What Are the Differences Between Terms and Conditions and Privacy Policies?

Suppliers of products or services often use various legal documents for customers, such as terms and conditions and privacy policies.  These are entirely separate documents required for different purposes. Sometimes, businesses need help understanding the distinction between terms and conditions and privacy policies.  Both are essential legal documents, and business owners must understand the distinction between them. This article will explore key differences between terms and conditions and privacy policies.

What Are Terms and Conditions?

Terms and conditions are legal, contractual terms that govern the basis on which parties will do business. They are often incorporated into a customer contract by attaching them to an Order Form or similar document.

Terms and conditions contain various key legal terms for suppliers to govern customer relationships.

For instance, common terms include:

• what products or services you will deliver to the customer;
• timeframes for delivery of products or services;
• when the contract starts and how to end it;
• remedies if the supplier is at fault;
• what happens if there is a dispute under the contract;
• how each party may use the other’s intellectual property rights; and
• how the supplier’s liability to the customer is limited.

The essential purpose of terms and conditions is to offer legal protection to suppliers. Terms and conditions with business customers are not mandatory. However, they are highly advisable. Without terms and conditions, for example, a supplier’s liability to a customer will be unlimited, which could mean the supplier is taking on significant risk. 

Terms and conditions also offer essential contractual protection by allowing a supplier to take legal action to enforce its rights under a customer contract. For instance, a supplier may use signed terms and conditions to prove that a customer has defaulted on payment obligations. 

What is a Privacy Policy?

A privacy policy is very different from terms and conditions. Its fundamental concern is to comply with privacy laws by providing information about the use of customer data. UK data protection law regards a privacy policy as a mandatory legal document. 

In the UK, companies processing (using) personal data must comply with several stringent rules under the UK General Data Protection Regulation (UK GDPR).  Data controllers (organisations that decide how and why to process personal data) are subject to the strictest rules.

If your organisation acts as a data controller, you must provide individuals with mandatory information about how you will use their personal data. The most common way to do this is by providing a privacy policy document. 

Personal data is any data relating to a living individual and allowing for an individual’s direct or indirect identification. The definition of personal data is extensive and includes everything from names and contact details to technical data, such as IP addresses, that could identify an individual.

If your business uses personal data as a controller, you must provide data subjects with clear and transparent information about how you use their data. A privacy policy document allows you to do this clearly and comprehensively. 

Privacy Policy Disclosures and Examples

Your privacy policy must include several mandatory disclosures. For example:

• information about the personal data you collect and why;
• reasons for your use of personal data;
• information about data collection and whether you will share personal data with third parties;
• information about how personal data is kept secure;
• information about data retention periods and data subject rights; and
• disclosure around whether personal data is transferred outside the UK and on which basis.

If you are a supplier, you will likely collect a range of personal data from your customers, which you will use for your own purposes.

For example:

• customer names and email addresses to contact them;
• customer bank details to bill them for your services; or
• customer technical data, such as IP addresses, are collected when customers are using your website.

You must ensure your privacy policy is specific and clearly lays out all the information you will process about your customers as a controller.

GDPR Essentials Factsheet

This factsheet sets out how your business can become GDPR compliant.

Download Now

A privacy policy is not a contractual document, unlike terms and conditions. In contrast, it is a document used to present mandatory legal information required by data protection legislation. Even if a business does not use terms and conditions, providing privacy information is nonetheless compulsory if the company processes personal data as a controller.

Do I Need Both Documents?

Nearly all suppliers of products or services should use both a privacy policy and a set of terms and conditions (or a business contract) for the following reasons:

Firstly, terms and conditions are vital to protect a business from legal risk when trading. You should bring terms and conditions to a customer’s attention and ideally obtain their signature. Terms and conditions will create a legally binding contract with customers, meaning the supplier will have enforceable rights and remedies. The key purpose of this document is to protect your business contractually. Suppliers often use terms and conditions to streamline the contractual process and apply the same legal terms for all customers unless a bespoke agreement is required. 

Secondly, a privacy policy is mandatory and required to comply with data protection law rules. Suppliers should provide a privacy policy (or a clear link to one) before collecting personal data from customers. For instance, a privacy policy on a website should be visible before individuals can submit personal data. This way, individuals are informed about how the supplier will process their personal data before submitting it to the supplier. In practice, this may arise when a potential customer submits an enquiry via a website ‘Contact Us’ form. A privacy policy is not a contractual document and does not need to be signed by customers. Instead, a privacy policy is a document for informational purposes.

If you require support understanding which legal and regulatory documents your business needs, you can work with commercial contracts and data protection lawyers. These specialist lawyers can guide you on the laws and legal risks applicable to your business and help prepare the necessary documents for your business.

Key Takeaways

A privacy policy document is very different to terms and conditions. While terms and conditions aim to protect a business from contractual risk, a privacy policy is a mandatory data protection law requirement for data controllers. Understanding the difference between the documents is essential, particularly as both are crucial for most businesses. If you require support with these legal documents, you can work with data protection and commercial lawyers to guide you on the relevant legal requirements and draft these documents for you.

If you need help with terms and conditions or a privacy policy, our experienced privacy and commercial lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers who can answer your questions and draft and review your documents. Call us today at 0808 196 8584 or visit our membership page.