To draft a complete, ready-to-publish UK GDPR/PECR-compliant privacy policy for NewAgeSpiritualist that includes accurate controller and contact details (including a DPO or privacy contact), I need a few specifics. Please provide:
1) Identity and contacts
– Legal name of the data controller and the trading name you want displayed
– Registered address (including country) and main contact phone
– Dedicated privacy contact email
– Whether you have appointed a Data Protection Officer (DPO). If yes: DPO name and email. If no: confirm no DPO.
2) Regulatory information
– ICO registration number (if registered) or confirm not registered/awaiting
– Whether you are a registered charity (and charity number, if applicable)
3) Website data collection
– Forms used (contact form, membership/join, event registration, prayer/intention requests, volunteering, donations) and fields collected
– Whether you run user accounts/login on the site
4) Cookies and tracking
– Analytics or tracking tools used (e.g., Google Analytics, Matomo), advertising pixels (if any), embedded services (YouTube/Vimeo, Google Maps, reCAPTCHA), social plug-ins
– Cookie consent tool used (e.g., CookieYes, Cookiebot) and your cookie categorization (strictly necessary, preferences, analytics, marketing)
5) Processors and integrations
– Hosting provider and server location
– Email/newsletter platform (e.g., Mailchimp), form tools, CRM
– Payment/donation processor (e.g., Stripe, PayPal) and whether card data is handled on your site or only by the processor
6) Typical retention periods
– Contact form enquiries
– Newsletter subscriber data
– Membership/volunteer records
– Donation/financial records
– Web server logs and analytics data
– Event/booking records
7) International transfers
– Any transfers outside the UK/EEA (e.g., US service providers) and the safeguards used (UK IDTA or EU SCCs with UK Addendum)
8) Marketing practices
– How you obtain consent for email/SMS marketing and whether you rely on legitimate interests for certain communications
9) Children
– Whether your services target children and any minimum age requirement for online forms
10) Effective date and jurisdiction
– Effective date you want shown on the policy
– Preferred contact method for privacy requests (email only, email + postal)
If you prefer, I can produce a conservative, legally compliant draft that:
– States you are the controller, that no DPO is appointed, and uses a single privacy contact email you confirm
– Lists common processors (hosting, email newsletter, donations) in generic terms without naming vendors
– Uses standard UK retention periods and international transfer safeguards
Please confirm if that approach is acceptable and provide the privacy contact email you want published.