Hello friends! In this article I present to you a sample privacy policy for the site, this document will be useful for further work. If you make money via the Internet, provide services to people, collect contact information from visitors to your website, then you definitely need a privacy policy.

Privacy Policy What is it?

So, before presenting you with a sample privacy policy for a website or landing page, I want to tell you a little about what it is. After all, the article will be read by both beginners who have not even heard of it, and those who have heard but do not know what it is. To begin with, let me remind you that at the end of each subscription page (landing page), selling page, at the very bottom, “Privacy Policy” or “User Agreement” is written in small letters.

I think you’ve seen this post many times, but it’s unlikely you’ve read it. So, a privacy policy is a legal document that regulates the right of the owner of a blog, landing page, website to collect, store and process personal data of visitors. For example, when collecting personal data from subscribers.

Why are the site's user agreement and privacy policy so important to us? It's all about Federal Law No. 152-FZ “On Personal Data” dated July 27, 2006. That is, if we collect personal data of our subscribers and sell them goods, then we are obliged to comply with the above federal law.

You can say why I need this, I can run my blog anyway. On the one hand, this is true, but on the other hand, all major representatives of advertising and business on the Internet are required to comply with the law. The state constantly checks them. For this reason, it will be impossible to place an advertisement, for example, on VKontakte, in Yandex Direct, if you do not have a legal document named user agreement for the site or privacy policy.

When purchasing advertising on such resources, you simply will not be able to undergo moderation, you will not be able to advertise your information products, affiliate programs, and so on. If the site presents legal entity, then the privacy policy for the site (user agreement) is drawn up by lawyers, and then undergoes examination by certified bodies. By the way, it costs some money.

As you can see, the privacy policy is a serious document. You must have it if you collect subscribers, if you sell goods and services. I'm not a lawyer, but I know that the site's user agreement is slightly different from the privacy policy.

The user agreement for the site specifies the terms of sale of goods, conditions for returning goods, copyright, dispute resolution, protection of personal data and terms of service. If you collect only subscribers, then it will be enough for you to guarantee the safety of personal data, that is, to have a privacy policy for the landing page (site). So, we have figured out this issue, and now let’s look at where to get a sample privacy policy for a website?

Sample privacy policy for the site, where to get it

Everything is quite simple, it is only important to know about it. To obtain a sample privacy policy for a website, a sample privacy policy for a landing page, there are two options:

1. You can find several subscription and sales pages on the Internet, go to them bottom part and click on “Privacy Policy” or “User Agreement”. The text is opened to you, usually in PDF format. You can download this text, and then edit it, insert your personal data into it. You need to understand that you can download both the correct version and the incorrect one.
2. If you have legal knowledge, then you can open Law No. 152-FZ and draw up a user agreement yourself. You can hire a qualified lawyer to help you draw up this document. Of course, if you have an online store, you will need to undergo examination of this document in a certified center.

If you sell information products, then you usually use a sales page. On it you must indicate the terms of sale, guarantees, conditions for returning goods, copyright, and so on. In essence, this will be the user agreement. To see how to properly create a sales page, where all the terms of the user agreement will be displayed, you need to download the sales page from experienced information businessmen.

It is not necessary to establish a privacy policy on your blog, but if you plan to advertise it on advertising networks, then it is better to do so. You can download a sample privacy policy for a website (landing page) from my resource. Just don’t forget to replace your personal data in it – blog name, email.

Using the downloaded sample privacy policy for a website (landing page), you will create your personal legal document, then upload it either to the root of your blog, or to Yandex Drive, Mail cloud, and so on. When you make your subscription or sales page, you will only insert a link to the privacy policy (user agreement).

Conclusion

You have received a sample privacy policy for a website (landing page), you can now customize it for yourself and you will legally sell goods and services, as well as collect subscribers.

You must remember that the privacy policy is an important legal document; if a complaint is received against you, the proceedings may be in court. Therefore, it is better to do everything right now and work calmly. As you can see from the article, nothing is difficult, you just need to do everything right at once. Good luck to you!

Receive new blog articles directly to your email. Fill out the form, click the "Subscribe" button

Sample Privacy Policy can be freely used in full or in any part of it, including reworked, provided that a signature is placed directly under the text indicating the source of borrowing and an active hypertext link to the website www.site the following type : Privacy Policy template developed Law company IT-Lex

Sample Privacy Policy designed for landing pages and sites with a simple form feedback. The policy may also be suitable for sites with a newsletter subscription form. For online store or notice boards with complex registration forms we recommend using full version Privacy Policy, which regulates the processing of user personal data.

Privacy Policy

This document “Privacy Policy” (hereinafter referred to as the “Policy”) represents the rules for the use /indicate the site owner/ (hereinafter referred to as “we” and/or the “Administration”) of data from Internet users (hereinafter referred to as “you” and/or “ User") collected using the site / specify the site URL / (hereinafter referred to as the “Site”).

1. Processed data

1.1. We do not collect your personal data using the Site.

1.2. All data collected on the Site is provided and accepted in anonymized form (hereinafter referred to as “Anonymized Data”).

1.3. Anonymized data includes the following information that does not identify you:

1.3.1. Information that you provide about yourself independently using online forms and software modules of the Site, including name and telephone number and/or address email.

1.3.2. Data that is transferred in anonymized form automatically, depending on the settings you use software.

1.4. The Administration has the right to establish requirements for the composition of the User’s Anonymized Data, which is collected using the Site.

1.5. If certain information is not marked as mandatory, its provision or disclosure is at the User's discretion. At the same time, you give informed consent to access of an unlimited number of persons to such data. The specified data becomes publicly available from the moment it is provided and/or disclosed in another form.

1.6. The Administration does not check the accuracy of the data provided and whether the User has the necessary consent to process it in accordance with this Policy, believing that the User acts in good faith, carefully and makes every effort to keep such information up to date and obtain all necessary consents for its use .

1.7. You understand and accept the possibility of using third party software on the Site, as a result of which such parties may receive and transmit the data specified in clause 1.3 in anonymized form.

Example! The specified third-party software includes systems for collecting visit statistics Google Analytics and Yandex.Metrica.

1.8. The composition and conditions for collecting anonymized data using third-party software are determined directly by their copyright holders and may include:

• browser data (type, version, cookie);
• device data and its location;
• operating system data (type, version, screen resolution);
• request data (time, referral source, IP address).

1.9. The Administration is not responsible for the procedure for using the User’s Anonymized Data by third parties.

2. Purposes of data processing

2.1. The administration uses the data for the following purposes:

2.1.1. Processing incoming requests and communication with the User;

2.1.2. Information services, including distribution of advertising and information materials;

2.1.3. Conducting marketing, statistical and other research;

3. Data protection requirements

3.1. The administration stores data and ensures its protection from unauthorized access and distribution in accordance with internal rules and regulations.

3.2. Confidentiality is maintained in relation to the received data, except for cases when they are made publicly available by the User, and also when the technologies and software of third parties used on the Site or the settings of the software used by the User provide for open exchange with these persons and/or other participants and users of the Internet .

3.3. In order to improve the quality of work, the Administration has the right to store log files about the actions performed by the User while using the Site for 1 (One) year.

4. Data transfer

4.1. The administration has the right to transfer data to third parties in the following cases:

• The User has expressed his consent to such actions, including cases where the User uses settings of the software used that do not limit the provision of certain information;
• Transfer is necessary as part of the User's use functionality Website;
• The transfer is required in accordance with the purposes of data processing;
• In connection with the transfer of the Site into the possession, use or ownership of such third party;
• At the request of a court or other authorized government body within the framework of the procedure established by law;
• To protect the rights and legitimate interests of the Administration in connection with violations committed by the User.

5. Changes to the Privacy Policy

5.1. This Policy may be changed or terminated by the Administration in unilaterally without prior notice to the User. The new version of the Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new version of the Policy.

5.2. The current version of the Policy is located on the Website on the Internet at:
The current version of the Policy is dated __________ 201_.

Pay attention! The Privacy Policy sample is not suitable for sites with a registration and/or feedback form that requires the provision of other personal information about the user in addition to the phone number and/or email address. Therefore, we do not recommend this privacy policy template for an online store, bulletin board, trading platform and other sites that process users’ personal data.
In the case of processing personal data, the Privacy Policy must be supplemented with mandatory conditions on the composition, grounds, methods and purposes of processing personal data, and obtaining the consent of the subject of personal data with the rules established in the Policy.

Which unscrupulous site owners can use for personal gain. And even if this information is minimal, the very fact that mailbox is full of spam with a wide variety of offers, indicating that the privacy policy on some site is a little lame.

Legal basis

Not so long ago, the privacy policy for a website was something completely incomprehensible and optional. But legislative framework changed the view on the secrecy of personal data of Internet users.

Today there are laws that regulate the activities of most resources working with personal information. In Ukraine this is the law “On the Protection of Personal Data”, in the Russian Federation - “On Personal Data”. These regulatory documents It has been established that any personal information collected, including by websites, should not be passed on to third parties.

In addition, the resource is obliged to inform for what purpose the information is being collected, how it will be used and how the owner will protect it from getting to third parties. This document, called the Data Privacy Policy, must be posted in a clear and conspicuous manner so that anyone visiting the site can review it before providing any information about themselves.

What data is covered by the privacy policy?

Let’s answer right away: everything. On the Internet, when registering on websites, people leave a variety of information about themselves: from name to card number or All this is considered secret information that should not fall into the hands of third parties. And if everything is not so scary with the name, since there is no way to check it, then bank details are secret information, the disclosure of which can cause financial losses on the part of the user.

When collecting any data about a person visiting your site, remember that the first name, last name, patronymic, address, date of birth and even the name of the dog are secret information that the person shares with you in order to receive the service you offer at the proper level. If such information falls into third hands, trust in your resource decreases. In addition, this may give rise to legal action against

Why is information collection needed?

The Internet is replete with many interesting sites, but a person often loses an interesting resource as soon as he closes the tab in the browser. To prevent this from happening, site owners collect data about visitors in order to periodically remind them of themselves with news and interesting promotional offers. Google's privacy policy is an example of how to integrate multiple resources belonging to the same company. So, leaving his personal data, the user will find it on related sites. This is done in order to satisfy people's needs as much as possible.

Retaining visitors and meeting their needs - sites collect email addresses and names for these purposes. In online stores, everything is a little more complicated, since a person will need to make a financial transaction. Therefore, more data will be required here, but the privacy policy for the site should be stricter.

Rules for drawing up a document

First, you should understand that the privacy policy is a legal document that has been passed expert analysis from relevant specialists, confirming the right of the website owner to collect, process and store personal data of Internet users.

Therefore, drawing up a document carries great responsibility and must be strictly followed by the rules. Fortunately, there are no clear standards for what to write and how to write it. But there are still some features.

The style of presentation should be formal and businesslike, since this is a legal document that can be accepted for consideration even in a situation where all information should be presented in a clear and understandable language. A correct document is one that does not contain any ambiguous or unclear language.

A good privacy policy for a website, a sample of which should be familiar to the owner of any Internet resource, is concise and not voluminous. You should not describe in detail how personal information will be processed and stored. But also to reduce important points also not recommended.

Stages of compilation

To make your privacy policy, the text of which is located on the site, clear and logical, first study the legal framework so that you know what you have the right to and what it is better to refrain from.

It is better to look at examples of this document on authoritative resources owned by serious companies. The fact is that they are required to have a lawyer on staff who draws up such documents.

Write down all the points that you need to include in the document. At the same time, at the initial stage, try to do this without prompts and outside help. Be clear about when and how you will use the data received, and how a person may require you to destroy information about yourself.

It is important to indicate your responsibility if the information suddenly gets to third parties. It is also better to include a clause about what will happen to the data if the site is sold. If you use third-party resources, such as payment systems, for example, do not forget to mention this, since you will also need to indicate the data of your users there.

Re-read the finished document and check it with the samples, correct it and publish it in the most visible place on the website.

Qualified help

Of course, specialized lawyers know best about confidentiality. If your resource requires collecting a large amount of information about clients, it is recommended to contact them for help. Enough for a simple website standard document, which guarantees that his email address will not fall into the hands of third parties. For online stores and serious portals, it is better to play it safe on all sides, especially if you have to deal with rather personal information. Lawyers will quickly and easily create a document that will cover all areas of your activity and will ensure that there are no ambiguous expressions or gaps in the privacy policy.

By paying a professional once, you guarantee yourself absolutely legal activities related to client personal data databases. And user trust will increase in the company that has a real document, and not a note like “I won’t tell anyone. Honestly, honestly!”

Conversion and privacy policy

Even the simplest privacy policy, a sample of which is available on every website, helps increase resource conversion if it is written correctly. These are the results of a study by a marketer who tests. He found that expressing assurances that personal information would not be shared with third parties or misused increased people's trust by almost 20%. On the scale of several thousand visitors per day, this is not a small figure at all.

But when mentioning the guarantee of data non-disclosure, you should avoid words with negative associations. In the study, the word was “spam.” After seeing it, almost 19% of people refused to leave their data on the site.

Guaranteeing the safety of personal data always increases trust in the site. This is very important, because the Internet is a place where there are a lot of scammers, and proving to people that the site is honest is not so easy.

Who needs this document?

Ideally, everyone should have a privacy policy for the site. A sample drawn up by a competent lawyer will become the basis of a document that guarantees the safety of users. But first of all, online stores and social networks, which have large databases. Also, we should not forget about the document information and educational resources, for which it is very important element activity is sending by e-mail. Simple sites can do without a privacy policy only if they do not collect information. Otherwise, you may run into a lawsuit.

Legal consequences

To be fair, it should be said that the privacy policy is the most “dead” section of any website. Only a few users read it before taking any action. But it is very important because it insures the resource owner against possible litigation.

Many samples have a clause indicating that the person automatically agrees to the terms of the document the moment he sends his data to you. If the site does not have any document at all regulating your activities with personal information, this means that its owner can be sued for disclosing this very information. Therefore, by publishing the terms of your privacy policy on your site, you assure users that you will treat their data responsibly, while at the same time protecting yourself from unnecessary red tape.

All sites created for the purpose of selling goods or advertising services contain user registration. Login to your account is carried out using a password and login.

In addition, the site owner is required to provide a minimum of information about himself: full name, email address and contact information (telephone). All personal information about users falls under the category of personal data and is protected by law.

What is it?

A privacy policy is a legal document that has been examined by experienced specialists and regulates the right of the website owner to collect, process, use and store personal data of visitors. Unscrupulous owners of an Internet resource can use users’ personal data for their own selfish interests.

Until recently, this policy for the site was something of secondary importance. Many owners, and even more so clients, did not even understand its meaning. Currently, the legislative framework regulates the activities of most resources that request data on personal information.

Regulatory documents establish responsibility for the transfer of any user data to third parties. The owner must indicate how users will be protected from information leakage.

The document called the “Data Privacy Policy” should be located on the first page of the site, in a visible place so that the user can familiarize himself with its contents before registering.

This documentation applies to all user data that he leaves on the site: from name or postal address to bank card number and telephone number. Disclosure of other people's data can harm a person financially and morally. After all, he shares personal information to gain access to goods or services.

If information about users becomes known to scammers or advertising companies, then they will lose trust in your site. In addition, for disclosing confidential information The court decision provides for administrative penalties.

What is this for?

There are many interesting sites on the Internet, and it is difficult to keep someone on your resource for a long time. Usually, having found the necessary information, a person closes the tab and rarely comes back. The next time he makes another request and finds what he wants on another similar site.

In order not to lose visitors, site owners collect information about everyone who looks at their pages, so that they can periodically and unobtrusively remind them of themselves with news and interesting offers. All updates are sent to the registered user's email address.

The owner of the Internet resource must, in the appropriate paragraph, explain to clients the purpose of providing personal data: why it is collected and how it will be used. Even the requirement to provide only an email address does not exempt you from the obligation to include a privacy policy.

In order to retain visitors and meet their needs, sites collect names and email addresses.

The fact that your mailbox is daily filled with unnecessary offers and advertising means that this policy of one of the sites on which you indicated your e-mail is incompetent or absent.

Some resources may transfer contact information and username to related sites that operate in conjunction. They do not have the right to overload the client with unnecessary information, but they can offer something according to requests. This is how Google's privacy policy works.

In online stores, a login and email address are not enough to register. Here everything is a little more complicated - after all, a person has to make a financial transaction. Therefore, the document in question must be much stricter. Landing companies need a policy to successfully pass moderation in advertising networks.

Competent drafting

To begin with, you should understand that drawing up a document involves great responsibility. There are no clear standards for what to present and how to present it. This means that each paragraph must contain reliable information about the site itself, as well as the company’s obligations to its visitors (customers).

Special requirements for compilation:

• formal business style of presentation;
• clear and precise language, compliance with the norms and rules of writing;
• absence of ambiguous or not entirely clear formulations;
• conciseness and brevity;
• It is not necessary to indicate details of where and how information will be stored. It is more important to indicate the main important points and guarantees of non-disclosure of personal data. In order not to lose confidence that all the information in the section is understandable and logical for each user, the resource administrator should study the legal framework. Goal: to know what the site has the right to, what actions it is better to refuse and what to refrain from.

As a rule, the staff of self-respecting large companies includes a lawyer who is involved in the preparation of all important such documents.


Procedure:

1. Jot down all the points that you think are mandatory on the draft, without outside help.
2. Make notes, and then clearly describe how you will use the data provided and how a person who leaves the site can ask for all personal information about him to be destroyed.
3. Indicate all cases when information may leak to third parties and in which of them responsibility will fall on you, as the administrator and owner of the resource.
4. Include information about what will happen to confidential data when the site moves to another company.
5. The finished document should be re-read, checked against the model in structure, amendments made, and only then placed in the designated place.

Guaranteed promise that the information will not be transferred in any form to third parties and will not be used for other purposes, can increase user confidence several times. It is best to have an experienced lawyer draft this document.

You can see the procedure for compiling it and posting it on the resource in the following video:

What items should be included?

• The type of information collected and the purpose for which it is done.
• Managing Personal Information: Instructions for managing, editing or deleting personal information. If data remains on the site for some time after deleting an account, the user should be made aware of this.
• Exchange of information on the site: if users can exchange personal messages, you need to inform about the protection of their content from indexing by search engines.
• What measures have been taken to protect the personal data of each user.
• Conditions for transferring data to third parties:
  • official request law enforcement agencies to transmit information;
  • preventing fraudulent activities;
  • protection of user rights;
  • execution of a court decision, etc.
• Contacts: who and how you can contact if a problem arises.
• Informing about changes in the section.

In fact, it turns out that the privacy policy is the least opened section of any website. Users do not have time to study such points; only a few read it to the end. However, if any problems arise, this section may be the most important, as it insures the owner against litigation.

e-commerce management,

Legislation in IT,

Patenting

• Tutorial

At numerous requests from working webmasters and website owners, we published free sample privacy policy for sites with a feedback form, subscription or call order.

We decided to take this step because this form of the Policy does not provide for the processing of personal data, and as a result does not imply much variability in the decision. It is important to remember that it is not suitable for sites that process personal data. For example, online stores and other services where, in addition to a phone number or email, the user additionally provides other information about himself, require more attention to the issues of processing personal data.

Therefore, we thought about options for compiling a “folk” Privacy policies with PD processing. A simple template will not do here. We took as a basis the Recommendations of Roskomnadzor (hereinafter referred to as the “Recommendations”) issued in 2017 on the preparation of a document defining the operator’s policy regarding the processing of personal data (hereinafter referred to as the “Policy”). We supplemented it with live examples.

Let's see what happened.

In Section 1, Roskomnadzor states that the Recommendations were developed in order to develop unified approaches to the structure and form of the Policy. We willingly believe and follow the wishes of the department to facilitate further work with auditors.

Section 2 quotes the basic concepts from the Federal Law “On Personal Data”. We skip it as unnecessary. If desired, it is better to introduce your own terms into the Policy, clarifying the legal ones.

Section 3 finally provided the long-awaited advice on the structure and content of the Policy. Let's look at them in detail.

1. General provisions of the Policy

In this section, it is recommended to describe the purpose of the Policy, as well as include the basic concepts used in it (processing of personal data, operator, subject of personal data, confidentiality of personal data, etc.), list the basic rights and obligations of the operator and subject(s) of personal data data.

So let's start with definitions. In order not to repeat Federal Law 152, we suggest making references to specific clauses and sections of the Policy that specify the concepts used. Below is an example of the terms and definitions of the Privacy Policy for an online store.

1.1. In this document and the relations of the Parties arising or related thereto, the following terms and definitions apply:

Personal data– data provided by the subject of personal data or his representative, the scope and composition of which are indicated in paragraph X.X. Politicians.

Administration– Romashka LLC, INN XXX, OGRN XXX, Address: XXXXX, in the legal possession and/or management of which the Site is located. In the cases provided for in this Policy, the Administration acts as a personal data operator.

User– a person using the Site for the purpose of concluding and/or executing Agreements.

Agreement– user agreement for the use of the Site, purchase and sale agreement, supply agreement, transportation agreement and/or other agreement proposed for conclusion and/or concluded by the User on the basis of any offer posted on the Site.

Processing of personal data– an action (operation) or a set of actions (operations) with personal data listed in paragraph X.X. Politicians.

Website– an automated information system available on the Internet at the network address: /URL/.

1.2. This Policy uses the terms and definitions provided for in the Agreement, as well as other Agreements concluded with the User, unless otherwise provided for in this Policy or follows from its essence. In other cases, the interpretation of the term used in the Policy is made in accordance with current legislation Russian Federation, or business customs.

2. Purposes of collecting personal data

According to the Recommendations, the processing of personal data should be limited to the achievement of specific, pre-defined and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted.

If you do not want to register with Roskomnadzor and undergo subsequent mandatory checks, we propose linking all purposes of PD processing with the conclusion and execution of contracts.

The role of such an agreement can be performed by the User Agreement, accepted by each user at the beginning of using the Site, or another agreement proposed by the owner of the Site.

As a result, we get a fairly standard set of goals:

1. Concluding agreements with the user for the use or use of the Site.
2. Identification of the user as part of the fulfillment of obligations under agreements concluded with him.
3. Fulfillment of obligations under concluded agreements, including providing the user with access to the Site and technical support, and the user’s use of the functionality of the Site.
4. Invoicing and balance refund cash in case of termination of paid contracts concluded with the user.
5. Notification within information services, mailings and improving the quality of service under concluded Agreements, including with the involvement of third parties.

3. Legal grounds for processing personal data

According to the explanation of Roskomnadzor, the legal basis for the processing of personal data is the set of legal acts in pursuance of which and in accordance with which the operator processes personal data.

If the above link exists, the legal basis for the processing of personal data may be the agreements concluded between the operator and the subject of personal data.

If personal data is processed for other purposes, a separate consent to the processing of personal data must be indicated as a basis.

4. Volume and categories of personal data processed, categories of personal data subjects

Roskomnadzor warns that the content and volume of personal data processed must correspond to the stated purposes of processing. The personal data processed should not be redundant in relation to the stated purposes of their processing.

First of all, we provide data from the fields of online feedback, order, subscription and registration forms. Then we pay close attention to the composition of the information entered by the user when filling out a profile in his personal account.

Additionally, we indicate the data that is requested by support or the sales department when filling out or processing applications over the phone or at service points.

5. Procedure and conditions for processing personal data

In this section, Roskomnadzor recommends indicating a list of actions performed by the operator with the personal data of subjects, as well as the methods used by the operator for processing personal data and the timing of processing personal data.

Let's choose. Federal Law 152 provides the following list of operations with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Processing methods may include:

A) automated processing of personal data

B) processing of personal data without the use of automation tools.

According to the definition given in Federal Law 152, automated processing of personal data is the processing of personal data using computer technology.

It would seem that this includes any actions with personal data performed using computer technology. But it's not that simple. We look at the Regulations on the specifics of processing personal data carried out without the use of automation tools, approved by Decree of the Government of the Russian Federation of September 15, 2008 N 687.

Clause 1 states that the processing of personal data contained in information system personal data or extracted from such a system (hereinafter referred to as personal data) is considered to be carried out without the use of automation tools (non-automated), if such actions with personal data as use, clarification, distribution, destruction of personal data in relation to each of the subjects of personal data are carried out with direct human participation.

The processing of personal data cannot be recognized as carried out using automation tools only on the basis that personal data is contained in the personal data information system or was extracted from it (clause 2).

In other words, if personal data is not used, clarified, distributed and destroyed in the IPDN of your website automatically without human intervention, you can safely choose the second processing method - processing personal data without the use of automation tools.

The result of this simple action there will be a legal refusal to apply the draconian requirements of Federal Law 152 for the processing of automated processing of personal income tax in the information system.

Regarding the timing of PD processing We propose to indicate, at a minimum, the validity period of the agreement for which the PD was requested. You can add to the validity period of the contract 3 years of limitation for the protection of rights in connection with its execution.

Roskomnadzor reminds that when storing personal data, the personal data operator is obliged to use databases located on the territory of the Russian Federation, in accordance with Part 5 of Art. 18 Federal Law“About personal data.” It is not necessary to reflect this point in the Policy, since it is related to actual circumstances. Although, as a matter of form, you can include in the Policy a declarative article on the processing of personal data in Russia.

• The user has expressed his consent to such actions;
• The transfer is required for the conclusion and performance of contracts on or using the Site;
• At the request of a court or other authorized government body within the framework of the procedure established by law
• To protect rights and legitimate interests in connection with violation of agreements concluded with the user.

Within certain limits, this list can be expanded to include cases of sale of the Site or transfer of PD in anonymized form.

In addition, Roskomnadzor recommends indicating in this section of the Policy information about compliance with the requirements for confidentiality of personal data established by Art. 7 of the Federal Law “On Personal Data”, as well as information about the operator taking measures provided for in Part 2 of Art. 18.1, part 1 art. 19 of the Federal Law “On Personal Data”.

In practice, this information boils down to a statement that the Site administration stores Personal Data and ensures its protection from unauthorized access and distribution in accordance with internal rules and regulations.

6. Updating, correction, deletion and destruction of personal data, responses to requests from subjects for access to personal data

Roskomnadzor recommends including in the Policy regulations(s) for responding to requests/appeals from personal data subjects and their representatives, authorized bodies regarding the inaccuracy of personal data, illegality of their processing, withdrawal of consent and access of the personal data subject to their data, as well as relevant forms of requests/ requests.

In such cases, it is usually indicated that the user has the right at any time to independently edit the information provided by him in his personal account. In case of termination of the concluded agreement, the user has the right to delete his own personal account yourself or by contacting the support service at the email address ХХХ@ХХХ.ХХ.

If desired, you can tighten the terms of the regulations for processing requests to change/delete PD, requiring the user to send valuable letters to your address in Bobruisk.

7. Processing of anonymized data

It is noteworthy that Roskomnadzor, as always, avoided the issue of processing equally important data for users that is not considered personal. We are talking about information collected automatically on the site: cookies, IP, information about the device and its location, etc.

Apparently, Roskomnadzor stubbornly does not want to disclose the composition of personal data, even by exclusion through information that is not personal. However, in practice, it is customary to include a notice and procedure for processing such data in the Privacy Policy in order to fully inform the user about the consequences of using the site.

Below is an example of such a notification.

You understand and accept the possibility of using third party software on the Site, as a result of which such parties may receive and transmit data in anonymized form.
These third party software include Google Analytics visitor statistics collection systems.

The composition and conditions for collecting anonymized data using third-party software are determined directly by their copyright holders and may include:

• browser data (type, version, cookie);
• device data and its location;
• operating system data (type, version, screen resolution);
• request data (time, referral source, IP address).

A full description of the conditions for processing anonymized data can be found in the sample Privacy Policy with which we began our article.

We wish you success in developing your own Privacy Policy in accordance with the recommendations of Roskomnadzor and the approaches developed in practice.