← Back to GDPR Privacy Notice Template

Free preview: Customer Privacy Notice

These are the genuine opening sections of one document from the GDPR Privacy Notice Template (1 documents total). The amber [placeholders] are what you customize — everything else is ready to use.

Customer Privacy Notice

Purpose. This standard provides the customizable text of the public privacy notice that [Company Name] must present to customers, prospects, website visitors, and other external individuals whose personal data it processes. It contains every information element required by Art. 13 GDPR for data collected from the individual and Art. 14 GDPR for data obtained from other sources, arranged as sections the organization tailors before publication. Once customized and approved, the published notice is the organization's primary transparency artifact for external data subjects.

How to Use This Template

This section is internal guidance and must be deleted before publication. The remaining sections form the customer-facing notice. Before publishing, the [Privacy Lead] must replace every bracketed placeholder, delete any section or table row that does not reflect actual processing, and verify each statement against the organization's records: lawful bases against the Lawful Basis Assessment Guide, retention statements against the Data Retention and Deletion Policy, transfer statements against the International Data Transfer Policy, and the inventory of processing against the Records of Processing Activities Standard.

Timing rules: where data is collected directly from the individual, this notice must be available at the moment of collection (Art. 13). Where data is obtained from another source, the notice must be provided within one month of obtaining the data, at the first communication with the individual, or before the first disclosure to another recipient, whichever occurs first (Art. 14).

Who We Are and How to Contact Us

[Company Name], registered at [registered address] under company number [company number], is the controller responsible for your personal data described in this notice. You can contact us about anything in this notice at [privacy@company.example] or by writing to [postal address].

Our [Data Protection Officer / privacy contact] can be reached at [dpo@company.example]. [Delete or adapt: We have appointed [representative name and address] as our representative in the European Union under Art. 27 GDPR.] [Delete or adapt: We have appointed [representative name and address] as our representative in the United Kingdom.]

The Personal Data We Collect and Where It Comes From

We collect the categories of personal data listed below. Most of it comes directly from you; where we obtain data from another source, the table identifies that source, and we indicate where the source is publicly accessible. We do not intentionally collect special category data (such as health data) from customers; if a specific service requires it, we will tell you separately and explain the legal basis at that point.

Why We Use Your Personal Data and Our Lawful Bases

We only use your personal data where the GDPR gives us a lawful basis to do so. The table below lists each purpose, the data involved, and the basis we rely on.

Where we need your personal data to enter into or perform a contract with you, such as a delivery address to fulfill an order, failing to provide it means we may be unable to supply the product or service. Where collection is required by law, such as identity information needed for [tax or anti-money-laundering] purposes, we will tell you at the point of collection and explain the consequences of not providing it.

— Preview ends. The full document continues with 0 more documents in the toolkit. —

Get the full toolkit — $12

More free previews

See real opening sections from our other compliance toolkits before you buy:

← Browse all compliance toolkits

Professional editable templates — general information only, not legal, audit, tax, or certification advice, and no professional or advisory relationship is created. No purchase makes an organization compliant or certified. Review each document with qualified counsel, your compliance professional, or your auditor before relying on it. ISO, IEC, SOC 2, AICPA, HIPAA, NIST, GDPR, the EU AI Act, IRS and FTC are referenced descriptively only; ComplianceDocs (ExpertEngine LLC) is independent and is not affiliated with, endorsed by, or certified by any standards body, regulator, or audit firm.