Use this GDPR-enhanced privacy policy starter when a company may process personal data from individuals in the EEA or UK.
Teams should tailor lawful bases, transfer mechanisms, controller/processor roles, retention periods, and local representative details before publication.
What is inside
Lawful bases
International transfers
EEA and UK rights
Controller details
Retention
Supervisory authority rights
These resources are starting points, not legal advice. Review every template and recommendation against your facts, policies, and applicable law before use.