Home / What every business needs: website policies

What every business needs: website policies

13th January 2026

Every business operating online – whether selling products, providing services, or eCommerce – needs to have website terms of use, a privacy policy, and a cookie policy. These documents manage risk, build trust, and demonstrate compliance with UK data protection law. Getting them wrong can be costly – but what are they and why do they matter?

Website Terms of Use – the rulebook for your site

Website Terms of Use are the “house rules” which dictate the use of a website. They dictate what users can and cannot do, how the content of the website may be used, and the businesses responsibilities and liabilities. The terms set out how disputes will be handled and which law applies.

Terms of Use cover acceptable use of the site, intellectual property rights in a businesses content and brand, account registration requirements, user-generated content rules, links to third-party sites, disclaimers and information accuracy, limits to liability and how and when access can be suspended or terminated.

Privacy Policy – transparency about personal data

A Privacy Policy is a legal requirement for almost every website. If the site collects any personal data such as contact forms, newsletter sign-ups, client onboarding, analytics data that can identify a user, then UK GDPR and the Data Protection Act 2018 requires businesses to tell individuals how that data is used and protected.

A clear website privacy policy helps users understand how to exercise their rights, such as access, correction, or deletion of their data. The policy should include contact details for data queries and, where required, details of any representative or data protection officer / lead.

Cookie Policy – consent and control

Cookies are small data files stored on a user’s device that help a site function and gather information. Cookies can gather information about the user’s use of the website, such as remembering the contents of a basket or how the different pages have been navigated. A Cookies Policy explains to a user what cookies a site uses, why they are used, and how users can control their preferences.

Cookies Policies describe the categories of cookies (for example, strictly necessary performance, functionality and advertising). Policies also name key cookie providers where appropriate and state how long the cookies last and how a user can changed their settings.

Why are these documents necessary?

Legal Compliance: All website operators are subject to the UK GDPR when they process personal data. They are also required to disclose non-essential cookies in a transparent way. Terms of Use also help operators set enforceable rules for access and protection of their intellectual property
Risk Management: Terms allow businesses to exclude or limit certain liabilities as permitted by law and clarify that information is general and not advice. Cookies Policies and Privacy Policies reduce the risk of regulatory scrutiny by showing transparency.
Trust and credibility: Clear, accessible policies show business take privacy issues seriously. This builds confidence with consumers, investors and partners and reduces the risk of disputes.

The risks of not having these documents in place

Regulatory Action and Fines: If Cookies are used without proper notices or consent mechanisms, or personal data is processed without a clear Privacy Policy this can lead to enforcement action. Regulators can impose substantial fines, potentially reaching millions of pounds as they are often tied to a percentage of a businesses worldwide turnover.
Claims and Complaints: Website users may raise complaints or legal claims if their data is mishandled. If there is a data breach and the terms of the website, do not address responsibility appropriately this can lead to claims.
Contractual and Commercial Risks: Commercial arrangements and agreements often require compliant policies to be in place. Missing or poor documentation can delay deals, increase due diligence scrutiny which could lead to lost opportunity.
Reputational Damage: Lack of transparency about tracking technologies or data sharing can undermine customer trust and result in negative publicity.

Practical tips for businesses

Do not copy another business’s templates; they rarely fit your practices.
Make sure policies reflect what the business actually does.
Make documents easy to find, typically in the website footer.
Review them regularly as the business, technology, and the law evolve.
Align internal practices (e.g. retention and security) with what the policies say.

How We Can Help

Well-drafted Terms of Use, Privacy Policies and Cookies Policies are not just about compliance, they are also core business tools which help businesses trade confidently and protect their reputation. If you are unsure whether your current documents are compliant or need these documents drafting- we are happy to provide advice.

If you would like a website health check, get in touch with our experienced commercial team.

Contributing authors: Imogen Unwin

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	This cookie is used to record the user consent for the cookies in the "Advertisement" category .
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-analytics	1 year	This cookie is used to record your preferences for cookies in the "Analytics" category .
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-functional	1 year	The cookie records your preferences for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-necessary	1 year	This records your cookie preferences.
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
cookielawinfo-checkbox-performance	1 year	This cookie is used to store your consent for cookies in the category "Functional".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
viewed_cookie_policy	1 year	This cookie stores whether or not you have consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
MoneyPennyAgentAvatar	session	This cookie stores the agent image URL in order to show the agent avatar on the minimize state of our live chat function. If you disable this cookie, our live chat functionality may not be available to you
MoneypennyHistory	1 year	This cookie is used to keep track of the your visits to our website and last live chats. It displays the previous five live chat transcripts to the agent in the live chat to allow faster understanding of your conversation context, and faster resolutions.
MoneypennyHistory	1 year	This cookie is used to keep track of the your previous visits to our website and last live chats on our website. The cookie allows the chat transcripts from your five previous live chats to be displayed to your live chat agent in the chat to allow faster understanding of your needs and faster resolutions.
MoneypennyRef	2 hours	This cookie records origin and site entry to display the referring URL to the live chat agent so they can gain insight into your journey to our website. It helps our live chat agents deliver a better experience by giving them context. If you choose to disable this cookie, live chat will still be available.
MoneypennyUserAlias	1 year	This cookie stores the visitor alias (name) on use of the setUserName() Javascript API. This cookie is used to support subsequent live chats so that, once it is known, the live chat agent doesn’t need to collect the information again. This alias also will get displayed on the chat-box (as the visitor’s name), prechat form (as the value of the ‘name’ field, if it exists), and offline form (as the value of the ‘name’ field, if it exists).
MoneypennyVisit	session	This cookie is used to keep track of the your visits to our website and tells your live chat agent how many times you have visited our website. It is also used for the ‘returning visitor’ proactive chat rule, enabling returning visitors to be greeted differently. Failure to accept this cookie may impact performance of our live chat function.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether you use the new or old player interface.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gat_UA-37750570-1	1 minute	A variation of the _gat cookie set by Google Analytics and Google Tag Manager to allow us to track your behaviour and measure site performance. The pattern element in the name contains the unique identity number of the account or website it relates to.
_gid	1 day	Installed by Google Analytics, this cookie stores information on how you use our website and also creates an analytics report of the website's performance. Some of the data that is collected include the number of visitors, their source, and the pages they visit anonymously.
CONSENT	16 years 3 months 1 day 13 hours 11 minutes	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.
yt.innertube::nextId	Persistent	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	Persistent	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to display advertisements to you when either on Facebook or on a digital platform powered by Facebook advertising, after visiting our website.
fr	3 months	Facebook sets this cookie to show relevant advertisements to you by tracking your behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
IDE	1 year 24 days	Google DoubleClick IDE cookies are used to store information about how you use our website to present you with relevant ads according to your user profile.
test_cookie	15 minutes	The test_cookie is set by doubleclick.net and is used to determine if your browser supports cookies.
YSC	session	YSC cookie is set by Youtube and is used to track your views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.