diff --git a/ceuk-marking/urls.py b/ceuk-marking/urls.py
index a950b4ea..4fa7ee1b 100644
--- a/ceuk-marking/urls.py
+++ b/ceuk-marking/urls.py
@@ -25,6 +25,7 @@
     path("admin/", admin.site.urls),
     path("accounts/", include("django.contrib.auth.urls")),
     path("status/", marking.StatusPage.as_view()),
+    path("privacy/", marking.PrivacyPolicyView.as_view()),
     # home page
     path("", marking.OverviewView.as_view(), name="home"),
     # progess screens
diff --git a/crowdsourcer/templates/crowdsourcer/privacy.html b/crowdsourcer/templates/crowdsourcer/privacy.html
new file mode 100644
index 00000000..747da57c
--- /dev/null
+++ b/crowdsourcer/templates/crowdsourcer/privacy.html
@@ -0,0 +1,32 @@
+{% extends 'crowdsourcer/base.html' %}
+
+{% block content %}
+
+<div style="max-width: 40em">
+    <h1>Privacy Policy</h1>
+    <h2 class="mt-5 mb-3">Who is responsible for this service</h2>
+    <p>The GRACE crowdsourcing website is run by <a href="https://www.mysociety.org">mySociety</a> (a registered charity in England and Wales, 1076346) on behalf of <a href="https://www.climateemergency.uk">Climate Emergency UK CIC</a> (company number 11823392). mySociety is the controller for the personal information processed on this site, unless otherwise stated.</p>
+    <h2 class="mt-5 mb-3">What personal data we collect and how we use it</h2>
+    <p>When you visit this website, we collect and log some information about your visit, in order to analyse and fix problems with the site. Our webserver logs collect information about requests, including your IP address, data submitted (such as search terms submitted to the in-site search), request date and time, page requested, browser version and referrer. We routinely keep this information for 28 days. Note that in normal circumstances, this data is infrequently accessed by a human, and when it is, they are likely to be assessing it in bulk, in order to understand an issue with the site, rather than at a granular level of individual users.</p>
+    <p>Volunteer markers and council officers may have accounts on the site, to contribute data to the marking process. In this case, we store your email address to enable you to sign into the site, and we store your name in order to track your contributions to the marking process.</p>
+    <h2 class="mt-5 mb-3">Legal basis for processing</h2>
+    <p>We store data about you under the legal basis of GDPR 6(1)(f) Legitimate interests.</p>
+    <p>We believe that our processing of our users&rsquo; data is as they would expect when they use our service, and we only store the bare minimum of data we require in order to monitor and diagnose issues on the site and to enable users to securely contribute information to the marking process, either as volunteers or council representatives exercising their right of reply.</p>
+    <h2 class="mt-5 mb-3">How long we keep your data</h2>
+    <p>Data collected in our webserver logs is retained for 28 days.</p>
+    <p>The names and email addresses of volunteer markers and council officers are retained until at most 3 months after the release of the current round of Scorecards, in case we need to attribute individual contributions to the marking or contact contributors for more information about the marks they gave, and ensure that Councils have been able to exercise their right to reply.</p>
+    <p>Volunteers and council officers may request we remove their details before this date (see &ldquo;Your right to erasure&rdquo;, below).</p>
+    <h2 class="mt-5 mb-3">Who we share your data with</h2>
+    <p>The data we collect is shared with our partners, Climate Emergency UK.</p>
+    <p>Aside from this, we don&rsquo;t share personal data with any other organisation, unless you give us permission to do so, or we have to do so for legal or compliance reasons.</p>
+    <h2 class="mt-5 mb-3">Your right to access</h2>
+    <p>You may contact us at any time to ask to see what personal data we hold about you. Please <a href="https://www.mysociety.org/contact">contact us</a> to request this.</p>
+    <h2 class="mt-5 mb-3">Your right to erasure</h2>
+    <p>You may request that we destroy the personal data that we hold about you. Please <span><a href="https://www.mysociety.org/contact">contact us</a> to request this.</p>
+    <h2 class="mt-5 mb-3">Your right to object</h2>
+    <p>You have the right to object to our processing of your personal data. Please <span><a href="https://www.mysociety.org/contact">contact us</a> to request this.</p>
+    <h2 class="mt-5 mb-3">Your right to complain</h2>
+    <p>If you believe that we have mishandled your data, you have the right to lodge a complaint with the Information Commissioner&rsquo;s Office. <a href="https://ico.org.uk/concerns/handling">You can report a concern here</a> (but do <a href="https://www.mysociety.org/contact">contact us</a> first, so that we can try and help).</p>
+</div>
+
+{% endblock %}
diff --git a/crowdsourcer/views/marking.py b/crowdsourcer/views/marking.py
index 2ec8504b..1abeb29a 100644
--- a/crowdsourcer/views/marking.py
+++ b/crowdsourcer/views/marking.py
@@ -27,6 +27,10 @@ class StatusPage(TemplateView):
     template_name = "crowdsourcer/status.html"
 
 
+class PrivacyPolicyView(TemplateView):
+    template_name = "crowdsourcer/privacy.html"
+
+
 class OverviewView(CurrentStageMixin, ListView):
     template_name = "crowdsourcer/assignments.html"
     model = Assigned