RU EN

Privacy and Cookie Policy

Ivan Mashin
Request a call

Before launching the site, it is necessary to draw up a Privacy Policy, including a Cookie Policy. This requirement is provided for by the legislation of all countries, only the level of requirements changes from national regulation.

The privacy policy should be consistent with your real data processing processes and be understandable to the user, contain a list of his rights. You can read about the Privacy Policy and Cookie Policy in our article.

Contents:

What is the Privacy and Cookies Policy for?

The Law "On Personal Data" imposes on operators processing personal data (hereinafter - PD) the obligation to accept internal documents that regulate their policy regarding the protection of PD. Cookies also belong to PD. Therefore, the company must accept the Privacy Policy and the Cookie Policy. For failure to fulfill this obligation, liability is provided - Art. 13.11 of the Code of Administrative Offenses.  

Differences in Privacy Policy requirements depending on national regulations 

The formulation of the Privacy Policy and Cookie Processing Policy may depend on national regulations. If you are entering a specific market, it is best to look at the requirements of that country. The highest standards are enshrined in the GDPR - the European Union Regulation on the protection of personal data. Many countries are trying to bring their regulation under European law. If you are doing e-commerce, then the GDPR will apply to you if you offer goods or services to EU residents. If you are creating a mobile application for the European market, then you must also take into account the requirements of European regulation. There are countries in which the regulation is more lenient, and PDs are not subject to strict protection.

How to draw up a Privacy Policy?

When drafting the Policy, it is better to focus on the criterion laid down by the GDPR: The Policy must be understandable to the user and not mislead him. It is better to describe all the processes described in the Policy without complex legal structures, so that, based on the text, everyone can understand what rights and obligations they have. The company is most interested in meeting all the requirements, so it is worth taking a proactive approach. If the company operates with big data, it is better to hire a special employee responsible for the company's policy in this area.

What personal data the company collects?

The Privacy Policy should indicate which PD is processed by the company. If registration is possible on the site, then this will be the data obtained during this process. In addition, the company will process data from the use of the site. Depending on the technical processes, it is necessary to select all the categories of data that the user provides.

For what purposes personal data are processed?

One of the criteria for lawful processing of PD is compliance of processing with the goals. If you process more data than you need to achieve your goals, it may also entail administrative responsibility. Upon reaching the goals, the data must be destroyed. At the same time, goals should not be formulated too abstractly. The objectives must be pre-defined and the user will give his consent not for general data processing, but for specific purposes.

Storage and protection of personal data 

In this section, the company must indicate how exactly it will process PD, protecting and restricting access to them. The Privacy Policy must indicate who has access to the data and to whom you transfer it.

Rights of personal data subject during their processing  

In the Privacy Policy, it is better to indicate what rights the subject of the PD has. The Company may not restrict the rights set forth in the Act. These include:

  • The right to provide a copy of the PD;
  • The right to withdraw consent to actions with the PD;
  • The right to request PD removal.

Drawing up a Cookie Policy

These small files reside on the user's device. Based on the goals of the collection, several groups are identified that explain why companies need them:

  • Strictly necessary, without which the provision of the service will become impossible. For example, registration data;
  • Operational, relating to the use of the site, for example, the number of visits;
  • Analytical, which the company needs to find out who and when visited the site;
  • Sponsored to customize effective ads.

Based on these types, the Policy needs to prescribe the purposes of processing: personalization of the site, ensuring convenient operation, the ability to register, providing a service, etc. It is also worth pointing out the user's right to configure cookies in his browser, disable them in whole or in part. However, in this situation, some of the functions of the site or application will become unavailable to users.

Personal data permitted for use - new requirements 2021

A separate article was introduced into the existing Law, dedicated to the data allowed for dissemination. Art. 10.1 of the Law will apply primarily to social networks, ad aggregators and other services that publish PD for an unlimited number of people. If the network is closed, for example, a corporate network, then, probably, this article will not apply.

Regarding this category, the regulation has become more detailed. The operator should now:

  • Provide an opportunity to select a list of data in each category to which the user agrees;
  • Create conditions for the user that he could himself establish prohibitions on the transfer of information to an unlimited circle of persons.

Regarding such data, the legislator once again points out the user's right to request deletion. Along with this, administrative responsibility is increased in case of violation of these rules. This once again emphasizes the need for the adoption of regulatory documents.

Consent to the terms of the Privacy Policy 

The policy does not matter if users do not agree with its terms and do not consent to the transfer of PD. Before a user consents, they must be familiar with the terms and conditions, so the consent box must be located after the Policy text or a link to it. Also, consent should be voluntary, unambiguous and concrete, which is why in agreement it is necessary to indicate the goals of data processing.

Thus, when launching a site, you need to take into account the requirements for confidentiality and put them in the algorithms. Another inevitable step before launching a site or application is the drafting of a Privacy Policy and Cookie Processing. However, spaces in these documents can make them unusable, for example, if you do not specify the goals. Privacy policy is a document that regulates the process of processing PD and will be read by users, and therefore it should be as clear as possible. If there is no Privacy Policy, you may be held administratively liable. If you have any questions or need help drafting Policies, please contact A4 Law Firm lawyers.

REMAINED
QUESTIONS?

Актуальные новости и статьи

11January
How to protect your computer game software?
Copyright protection for software and computer games is an issue that lawyers often face in connection with the active development of the gaming industry. Computer games are complex objects of intellectual property. Even if the developer registers a trademark and files a patent, some elements can still be used by third parties. The least protected objects include source code, game characters, music, graphics.
Узнать подробнее
31December
Where to create a cryptocurrency fund: country overview.
Due to the development of cryptocurrencies and the growth of their value, legislators in many countries pay close attention to them and develop appropriate regulation. At the moment, Estonia is one of the most attractive jurisdictions for doing cryptocurrency business.
Узнать подробнее
30December
How to choose the best tax system for a marketplace?
A marketplace is an online platform designed for buying and selling goods. The marketplace acts as an intermediary between the buyer and seller, providing them with a convenient platform for placing goods and buying them.
Узнать подробнее
29December
How to avoid violating copyright when writing FanFiction?
With the development of pop culture, the layer of its influence on society increases. At the time of 2021, there is a huge fan base, divided into societies, depending on their favorite work. Accordingly, in order to express their own creative potential, the fan base expresses it in the form of their own interpretation.
Узнать подробнее
28December
How to profitably use a company in Gibraltar?
Gibraltar is a British Overseas Territory located on the border of Europe and Africa and is an extremely attractive jurisdiction. Gibraltar is currently in the stage of economic growth, attracting a large number of investments from all over the world. Also, this jurisdiction is considered one jurisdiction with a high level of confidentiality and a fairly moderate tax regime. The first step in transferring your assets to Gibraltar is to set up a company. This is quite simple to do compared to other offshore jurisdictions.
Узнать подробнее
27December
Deposit as a way to protect copyright
In the legislation of the Russian Federation, there is no mandatory requirement for registration of copyright. Copyright arises at the time of creation of the object, therefore, there is no obligation to legally enforce the right. Despite this, attribution disputes are not uncommon for courts, and a deposit procedure exists to avoid lengthy litigation.
Узнать подробнее
24December
How to conclude a contract for the development of a website?
In connection with the general transition to online, business owners are increasingly faced with the need to create a website. Online business presentation increases your sales and brand awareness. At the same time, you should take a responsible attitude to the legal registration of relations with the developers of the site, since mistakes in drawing up a contract can lead to extremely negative consequences.
Узнать подробнее
23December
How to avoid site blocking?
When deciding to block a site, government agencies are required to act in accordance with Federal Law No. 149. This law provides a large number of grounds for blocking any resource. Article 15.1 149-FZ and Decree of the Government of the Russian Federation of October 26, 2012 No. 1101 establish a list of bodies authorized to make a decision on blocking a site, and also introduces a register of sites containing information prohibited in Russia. Any resource for which such a decision has been made is included in this register. Inclusion of a site in such a register means restricting access to it in Russia. Internet providers rely on this registry and, when any site gets there, they suspend access to it.
Узнать подробнее
NEWSLETTER SUBSCRIPTION
By pressing the subscribe button I agree to the  Privacy Policy
+7 (499) 841-05-05
telegram whatsapp
RU EN
a4lawfirm.ru
г.Москва г. Москва, Новоданиловская наб., дом 6, корп. 1, БЦ "Данилов плаза" +7 (499) 841-05-05 info@a4lawfirm.ru