This is a template website privacy policy for councils using Parish Online. Copy the HTML content below this box and paste it into your website page editor (use the HTML or source code view in your CMS). Then work through the following steps before publishing:
Last updated: [DATE, for example 1 June 2026]
[COUNCIL NAME] is committed to protecting your privacy and handling your personal data fairly, lawfully and transparently.
This Privacy Policy explains how we collect, use, store and protect personal information when you use our website or contact the Council. This website is operated on our behalf by Parish Online.
This policy should be read alongside our Accessibility Statement and any service-specific privacy notices published by the Council.
For data protection purposes, [COUNCIL NAME] is the data controller.
⚠ INSTRUCTION – DELETE THIS BOX BEFORE PUBLISHING: Choose one of the two options below depending on your council's arrangements, then delete the other option and this instruction box.
Option A – use if your council has appointed a dedicated Data Protection Officer (DPO), typically larger town councils.
Option B – use if data protection enquiries are handled by the Clerk, as is common for smaller parish councils and parish meetings.
Option A – Data Protection Officer
The Council has appointed a Data Protection Officer (DPO).
The DPO can be contacted regarding any matter relating to the processing of personal data or to exercise your rights under data protection law.
Option B – Clerk to the Council
Data protection enquiries should be directed to the Clerk:
This Privacy Policy is provided in accordance with:
⚠ INSTRUCTION – DELETE THIS BOX BEFORE PUBLISHING: Add any further legislation specific to your council's activities, for example the Localism Act 2011 or relevant regulations applicable to services you provide. Remove this box when done.
Depending on how you interact with the Council, we may collect:
When you visit our website, we may automatically collect:
Where relevant, we may collect information necessary to provide council services or carry out statutory functions.
We collect personal data:
We use personal data to:
Under UK GDPR, the Council must have a lawful basis for processing personal data.
Most Council processing is necessary for the performance of tasks carried out in the public interest or in the exercise of official authority vested in the Council.
We process personal data where necessary to comply with legal obligations, including those arising under local government, audit, electoral and transparency legislation.
Where required, we will obtain your consent before processing your information. You may withdraw consent at any time by contacting us.
Where appropriate, we may process personal data for legitimate interests, provided those interests are not overridden by your rights and freedoms.
We may share personal data where necessary with:
Information is shared only where there is a lawful basis for doing so. The Council does not sell personal data.
This website is hosted and operated on behalf of the Council by Parish Online, acting as a data processor. Parish Online processes website data only on the Council's instructions and in accordance with a data processing agreement.
As a public authority, the Council is subject to the Freedom of Information Act 2000 and the Environmental Information Regulations 2004. Information provided to the Council may be disclosed where required by law.
When considering requests for information, the Council will balance its legal obligations with its responsibilities under data protection legislation. Personal data will only be disclosed where permitted by law.
The Council primarily stores and processes information within the United Kingdom. Where personal data is transferred outside the UK, we will ensure that appropriate safeguards are in place in accordance with UK GDPR, including adequacy regulations, International Data Transfer Agreements or approved contractual clauses.
The Council retains personal data only for as long as necessary. Retention periods are determined by statutory requirements, business needs, audit requirements and legal obligations, and by guidance issued by the National Association of Local Councils (NALC) and relevant records management standards.
When information is no longer required it will be securely deleted or destroyed.
The Council uses appropriate technical and organisational measures to protect personal data against unauthorised access, loss, destruction, alteration or disclosure. These include secure systems and servers, access controls, password protection, staff training, and regular review of security arrangements.
Under UK GDPR you have the following rights. To exercise any of these rights, please contact the Council or Data Protection contact listed above. We will respond within one month of receiving your request.
To know how your personal data is used.
To obtain a copy of personal data held about you (a Subject Access Request).
To have inaccurate or incomplete information corrected.
To request deletion of personal data where there is no longer a lawful basis to hold it.
To request limitations on how your data is used.
To obtain and reuse your personal data in certain circumstances.
To object to processing carried out under certain lawful bases, including the public task basis.
To challenge decisions made solely by automated means where applicable.
The Council does not carry out automated decision-making or profiling that produces legal or similarly significant effects on individuals.
If you are dissatisfied with how your personal data has been handled, you should first contact the Council or the Data Protection contact listed above.
You also have the right to complain to the Information Commissioner's Office (ICO):
Cookies are small text files placed on your device when you visit a website. The Council uses cookies to ensure the website functions correctly, improve website performance and understand how visitors use the website.
Some cookies are essential and do not require consent. Non-essential cookies, including analytics cookies, will only be placed after you have provided consent through the website's cookie banner. You may change your cookie preferences at any time through your browser settings or the website's cookie controls.
⚠ INSTRUCTION – DELETE THIS BOX BEFORE PUBLISHING: The table below lists the standard cookie categories used on Parish Online websites. If you have added any third-party tools or scripts to your website (such as Google Analytics, embedded maps or social media widgets), you may need to add rows for those cookies. Parish Online can advise on what cookies your site uses.
| Cookie type | Purpose | Consent required? |
|---|---|---|
| Strictly necessary | Enable core website functionality | No |
| Preferences | Remember user settings and choices, such as cookie consent | No |
| Analytics | Measure website usage and performance to help improve the site | Yes |
| Security | Protect website functionality and users from malicious activity | No |
A current list of cookies is available through the website's cookie management tool.
This website may contain links to external websites. The Council is not responsible for the content, privacy practices or security of third-party websites. You should read the privacy notices of any external websites you visit.
The Council may update this Privacy Policy from time to time. Any changes will be published on this page and will take effect immediately upon publication. We encourage you to review this policy periodically.