New documents available

Privacy notice for employers

Employers inevitably collect, use and store personal information about their current and prospective staff. Under the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR), employers now need to tell them what information they hold, how they'll use it and for what purpose. They also need to tell them about their privacy rights and how the law protects them. Use this privacy notice to do this. It's suitable to give to both job applicants and current staff (whether they be employees, workers or contractors).

Privacy notice for landlords

Landlords (or licensors) inevitably collect, use and store personal information about their tenants or licensees. Under the Data Protection Act 2018 and the EU General Data Protection Regulations (GDPR), landlords now need to tell them what information they hold, how they'll use it and for what purpose. They also need to tell them about their privacy rights and how the law protects them. Use this privacy notice to do this.

Changes to existing documents

Employment

Consultancy agreement

We've added questions on whether or not the clients has issued a privacy notice to the consultant. There is a warning in place if they haven't. We've also amended relevant clauses to refer to and comply with the GDPR and the DPA 2018, and updated and added a section on data protection to the guidance.

We've also removed the questions asking whether the client or consultant is male or female (replacing them with gender-neutral language).

Finally, we've clarified that this document is primarily for use by the client, rather than the consultant. We hope to amend this in the future so that it can be used easily by either.

Employee handbook

As a result of the GDPR, we've added questions asking for details of the employer's data protection officer (if any), asking if the business is likely to transfer any personal data to third parties and whether the business makes any decisions using automated means. We've removed the question asking about the fee the employer charges to respond to an employee's request to document the personal data held about them.

We've also amended the following policies: Internet and electronic communications, Grievance and disciplinary procedures, Recruitment, and Data protection. The latter has been substantially expanded and covers the employer's responsibilities as a business (and so also the employee's responsibility to comply with the policy) and as an employer.

We've also added to and amended the guidance where necessary.

Employment agreement

We've added questions on whether or not the employer has issued a privacy notice. There is a warning in place if they haven't. We've also amended relevant clauses to refer to and comply with the GDPR and the DPA 2018, and updated and added to the guidance notes in numerous sections to detail the impact of new data protection law on the recruitment process.

We've also removed the question asking whether the employee is male or female (replacing it with gender-neutral language).

Employment statement

We've added a new section to the guidance on data protection issues.

Executive director's service agreement Fixed-term employment agreement Zero hours worker agreement

We've added questions on whether or not the employer has issued a privacy notice. There is a warning in place if they haven't. We've also amended relevant clauses to refer to and comply with the GDPR and the DPA 2018, and updated and added to the guidance notes in numerous sections to detail the impact of new data protection law on the recruitment process.

Job offer letter

We've updated the paragraphs in the letter regarding medical reports, criminal convictions and immigration checks (and the questions and explanations about the same). In the case of immigration checks, we've added a new question asking if the employer outsources the check. If so, a fair processing notice appears after the letter.

We've also added a question on whether or not the employer has issued a privacy notice. There is a warning in place if they haven't. We've also updated and added to the guidance notes in numerous sections to detail the impact of new data protection law on the recruitment process.

Licence for an employee to occupy residential accommodation

We've added a question asking if the landlord has given the tenant a privacy notice. If they haven't, a warning is triggered telling them that they need to do this.

We've also removed the question asking whether the employee is male or female (replacing it with gender-neutral language).

Service occupancy agreement (Scotland)

We've added a question asking if the landlord has given the tenant a privacy notice. If they haven't, a warning is triggered telling them that they need to do this.

Landlord & Tenant

Agreement for a landlord to share a house or flat
Assured shorthold tenancy agreement
Medium-term lease of commercial premises
Private residential tenancy agreement (Scotland)
Residential tenancy agreement (Northern Ireland)
Short-term lease of commercial premises

We've added a question asking if the landlord has given the tenant a privacy notice. If they haven't, a warning is triggered, along with a note on the 'what to do with your document' page, telling them that they need to do this.

We've also updated relevant clauses to refer to and comply with the GDPR and the DPA 2018, and added a new section to the guidance on data protection issues.

Agreement to let a room to a lodger on a serviced basis

We've added a question asking if the landlord has given the tenant a privacy notice. If they haven't, a warning is triggered, along with a note on the 'what to do with your document' page, telling them that they need to do this.

We've also removed the question asking whether the lodger is male or female (replacing it with gender-neutral language); removed the ability to include witness details via the questionnaire (in case the specified witness is later unavailable to sign); and added a new section to the guidance on data protection issues.

Licence to occupy business premises

We've added a question asking if the landlord has given the tenant a privacy notice. If they haven't, a warning is triggered telling them that they need to do this.

We've also removed the question asking whether the lodger is male or female (replacing it with gender-neutral language); removed the ability to include witness details via the questionnaire (in case the specified witness is later unavailable to sign); restructured the name and address questions (adding also postcode lookup functionality) in line with other documents; and added a new section to the guidance on data protection issues.

Notice to tenants of deposit protection scheme

We've updated the guidance and links regarding the scheme provider documents that need to be given to the tenant. We've also, where the landlord is a partnership, made changes to allow the names of the partners to be included along with the partnership name.

Business

Privacy and cookie policy for a website
Renamed: Privacy and cookie notice for a website

We've overhauled this document (and its guidance) in light of the GDPR, giving users the opportunity to fully outline what categories of information they capture via their website, what they do with it and their reasons behind it. It covers concepts such as third-party data transfers, anonymization v pseudonymisation and methods of cookie consent.

It also creates several optional 'just-in-time notices' for use on the website.

Sole traders now have the option to refer to themselves in the notice using either 'I/Me/My' or 'We/Us/Our'.

To be more in keeping with GDPR terminology, we've renamed the document.

Terms and conditions for selling consumer goods or services on a website

We've added questions to ensure the T&Cs accurately cross-refer to the business's privacy/cookie notice. We've added a warnings and reminders if the user indicated they don't have one.

Sole traders now have the option to refer to themselves in the notice using either 'I/Me/My' or 'We/Us/Our'.

We've also added a section on data protection to the guidance.

Terms of use for a website

We've added questions to ensure the terms accurately cross-refer to the business's privacy/cookie notice, any T&Cs and any other documentation. We've added a warnings and reminders if the user indicated they don't have a privacy and/or cookie notice.

Sole traders now have the option to refer to themselves in the notice using either 'I/Me/My' or 'We/Us/Our'.

We've also added a section on privacy and cookie notices to the guidance.