The document should contain the following information:
1. Data about the operator. Here you need to indicate the real legal or natural person – the owner of the site, and not the name of the Internet resource. If this is a site of a registered media outlet, the name of the editorial office must be indicated.
2. Purposes of data use. The user must understand where his data will be used and for what. This is a very important part of the document. If it later turns out that the operator uses user data for purposes not specified in the policy (for example, transfers to third parties), this will be considered a violation.
3. What kind of personal data is collected by the operator. Here it is worth knowing that the policy of Roskomnadzor is this: the operator should not collect more personal data than is necessary for his activities. That is, if you, for example, offer to subscribe to news, but at the same time request the user’s date of birth and address, this will look strange and may be considered a violation. In such cases, it is necessary to explain for what purposes you collect such information.
4. The procedure and conditions for the processing of personal data. It describes how the data will be stored, when and how it will be destroyed, how it will (if any) be transferred to third parties. In the latter case, the operator must ensure that, when transferring user data to someone else, he warns of the need to respect the confidentiality of data.
In the same part, practically significant information is indicated: what rights the user has, where he can apply with a request for the processing of his data, with a statement to withdraw his consent, etc.
Where to publish
Cookies and IP adresses are also data
When a user works with a site, some information about him remains on the server. They should also be mentioned separately.
First, the web server records the IP addresses of the devices through which the user accesses the site. In most cases, they can be used to determine the geographic location of the visitor, his Internet provider.
Information about users’ IP addresses and cookies are also data that must be used with the permission of the resource visitor. That is, the user should be warned about this at the very beginning of his work with the site.