GDPR states that you need to inform users about what information you are collecting about them, how long you intend to store it and what you intend to use it for at the point of collecting the information.

This means that at the top of your contact form or contact us page you need to have a prominent link to your privacy policy and a statement saying that you are collecting personal information, and by submitting the form or sending you an email, users are agreeing to this. You should also include a link to your privacy policy so that your users can find further information.

If you want to be extra careful, you can have a check box on your form that users must check to confirm that they have read and accept your privacy statement. It is possible to add one of these check boxes that will not allow the user to submit the form until the box has been checked.