I can write a complete, ready-to-use UK GDPR/PECR-compliant privacy policy in HTML, but I need a few details to avoid guessing and to ensure legal accuracy. Please provide:
1) Controller details
– Legal entity name (and trading name if different from “TheCityIsOurs”)
– Registered address and country
– Preferred privacy contact email (and phone, if you want it shown)
– Do you have a Data Protection Officer (DPO) or a privacy contact? Provide name or role title and contact email
– ICO registration number (if registered)
2) Website data and features
– What data you collect: contact forms, account registration, newsletter sign-ups, event/ticket sales, donations, job applications, comments, user-generated content, surveys, competitions, etc.
– Whether you collect special category data or data about children
– Whether the site is intended for users under 13/16
3) Third-party services and transfers
– Hosting/CDN provider and typical server location(s)
– Analytics (e.g., Google Analytics), advertising, social media plugins, maps, video embeds, A/B testing
– Email/SMS tools (e.g., Mailchimp, SendGrid), CRM, helpdesk/live chat, form tools, scheduling/booking
– Payment processors (e.g., Stripe, PayPal) and what is processed on-site vs. directly by the provider
– Any other processors or integrations
– Whether any providers transfer data outside the UK/EEA and what safeguards you rely on (SCCs, IDTA, UK Addendum)
4) Cookies and consent
– List of cookies or categories used (strictly necessary, analytics, functional, advertising) and typical lifetimes
– Do you use a cookie banner/consent management platform? Which one and how it functions (prior consent for non-essential cookies, granular controls, withdraw/change consent)
5) Retention and legal specifics
– Retention periods for: contact enquiries, account data, newsletter subscription, transaction records, job applications, analytics data, server logs
– Lawful bases used where relevant (e.g., consent for marketing, contract for orders, legitimate interests for security/analytics)
– Security measures you want disclosed (e.g., encryption in transit/at rest, access controls, backups, pseudonymisation)
– Effective date for the policy and a “last updated” date
If you prefer, I can propose conservative defaults (e.g., Google Analytics with prior consent, UK hosting with standard safeguards, privacy@thecityisours.co.uk as the contact, no under-13s, and standard retention periods) and you can confirm or amend before I generate the final HTML.