1. Introduction
Start with a simple sentence explaining the purpose of the document.
"The purpose of this privacy policy is to inform you about how [Company name] collects and uses your personal data when you browse our website [Site name]."
2. Contact information for the data controller
This is the person or entity legally responsible for data management.
-
Name of person in charge: [Name of director or company].
-
Email address : [Email address dedicated to questions about personal data, for example
dpo@[tonsite.com]] -
Postal address: [Address of company headquarters].
3. Types of data collected and purposes
This is the most important part. You have to be transparent about what data you're collecting and why.
4. Data recipients
Who has access to the data you collect?
"Your personal data is processed solely by [Company name] and is never sold to third parties. However, they may be passed on to subcontractors for business purposes, such as:
Site host [Name of host]
Payment providers (e.g. Stripe or PayPal)
Carriers for order delivery "
5. Data retention period
Specify how long you will keep the data before deleting it.
-
Customer data: [Example: "3 years after your last contact or your last order"].
-
Contact details: [Example: "The time required to process your request"].
-
Cookies: [Example: "13 months maximum"]
6. Your rights
In accordance with the RGPD, you must inform users of their rights.
You have the right to access, rectify, delete, port and oppose the processing of your personal data. To exercise these rights, please contact us at [Contact email address]. You also have the right to lodge a complaint with the CNIL.
7. Cookie management
A short paragraph explaining how cookies are used and how users can manage them.
"Our site uses cookies. For more information about the types of cookies we use and how to manage them, please visit our [Link to cookie management page, often embedded in the consent banner]."