Top.Mail.Ru
Privacy Policy — Postmypost
Log in
Sign up
RU EN
Log in Sign up
Glossary – Privacy Policy

Privacy Policy

Nikiforov Alexander
Friend of clients
Back

Contents

What is a privacy policy?

A privacy policy is an important document that describes how a company processes and uses its users' personal data. This document is mandatory for all organizations that collect and process users' personal data. The absence of a policy or failure to comply with its terms can lead to serious consequences, including fines and even the blocking of the website.

Key terms

Before delving into the details of the privacy policy, it is important to understand the key terms that are commonly found in this area:

  • Operator — a natural or legal person that collects and processes users' personal data.
  • Subject — an individual whose data is collected by the operator. This is the user who interacts with the website.
  • Personal data — any information that can identify a user, including name, contact details, photos, and other similar information.

Why is a privacy policy necessary?

A privacy policy is required in the following cases:

  • The website has forms for data collection, such as registrations, feedback, and subscription to newsletters.
  • The website uses technologies such as cookies to track user actions.
  • There are web analytics tools, such as Yandex.Metrica or Google Analytics.

In fact, almost all websites, including online stores, social networks, and educational platforms, should have a privacy policy, regardless of their traffic or age.

Consequences of not having a policy

Working with personal data in Russia is regulated by legislation, including Law No. 152-FZ “On Personal Data.” Non-compliance with the provisions of this law can lead to fines and sanctions. In particular, if a website lacks a privacy policy, the operator faces a fine of between 30,000 to 60,000 rubles. If a policy exists but the conditions are not met, the fine can range from 60,000 to 100,000 rubles.

Fines can increase for legal entities, including large companies. For example, in 2021, Twitter, Facebook, and WhatsApp were fined 36 million rubles for failing to comply with the requirements for the localization of Russian users' data.

Structure of a privacy policy

A privacy policy should be clear and understandable for users. The main elements that should be included in the document are:

  • Information about the operator — name, address, and contact details.
  • Legal grounds for data processing — legal bases on which data processing is carried out.
  • Purpose of data collection — an explanation of why the data is collected and how it will be used.
  • List of collected data — a specification of all types of personal data collected by the operator.
  • Conditions for data use — information on how the data will be processed and stored.
  • Data security — measures taken to protect users' personal data.

Additionally, sections regarding the transfer of data to third parties, cross-border data transfer, and frequently asked questions may be included. All these sections will help users better understand the privacy policy and ensure that their data is protected.