Contacts
home

Confidential Policy. Working with personal data – Privacy Policy. We highlight general provisions where we describe

Privacy Policy - how to do it right?

July 2017 still made website owners pretty nervous. This is due to the amendments to Article 13.11 of the Code of Administrative Offenses of the Russian Federation that came into force on July 1, 2017 (see Federal Law No. 13-FZ dated 02/07/2017 “On Amendments to the Code of the Russian Federation on Administrative Offenses”), tightening administrative liability for violation of the processing procedure personal data.

The amount of fines for entrepreneurs varies from 5 thousand rubles. up to 75 thousand rubles. The last figure concerns organizations that allowed the processing of personal data, for example, without the written consent of the subject of personal data.

Before you sound the alarm and think about what to do and rush to disable the form on the site for feedback, it is necessary to diagnose your own website for the presence or absence of documents regulating relations with users, including the processing of the data they leave, as well as evaluate their content from the point of view of transparency, completeness, consistency and sufficiency.

If you don’t know how to do this correctly and what the privacy policy should include, we suggest you pay attention to the following key points.

1. Why do we need a Privacy Policy?

We think that the answer here is obvious. The document regulating the processing of users’ personal data and posted on the site is nothing more than the rules of the game that the site owner sets in relations with users. The purpose of fixing and posting such rules is to reduce risks from the legislation on personal data, and, if necessary, to fight back against consumer extremism.

2. What is better to call it - an offer, an agreement on the processing of personal data or a privacy policy?

From a legal point of view, the name of the document regulating the processing of users’ personal data does not matter. The rest is a matter of taste for each site owner. For our part, we can highlight the name “privacy policy” because of its capacity, widespread use and user understandability.

3. What is the best way to post it - as a separate document or as part of the offer/user agreement?

There are also no mandatory rules or a universal template. You can reflect the necessary provisions in a separate document or make it part of, for example, a user agreement.

As a rule, the user agreement contains many specific features of using the site, which affects the volume of the document. Including data processing provisions in the user agreement will clearly overload the document and complicate its perception by the user.

When posting two separate documents on a website (for example, a privacy policy and a user agreement), we recommend checking them for consistency with each other, as well as for the presence of links to each other.

4. Is it necessary to post a separate consent form for the processing of personal data in addition to the Privacy Policy?

Here the answer is simple. If it is obvious from the Privacy Policy that the user consents to the processing of what data and for what purpose, then a separate consent form will be unnecessary.

5. How to make the rules work?

The privacy policy is the same offer (agreement), only on issues related to the processing of personal data of users. In order for the user to be considered to have accepted the terms of processing of his data by the site owner, he must accept the proposed rules (accept, agree).

Such an acceptance may be:

b) placing marks in the fields,

c) performing a sequence of actions,

d) use of the site functionality.

“The User agrees to the provisions of this Privacy Policy by clicking the “Accept Privacy Policy” or “Continue” button, putting the appropriate mark in the field during Registration, including at any stage of such registration and (or) at any time while using the site.”

6. What should be included in the Privacy Policy (hereinafter also referred to as the Policy)?

There is no universal Privacy Policy template. In any case, when drawing up the Privacy Policy, it is worth taking into account the specifics of the site, its purpose, functionality, range of users, and the amount of data they leave.

An analysis of current legislation in the field of personal data processing, as well as our own experience, allowed us to formulate the following recommendations to website owners on the content of the Privacy Policy:

A) turn on if desired section with terms and definitions- is not mandatory. For user convenience and unification of documents on the site, you can include a corresponding section with concepts and definitions that are common to both the Privacy Policy and the User Agreement (for example, “Privacy Policy”, “user”, “site”, “site owner” , " Personal Area" and etc.).

The absence of such a section in the Privacy Policy is not associated with risks for the site owner.

b) highlight general provisions, where we describe:

  • subject of regulation of the Policy ( For example, “regulates the procedure for processing users’ personal data, including for the purpose of ensuring the security of the processing of users’ personal data, ensuring their rights and interests when processing personal data”).
  • user acceptance forms with the terms of the Policy and data processing ( an example is given in paragraph 5 of this article).
  • place for resolving disputes arising from the Policy, with the reservation ( for example, all possible disputes regarding this Privacy Policy and the relationship between the user and the Site Administration will be resolved according to the norms of Russian law in court at the location of the Site Administration,unless otherwise directly provided for by the legislation of the Russian Federation ).

The reservation is necessary to comply with current legislation, and the indication of the place of consideration of disputes at the location of the site owner is intended to have a rather preventive effect on the user.

  • procedure for changing and updating the Policy ( for example, “The site administration reserves the right to change and (or) supplement this Privacy Policy without any special notice. The new edition of the Privacy Policy comes into force from the moment it is posted on the website page, unless otherwise provided by the new edition of the Privacy Policy. The current version of the Privacy Policy is always located on the website page at...").

It is worth pointing out that the user’s silence is regarded as consent to the changes and (or) additions to the Privacy Policy.

  • lack of access to data that the user leaves on third party sites. This may be due to the user paying for services and providing their payment information.

In this case, it is worth clearly stating, for example, the following:“the user acknowledges and confirms that any data (including details bank cards), directly or indirectly related to payment for services, are posted by the User on the pages of sites owned by third parties not related to the Site Administration; The Satya administration does not have access to such information and does not carry out any actions in relation to such data, including their collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking , destruction, cross-border transfer."

c) we record the provision of consent to the processing of personal data. This is simply a “must have” of any privacy policy. We be sure to indicate that by giving consent, the user acts of his own will and in his own interest. Consent is given by the user from the moment of registering on the site and (or) performing other actions related to the use of services or capabilities of the site.

d) indicate the purpose of providing consent. Several options are possible here at the same time:

  • for the purpose of concluding an agreement with the Site Administration, other agreements directly provided for in the Policy, other agreements posted on the pages of the site, and their further execution,
  • participation in ongoing events, making decisions or performing other actions that give rise to legal consequences in relation to the user or other persons,
  • to accept and process requests;
  • informing about the status of the request, services, for example, through electronic and SMS notifications;
  • improving the quality of the site;
  • conducting statistical and other studies based on anonymized data.

The key is the first option indicating the provision of data for the purpose of concluding agreements with the Site Administration and their execution. If problems arise with Roskomnadzor, this option will explain the lack of consent to the processing of personal data “on paper”, as well as the failure of the site owner to send a notification to Roskomnadzor.

e) describe the composition of personal data. We remember that not all user data is personal. Personal data refers to such a set of data that allows you to identify the user, for example, full name and address of residence.

You can indicate that consent applies to last name, first name, patronymic, address, telephone number and any other information related to the user’s identity, available or known at any particular time Site administration.

f) indicate the period for which consent is provided. This option can be described - consent is given by the user before the expiration of the storage period for the relevant information or documents containing the above information, determined in accordance with the legislation of the Russian Federation, after which it can be withdrawn by the user by sending a corresponding written notification to the Administration at least 3 months before the withdrawal of consent.

g) we record the scope of possible processing actions. Here we proceed from the fact that the more possible actions with data are described, the better. It can be described as follows: : consent is provided to carry out any actions in relation to personal data that are necessary or desirable to achieve the above purposes, including, without limitation: collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking, destruction, cross-border transfer of personal data, as well as carrying out any other actions with the user’s personal data, taking into account the current legislation of the Russian Federation.

h) indicate methods of data processing.You can specify the following: storage, recording on electronic media and their storage, compiling lists. It is also worth noting that the above list of processing methods is not exhaustive.

i) we include the right to disclosure to third parties. It is worth recording the right of the Site Administration to transfer data to third parties to achieve the goals specified in the Policy, as well as the user’s consent to this.

j) determine the procedure for sending legally significant messages. To regulate the flow of incoming requests from users regarding data processing issues, it is worth complicating the procedure for interaction with the Site Administration. This can be done by defining a written form for such requests, as well as the method of their submission - sending to the postal address indicated on the website and/or by courier. Additionally, it is worth pointing out that otherwise, user requests and notifications may remain without consideration.

This Privacy Policy (hereinafter referred to as the Policy) is an annex to the User Agreement and determines the procedure for processing and protecting personal information about Users, which Mann, Ivanov and Ferber Limited Liability Company (hereinafter referred to as the “Administration”) can receive during their use of the Administration Service (hereinafter referred to as the Services).

Before using the Service, users should read the terms of this Privacy Policy.

1. General Provisions

1.1. Use of the Service in any form means the User’s unconditional consent to the terms of this Privacy Policy and the conditions for processing his personal information specified therein. In case of disagreement with the terms of the Privacy Policy, the User must refrain from using the Service.

1.2. The Privacy Policy (including any of its parts) may be changed by the Administration without any special notice and without payment of any compensation in connection with this. The new version of the Privacy Policy comes into force from the moment it is posted on the Administration website.

1.3. By accepting the terms of this Policy, the User expresses his consent to the Administration’s processing of data about the User for the purposes provided for in this Policy, as well as to the transfer of data about the User to third parties in the cases listed in this Policy.

This consent can be revoked by the User only if he notifies the Administration in writing at least 180 days before the expected date of termination of the use of data by the Administration.

Using the Service using a web browser that accepts data from cookies means the User’s consent that the Administration can collect and process data from cookies for the purposes provided for in this Policy, as well as to transfer data from cookies to third parties in the cases listed in this Policy.

Disabling and/or blocking by the User of the web browser option for receiving data from cookies means a prohibition on the Administration’s collection and processing of data from cookies in accordance with the terms of this Privacy Policy.

1.4. As a general rule, the Administration does not verify the accuracy of the personal information provided by Users. However, in cases provided for in the User Agreement, the User is obliged to provide confirmation of the accuracy of the personal information about himself provided by him.

2. Composition of information about Users that the Administration receives and processes

2.1. This Policy applies to the following types of personal information:

2.1.1. Personal information posted by Users, incl. about yourself when filling out the form for sending a message, other personal information to which the User provides access to the Administration through websites or services of third parties, or personal information posted by Users in the process of using the Service. Personal information obtained in this way may include, in particular, last name, first name, telephone number, address Email User, address for order delivery. Other information is provided by the User at his discretion.

It is prohibited for the User to provide personal data of third parties without permission for such distribution received from third parties or if such personal data of third parties was not obtained by the User himself from publicly available sources of information.

2.1.2. This Policy also applies to candidates for existing vacancies of the Administration, along with other Users. Candidates for vacancies, sending a resume to the Administration using the Service, or by email, for the purpose of an interview and further employment, thus express consent to the processing of the following personal data: last name, first name, patronymic, date of birth, citizenship, city of residence, contacts ( telephone number, email address), place of work and dates of work, as well as other data specified by candidates for vacancies in their resumes.

2.1.3. The Seller guarantees the Buyer to maintain the confidentiality of the following personal information about the Buyer:

— information about the user’s card (last 4 digits);

— information about purchases and orders.

The specified information is transferred by the Seller to third parties solely for the purpose of making payment for the order. payment system; other cases of transfer of this information to third parties are not allowed.

2.1.4. Data automatically transferred to the Service during their use using the installed on the User’s device software, incl. IP address, individual network device number (MAC address, device ID), electronic serial number(IMEI, MEID), data from cookies, browser information, operating system, access time, search queries User.

2.1.5. Data additionally provided by Users at the request of the Administration in order to fulfill the Administration’s obligations to Users regarding the use of the Service.

2.1.6. Other information about Users, the collection and/or processing of which is established by the Administration’s user agreement.

3. Purposes of collecting and processing information about Users

3.1. The Administration collects and processes only information about Users, incl. their personal data, which is necessary to fulfill the Administration’s obligations to provide the Service, answer the question asked by the User when sending a message using the Service, as well as fulfill the obligations provided for in the user agreement.

3.2. The Administration may use Users’ personal information for the purposes of:

3.2.1. identification of the party within the framework of agreements between the User and the Administration.

3.2.2.providing services to Users using the Service and to fulfill their obligations to them, incl. clarification of payment data, processing of orders and requests and further improvement of the Service, development of new services.

3.2.3. informing Users about the appearance of new materials on the Site, sending requests regarding the use of the Service, feedback from the User.

3.2.4. performing marketing tasks, conducting statistical and other research based on anonymized data,

3.2.5. informing the User through electronic mailings. By providing his data, the User agrees to receive advertising, informational and service messages (newsletters).

3.3. The purposes of processing personal data of candidates for vacancies are:

— Ensuring compliance with the requirements of the legislation of the Russian Federation.
— Solving employment issues, registration and regulation of labor relations.
— Reflection of information in personnel documents.
— Other purposes for processing personal data may be approved by order of the Operator.

3.4. Mobile applications may collect anonymous data about the user's location in order to provide a more accurate experience with the choice of payment method. Mobile applications may collect anonymous usage statistics.

3.5. The User hereby expresses his consent to the transfer of personal information about him to the Administration’s partners and third parties for the purposes provided for in clause 3.2 of this Privacy Policy.

3.6. If it is necessary to use personal information about the User for purposes not provided for in this Policy, the Administration requests the User’s consent to such actions.

4. Processing information about Users

4.1. Personal information about Users is stored in accordance with current legislation.

4.2. Personal information about Users is not transferred to third parties, except for the following cases:

4.2.1. The user agreed to such actions.

4.2.2. The transfer is necessary in order to ensure the functioning of the Service and/or its individual functionality.

4.2.3. The transfer is subject to applicable law.

4.2.4. In order to ensure the possibility of protecting the rights and legitimate interests of the Administration and/or third parties in cases where the User violates the terms of the user agreement.

4.2.5. If the Administration takes part in a merger, acquisition or any other form of sale of part or all of its assets. In this case, all obligations to comply with the terms of this Policy are transferred to the acquirer of the Administration’s assets.

4.3. The User is hereby notified and agrees that the Administration may receive personal data of third parties that are provided by the User when using the Service and use them to implement certain functions of the Service, provided that the User guarantees the consent of third parties, data about which is provided by the User when using the Service, for processing by the Administration for the purposes provided for in this Policy, as well as for the transfer of such data in the cases listed in this Policy.

4.4. In addition, the User is hereby notified and agrees that the Administration may receive statistical anonymized (without reference to the User) data about the User’s actions when using the Service.

4.5. Users have the right, upon request, to receive from the Administration information regarding the processing of their personal data.

5. Measures to protect information about Users

5.1. The Administration takes all necessary and sufficient organizational and technical measures to protect personal information about Users from unauthorized or accidental access to it, destruction, modification, blocking, distribution of personal information, as well as from other unlawful actions with it. These measures include, but are not limited to, internal review of data collection, storage and processing processes and security measures, including physical data security measures to prevent unauthorized access to personal information.

5.2. When processing personal data of Users, the Administration is guided by the Federal Law “On Personal Data” dated July 27, 2006 No. 152-FZ.

6. Final provisions

6.1. This Policy, the relationship between the User and the Administration arising in connection with the application of this Policy, as well as issues not regulated by this Policy, are governed by the current legislation of the Russian Federation.

1. General Provisions
This personal data processing policy has been drawn up in accordance with the requirements of the Federal Law of July 27, 2006. No. 152-FZ “On Personal Data” and determines the procedure for processing personal data and measures to ensure the security of the personal data of Ivan Sergeevich Mikhailov (hereinafter referred to as the Operator).
  1. The operator sets as its most important goal and condition for carrying out its activities the observance of the rights and freedoms of man and citizen when processing his personal data, including the protection of rights to integrity privacy, personal and family secrets.
  2. This Operator’s policy regarding the processing of personal data (hereinafter referred to as the Policy) applies to all information that the Operator can obtain about visitors to the website https://mysite.ru.
2. Basic concepts used in the Policy
  1. Automated processing personal data – processing of personal data using means computer technology;
  2. Blocking of personal data – temporary cessation of processing of personal data (except for cases where processing is necessary to clarify personal data);
  3. Website – a collection of graphic and information materials, as well as computer programs and databases that ensure their availability on the Internet via network address https://mysite.ru;
  4. Personal data information system - a set of personal data contained in databases and ensuring their processing information technologies And technical means;
  5. Depersonalization of personal data - actions as a result of which it is impossible to determine without using additional information ownership of personal data to a specific User or other subject of personal data;
  6. Processing of personal data – any action (operation) or set of actions (operations) performed using automation tools or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
  7. Operator - a state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
  8. Personal data - any information relating directly or indirectly to a specific or identified User of the website https://mysite.ru;
  9. User – any visitor to the website https://mysite.ru;
  10. Providing personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons;
  11. Dissemination of personal data - any actions aimed at disclosing personal data to an indefinite number of persons (transfer of personal data) or familiarizing with personal data to an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;
  12. Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
  13. Destruction of personal data – any action as a result of which personal data is destroyed irretrievably with the impossibility of further restoration of the content of personal data in information system personal data and (or) as a result of which material media of personal data are destroyed.
3. The Operator may process the following personal data of the User
  1. Full Name;
  2. Phone number;
  3. E-mail address;
  4. The site also collects and processes anonymized data about visitors (including cookies) using Internet statistics services (Yandex Metrica and Google Analytics and others).
  5. The above data below in the text of the Policy are united by the general concept of Personal Data.
4. Purposes of processing personal data
  1. The purpose of processing the User’s personal data is the conclusion, execution and termination of civil contracts; providing the User with access to services, information and/or materials contained on the website https://mysite.ru; clarification of order details.
  2. The Operator also has the right to send notifications to the User about new products and services, special offers and various events. The User can always refuse to receive information messages by sending an email to the Operator [email protected] marked “Opt-out of notifications of new products and services and special offers.”
  3. Anonymized data of Users, collected using Internet statistics services, serves to collect information about the actions of Users on the site, improve the quality of the site and its content.
5. Legal grounds for processing personal data
  1. The Operator processes the User’s personal data only if it is filled out and/or sent by the User independently through special forms located on the website https://mysite.ru. By filling out the appropriate forms and/or sending his personal data to the Operator, the User expresses his consent to this Policy.
  2. The Operator processes anonymized data about the User if this is allowed in the User's browser settings (saving cookies and using JavaScript technology are enabled).
6. The procedure for collecting, storing, transferring and other types of processing of personal data
The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
  1. The operator ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
  2. The User's personal data will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of current legislation.
  3. If inaccuracies in personal data are identified, the User can update them independently by sending a notification to the Operator to the Operator's email address [email protected] marked “Updating personal data”.
  4. The period for processing personal data is unlimited. The User may at any time withdraw his consent to the processing of personal data by sending a notification to the Operator via email to email address Operator [email protected] marked “Withdrawal of consent to the processing of personal data.”
7. Cross-border transfer of personal data
  1. Before the start of cross-border transfer of personal data, the operator is obliged to make sure that the foreign state to whose territory it is intended to transfer personal data provides reliable protection rights of personal data subjects.
  2. Cross-border transfer of personal data to the territory of foreign states that do not meet the above requirements can only be carried out if there is written consent of the subject of personal data to the cross-border transfer of his personal data and/or execution of an agreement to which the subject of personal data is a party.
8. Final provisions
  1. The User can receive any clarification on issues of interest regarding the processing of his personal data by contacting the Operator via email [email protected].
  2. IN this document any changes to the Operator’s personal data processing policy will be reflected. The policy is valid indefinitely until it is replaced by a new version.
  3. Current version The policy is freely available on the Internet at https://mysite.ru/policy/.

Margarita Ledovskikh

I am glad to welcome you to our website. My name is Margarita Ledovskikh, I am a media lawyer. I have been working in the field of information law for 19 years, of which 6 years I have been leading the “Law on the Network” project.

Site search

We provide services for registering websites as media outlets

Preparatory stage First, you need time for preparatory actions. I am writing about this because sometimes these points are not taken into account. To the founders - individuals At a minimum, you need to visit the bank and a notary to make notarized copies of documents. You will say that you can pay through online banking without leaving your home, and this is the absolute truth, but even in this case you need to go to […]

We will prepare documents for your website

When the customer, after you have provided him with a service, signs the act, you have in your hands documentary evidence of the fulfillment of obligations. And if suddenly the customer begins to refuse to accept the result of the work, you can resolve all issues with this document. But in the case of remote services, such as online education or consultations via Skype, acts are not signed. At […]

Part 3

Compliance with legal requirements for privacy policy

    Do you need a privacy policy? You collect personal information about customers, whether through website or page transactions. in social networks? Then you must create and comply with a privacy policy. In other words, these will be your terms and conditions for the collection, use, transfer and protection of third party data. The Consumer Protection Bureau describes the importance of privacy and policy on its website. The US Small Business Administration also recognizes the importance of confidentiality and privacy, as described on the organization's website.

    Review the types of clauses in the privacy policy. The Privacy Policy contains a number of different provisions. It includes, but is not limited to these provisions:

    Make sure you don't promise anything you can't deliver. Very often people make a serious mistake when they use phrases like “We do not share your personal information with third parties.” Unfortunately, purchase and sale transactions and Internet transactions as such do not leave the opportunity to avoid the exchange of this information. For example, an intermediary bank processing a customer's credit card payments must have at least some information about the customer. Such statements can be costly to you, so it is important to have the privacy policy reviewed by a legal professional.

Did you like the article? Share it
We recommend articles on the topic
Order 343 mail. Order by Russian post. Consequences of failure to appear in court when summonedOrder 343 mail. Order by Russian post. Consequences of failure to appear in court when summoned
How to put a password on a folder on a Windows computer without and with programsHow to put a password on a folder on a Windows computer without and with programs
Pluton – Free Bootstrap HTML5 One Page TemplatePluton – Free Bootstrap HTML5 One Page Template
Visitors are currently discussing
History of ZX Spectrum: Myths and reality New SpectrumHistory of ZX Spectrum: Myths and reality New Spectrum Programs
Voice assistant Siri from Apple Siri functions on iPhone 6sVoice assistant Siri from Apple Siri functions on iPhone 6s Anonymity
How to roll back to a previous version of iOS?How to roll back to a previous version of iOS? Browsers
Unlock iPad in four daysUnlock iPad in four days Webmaster