Which Policies do I need to Display on my Website?

I was recently asked by a client, which policies do I need to display on my website?

A couple immediately came to mind, but others depend on the size and nature of your organisation.

Here’s a brief overview of policies you should consider publishing on your website:

Privacy Policy

A privacy policy has long been required by any organisation who processes personal data, which is almost all of them.

However since the General Data Protection Regulations (GDPR) and subsequent member state legislation, this has come into sharp focus.

There are also other national and state privacy legislation such as the California Consumer Privacy Act (CCPA).

The privacy policy on a website may differ from the one that covers customer and employee data. Often Privacy policies posted to a website cover only how the “website visitor” data is processed, for example their IP address and any tracking cookies.

However it is also a good idea to make your general privacy policy easily available to customers.

Cookie Notice and Policy

Similarly, almost all websites use cookies, even if it is just for functionality.

A cookie notice and policy should be published to allow website users to choose which cookies are applied, and explain the purpose for each one.

Beware: some cookie plugins may display a notice but do not suppress cookies based on the user’s selection. Sometimes this is a premium add-on, so be sure to check with your web designer.

In the UK, cookie law is covered by the Privacy and Electronic Communications Regulations (PECR).

Modern Slavery Statement

(As at October 2023) If your organiation has an annual turnover of £36 million or more, and meets the other criteria below), you are required to produce a Modern Slavery Statement.

Many other organisations produce a statement voluntarily. This statement can commonly be found on an organisation’s website.

Modern Slavery Statement Criteria:

are a body corporate or a partnership (described as an ‘organisation’ in this service), wherever incorporated
carry on a business, or part of a business, in the UK
supply goods or services
have an annual turnover of £36 million or more

In the UK, the Modern Slavery Statement is covered by the Modern Slavery Act 2015 (Transparency in Supply Chains) Regulations 2015.

Terms and Conditions

Terms and conditions are more relevant if your website is selling goods or services online. Easy access to the terms and conditions of sale is essential.

Ensure compliance with eCommerce Regulations 2002, the Consumer Rights Act 2015 and other legislation.

Affiliate Link Notice

If your website includes affiliate links where you receive a payment or other incentive for referring traffic, you should ensure the website visitor is aware of this and describe the relationship.

Accessibility Statement

Governed by The Equality Act 2010 (“EQA”) and supported by the World Wide Web Consortium (“W3C”) and their Web Content Accessibility Guidelines (“WCAG”), websites are required to be accessible to the differing needs of their users.

An accessibility statement describes the technical and organisational controls you have implemented on your website to remove barriers to service.

Sustainability / ESG Information

While not a legal requirement, yet, organisations can benefit from promoting their sustainability and ESG policies on their website.

This can take many forms. Contact us for information on environmental, sustainability and other schemes.

Other Business Information

It should be clear to the visitor who operates the website and this means including some key information about your organisation including:

Registered Business name or Company Name.
Company Registration number (If applicable).
Place of company registration (e.g., England & Wales, Scotland) (if applicable).
Registered office address (for companies and LLPs).
Physical address or postal address,
VAT number (if registered).

Get a Legal Compliance Audit

Contact us to discuss a Legal Compliance Evaluation Audit from our experience consultants that will cover the requirements for your website and wider organisational obligations.

Explore common UK Legal Requirements required for ISO standards with our free legal register templates and database. UK Legal Register Template – Resilify.io.

Get Started

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
CONSENT	16 years 3 months 23 days 8 hours	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.

Cookie	Duration	Description
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how the user uses the website to present them with relevant ads and according to the user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	These cookies are set via embedded youtube-videos.
yt-remote-device-id	never	These cookies are set via embedded youtube-videos.