included?

What (if any) jurisdictional limitations and applicable law limitations should apply to these warranties?

Clause 5: No assignment of Intellectual Property Rights

Optional element.

Clause 6: Charges

Clause 6.2

Are payment amounts stated inclusive or exclusive of VAT?

Clause 6.3

Optional element. Will the Operator be permitted to vary the charges, or any element of the charges, in any circumstances?

Which elements of the charges may be varied?

What notice period should apply to the variation of charges?

Must notice of the variation expire upon some specific date?

Should variations of charges be limited by reference to an index?

Specify the relevant date.

Will the charges variation cap exceed RPI by a defined percentage?

Identify the index in question.

Specify the relevant percentage.

Clause 7: Payments

Clause 7.1

When should invoices be issued?

Clause 7.2

What is the period for payment of invoices?

When does the period for payment of an invoice begin to run?

What if any proviso is required to the standard payment terms?

Clause 7.3

Optional element.

Using what methods should payments be made?

Clause 7.4

Optional element.

What contractual interest rate should apply to late payments?

Clause 8: Warranties

Optional element.

Clause 8.1

Optional element.

What general warranties will the Operator give to the Advertiser?

Clause 8.2

Optional element.

Clause 9: Indemnity

Optional element.

Clause 9.1

If this provision is included, losses suffered by the first party as a result of a breach of the contract by the second party will be assessed on an indemnity basis, rather than a standard basis.

Will the indemnity cover any breach of contract, or only the breach of specified provision(s)?

Specify those provisions the breach of which will be covered by the indemnity.

Clause 9.2

Optional element.

Will the indemnity only apply where the Operator complies with the requirements of this provision?

Clause 9.3

Optional element.

Will the indemnity provisions be subject to the limitations and exclusions of liability in the document?

Will there be any exceptions to the general rule here?

Specify the exceptions to the general rule.

Clause 10: Limitations and exclusions of liability

Contractual limitations and exclusions of liability are regulated and controlled by law, and the courts may rule that particular limitations and exclusions of liability in contracts are unenforceable.

The courts are particularly likely to intervene where a party is seeking to rely on a limitation or exclusion of liability in its standard terms and conditions, but will also sometimes intervene where a term has been individually negotiated. 

The courts may be more likely to rule that provisions excluding liability, as opposed to those merely limiting liability, are unenforceable.

If there is a risk that any particular limitation or exclusion of liability will be found to be unenforceable by the courts, that provision should be drafted as an independent term, and be numbered separately from the other provisions. 

It may improve the chances of a limitation or exclusion of liability being found to be enforceable if the party seeking to rely upon it specifically drew it to the attention of the other party before the contract was entered into.

Exclusions and limitations of liability in UK contracts are primarily regulated by the Unfair Contract Terms Act 1977 (“UCTA”). 

Contracts regulated by UCTA cannot exclude or restrict a party’s liability for death or personal injury resulting from negligence (Section 2(1), UCTA).

Except insofar as the relevant term satisfies the requirements of reasonableness, such contracts cannot exclude or restrict liability: (i) for negligence (which includes a breach of an express or implied contractual obligation to take reasonable care or exercise reasonable skill) (Section 2(2), UCTA); or (ii) for misrepresentation (Section 3, Misrepresentation Act 1967).

In addition, if a contract is regulated by UCTA, and one of the parties is dealing on the other’s written standard terms of business, then except insofar as the relevant contractual term satisfies the requirements of reasonableness the other party cannot: (i) exclude or restrict his liability in respect of a breach of contract; or (ii) claim to be entitled to render a contractual performance substantially different from that which was reasonably expected of him; or (iii) claim to be entitled, in respect of the whole or any part of his contractual obligation, to render no contractual performance at all (see Section 3, UCTA). 

UCTA includes various other restrictions, particularly in the case of contracts for the sale of goods and contracts under which possession or ownership of goods passes.

If you wish to try to limit/exclude for liability in respect of reckless, deliberate, personal and/or repudiatory breaches of contract, you should specify this in relation to the relevant provision (for example, using the following wording: “The limitations and exclusions of liability in this Clause [number] will apply whether or not the liability in question arises out of any reckless, deliberate, personal and/or repudiatory conduct or breach of contract”). In many circumstances, however, the courts will find these types of limitations and exclusions to be unenforceable.

Somewhat different rules apply to limitations of liability in contracts with consumers, and these provisions should not be used in relation to such contracts. 

These guidance notes provide a very incomplete and basic overview of a complex subject. Accordingly, you should take legal advice if you may wish to rely upon a limitation or exclusion of liability.

Clause 10.1

Do not delete this provision (except upon legal advice). Without this provision, the specific limitations and exclusions of liability in the document are more likely to be unenforceable.

Clause 10.4

Optional element.

Clause 10.5

Optional element.

Clause 10.6

Optional element.

Clause 10.7

Optional element.

Clause 10.8

Optional element.

Clause 10.9

Optional element.

“Consequential loss” has a special meaning in English law: it means any loss that, whilst not arising naturally from the breach, was specifically in the contemplation of the parties when the contract was made.

Clause 10.10

Optional element. Do you want to include a per event liability cap in this document?

Liability caps may be unenforceable in practice.

Do you want to include a per event liability cap in this document?

What monetary amount should be used in the liability cap?

What floating amount should be used in the liability cap?

The charge payable during what period, prior to the event or events, should be used for calculating this liability cap?

Clause 10.11

Optional element. Do you want to include an aggregate liability cap in this document?

Liability caps may be unenforceable in practice.

Do you want to include an aggregate liability cap in this document?

What monetary amount should be used in the liability cap?

What floating amount should be used in the liability cap?

Clause 11: Force Majeure Event

Optional element.

Clause 11.1

Will obligations to make payments be excluded from the scope of the force majeure exception?

Clause 11.2

Optional element.

Clause 11.3

Optional element.

Clause 12: Termination

Clause 12.1

What notice period will apply to termination without cause by either party?

Clause 12.3

Will the winding up of a party as part of a solvent company reorganisation give rise to a right of termination for the other party?

Will or might a party to the document be an individual, rather than a corporate entity?

Clause 14: Notices

Optional element.

Clause 14.2

Insert the Operator’s contact details for notices.

Clause 15: General

Clause 15.1

Optional element.

Clause 15.2

Optional element.

Clause 15.3

Optional element.

This is intended to prevent, for example, one party wrongfully claiming that a term of the contract was changed in a telephone call.

Clause 15.4

Optional element.

Clause 15.5

Optional element.

This provision is designed to exclude any rights a third party may have under the Contracts (Rights of Third Parties) Act 1999.

Clause 15.6

Optional element.

Clause 15.7

This template has been drafted to work in the English law context. If you plan to change the governing law, you should have the document reviewed by someone with expertise in the law of the relevant jurisdiction.

Which law will govern the document?

Clause 15.8

Optional element.

As a practical matter, it makes sense for the courts with expertise in the relevant law to have the right to adjudicate disputes. Where one of the parties is outside England (or at least the UK), you may want to grant the courts of their home jurisdiction the right to adjudicate disputes, as this could ease enforcement in some circumstances.

The courts of which jurisdiction will have the exclusive right to adjudicate disputes relating to the document (subject to applicable law)?

Clause 16: Interpretation

Should provisions concerning the interpretation of the document be included?

Clause 16.1

Optional element.

Clause 16.2

Optional element.

Clause 16.3

Optional element.

Clause 16.4

Optional element.

This provision is designed to exclude the application of a rule of interpretation known as the ejusdem generis rule. That rule may affect the interpretation of contractual clauses that list particular examples or instances of some more general idea, by limiting the scope of the general idea by reference to those particular examples or instances.

Order Form

Section 1: Advertiser details

Is the second party an individual, a company or a partnership?

What is the full name of the individual (including middle names)?

What is the postal address of the second party?

What is the full company name of the second party?

In which jurisdiction is the second party incorporated?

What is the registration number of the second party?

What is the registered office address of the second party?

What is the name of the second party partnership?

In which jurisdiction is the second party partnership established?

Where is the principal place of business of the second party?

Section 2: Specification of Advertisement Publication Services

Insert the specification for the hosted services.

Section 3: Financial provisions

Insert financial provisions.

Section 4: Contractual notices

Optional element.

Insert details to be used for sending contractual notices to the Advertiser.

Section: Execution of order form (individuals, companies or partnerships)

Subsection: Execution of contract by first party (individual, company or partnership)

Will the contract be signed by the (first party) contracting individual, or a person on behalf of the (first party) contracting entity?

What is the full name of the first party signatory?

On what date is the first party signing the contract?

Add the full name of the person who will sign the document on behalf of the first party.

On what date is the contract being signed on behalf of the first party?

Subsection: Execution of contract by second party (individual, company or partnership)

Will the contract be signed by the (second party) contracting individual, or by a person on behalf of the (second party) contracting entity?

What is the full name of the second party signatory?

On what date is the second party signing the contract?

Add the full name of the person who will sign the document on behalf of the second party.

On what date is the contract being signed on behalf of the second party?

1. Introduction

1.1 These terms and conditions shall govern your use of our website.

1.2 By using our website, you accept these terms and conditions in full; accordingly, if you disagree with these terms and conditions or any part of these terms and conditions, you must not use our website.

1.3 If you [register with our website, submit any material to our website or use any of our website services], we will ask you to expressly agree to these terms and conditions.

1.4 You must be at least [18] years of age to use our website; by using our website or agreeing to these terms and conditions, you warrant and represent to us that you are at least [18] years of age.

2. Copyright notice

2.1 Copyright (c) [year(s) of first publication] [full name].

2.2 Subject to the express provisions of these terms and conditions:

(a) we, together with our licensors, own and control all the copyright and other intellectual property rights in our website and the material on our website; and

(b) all the copyright and other intellectual property rights in our website and the material on our website are reserved.

3. Permission to use website

3.1 You may:

(a) view pages from our website in a web browser;

(b) download pages from our website for caching in a web browser;

(c) print pages from our website[ for your own personal and non-commercial use][, providing that such printing is not systematic or excessive];

(d) [stream audio and video files from our website[ using the media player on our website]]; and

(e) [use [our website services] by means of a web browser],

[additional list items]

subject to the other provisions of these terms and conditions.

3.2 Except as expressly permitted by Section 3.1 or the other provisions of these terms and conditions, you must not download any material from our website or save any such material to your computer.

3.3 You may only use our website for [[your own personal and business purposes]] OR [[define purposes]]; you must not use our website for any other purposes.

3.4 Except as expressly permitted by these terms and conditions, you must not edit or otherwise modify any material on our website.

3.5 Unless you own or control the relevant rights in the material, you must not:

(a) republish material from our website (including republication on another website);

(b) sell, rent or sub-license material from our website;

(c) show any material from our website in public;

(d) exploit material from our website for a commercial purpose; or

(e) redistribute material from our website.

3.6 Notwithstanding Section 3.5, you may redistribute [our newsletter] in [print and electronic form] to [any person].

3.7 We reserve the right to suspend or restrict access to our website, to areas of our website and/or to functionality upon our website. We may, for example, suspend access to the website [during server maintenance or when we update the website]. You must not circumvent or bypass, or attempt to circumvent or bypass, any access restriction measures on the website.

4. Feeds

4.1 You may access [our RSS and Atom feeds] [using any compatible feed reader or aggregator].

4.2 By accessing our feeds, you accept these terms and conditions.

4.3 Subject to your acceptance of these terms and conditions, we grant to you a non-exclusive, non-transferable, non-sub-licensable licence to display content from our feeds in unmodified form on any [non-commercial] website owned and operated by you[, providing that you must not aggregate any of our feed content with any third party feed when displaying it in accordance with this Section 4.3].

4.4 It is a condition of this licence that you include a credit for us and hyperlink to our website on each web page where our feed content is published (in such form as we may specify from time to time, or if we do not specify any particular form, in a reasonable form).

4.5 We may revoke any licence relating to our feeds or feed content at any time, with or without notice.

5. Other social media platforms

5.1 Our website includes features that enable users to interact with other social media platforms[ – including [Facebook, Instagram, Twitter, YouTube, LinkedIn] -] directly from our website.

5.2 Using the social media features on our website, you may:

(a) share data or content from our website; and

(b) like or upvote content from our website.

[additional list items]

5.3 You acknowledge that the use of the social media platforms is subject to the terms and conditions of the relevant platform operator and that the use of any personal data transferred to the platforms is subject to the privacy policy or notice of the relevant platform operator.

5.4 Subject to Section 16.1, we will not be liable to you for any loss or damage arising out of:

(a) your use of any third party social media platform; and

(b) any act or omission of any third party social media platform operator.

5.5 When [using social media features on our website or browsing pages on our website that incorporate social media features], the social media platforms may collect information about [you and your use of our website and those features], including by means of cookies. For more information about these cookies and the use of personal data collected [by us and by the platforms], see [our privacy and cookies policy].

6. Misuse of website

6.1 You must not:

(a) use our website in any way or take any action that causes, or may cause, damage to the website or impairment of the performance, availability, accessibility, integrity or security of the website;

(b) use our website in any way that is unlawful, illegal, fraudulent or harmful, or in connection with any unlawful, illegal, fraudulent or harmful purpose or activity;

(c) hack or otherwise tamper with our website;

(d) probe, scan or test the vulnerability of our website without our permission;

(e) circumvent any authentication or security systems or processes on or relating to our website;

(f) use our website to copy, store, host, transmit, send, use, publish or distribute any material which consists of (or is linked to) any spyware, computer virus, Trojan horse, worm, keystroke logger, rootkit or other malicious computer software;

(g) [impose an unreasonably large load on our website resources (including bandwidth, storage capacity and processing capacity)];

(h) [decrypt or decipher any communications sent by or to our website without our permission];

(i) [conduct any systematic or automated data collection activities (including without limitation scraping, data mining, data extraction and data harvesting) on or in relation to our website without our express written consent];

(j) [access or otherwise interact with our website using any robot, spider or other automated means[, except for the purpose of [search engine indexing]]];

(k) [use our website except by means of our public interfaces];

(l) [violate the directives set out in the robots.txt file for our website];

(m) [use data collected from our website for any direct marketing activity (including without limitation email marketing, SMS marketing, telemarketing and direct mailing)]; or

(n) [do anything that interferes with the normal use of our website].

[additional list items]

6.2 You must not use data collected from our website to contact individuals, companies or other persons or entities.

6.3 You must ensure that all the information you supply to us through our website, or in relation to our website, is [true, accurate, current, complete and non-misleading].

7. Registration and accounts

7.1 To be eligible for [an account] on our website under this Section 7, you must [be resident or situated in the United Kingdom].

7.2 You may register for an account with our website by [completing and submitting the account registration form on our website, and clicking on the verification link in the email that the website will send to you].

7.3 You must not allow any other person to use your account to access the website.

7.4 You must notify us in writing immediately if you become aware of any unauthorised use of your account.

7.5 You must not use any other person’s account to access the website[, unless you have that person’s express permission to do so].

8. User login details

8.1 If you register for an account with our website, [we will provide you with] OR [you will be asked to choose] [a user ID and password].

8.2 Your user ID must not be liable to mislead and must comply with the content rules set out in Section 13; you must not use your account or user ID for or in connection with the impersonation of any person. 

8.3 You must keep your password confidential.

8.4 You must notify us in writing immediately if you become aware of any disclosure of your password.

8.5 You are responsible for any activity on our website arising out of any failure to keep your password confidential, and may be held liable for any losses arising out of such a failure.

9. Cancellation and suspension of account

9.1 We may:

(a) [suspend your account];

(b) [cancel your account]; and/or

(c) [edit your account details],

at any time in our sole discretion with or without notice to you.

9.2 We will usually cancel an account if it remains unused for a continuous period of [18 months].

9.3 You may cancel your account on our website [using your account control panel on the website].

10. Social networking

10.1 Registered users will have access to such additional features on our website as we may from time to time determine, which may include: 

(a) [facilities to complete a detailed personal profile on the website, to publish that profile on the website, and to restrict the publication of that profile to particular groups or individuals registered on the website];

(b) [facilities to create groups, manage groups that you have created, join and leave groups, and share information amongst group members];

(c) [the facility to send private messages via the website to particular groups or individuals registered on the website]; and

(d) [the facility to post and publish text and media on the website].

10.2 You acknowledge that we cannot be held responsible for the behaviour of our users, either on or off the website, and we cannot guarantee that any information provided by a user is true, accurate, complete, current and not misleading; and subject to Section 16.1 you will not hold us liable in respect of any loss or damage arising out of any user behaviour or user information.

10.3 You agree to the publication of posts relating to you, by others, on our website; you acknowledge that such posts may be critical or defamatory or otherwise unlawful; and, subject to Section 16.1, you agree that you will not hold us liable in respect of any such posts, irrespective of whether we are aware or ought to have been aware of such posts.

11. Personal profiles

11.1 All information that you supply as part of a personal profile on the website must be [true, accurate, current, complete and non-misleading].

11.2 You must keep your personal profile on our website up to date.

11.3 Personal profile information must also comply with the provisions of Section 6 and Section 13.

12. Our rights to use your content

12.1 In these terms and conditions, “your content” means [all works and materials (including without limitation text, graphics, images, audio material, video material, audio-visual material, scripts, software and files) that you submit to us or our website for storage or publication on, processing by, or transmission via, our website].

12.2 You grant to us a [worldwide, irrevocable, non-exclusive, royalty-free licence] to [use, reproduce, store, adapt, publish, translate and distribute your content in any existing or future media] OR [reproduce, store and publish your content on and in relation to this website and any successor website] OR [reproduce, store and, with your specific consent, publish your content on and in relation to this website].

12.3 You grant to us the right to sub-license the rights licensed under Section 12.2.

12.4 You grant to us the right to bring an action for infringement of the rights licensed under Section 12.2.

12.5 You hereby waive all your moral rights in your content to the maximum extent permitted by applicable law; and you warrant and represent that all other moral rights in your content have been waived to the maximum extent permitted by applicable law.

12.6 You may edit your content to the extent permitted using the editing functionality made available on our website.

12.7 Without prejudice to our other rights under these terms and conditions, if you breach any provision of these terms and conditions in any way, or if we reasonably suspect that you have breached these terms and conditions in any way, we may delete, unpublish or edit any or all of your content.

13. Rules about your content

13.1 You warrant and represent that your content will comply with these terms and conditions.

13.2 Your content must not be illegal or unlawful, must not infringe any person’s legal rights, and must not be capable of giving rise to legal action against any person (in each case in any jurisdiction and under any applicable law).

13.3 Your content, and the use of your content by us in accordance with these terms and conditions, must not:

(a) be libellous or maliciously false;

(b) be obscene or indecent;

(c) infringe any copyright, moral right, database right, trade mark right, design right, right in passing off or other intellectual property right;

(d) infringe any right of confidence, right of privacy or right under data protection legislation;

(e) [constitute negligent advice or contain any negligent statement];

(f) [constitute an incitement to commit a crime, instructions for the commission of a crime or the promotion of criminal activity];

(g) [be in contempt of any court or in breach of any court order];

(h) [be in breach of racial or religious hatred or discrimination legislation];

(i) [be blasphemous];

(j) [be in breach of official secrets legislation];

(k) [be in breach of any contractual obligation owed to any person];

(l) [depict violence[ in an explicit, graphic or gratuitous manner]];

(m) [be pornographic[, lewd, suggestive or sexually explicit]];

(n) [be untrue, false, inaccurate or misleading];

(o) [consist of or contain any instructions, advice or other information which may be acted upon and could, if acted upon, cause illness, injury or death, or any other loss or damage];

(p) [constitute spam];

(q) [be offensive, deceptive, fraudulent, threatening, abusive, harassing, anti-social, menacing, hateful, discriminatory or inflammatory]; or

(r) [cause annoyance, inconvenience or needless anxiety to any person].

[additional list items]

13.4 Your content must be appropriate, civil and tasteful, and accord with generally accepted standards of etiquette and behaviour on the internet.

13.5 You must not use our website to link to any website or web page consisting of or containing material that would, were it posted on our website, breach the provisions of these terms and conditions.

13.6 You must not submit to our website any material that is or has ever been the subject of any threatened or actual legal proceedings or other similar complaint.

14. Report abuse

14.1 If you learn of any unlawful material or activity on our website, or any material or activity that breaches these terms and conditions, please let us know.

14.2 You can let us know about any such material or activity [by email or using our abuse reporting form].

15. Limited warranties

15.1 We do not warrant or represent:

(a) the completeness or accuracy of the information published on our website;

(b) that the material on the website is up to date;

(c) that the website will operate without fault; or

(d) that the website or any service on the website will remain available.

[additional list items]

15.2 We reserve the right to discontinue or alter any or all of our website services, and to stop publishing our website, at any time in our sole discretion without notice or explanation; and save to the extent expressly provided otherwise in these terms and conditions, you will not be entitled to any compensation or other payment upon the discontinuance or alteration of any website services, or if we stop publishing the website.

15.3 To the maximum extent permitted by applicable law and subject to Section 16.1, we exclude all representations and warranties relating to the subject matter of these terms and conditions, our website and the use of our website.

16. Limitations and exclusions of liability

16.1 Nothing in these terms and conditions will:

(a) limit or exclude any liability for death or personal injury resulting from negligence;

(b) limit or exclude any liability for fraud or fraudulent misrepresentation;

(c) limit any liabilities in any way that is not permitted under applicable law; or

(d) exclude any liabilities that may not be excluded under applicable law.

16.2 The limitations and exclusions of liability set out in this Section 16 and elsewhere in these terms and conditions: 

(a) are subject to Section 16.1; and

(b) govern all liabilities arising under these terms and conditions or relating to the subject matter of these terms and conditions, including liabilities arising in contract, in tort (including negligence) and for breach of statutory duty, except to the extent expressly provided otherwise in these terms and conditions.

16.3 To the extent that our website and the information and services on our website are provided free of charge, we will not be liable for any loss or damage of any nature.

16.4 We will not be liable to you in respect of any losses arising out of any event or events beyond our reasonable control.

16.5 We will not be liable to you in respect of any business losses, including (without limitation) loss of or damage to profits, income, revenue, use, production, anticipated savings, business, contracts, commercial opportunities or goodwill.

16.6 We will not be liable to you in respect of any loss or corruption of any data, database or software.

16.7 We will not be liable to you in respect of any special, indirect or consequential loss or damage.

16.8 You accept that we have an interest in limiting the personal liability of our officers and employees and, having regard to that interest, you acknowledge that we are a limited liability entity; you agree that you will not bring any claim personally against our officers or employees in respect of any losses you suffer in connection with the website or these terms and conditions (this will not, of course, limit or exclude the liability of the limited liability entity itself for the acts and omissions of our officers and employees).

17. Indemnity

17.1 You hereby indemnify us, and undertake to keep us indemnified, against any and all losses, damages, costs, liabilities and expenses (including without limitation legal expenses and any amounts paid by us to a third party in settlement of a claim or dispute) incurred or suffered by us and arising directly or indirectly out of [your use of our website or any breach by you of any provision of these terms and conditions].

18. Breaches of these terms and conditions

18.1 Without prejudice to our other rights under these terms and conditions, if you breach these terms and conditions in any way, or if we reasonably suspect that you have breached these terms and conditions in any way, we may: 

(a) send you one or more formal warnings;

(b) temporarily suspend your access to our website;

(c) permanently prohibit you from accessing our website;

(d) [block computers using your IP address from accessing our website];

(e) [contact any or all of your internet service providers and request that they block your access to our website];

(f) commence legal action against you, whether for breach of contract or otherwise; and/or

(g) [suspend or delete your account on our website].

[additional list items]

18.2 Where we suspend or prohibit or block your access to our website or a part of our website, you must not take any action to circumvent such suspension or prohibition or blocking[ (including without limitation [creating and/or using a different account])].

19. Third party websites

19.1 Our website includes hyperlinks to other websites owned and operated by third parties; such hyperlinks are not recommendations.

19.2 We have no control over third party websites and their contents, and subject to Section 16.1 we accept no responsibility for them or for any loss or damage that may arise from your use of them.

20. Trade marks

20.1 [Identify trade marks], our logos and our other registered and unregistered trade marks are trade marks belonging to us; we give no permission for the use of these trade marks, and such use may constitute an infringement of our rights.

20.2 The third party registered and unregistered trade marks or service marks on our website are the property of their respective owners and, unless stated otherwise in these terms and conditions, we do not endorse and are not affiliated with any of the holders of any such rights and as such we cannot grant any licence to exercise such rights.

21. Competitions

21.1 From time to time we may run competitions, free prize draws and/or other promotions on our website.

21.2 Competitions will be subject to separate terms and conditions (which we will make available to you as appropriate).

22. Variation

22.1 We may revise these terms and conditions from time to time.

22.2 [The revised terms and conditions shall apply to the use of our website from the date of publication of the revised terms and conditions on the website, and you hereby waive any right you may otherwise have to be notified of, or to consent to, revisions of these terms and conditions.] OR [We will give you written notice of any revision of these terms and conditions, and the revised terms and conditions will apply to the use of our website from the date that we give you such notice; if you do not agree to the revised terms and conditions, you must stop using our website.]

22.3 If you have given your express agreement to these terms and conditions, we will ask for your express agreement to any revision of these terms and conditions; and if you do not give your express agreement to the revised terms and conditions within such period as we may specify, we will disable or delete your account on the website, and you must stop using the website.

23. Assignment

23.1 You hereby agree that we may assign, transfer, sub-contract or otherwise deal with our rights and/or obligations under these terms and conditions. 

23.2 You may not without our prior written consent assign, transfer, sub-contract or otherwise deal with any of your rights and/or obligations under these terms and conditions. 

24. Severability

24.1 If a provision of these terms and conditions is determined by any court or other competent authority to be unlawful and/or unenforceable, the other provisions will continue in effect.

24.2 If any unlawful and/or unenforceable provision of these terms and conditions would be lawful or enforceable if part of it were deleted, that part will be deemed to be deleted, and the rest of the provision will continue in effect. 

25. Third party rights

25.1 A contract under these terms and conditions is for our benefit and your benefit, and is not intended to benefit or be enforceable by any third party.

25.2 The exercise of the parties’ rights under a contract under these terms and conditions is not subject to the consent of any third party.

26. Entire agreement

26.1 Subject to Section 16.1, these terms and conditions[, together with [our privacy and cookies policy],] shall constitute the entire agreement between you and us in relation to your use of our website and shall supersede all previous agreements between you and us in relation to your use of our website.

27. Law and jurisdiction

27.1 These terms and conditions shall be governed by and construed in accordance with [English law].

27.2 Any disputes relating to these terms and conditions shall be subject to the [exclusive] OR [non-exclusive] jurisdiction of the courts of [England].

28. Statutory and regulatory disclosures

28.1 We are registered in [trade register]; you can find the online version of the register at [WWW.CROSSCONNECTION.CO.UK], and our registration number is [number].

28.2 We are subject to [authorisation scheme], which is supervised by [supervisory authority].

28.3 We are registered as [title] with [professional body] in [the United Kingdom] and are subject to [rules], which can be found at [WWW.CROSSCONNECTION.CO.UK].

28.4 We subscribe to [code(s) of conduct], which can be consulted electronically at [WWW.CROSSCONNECTION.CO.UK(s)].

28.5 Our VAT number is [number].

29. Our details

29.1 This website is owned and operated by Red Umbrella Bespoke Mental Health Care

29.2 We are registered in [England and Wales] under registration number 11517587], and our registered office is at 24 Cyprus Road, Nottingham, NG3 5EB.

29.3 Our principal place of business is at 24 Cyprus Road, Nottingham, NG3 5EB.

29.4 You can contact us:

(a) [by post, to [the postal address given above];

(b) [using our website contact form];

(c) [by telephone, on [the contact number published on our website]]; or

(d) [by email, using [the email address published on our website]].

[additional list items]

Social network terms and conditions: drafting notes

This terms and conditions template was designed for free-to-use social networking websites.

Social networking websites process and publish lots of user-provided content, and this document includes detailed provisions relating to: (i) the licensing of user content to the website operator; (ii) prohibitions on illegal and undesirable user content; and (iii) the reporting of abuse in relation to user content.

In addition, the template includes special provisions covering profiles and profile publication, private messaging and user groups.

The template does not include any provisions relating to the payment of subscription fees or other charges. If the website in question is not free to use, you should not use this template.

Section 1: Introduction

Sometimes, there will be a contractual relationship between a website operator and a website user; other times, there will not.

Where there is no contractual relationship, legal notices can still have legal effects. For instance, licences of intellectual property rights and disclaimers of liability may be legally effective where there is no contract. Moreover, statutory and regulatory disclosure obligations can be fulfilled by means of legal notices irrespective of whether a contract subsists.

If however an operator is selling something to users, or wants to impose positive obligations upon users, or wants to institute prohibitions that are extraneous to any licence of intellectual property rights, a contractual relationship will usually be necessary.

To help ensure that a terms and conditions document is properly incorporated into a contract, the document should be expressly accepted by the user.

Common methods of gaining acceptance include: (a) incorporating a statement next to a submit button providing that, by pressing the submit button, the user agrees to the document; (b) using a checkbox to gain consent, and blocking registration form submission if the checkbox has not been checked; and (c) requiring users to scroll through the document, and click an “agree” button after doing so.  

In all cases, the document should be available to users at the point of acceptance, either on screen or via a hyperlink. If a contractual document includes unusual and/or potentially controversial provisions, it may be necessary to bring these to the particular attention of users.

In general, you should not ask users to affirm that they have actually read a legal document – almost none will do so, and the reading of the document is not a precondition to its incorporation into the contract.

Section 1.2

Optional element.

The completed document should be easily accessible on the website, with a link from every page.

Section 1.3

Optional element. Will all or any website users give their express consent to the terms of this document?

Ideally, from a legal perspective, all users would be asked to expressly agree to the terms of the document. However, in practice, express consent is rarely sought from casual website visitors. On the other hand, it is easy to obtain the express consent of users who register with the website or submit any material to the website, eg by clicking “I accept” on an electronic version of the document. You should retain evidence of the acceptance of the document terms by each such user.

Under what circumstances will users be asked to give their express consent to the terms of this document?

Section 1.4

Optional element. Are there any age restrictions on the use of the website?

The use of websites by minors can be legally problematic. There are a number of different legal issues. For example, under English law, contracts may be unenforceable against minors. Another issue concerns data protection. The law of data protection imposes additional burdens in relation to the processing of any personal data of a minor and personal data provided by a minor. The effects of the law of indecency may also depend upon whether a website is accessible by minors. Obviously, the inclusion of a requirement in your terms and conditions that minors refrain from using a website is no guarantee that they will do so. Where your website is directed at, or likely to be used by, minors, we recommend that you seek specialist legal advice.

What is the minimum age for website users?

Section 2: Copyright notice

A copyright notice is an assertion of ownership.

Copyright notices usually take the form specified in Article 3(1) of the Universal Copyright Convention (although the UCC itself is now of very limited significance):

“Any Contracting State which, under its domestic law, requires as a condition of copyright, compliance with formalities such as deposit, registration, notice, notarial certificates, payment of fees or manufacture or publication in that Contracting State, shall regard these requirements as satisfied with respect to all works protected in accordance with this Convention and first published outside its territory and the author of which is not one of its nationals, if from the time of the first publication all the copies of the work published with the authority of the author or other copyright proprietor bear the symbol © accompanied by the name of the copyright proprietor and the year of first publication placed in such manner and location as to give reasonable notice of claim of copyright.”

It will be rare for a website owner to be the sole proprietor of all the copyright in a website. For example, the software code used to run the website may belong to another person. For this reason, the notice here refers also to licensors.

Universal Copyright Convention – http://portal.unesco.org/en/ev.php-WWW.CROSSCONNECTION.CO.UK_ID=15381&WWW.CROSSCONNECTION.CO.UK_DO=DO_TOPIC&WWW.CROSSCONNECTION.CO.UK_SECTION=201.html

Berne Convention for the Protection of Literary and Artistic Works – https://wipolex.wipo.int/en/text/283698

Section 2.1

What was the year of first publication of the relevant copyright material (or the range of years)?

Who is the principal owner of copyright in the website?

Section 3: Permission to use website

Every website is a compendium of copyright-protected works. These may include literary works, (website text, HTML, CSS and software code), graphic works (photographs and illustrations), databases, sound recordings and films.

The most fundamental principle of copyright law is that a person may not copy a protected work without permission. Using a website involves copying some or all of the works comprised in the website. Accordingly, a user needs permission to use a website. A “licence” is just such a permission.

In most if not all cases, by publishing a website a person will be granting an implied licence to website visitors to copy of the website. The problem with an implied licence is that the scope of the licence is inherently uncertain. Is the visitor permitted to download the entire website? Is the visitor permitted to reproduce elements of the website elsewhere?

Because of this uncertainty, most publishers will include an express licence setting out exactly what visitors are permitted to do in relation to a website and, just as important, what they are not permitted to do.

The scope of the licence will vary. In editing these provisions, consider carefully exactly what your users should be allowed to do with the website and material on the website.

Chapter II, Part I, Copyright, Designs and Patents Act 1988 – https://www.legislation.gov.uk/ukpga/1988/48/part/I/chapter/II/crossheading/the-acts-restricted-by-copyright

Section 3.1

Will audio and/or video files be published on the website?

Will the website make available any dynamic services to users?

Describe the website services in question.

Section 3.2

Optional element.

Section 3.3

Optional element.

For what purposes may the website be used?

Section 3.4

Optional element.

Section 3.6

Optional element. Are users permitted to redistribute any specific content from the website (eg newsletters)?

What types of content are redistributable?

In what formats may redistributable content be redistributed?

To whom may redistributable content be redistributed?

Section 4: Feeds

Will the website publish a feed?

Website feeds typically use RSS (Rich Site Summary aka Really Simple Syndication) or Atom.

Section 4.2

Optional element.

Section 4.3

Optional element. Will republication of the feeds be permitted?

Will the right to publish the RSS feed be limited to non-commercial websites?

Section 4.4

Optional element.

Section 4.5

Optional element.

Section 5: Other social media platforms

Optional element.

Section 5.2

Optional element.

Section 5.3

Optional element.

Section 5.4

Optional element.

Section 5.5

Optional element.

Section 6: Misuse of website

Section 6.1

Should automated interactions with the website be prohibited?

Will the website incorporate a robots.txt file?

Should users be prohibited from using the website for direct marketing activity?

Section 6.2

Optional element. Should the use of data collected from the website to contact people and businesses be prohibited?

Section 6.3

Optional element.

What standard of veracity etc should user-submitted content meet?

Section 7: Registration and accounts

Does the website allow users to register for an account?

Section 7.1

Optional element. Do any eligibility criteria apply to account registration?

What eligibility criteria apply?

Section 7.2

How do users register with the website?

Section 7.3

Optional element. Will users be permitted to share their accounts?

Section 7.4

Optional element.

Section 7.5

Optional element.

Are users permitted to use another person’s account on the website with the permission of that other person?

Section 8: User login details

Optional element.

Section 8.1

How will users’ login details be generated?

What account credentials will users have upon account creation?

Section 8.2

Optional element.

Section 8.3

Optional element.

Section 8.4

Optional element.

Section 8.5

Optional element.

Section 9: Cancellation and suspension of account

Optional element.

Ensure that the account handling provisions in these terms and conditions are consistent with your privacy policy, including the personal data retention and deletion provisions in that policy.

Section 9.1

Which of these general rights over user accounts does the website operator have?

Section 9.2

Optional element.

Section 9.3

How can a user cancel his or her account on the website?

Section 10: Social networking

Section 10.1

Which of these social networking features will be available on the website?

Section 10.2

Optional element.

Section 10.3

Optional element.

Section 11: Personal profiles

Does the website allow users to create and publish or share personal profiles?

Section 11.1

Optional element.

To what standard of veracity should user profiles be held?

Section 11.2

Optional element.

Section 12: Our rights to use your content

Section 12.1

Define “your content”.

Section 12.2

What type of licence do users grant to the website operator?

What does the licence allow the website operator to do with user content?

Section 12.4

Optional element. Should the website operator be granted a right to bring proceedings in respect of third party infringements?

Section 12.5

Optional element. Should users be asked to waive their moral rights (such as the right of paternity and the right to object to derogatory treatment) in the content they submit to the website?

Section 12.6

Optional element. Can users edit their own content after it has been posted to the website?

Section 13: Rules about your content

Section 13.2

This very general prohibition against unlawful user content may be supplemented by rules relating to specific kinds of illegality, as well as prohibitions upon lawful but undesirable content.

Section 13.3

Optional element.

Section 13.4

Optional element. Do you want to require civility from your users in relation to the posting of material on the website?

Section 13.5

Optional element. Do you want to prohibit hyperlinks in user content that point to material that is prohibited by the terms of this document?

Section 13.6

Optional element.

Section 14: Report abuse

Will there be a special procedure (which could be as simple as a designated email address) for reporting abusive conduct or materials on the website?

Websites that allow the publication of user generated content should incorporate an abuse reporting procedure. The existence of such a procedure may help the website operator to take advantage of certain defences that may be available in respect of such user generated content. For instance, the website operator defence set out in Section 5 of the Defamation Act 2013 and elaborated in the Defamation (Operators of Websites) Regulations 2013 will only be available where the operator has responded to a notice of complaint sent by the complainant, a process which may be made simpler by the use of a dedicated communications channel. The guidance notes accompanying the legislation have this to say on the subject: “The Government encourages operators to set up and publicise a designated email address for this purpose as a matter of good practice, which we encourage complainants to use. Operators may also wish to provide an online form that complainants can use to submit a Notice of Complaint”.

Defamation Act 2013 – https://www.legislation.gov.uk/ukpga/2013/26

Defamation (Operators of Websites) Regulations 2013 – https://www.legislation.gov.uk/uksi/2013/3028/made

Section 14.2

Optional element.

How can users report unlawful and unwanted materials and activities on the website?

Section 15: Limited warranties

Section 15.1

Optional element.

Section 15.2

Optional element.

Section 16: Limitations and exclusions of liability

Contractual limitations and exclusions of liability are regulated and controlled by law, and the courts may rule that particular limitations and exclusions of liability in contracts are unenforceable.

The courts are particularly likely to intervene where a party is seeking to rely on a limitation or exclusion of liability in its standard terms and conditions, but will also sometimes intervene where a term has been individually negotiated. The courts may be more likely to rule that provisions excluding liability, as opposed to those merely limiting liability, are unenforceable. If there is a risk that any particular limitation or exclusion of liability will be found to be unenforceable by the courts, that provision should be drafted as an independent term, and be numbered separately from the other provisions. It may improve the chances of a limitation or exclusion of liability being found to be enforceable if the party seeking to rely upon it specifically drew it to the attention of the other party before the contract was entered into.

Exclusions and limitations of liability in UK contracts are primarily regulated by the Unfair Contract Terms Act 1977 (“UCTA”). Contracts regulated by UCTA cannot exclude or restrict a party’s liability for death or personal injury resulting from negligence (Section 2(1), UCTA). Except insofar as the relevant term satisfies the requirements of reasonableness, such contracts cannot exclude or restrict liability: (i) for negligence (which includes a breach of an express or implied contractual obligation to take reasonable care or exercise reasonable skill) (Section 2(2), UCTA); or (ii) for misrepresentation (Section 3, Misrepresentation Act 1967). In addition, if a contract is regulated by UCTA, and one of the parties is dealing on the other’s written standard terms of business, then except insofar as the relevant contractual term satisfies the requirements of reasonableness the other party cannot: (i) exclude or restrict his liability in respect of a breach of contract; or (ii) claim to be entitled to render a contractual performance substantially different from that which was reasonably expected of him; or (iii) claim to be entitled, in respect of the whole or any part of his contractual obligation, to render no contractual performance at all (see Section 3, UCTA). UCTA includes various other restrictions, particularly in the case of contracts for the sale of goods and contracts under which possession or ownership of goods passes.

If you wish to try to limit/exclude for liability in respect of reckless, deliberate, personal and/or repudiatory breaches of contract, you may wish to specify this in relation to the relevant provision (for example, using the following wording: “The limitations and exclusions of liability in this Clause [number] will apply whether or not the liability in question arises out of any reckless, deliberate, personal and/or repudiatory conduct or breach of contract”).

Somewhat different rules apply to limitations of liability in contracts with consumers, and these provisions should not be used in relation to such contracts.

These guidance notes provide a very incomplete and basic overview of a complex subject. Accordingly, you should take legal advice if you may wish to rely upon a limitation or exclusion of liability.

Unfair Contract Terms Act 1977 – https://www.legislation.gov.uk/ukpga/1977/50

Section 16.1

Do not delete this provision (except upon legal advice). Without this provision, the specific limitations and exclusions of liability in the document are more likely to be unenforceable.

Section 16.3

Optional element. Do you want to attempt to exclude all liability for free services and information?

This sort of exclusion is quite common, but unlikely to be enforceable in court.

Section 16.5

Optional element.

Section 16.6

Optional element.

Section 16.7

Optional element.

Section 16.8

Optional element. If the website operator is a limited liability entity (eg a limited company), do you want to expressly exclude liability on the part of officers and employees?

Section 17: Indemnity

Optional element.

Section 18: Breaches of these terms and conditions

Section 18.1

Will account suspension or deletion be a possibility here?

Section 18.2

Optional element.

Do you wish to specify types of action that are prohibited here?

Detail the types of action which are prohibited by this provision.

Section 19: Third party websites

Optional element.

Section 20: Trade marks

Do any trade marks (registered or unregistered, yours or someone else’s) appear on your website?

Trade marks may be registered or unregistered. It is a criminal offence under Section 94 of the Trade Marks Act 1994 to falsely represent that a trade mark is registered. Accordingly, you must not use the (R) symbol in relation to unregistered trade marks.

Trade Marks Act 1994 – https://www.legislation.gov.uk/ukpga/1994/26

Section 20.1

It is customary in legal documents to identify specific trade marks using capital letters (eg TRADE MARK) and, in the case of registered marks, registration particulars (eg UK trade mark registration number 000001 for TRADE MARK).

Please identify your trade marks, by reference to registration particulars in the case of registered trade marks.

Section 20.2

Optional element. Will or might any third party trade marks be reproduced on the website?

Section 21: Competitions

Will or might you run any competitions on or in relation to the website?

Any competitions should be governed by a separate set of terms and conditions.

Section 22: Variation

Changes to legal documents published on a website will not generally be retrospectively effective, and variations without notice to and/or consent from relevant users may be ineffective.

Section 22.2

Will website users be notified of changes to the document?

Section 22.3

Optional element. Will registered users be required to consent to variations?

Section 25: Third party rights

Optional element.

This provision is designed to exclude any rights a third party may have under the Contracts (Rights of Third Parties) Act 1999.

Contracts (Rights of Third Parties) Act 1999 – https://www.legislation.gov.uk/ukpga/1999/31

Section 26: Entire agreement

Section 26.1

What other documents govern the use of the website?

Section 27: Law and jurisdiction

The questions of which law governs a document and where disputes relating to the document may be litigated are two distinct questions.

Section 27.1

This document has been drafted to comply with English law, and the governing law provision should not be changed without obtaining expert advice from a lawyer qualified in the appropriate jurisdiction. In some circumstances the courts will apply provisions of their local law, such as local competition law or consumer protection law, irrespective of a choice of law clause.

Which law should govern the document?

Section 27.2

In some circumstances your jurisdiction clause may be overridden by the courts.

Should the jurisdiction granted be exclusive or non-exclusive? Choose “non-exclusive” jurisdiction if you may want to enforce the terms and conditions against users outside England and Wales. Otherwise, choose “exclusive jurisdiction”.

The courts of which country or jurisdiction should adjudicate disputes under the document?

Section 28: Statutory and regulatory disclosures

Do the Electronic Commerce (EC Directive) Regulations 2002 apply to the website or is the website operator registered for VAT?

This section can be deleted where website operator is not registered for VAT and the Electronic Commerce (EC Directive) Regulations 2002 do not apply. Generally, those Regulations will apply unless a website is entirely non-commercial, ie where a website does not offer any goods or services and does not involve any remuneration (which includes remuneration for carrying AdSense or other advertising).

Electronic Commerce (EC Directive) Regulations 2002 (original version) – https://www.legislation.gov.uk/uksi/2002/2013/made

Section 28.1

Optional element. Is the website operator registered in a trade or similar register that is available to the public?

The Electronic Commerce (EC Directive) Regulations 2002 provide that if you are “registered in a trade or similar register available to the public”, you must provide “details of the register in which the service provider is entered and his registration number, or equivalent means of identification in that register”.

What is the name of the trade register?

At what WWW.CROSSCONNECTION.CO.UK can the trade register be found?

What is the website operator’s registration number?

Section 28.2

Optional element. Is the website operator subject to an authorisation scheme (eg under financial services legislation)?

The Electronic Commerce (EC Directive) Regulations 2002 provide that “where the provision of the service is subject to an authorisation scheme” you must provide “the particulars of the relevant supervisory authority”.

What is the name of the authorisation scheme to which the website operator is subject?

What authority supervises the authorisation scheme?

Section 28.3

Optional element. Is the service provider a member of a regulated profession (eg solicitors)?

The Electronic Commerce (EC Directive) Regulations 2002 provide that if “the service provider exercises a regulated profession”, it must provide “(i) the details of any professional body or similar institution with which the service provider is registered; (ii) his professional title and the member State where that title has been granted; (iii) a reference to the professional rules applicable to the service provider in the member State of establishment and the means to access them”.

What is the website operator’s professional title?

Which professional body regulates the website operator?

What is the name of the document containing the rules governing the profession?

At what WWW.CROSSCONNECTION.CO.UK can the rules be found?

Section 28.4

Optional element. Does the website operator subscribe to any codes of conduct?

The Electronic Commerce (EC Directive) Regulations 2002 provide that “a service provider shall indicate which relevant codes of conduct he subscribes to and give information on how those codes can be consulted electronically”.

Identify the codes of conduct in question.

Where can the codes be viewed?

Section 28.5

Optional element. Is the website operator registered for VAT?

What is the website operator’s VAT number?

Section 29: Our details

Optional element.

UK companies must provide their corporate names, their registration numbers, their place of registration and their registered office address on their websites (although not necessarily in this document).

Sole traders and partnerships that carry on a business in the UK under a “business name” (ie a name which is not the name of the trader/names of the partners or certain other specified classes of name) must also make certain website disclosures: (a) in the case of a sole trader, the individual’s name; (b) in the case of a partnership, the name of each member of the partnership; and (c) in either case, in relation to each person named, an address in the UK at which service of any document relating in any way to the business will be effective.

All websites covered by the Electronic Commerce (EC Directive) Regulations 2002 must provide a geographic address (not a PO Box number) and an email address.

All website operators covered by the Provision of Services Regulations 2009 must also provide a telephone number.

Electronic Commerce (EC Directive) Regulations 2002 (original version) – https://www.legislation.gov.uk/uksi/2002/2013/made

Provision of Services Regulations 2009 – https://www.legislation.gov.uk/uksi/2009/2999

Section 29.1

What is the name of the company, partnership, individual or other legal person or entity that owns and operates the website?

Section 29.2

Optional element. Is the relevant person a company?

In what jurisdiction is the company registered?

What is the company’s registration number or equivalent?

Where is the company’s registered address?

Section 29.3

Optional element.

Where is the relevant person’s head office or principal place of business?

Section 29.4

Optional element.

By what means may the relevant person be contacted?

Where is the relevant person’s postal address published?

Either specify a telephone number or give details of where the relevant number may be found.

Either specify an email address or give details of where the relevant email address may be found.

1. Introduction

1.1 We are committed to safeguarding the privacy of [our website visitors, service users, individual customers and customer personnel].

1.2 This policy applies where we are acting as a data controller with respect to the personal data of such persons; in other words, where we determine the purposes and means of the processing of that personal data.

1.3 Our website incorporates privacy controls which affect how we will process your personal data. By using the privacy controls, you can [specify whether you would like to receive direct marketing communications and limit the collection, sharing and publication of your personal data]. You can access the privacy controls via [WWW.CROSSCONNECTION.CO.UK].

1.4 We use cookies on our website. Insofar as those cookies are not strictly necessary for the provision of [our website and services], we will ask you to consent to our use of cookies when you first visit our website.

1.5 In this policy, “we”, “us” and “our” refer to [data controller name].[ For more information about us, see Section 19.]

2. The personal data that we collect

2.1 In this Section 2 we have set out the general categories of personal data that we process[ and, in the case of personal data that we did not obtain directly from you, information about the source and specific categories of that data].

2.2 We may process data enabling us to get in touch with you (“contact data“).[ The contact data may include [your name, email address, telephone number, postal address and/or social media account identifiers].][ The source of the contact data is [you and/or your employer].][ If you log into our website using a social media account, we will obtain elements of the contact data from the relevant social media account provider.]

2.3 We may process [your website user account data] (“account data“).[ The account data may [include your account identifier, name, email address, business name, account creation and modification dates, website settings and marketing preferences].][ The primary source of the account data is [you and/or your employer, although some elements of the account data may be generated by our website].][ If you log into our website using a social media account, we will obtain elements of the account data from the relevant social media account provider.]

2.4 We may process [your information included in your personal profile on our website] (“profile data“).[ The profile data may include [your name, address, telephone number, email address, profile pictures, gender, date of birth, relationship status, interests and hobbies, educational details and employment details].][ The source of the profile data is [you and/or your employer].][ If you log into our website using a social media account, we will obtain elements of the profile data from the relevant social media account provider.]

2.5 We may process [your personal data that are provided in the course of the use of our services and generated by our services in the course of such use] (“service data“).[ The service data may include [specify data].][ The source of the service data is [you and/or your employer and/or our services].]

2.6 We may process [information contained in or relating to any communication that you send to us or that we send to you] (“communication data“). The communication data may include [the communication content and metadata associated with the communication].[ Our website will generate the metadata associated with communications made using the website contact forms.]

2.7 We may process [data about your use of our website and services] (“usage data“). The usage data may include [your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your service use]. The source of the usage data is [our analytics tracking system].

2.8 We may process [identify general category of data].[ This data may include [list specific items of data].][ The source of this data is [identify source].]

2.9 Please do not supply any other person’s personal data to us, unless we prompt you to do so.

3. Purposes of processing and legal bases

3.1 In this Section 3, we have set out the purposes for which we may process personal data and the legal bases of the processing.

3.2 Operations – We may process [your personal data] for [the purposes of operating our website and providing our services]. The legal basis for this processing is [our legitimate interests, namely [the proper administration of our website, services and business]] OR [the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract] OR [[specify basis]].

3.3 Publications – We may process [account data, profile data and/or service data] for [the purposes of publishing such data on our website and elsewhere through our services in accordance with your express instructions]. The legal basis for this processing is [consent] OR [our legitimate interests, namely [the publication of content in the ordinary course of our operations]] OR [the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract] OR [[specify basis]].

3.4 Relationships and communications – We may process [contact data, account data and/or communication data] for [the purposes of managing our relationships, communicating with you (excluding communicating for the purposes of direct marketing) by email, SMS, post, fax and/or telephone, providing support services and compliant handling]. The legal basis for this processing is [our legitimate interests, namely [communications with our website visitors and service users, the maintenance of relationships, and the proper administration of our website, services and business]] OR [[specify basis]].

3.5 Personalisation – We may process [account data, service data and/or usage data] for [the purposes of personalising the content and advertisements that you see on our website and through our services to ensure that you only see material that is relevant to you]. The legal basis for this processing is [consent] OR [our legitimate interests, namely [offering the best possible experience for our website visitors and service users]] OR [the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract] OR [[specify basis]].

3.6 Direct marketing – We may process [contact data, account data and profile data] for [the purposes of creating, targeting and sending direct marketing communications by email, SMS, post and/or fax and making contact by telephone for marketing-related purposes]. The legal basis for this processing is [consent] OR [our legitimate interests, namely [promoting our business and communicating marketing messages and offers to our website visitors and service users]] OR [[specify basis]].

3.7 Research and analysis – We may process [usage data and/or service data] for [the purposes of researching and analysing the use of our website and services, as well as researching and analysing other interactions with our business]. The legal basis for this processing is [consent] OR [our legitimate interests, namely [monitoring, supporting, improving and securing our website, services and business generally]] OR [[specify basis]].

3.8 Record keeping – We may process [your personal data] for [the purposes of creating and maintaining our databases, back-up copies of our databases and our business records generally]. The legal basis for this processing is our legitimate interests, namely [ensuring that we have access to all the information we need to properly and efficiently run our business in accordance with this policy].

3.9 Security – We may process [your personal data] for [the purposes of security and the prevention of fraud and other criminal activity]. The legal basis of this processing is our legitimate interests, namely [the protection of our website, services and business, and the protection of others].

3.10 Insurance and risk management – We may process [your personal data] where necessary for [the purposes of obtaining or maintaining insurance coverage, managing risks and/or obtaining professional advice]. The legal basis for this processing is our legitimate interests, namely [the proper protection of our business against risks].

3.11 Legal claims – We may process [your personal data] where necessary for [the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure]. The legal basis for this processing is our legitimate interests, namely [the protection and assertion of our legal rights, your legal rights and the legal rights of others].

3.12 Legal compliance and vital interests – We may also process your personal data where such processing is necessary for compliance with a legal obligation to which we are subject or in order to protect your vital interests or the vital interests of another natural person.

4. Automated decision-making

4.1 We will use your personal data for the purposes of automated decision-making in relation to [specify automated decisions].

4.2 This automated decision-making will involve [provide meaningful information about the logic involved].

4.3 The significance and possible consequences of this automated decision-making are [specify significance and consequences].

5. Providing your personal data to others

5.1 We may disclose [your personal data] to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries) insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy.[ Information about our group of companies can be found at [WWW.CROSSCONNECTION.CO.UK].]

5.2 We may disclose [your personal data] to [our insurers and/or professional advisers] insofar as reasonably necessary for the purposes of [obtaining or maintaining insurance coverage, managing risks, obtaining professional advice].

5.3 We may disclose [specify personal data category or categories] to [our suppliers or subcontractors][ identified at [WWW.CROSSCONNECTION.CO.UK]] insofar as reasonably necessary for [specify purposes].

5.4 We may disclose [contact data along with any other personal data contained in enquiries made through our website or services] to [one or more of those selected third party suppliers of goods and/or services identified on our website] for [the purpose of enabling them to contact you so that they can offer, market and sell to you relevant goods and/or services].[ Each such third party will act as a data controller in relation to the personal data that we supply to it; and upon contacting you, each such third party will supply to you a copy of its own privacy policy, which will govern that third party’s use of your personal data.]

5.5 In addition to the specific disclosures of personal data set out in this Section 5, we may disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person. We may also disclose your personal data where such disclosure is necessary for the establishment, exercise, or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure.

6. International transfers of your personal data

6.1 In this Section 6, we provide information about the circumstances in which your personal data may be transferred to [countries outside the United Kingdom and the European Economic Area (EEA)].

6.2 We[ and our other group companies] have [offices and facilities] in [specify countries].[ The competent data protection authorities have made an “adequacy decision” with respect to [the data protection laws of each of these countries].][ Transfers to [each of these countries] will be protected by appropriate safeguards, namely [the use of standard data protection clauses adopted or approved by the competent data protection authorities, a copy of which can be obtained from [source]] OR [the use of binding corporate rules, a copy of which you can obtain from [source]] OR [[specify appropriate safeguards and means to obtain a copy]].]

6.3 The hosting facilities for our website are situated in [specify countries].[ The competent data protection authorities have made an “adequacy decision” with respect to [the data protection laws of each of these countries].][ Transfers to [each of these countries] will be protected by appropriate safeguards, namely [the use of standard data protection clauses adopted or approved by the competent data protection authorities, a copy of which you can obtain from [source]] OR [[specify appropriate safeguards and means to obtain a copy]].]

6.4 [Specify category or categories of supplier or subcontractor] [is] OR [are] situated in [specify countries].[ The competent data protection authorities have made an “adequacy decision” with respect to [the data protection laws of each of these countries].][ Transfers to [each of these countries] will be protected by appropriate safeguards, namely [the use of standard data protection clauses adopted or approved by the competent data protection authorities, a copy of which can be obtained from [source]] OR [[specify appropriate safeguards and means to obtain a copy]].]

6.5 You acknowledge that [personal data that you submit for publication through our website or services] may be available, via the internet, around the world. We cannot prevent the use (or misuse) of such personal data by others.

7. Retaining and deleting personal data

7.1 This Section 7 sets out our data retention policies and procedures, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data.

7.2 Personal data that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

7.3 We will retain your personal data as follows:

(a) [contact data will be retained for a minimum period of [period] following the date of the most recent communication between you and us, and for a maximum period of [period] following that date];

(b) [account data will be retained for a minimum period of [period] following the date of closure of the relevant account, and for a maximum period of [period] following that date];

(c) [profile data will be retained for a minimum period of [period] following the date of deletion of the profile by you, and for a maximum period of [period] following that date];

(d) [service data will be retained for a minimum period of [period] following the date of termination of the relevant contract, and for a maximum period of [period] following that date];

(e) [communication data will be retained for a minimum period of [period] following the date of the communication in question, and for a maximum period of [period] following that date];

(f) [usage data will be retained for [period] following the date of collection]; and

(g) [[data category] will be retained for a minimum period of [period] following [date], and for a maximum period of [period] following [date]].

[additional list items]

7.4 In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the following criteria:

(a) the period of retention of [personal data category] will be determined based on [specify criteria].

[additional list items]

7.5 Notwithstanding the other provisions of this Section 7, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

8. Your rights

8.1 In this Section 8, we have listed the rights that you have under data protection law.

8.2 Your principal rights under data protection law are:

(a) the right to access – you can ask for copies of your personal data;

(b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;

(c) the right to erasure – you can ask us to erase your personal data;

(d) the right to restrict processing – you can ask us to restrict the processing of your personal data;

(e) the right to object to processing – you can object to the processing of your personal data;

(f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;

(g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and

(h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

8.3 These rights are subject to certain limitations and exceptions. You can learn more about the rights of data subjects by visiting https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/.

8.4 You may exercise any of your rights in relation to your personal data [by written notice to us, using the contact details set out below].

OR

8. Your rights

8.1 In this Section 8, we have summarised the rights that you have under data protection law. Some of the rights are complex, and not all of the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

8.2 Your principal rights under data protection law are:

(a) the right to access – you can ask for copies of your personal data;

(b) the right to rectification – you can ask us to rectify inaccurate personal data and to complete incomplete personal data;

(c) the right to erasure – you can ask us to erase your personal data;

(d) the right to restrict processing – you can ask us to restrict the processing of your personal data;

(e) the right to object to processing – you can object to the processing of your personal data;

(f) the right to data portability – you can ask that we transfer your personal data to another organisation or to you;

(g) the right to complain to a supervisory authority – you can complain about our processing of your personal data; and

(h) the right to withdraw consent – to the extent that the legal basis of our processing of your personal data is consent, you can withdraw that consent.

8.3 You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee.[ You can access [your personal data] by visiting [WWW.CROSSCONNECTION.CO.UK] when logged into our website.]

8.4 You have the right to have any inaccurate personal data about you rectified and, taking into account the purposes of the processing, to have any incomplete personal data about you completed.

8.5 In some circumstances you have the right to the erasure of your personal data without undue delay. Those circumstances include: [the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; you object to the processing under certain rules of applicable data protection law; the processing is for direct marketing purposes; and the personal data have been unlawfully processed]. However, there are exclusions of the right to erasure. The general exclusions include where processing is necessary: [for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims].

8.6 In some circumstances you have the right to restrict the processing of your personal data. Those circumstances are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.

8.7 You have the right to object to our processing of your personal data on grounds relating to your particular situation, but only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

8.8 You have the right to object to our processing of your personal data for direct marketing purposes (including profiling for direct marketing purposes). If you make such an objection, we will cease to process your personal data for this purpose.

8.9 You have the right to object to our processing of your personal data for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

8.10 To the extent that the legal basis for our processing of your personal data is:

(a) consent; or

(b) that the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract,

and such processing is carried out by automated means, you have the right to receive your personal data from us in a structured, commonly used and machine-readable format. However, this right does not apply where it would adversely affect the rights and freedoms of others.

8.11 If you consider that our processing of your personal data infringes data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.

8.12 To the extent that the legal basis for our processing of your personal data is consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing before the withdrawal.

8.13 You may exercise any of your rights in relation to your personal data [by written notice to us] OR [by [methods]][, in addition to the other methods specified in this Section 8].

9. Third party websites

9.1 Our website includes hyperlinks to, and details of, third party websites.

9.2 In general we have no control over, and are not responsible for, the privacy policies and practices of third parties.

10. Personal data of children

10.1 Our [website and services are] targeted at persons over the age of [13] OR [16] OR [18] OR [[specify age]].

10.2 If we have reason to believe that we hold personal data of a person under that age in our databases, we will delete that personal data.

11. Updating information

11.1 Please let us know if the personal information that we hold about you needs to be corrected or updated.

12. Acting as a data processor

12.1 In respect of [specify data], we do not act as a data controller; instead, we act as a data processor.

12.2 Insofar as we act as a data processor rather than a data controller, this policy shall not apply. Our legal obligations as a data processor are instead set out in the contract between us and the relevant data controller.

13. About cookies

13.1 A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser and is stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server.

13.2 Cookies may be either “persistent” cookies or “session” cookies: a persistent cookie will be stored by a web browser and will remain valid until its set expiry date, unless deleted by the user before the expiry date; a session cookie, on the other hand, will expire at the end of the user session, when the web browser is closed.

13.3 Cookies may not contain any information that personally identifies a user, but personal data that we store about you may be linked to the information stored in and obtained from cookies.

14. Cookies that we use

14.1 We use cookies for the following purposes:

(a) [authentication and status – we use cookies [to identify you when you visit our website and as you navigate our website, and to determine if you are logged into the website][ (cookies used for this purpose are: [identify cookies])]];

(b) [personalisation – we use cookies [to store information about your preferences and to personalise the website for you][ (cookies used for this purpose are: [identify cookies])]];

(c) [security – we use cookies [as an element of the security measures used to protect user accounts, including preventing fraudulent use of login credentials, and to protect our website and services generally][ (cookies used for this purpose are: [identify cookies])]];

(d) [advertising – we use cookies [to help us to display advertisements that will be relevant to you][ (cookies used for this purpose are: [identify cookies])]];

(e) [analysis – we use cookies [to help us to analyse the use and performance of our website and services][ (cookies used for this purpose are: [identify cookies])]]; and

(f) [cookie consent – we use cookies [to store your preferences in relation to the use of cookies more generally][ (cookies used for this purpose are: [identify cookies])]].

[additional list items]

15. Cookies used by our service providers

15.1 Our service providers use cookies and those cookies may be stored on your computer when you visit our website.

15.2 We use Google Analytics. Google Analytics gathers information about the use of our website by means of cookies. The information gathered is used to create reports about the use of our website. You can find out more about Google’s use of information by visiting https://www.google.com/policies/privacy/partners/ and you can review Google’s privacy policy at https://policies.google.com/privacy.[ The relevant cookies are: [identify cookies].]

15.3 We publish Google AdSense advertisements on our website[, together with advertisements from the following advertisers and advertising networks that are distributed by Google: [identify and provide links to advertisers and networks]]. The advertisements may be personalised to reflect your interests. To help determine your interests Google and its partners use cookies.[ The relevant cookies served from our website are [identify cookies].] The cookies are used to track your previous visits to our website and your visits to other websites. You can opt out of Google’s personalised advertising by visiting https://www.google.com/settings/ads and you can opt out of third party cookies use for personalised advertising by visiting http://www.aboutads.info. You can review Google’s privacy policy at https://policies.google.com/privacy.

15.4 We use a Facebook pixel on our website. Using the pixel, Facebook collects information about the users and use of our website. The information is used to personalise Facebook advertisements and to analyse the use of our website. To find out more about the Facebook pixel and about Facebook’s use of personal data generally, see the Facebook cookie policy at https://www.facebook.com/policies/cookies/ and the Facebook privacy policy at https://www.facebook.com/about/privacy. The Facebook cookie policy includes information about controlling Facebook’s use of cookies to show you advertisements. If you are a registered Facebook user, you can adjust how advertisements are targeted by following the instructions at https://www.facebook.com/help/568137493302217.

15.5 We use [identify service provider] to [specify service]. This service uses cookies for [specify purpose(s)]. You can view the privacy policy of this service provider at [WWW.CROSSCONNECTION.CO.UK].[ The relevant cookies are: [identify cookies].]

16. Managing cookies

16.1 Most browsers allow you to refuse to accept cookies and to delete cookies. The methods for doing so vary from browser to browser, and from version to version. You can however obtain up-to-date information about blocking and deleting cookies via these links:

(a) https://support.google.com/chrome/answer/95647 (Chrome);

(b) https://support.mozilla.org/en-US/kb/enable-and-disable-cookies-website-preferences (Firefox);

(c) https://help.opera.com/en/latest/security-and-privacy/ (Opera);

(d) https://support.microsoft.com/en-gb/help/17442/windows-internet-explorer-delete-manage-cookies (Internet Explorer);

(e) https://support.apple.com/en-gb/guide/safari/manage-cookies-and-website-data-sfri11471/mac (Safari); and

(f) https://privacy.microsoft.com/en-us/windows-10-microsoft-edge-and-privacy (Edge).

[additional list items]

16.2 Blocking all cookies will have a negative impact upon the usability of many websites.

16.3 If you block cookies, you will not be able to use all the features on our website.

17. Cookie preferences

17.1 You can manage your preferences relating to the use of cookies on our website by visiting: [WWW.CROSSCONNECTION.CO.UK]

18. Amendments

18.1 We may update this policy from time to time by publishing a new version on our website.

18.2 You should check this page occasionally to ensure you are happy with any changes to this policy.

18.3 We [may] OR [will] notify you of [changes] OR [significant changes] to this policy [by email].

19. Our details

19.1 This website is owned and operated by [name].

19.2 We are registered in [England and Wales] under registration number [number], and our registered office is at [address].

19.3 Our principal place of business is at [address].

19.4 You can contact us:

(a) [by post, to [the postal address given above]];

(b) [using our website contact form];

(c) [by telephone, on [the contact number published on our website]]; or

(d) [by email, using [the email address published on our website]].

[additional list items]

20. Representative within the European Union

20.1 Our representative within the European Union with respect to our obligations under data protection law is [identify representative] and you can contact our representative by [contact details].

21. Data protection officer

21.1 Our data protection officer’s contact details are: [contact details].

Privacy and cookies policy (social networking): drafting notes

A website privacy and cookies policy can have more than one purpose. From a lawyer’s perspective, the primary concern is compliance with disclosure of data protection legislation. Across the EU and in the UK, that means compliance with the General Data Protection Regulation and related legislation. However, there are also marketing and user relations perspectives.

Users expect website privacy policies and practices to be fair. For some users, unfair policies and practices may be enough to turn them away from a website or service. This is particularly true in the case of social networking websites and services, which process lots of personal information. This privacy and cookies policy template has been created with social networking websites specifically in mind. It is an adapted version of our standard privacy and cookies policy template, and contains many of the same provisions.

The key aspects of the policy are as follows.

Collection: what personal data are collected by the website? Typically, social network operators will collect, store and process usage data, profile information, information submitted in the course of using website services such as friendship data and private messaging data, and information imported from third party services such as Facebook and LinkedIn.

Use: for what purposes will the personal data be used? In addition to the obvious purposes such as enabling the operation of the website and the provision of website services, an operator may wish to use personal data for marketing and other potentially less-welcome activities. Where marketing activities require specific consent, a consent statement buried in the legal documentation will not be sufficient.

Disclosure: to whom may personal information collected through the website be disclosed? For instance, will it be disclosed to subcontractors, suppliers, professional advisors or other group companies? Personal information published on the website may, of course, be disclosed to the entire world.

Transfer: to which countries may personal data be transferred? The rationale for providing this information is that countries outside the UK and EEA may not have data protection laws equivalent to those within.

Retention: for what period or periods will personal data be retained by the operator? Some information may be required for so long as the website continues to operate, while other information may quickly lose its usefulness.

In addition to these “core” provisions, the section concerning personal data disclosures also covers amendments to the policy, data subjects’ statutory rights and third party privacy policies.

The section concerning cookies is designed to aid compliance with the ePrivacy Directive and, in the UK, the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as subsequently amended). In this section, the website operator should disclose information about the cookies used on the website, including analytics cookies and third party cookies. You will also need to consider how to comply with the consent requirements in the Regulations.

Regulation (EU) 2016/679 (General Data Protection Regulation) – https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32016R0679

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

The right to be informed, Guide to the GDPR, UK Information Commissioner’s Office – https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/the-right-to-be-informed/

Section 1: Introduction

These introductory provisions may be used to draw individuals’ attention to some of the key issues addressed in the document.

Section 1.1

Optional element.

Section 1.2

“Personal data” is defined in Article 4(1) of the GDPR:

“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

Section 1.3

Optional element.

Section 1.4

Optional element.

The inclusion of this statement in your privacy policy will not in itself satisfy the requirements of the Privacy and Electronic Communications (EC Directive) Regulations 2003 as regards consent to the use of cookies. Guidance concerning methods of obtaining such consent is included on the Information Commissioner’s website.

Cookies and similar technologies, Guide to PECR, UK Information Commissioner’s Office – https://ico.org.uk/for-organisations/guide-to-pecr/cookies-and-similar-technologies/

Section 1.5

Optional element.

Section 2: The personal data that we collect

The GDPR requires that controllers disclose to data subjects certain information about the personal data that they collect, in particular where the data does not come direct from the data subject.

These provisions are designed to help with this requirement, and also to help you to categorise the personal data collected in a way that makes it easy to differentiate between types of personal data elsewhere in the document.

As you will see, there is quite a lot of overlap between the different categories that we suggest. For example, individual names could fall into several different categories. In editing these provisions, you should retain those categories of data that most closely reflect the organisation of data in your business, delete the others, and add new categories as necessary.

Turning to the legislative provisions, Article 14(1) of the GDPR provides that:

“Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information: … (d) the categories of personal data concerned …”. 

Article 14(2) of the GDPR, which also applies in the case that the personal data have not been obtained from the data subject, provides that:

“In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject: … (f) from which source the personal data originate, and if applicable, whether it came from publicly accessible sources … “.

As regards the identification of the source of personal data in the case that the personal data is not obtained from the data subject, the guidance from the European Data Protection Board states that:

“The specific source of the data should be provided unless it is not possible to do so … . If the specific source is not named then information provided should include: the nature of the sources (i.e. publicly / privately held sources) and the types of organisation / industry / sector.”

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Section 2.2

Optional element.

Section 2.3

Optional element.

Section 2.4

Optional element.

Section 2.5

Optional element.

Section 2.6

Optional element.

Section 2.7

Optional element.

Section 2.8

Optional element.

Use this form of provision to identify other categories of personal data that may be processed.

Section 2.9

Optional element.

Section 3: Purposes of processing and legal bases

The GDPR requires that controllers disclose to data subjects detailed information about the purposes and legal bases of their processing of personal data.

We have suggested some typical purposes here, but you may need to remove some of the suggested ones and add your own. Equally, while we have suggested some possible legal bases of processing in relation to each identified purpose or set of purposes, the most appropriate legal basis will depend upon your specific circumstances.

The relevant requirements are set out in Articles 13 and 14 of the GDPR.

Article 13(1) of the GDPR provides that:

“Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: … (c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing; (d) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party”.

Article 14(1) of the GDPR provides that:

“Where personal data have not been obtained from the data subject, the controller shall provide the data subject with the following information: … (c) the purposes of the processing for which the personal data are intended as well as the legal basis for the processing …”. 

Article 14(2) of the GDPR, which also applies in the case that the personal data have not been obtained from the data subject, provides that:

“In addition to the information referred to in paragraph 1, the controller shall provide the data subject with the following information necessary to ensure fair and transparent processing in respect of the data subject: … (b) where the processing is based on point (f) of Article 6(1), the legitimate interests pursued by the controller or by a third party … “.

Article 6(1)(f) of the GDPR, which is referred to in Articles 13 and 14, provides that:

“(1) Processing shall be lawful only if and to the extent that at least one of the following applies: … (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

The UK Information Commissioner’s Office website provides useful guidance in relation to the selection of the legal bases for processing.

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/

Article 6, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-6-gdpr/

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Lawful basis of processing, Guide to the GDPR, UK Information Commissioner’s Office – https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/

Section 3.2

Optional element.

Section 3.3

Optional element.

Section 3.4

Optional element.

Section 3.5

Optional element.

Section 3.6

Optional element.

Section 3.7

Optional element.

Section 3.8

Optional element.

Section 3.9

Optional element.

Section 3.10

Optional element.

Section 3.11

Optional element.

Section 3.12

Optional element.

Section 4: Automated decision-making

Optional element.

Article 13(2)(f) of the GDPR provides that:

“In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: … (f) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.”

Profiling is defined in Article 4(4) of the GDPR:

“‘profiling’ means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements”.

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 4, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-4-gdpr/

Section 5: Providing your personal data to others

Article 13(1)(e) of the GDPR requires that where personal data are collected from the data subject, the data controller must provide the data subject with information about “the recipients or categories of recipients of the personal data”.

Equivalent rules for data collected from someone other than the data subject are in Article 14(1)(e).

Although the GDPR refers to “categories of recipients”, the guidance from the European Data Protection Board on this subject states:

“The term ‘recipient’ is defined in Article 4.9 as ‘a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not’ [emphasis added]. As such, a recipient does not have to be a third party. Therefore, other data controllers, joint controllers and processors to whom data is transferred or disclosed are covered by the term ‘recipient’ and information on such recipients should be provided in addition to information on third party recipients. The actual (named) recipients of the personal data, or the categories of recipients, must be provided. In accordance with the principle of fairness, controllers must provide information on the recipients that is most meaningful for data subjects. In practice, this will generally be the named recipients, so that data subjects know exactly who has their personal data. If controllers opt to provide the categories of recipients, the information should be as specific as possible by indicating the type of recipient (i.e. by reference to the activities it carries out), the industry, sector and sub-sector and the location of the recipients.”

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Section 5.1

Optional element.

Section 5.2

Optional element.

Section 5.3

Optional element.

Section 5.4

Optional element.

Section 6: International transfers of your personal data

Optional element.

Article 13(1)(f) of the GDPR requires that data controllers disclose to data subjects “where applicable, the fact that the controller intends to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or in the case of transfers referred to in Article 46 [transfers subject to appropriate safeguards] or 47 [binding corporate rules], or the second subparagraph of Article 49(1) [limited transfers for compelling legitimate interests], reference to the appropriate or suitable safeguards and the means by which to obtain a copy of them or where they have been made available”.

The European Data Protection Board (EDPB) guidance on this issues states:

“The relevant GDPR article permitting the transfer and the corresponding mechanism … should be specified. Information on where and how the relevant document may be accessed or obtained should also be provided e.g. by providing a link to the mechanism used. In accordance with the principle of fairness, the information provided on transfers to third countries should be as meaningful as possible to data subjects; this will generally mean that the third countries be named.”

Section 6.1

If the data controller is outside the United Kingdom and within the EEA, consider removing the reference to the United Kingdom from this provision.

Section 6.2

Optional element.

Section 6.3

Optional element.

Section 6.4

Optional element.

Section 6.5

Optional element. Will users have the opportunity to publish personal information on the website?

Section 7: Retaining and deleting personal data

Article 5(1)(e) of the GDPR sets out the storage limitation, one of the fundamental rules of the regime:

“Personal data shall be: … kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject … “.

Article 13(2) of the GDPR provides, in relation to personal data collected from the data subject, that:

“… the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: (a) the period for which the personal data will be stored, or if that is not possible, the criteria used to determine that period …”.

Article 14(2) of the GDPR makes similar provision in relation to personal data that is not collected from the data subject.

The European Data Protection Board guidance on this issue states:

“This is linked to the data minimisation requirement in Article 5.1(c) and storage limitation requirement in Article 5.1(e). The storage period (or criteria to determine it) may be dictated by factors such as statutory requirements or industry guidelines but should be phrased in a way that allows the data subject to assess, on the basis of his or her own situation, what the retention period will be for specific data / purposes. It is not sufficient for the data controller to generically state that personal data will be kept as long as necessary for the legitimate purposes of the processing. Where relevant, the different storage periods should be stipulated for different categories of personal data and/or different processing purposes, including where appropriate, archiving periods.”

Article 5, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-5-gdpr/

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Section 7.3

Section 7.4

Optional element.

Section 8: Your rights

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Section 8: Your rights

Article 13(2) of the GDPR provides that, where personal data is collected from a data subject, certain information about data subject rights must be provided:

“In addition to the information referred to in paragraph 1, the controller shall, at the time when personal data are obtained, provide the data subject with the following further information necessary to ensure fair and transparent processing: … (b) the existence of the right to request from the controller access to and rectification or erasure of personal data or restriction of processing concerning the data subject or to object to processing as well as the right to data portability; (c) where the processing is based on point (a) of Article 6(1) or point (a) of Article 9(2), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; …”.

Similar provisions are set out in Article 14 in relation to personal data which is not collected from the relevant data subject.

The European Data Protection Board guidance on this issue states:

“This information should be specific to the processing scenario and include a summary of what the right involves and how the data subject can take steps to exercise it and any limitations on the right … . In particular, the right to object to processing must be explicitly brought to the data subject’s attention at the latest at the time of first communication with the data subject and must be presented clearly and separately from any other information.”

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/

Guidelines on transparency under Regulation 2016/679, European Data Protection Board – https://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=622227

Section 8.3

The right to access is set out in Article 15 of the GDPR.

Article 15, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-15-gdpr/

Section 8.4

The right to rectification is set out in Article 16 of the GDPR.

Article 16, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-16-gdpr/

Section 8.5

The right to erasure (or right to be forgotten) is set out in Article 17 of the GDPR, and must be notified to data subjects under Articles 13(2)(b), 14(2)(c) and 15(1)(e) of the GDPR.

Consider modifying the highlighted circumstances and exclusions, depending upon what will be most relevant to your processing.

Article 17, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-17-gdpr/

Section 8.6

Article 18(1) of the GDPR states:

“The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; (d) the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

Article 18, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-18-gdpr/

Section 8.7

The right to object to processing is detailed in Article 21 of the GDPR, and must be notified to data subjects under Articles 21(4), 13(2)(b) and 14(2)(c).

Article 21, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-21-gdpr/

Section 8.8

Optional element.

Article 21(3) of the GDPR states:

“Where the data subject objects to processing for direct marketing purposes, the personal data shall no longer be processed for such purposes.”

Article 21, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-21-gdpr/

Section 8.9

Optional element.

This right is set out in Article 21(6) of the GDPR. 

Article 21, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-21-gdpr/

Section 8.10

The right to data portability is set out in full in Article 20 of the GDPR, and must be notified to data subjects under Articles 13(2)(b) and 14(2)(c).

Article 20, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-20-gdpr

Section 8.11

The right to lodge a complaint with a supervisory authority is set out in Article 77 of the GDPR, and must be notified to data subjects under Articles 13(2)(d), 14(2)(e) and 15(1)(f). 

Article 77, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-77-gdpr

Section 8.12

Article 7(3) of the GDPR sets out the right of withdrawal. The right must be notified to data subjects under Articles 13(2)(c) and 14(2)(d). See also Article 17(1)(b).

Article 7, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-7-gdpr

Article 17, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-17-gdpr/

Section 9: Third party websites

Optional element.

Section 10: Personal data of children

Optional element.

Section 11: Updating information

Optional element.

Section 12: Acting as a data processor

Optional element.

Section 13: About cookies

Under EU law, there are two additional requirements in relation to the use of cookies and similar technologies, which apply over-and-above the rules regulating the processing of personal data: a consent requirement and an information disclosure requirement. The provisions of this document relating to cookies are designed to aid compliance with the information disclosure requirement.

This requirement derives from Article 5(3) of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications), which provides that:

“Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.”

The requirement is implemented in the UK in the Privacy and Electronic Communications (EC Directive) Regulations 2003. In its current (amended) form, Regulation 6 states:

“(1) Subject to paragraph (4), a person shall not store or gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment – (a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and (b) has given his or her consent.

(3) Where an electronic communications network is used by the same person to store or access information in the terminal equipment of a subscriber or user on more than one occasion, it is sufficient for the purposes of this regulation that the requirements of paragraph (2) are met in respect of the initial use.

(3A) For the purposes of paragraph (2), consent may be signified by a subscriber who amends or sets controls on the internet browser which the subscriber uses or by using another application or programme to signify consent.

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information – (a) for the sole purpose of carrying out the transmission of a communication over an electronic communications network; or (b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.”

In their original form, these Regulations can be found on the legislation.gov.uk website.

Directive 2002/58/EC (Directive on privacy and electronic communications) – https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32002L0058&from=EN

Privacy and Electronic Communications (EC Directive) Regulations 2003 (original form) – http://www.legislation.gov.uk/uksi/2003/2426/made

Section 13.2

Optional element.

Section 13.3

Optional element.

Section 15: Cookies used by our service providers

Does the website serve any third party cookies, analytics cookies or tracking cookies to users?

Section 15.2

Optional element.

Section 15.3

Optional element. Will Google advertisements be published on the website?

Note: Google’s has particular privacy notification requirements in relation to the publication of Google advertisements on a website.

Required content, AdSense Help, Google, Inc – https://support.google.com/adsense/answer/1348695?hl=en-GB

Section 15.4

Optional element. Will the website use a Facebook pixel?

Section 15.5

Optional element.

Section 16: Managing cookies

Section 16.3

Optional element. Will the blocking of cookies have a negative effect upon the use of the website from a user perspective?

Section 17: Cookie preferences

Are there any cookie preference management facilities available to users on the website?

Section 17.1

Identify the web page users should visit to manage their cookie preferences.

Section 18: Amendments

Optional element.

Section 18.2

Optional element.

Section 18.3

Optional element. Will you contact users to notify them of changes to this policy?

How will users be notified of changes to the document?

Section 19: Our details

UK companies must provide their corporate names, their registration numbers, their place of registration and their registered office address on their websites (although not necessarily in this document).

Sole traders and partnerships that carry on a business in the UK under a “business name” (i.e. a name which is not the name of the trader/names of the partners or certain other specified classes of name) must also make certain website disclosures: (a) in the case of a sole trader, the individual’s name; (b) in the case of a partnership, the name of each member of the partnership; and (c) in either case, in relation to each person named, an address in the UK at which service of any document relating in any way to the business will be effective.

All websites covered by the Electronic Commerce (EC Directive) Regulations 2002 must provide a geographic address (not a P.O. Box number) and an email address.

All website operators covered by the Provision of Services Regulations 2009 must also provide a telephone number.

Electronic Commerce (EC Directive) Regulations 2002 (original version) – https://www.legislation.gov.uk/uksi/2002/2013/made

Provision of Services Regulations 2009 – https://www.legislation.gov.uk/uksi/2009/2999

Section 19.1

What is the name of the company, partnership, individual or other legal person or entity that owns and operates the website?

Section 19.2

Optional element. Is the relevant person a company?

In what jurisdiction is the company registered?

What is the company’s registration number or equivalent?

Where is the company’s registered address?

Section 19.3

Optional element.

Where is the relevant person’s head office or principal place of business?

Section 19.4

Optional element.

By what means may the relevant person be contacted?

Where is the relevant person’s postal address published?

Either specify a telephone number or give details of where the relevant number may be found.

Either specify an email address or give details of where the relevant email address may be found.

Section 20: Representative within the European Union

Optional element.

Section 20.1

Article 3(2) of the GDPR provides that:

“This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: (a) the offering of goods or services, irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or (b) the monitoring of their behaviour as far as their behaviour takes place within the Union.”

Article 27(1) of the GDPR provides that:

“Where Article 3(2) applies, the controller or the processor shall designate in writing a representative in the Union.”

There are however some exceptions here. Article 27(2) of the GDPR provides that:

“The obligation laid down in paragraph 1 of this Article shall not apply to: (a) processing which is occasional, does not include, on a large scale, processing of special categories of data as referred to in Article 9(1) or processing of personal data relating to criminal convictions and offences referred to in Article 10, and is unlikely to result in a risk to the rights and freedoms of natural persons, taking into account the nature, context, scope and purposes of the processing; or (b) a public authority or body.”

Where a representative has been appointed, Article 13(1)(a) of the GDPR provides that:

“Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information: (a) the identity and the contact details of the controller and, where applicable, of the controller’s representative”.

Article 3, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-3-gdpr

Article 27, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-27-gdpr

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Section 21: Data protection officer

Optional element.

Section 21.1

Some data controllers and data processors will have an obligation to appoint a data protection officer (DPO). The basic obligation is set out in Article 37(1) of the GDPR:

“The controller and the processor shall designate a data protection officer in any case where: (a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; (b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or (c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10.”

Article 13(1) of the GDPR provides that:

“Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject with all of the following information … (b) the contact details of the data protection officer, where applicable”.

See also Article 14(1)(b).

Insert contact details of the appointed data protection officer (if any).

Article 37, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-37-gdpr

Article 13, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-13-gdpr/

Article 14, Regulation (EU) 2016/679 (General Data Protection Regulation) – https://gdpr-info.eu/art-14-gdpr/