Skip to main content
Unified Design System
Search the Design System
Ver. 3.0.0 For the older version visit v2 documentation

Privacy policy pages

When to use this pattern

Use this page to inform users about the privacy policy specific to the service or website.

Why use this pattern

A privacy policy ensures users understand how their personal data is handled and helps the service or website comply with legal requirements, protecting both their privacy and the organization.

How it works

To implement an privacy policy:

  1. Create a privacy policy page that’s specific to the service or website
  2. Add a link in the footer of all pages of your service or website, so users can access it anytime. Use the following content for the link:
    • in Greek: “Δήλωση απορρήτου”
    • in English: “Privacy Statement”
Warning

Do not link to the privacy statement of the gov.cy portal for your service or website.

Design and implement with privacy in mind

Keep it simple: Design the service or website to collect only the necessary personal information by asking only essential questions.

Analytics setup: Ensure digital analytics tools are set up in such a way as to avoid collecting personal information accidentally or unnecessarily. For example, use data and IP anonymizations when collecting analytic data.

Retention policy: Don’t keep personal data longer than needed.

Writing the privacy statement

Write the privacy statement and other ‘legal’ content in plain language, just like any other content.

Explain, clearly and concisely:

  • what personal information you are collecting
  • what you’ll do with it after collection
  • why you’re collecting it
  • the legal basis for collecting and processing it
  • how long you’ll keep it - or, if there’s no set period, how you’ll decide how long to keep it

you’ll also need to:

  • say who the ‘data controller’ for the service is (usually your department or agency)
  • explain in what circumstances you’ll share the information outside your organisation, and who with (including any ‘data processors’ - organisations processing personal information on your behalf)
  • provide contact details for any data processors who will be processing personal information on your behalf
  • provide contact details allowing user to exercise their rights

Your data protection expert or legal adviser can advise you on the legal basis for processing personal information, such as public task, legal obligation or consent.

If the personal information will be transferred outside Cyprus as part of the processing, make that clear. And say what you’re doing to make sure the personal information gets the same level of protection as it would within Cyprus.

If you’re doing something that has an especially significant consequence for users - or it’s something that users might not expect to happen - do not rely on them reading the privacy notice to find out about it.

For example, if you’re collecting information that’s going to be put on a public register, tell users in the main flow of the service.

Each privacy policy should be tailored to the specific service or website, so it’s important not to copy from others.

Also make sure to:

  • include a go back link
  • make the page available in all service / site languages

Do not use breadcrumbs or red text to warn people.

Warning

Do not copy the examples on this page without amending the specifics. Make sure to adjust according to your case.

Examples

Example in English
Open in new tab

Example in Greek
Open in new tab