ИБ: Зачем нужна Privacy Policy и что в ней меняет GDPR.

    Если посетитель оставляет комментарий на сайте, мы собираем данные указанные в форме комментария, а также IP адрес посетителя и данные user-agent браузера с целью определения спама. Анонимизированная строка создаваемая из вашего адреса email («хеш») может предоставляться сервису Gravatar, чтобы определить используете ли вы его. Политика конфиденциальности Gravatar доступна здесь: https://automattic.com/privacy/ . После одобрения комментария ваше изображение профиля будет видимым публично в контексте вашего комментария
  • Куки .
    Если вы оставляете комментарий на нашем сайте, вы можете включить сохранение вашего имени, адреса email и вебсайта в куки. Это делается для вашего удобства, чтобы не заполнять данные снова при повторном комментировании. Эти куки хранятся в течение одного года.
  • Встраиваемое содержимое других вебсайтов.
    Статьи на этом сайте могут включать встраиваемое содержимое (например видео, изображения, статьи и др.), подобное содержимое ведет себя так же, как если бы посетитель зашел на другой сайт. Эти сайты могут собирать ваши данные, использовать куки, внедрять дополнительное отслеживание третьей стороной и следить за вашим взаимодействием с внедренным содержимым, включая отслеживание взвимодействия если у вас есть учетная запись и вы авторизовались на том сайте.
  • Веб-аналитика.

    Этот сайт использует сервис веб-аналитики Яндекс.Метрика, предоставляемый компанией ООО «ЯНДЕКС», 119021, Россия, Москва, ул. Л. Толстого, 16 (далее - Яндекс).

    Сервис Яндекс.Метрика использует технологию «cookie» - небольшие текстовые файлы, размещаемые на компьютере пользователей с целью анализа их пользовательской активности.

    Собранная при помощи cookie информация не может идентифицировать вас, однако может помочь нам улучшить работу нашего сайта. Информация об использовании вами данного сайта, собранная при помощи cookie, будет передаваться Яндексу и храниться на сервере Яндекса в ЕС и Российской Федерации. Яндекс будет обрабатывать эту информацию для оценки использования вами сайта, составления для нас отчетов о деятельности нашего сайта, и предоставления других услуг. Яндекс обрабатывает эту информацию в порядке, установленном в условиях использования сервиса Яндекс.Метрика.

    Вы можете отказаться от использования файлов cookie, выбрав соответствующие настройки в браузере. Также вы можете использовать инструмент - https://yandex.ru/support/metrika/general/opt-out.html. Однако это может повлиять на работу некоторых функций сайта. Используя этот сайт, вы соглашаетесь на обработку данных о вас Яндексом в порядке и целях, указанных выше.

Как долго мы храним ваши данные

Если вы оставляете комментарий, то сам комментарий и его метаданные сохраняются неопределенно долго. Это делается для того, чтобы определять и одобрять последующие комментарии автоматически, вместо помещения их в очередь на одобрение.

Какие у вас права на ваши данные

При наличии учетной записи на сайте или если вы оставляли комментарии, то вы можете запросить файл экспорта персональных данных, которые мы сохранили о вас, включая предоставленные вами данные. Вы также можете запросить удаление этих данных, это не включает данные, которые мы обязаны хранить в административных целях, по закону или целях безопасности.

A Privacy Policy is a document where you disclose what personal data you collect from your website’s visitors, how you collect it, how you use it and other important details about your privacy practices.

In this post, we’ll take a look at what Privacy Policies are and why you likely need to have one posted on your website. We’ll also go over some important clauses that are useful to include in your Privacy Policy. Finally, we’ll look at how different websites display their Privacy Policies.

Privacy Policies are legally binding agreements you are required to post on your website if you’re collecting any sort of personal information from your site’s visitors or customers.

A Privacy Policy is an important legal document that lets users understand the various ways a website might be collecting personal information. The purpose of a Privacy Policy is to inform users of your data collection practices in order to protect the customer’s privacy.

Your Privacy Policy should disclose how the website/app collects information, how the information is used, whether or not it is shared with third parties and how it is protected and stored.

There are 3 main reasons for having a Privacy Policy: (1) you’re required by law, (2) you’re required by third party services, (3) you want to be transparent.

The most important reason Privacy Policies are useful is because you’re most likely required by the law to have one posted on your website. The in your region or the region you’re conducting business in may require you to include and abide by certain clauses in your Privacy Policy.

For instance, in the United States, the California Online Privacy Protection Act () requires websites that collect personal information from the residents of the state of California to include a statement in their Privacy Policy that discloses how you handle their information. Since there isn’t a way to filter out visitors from California, you’re likely required to comply with CalOPPA even if your website is ran from a location nowhere near California.

Forever 21’s Privacy Policy agreement has a separate section on California Residents that explains the rights of the residents of California in compliance with CalOPPA.

Similarly, Canada’s Personal Information Protection and Electronic Documents Act (), the Eu’s General Data Protection Regulation (), and Australia’s Privacy Act of 1988 also require you to post a Privacy Policy and include certain clauses in it if you’re collecting any personal information from the residents of these regions.

Required by Third Party Services

Most of the third party services you use to improve your website’s user experience, monitor analytics or display advertisements also require you to post a Privacy Policy on your website.

According to their requirements, you should include clauses that disclose how you use these third party services, APIs, SDKs, plugins, etc.

Some of the most popular third party services that require you to post a Privacy Policy on your website include:

Analytics services work by placing cookies on your visitors’ devices and then collecting information about them when they visit your website, such as which device(s) they use, browsing activities, etc.

This is why third party services (like Google Analytics) require you to post a Privacy Policy that discloses your usage of their services and cookies.

Google Analytics’ Terms of Service agreement states in its Privacy section that you must post a Privacy Policy on your website that discloses your use of cookies and your use of Google Analytics and how it collects and processes data.

Websites and web applications that use analytics services to improve the user experience they deliver must therefore abide by these rules.

If you’re a Facebook app developer, you’re required by Facebook to post a Privacy Policy on your website that’s easily accessible and discloses the information you collect and how you will use that information.

As more and more people online are becoming aware of privacy laws, having a Privacy Policy displayed on your website that discloses how you gather and handle your visitors’ personal information is a great way to build trust and help your website users feel secure.

It’s a good practice to follow even if you’re not collecting any sort of personal information from your website’s visitors. This is because Privacy Policies are increasingly prevalent. If a visitor sees that you don’t have one published, she may be led to believe that you do, in fact, collect information from your visitors but aren’t disclosing it. It’s better to have one posted that states that you do not collect any information from your site’s visitors. This is especially true for blogs.

DuckDuckGo , for example, has a Privacy Policy posted on its website that simply states that it doesn’t collect any personal information from visitors.

A Privacy Policy should be organized in a way that helps the reader understand key categories of information. This is best done with well-structured and clearly written clauses, neatly identified with descriptive headlines.

The clauses you include in your Privacy Policy depend on a number of factors including the type of business you’re running and the applicable law. However, there are some clauses that just about every website that collects personal information from visitors includes in a Privacy Policy.

Let’s take a look at some examples of clauses that are useful to add in a Privacy Policy agreement:

Type of Information You Collect

Most Privacy Policies start out by disclosing the type of information the business collects from its visitors or customers. It lets the end user know which type of personal information they can expect to provide, whether required or optional.

Let’s take a look at MailChimp’s Privacy Policy agreement:

MailChimp has an incredibly detailed Your Information section which explains what information it collects from users. It’s been divided into several sections – Information you provide to us, Information we collect automatically, Information we collect from other sources, Information from the use of our mobile apps .

It identifies the personal information you provide when you sign up with them and/or purchase their services such as name, address, email address, IP address, and credit card information.

Some web applications, like GitHub , collect information from their site’s visitors in addition to their end users.

Here’s a look at how GitHub explains this in its Privacy Policy agreement:

GitHub explains that it collects personally-identifying information from website’s visitors and why it’s collected. The type of information collected from users who have accounts on GitHub is also disclosed.

How the Collected Information is Processed and Shared

You’re required to disclose how you process and share the personal information you collect from your site’s visitors. It should explain what you do with the information after you’ve collected it.

For example, in its Privacy Policy, LogMeIn explains the different ways it uses the personal information it collects:

LogMeIn also has a section in its Privacy Policy that explains how it shares visitors’ personal information with third parties:

Use of Cookies and Tracking

Websites that use cookies or other technologies to obtain personal information from their website’s visitors or customers include a cookies clause in their Privacy Policies. Generally, the cookies clause states that the website uses cookies , why it uses them, and how users can disable cookies on their devices.

Canva’s Privacy Policy has a section on Cookies information that explains cookies usage.

It says that Canva uses cookies to improve your experience with their website by helping you log in faster and making their on-site navigation better. Cookies are also placed in order to track how you use the website. Canva discloses that its business partners also receive this information. Finally, it’s noted that if you disable cookies, some features of Canva might not work properly.

Changes to the Privacy Policy

You will likely have to change the content of your Privacy Policy at some time. For this reason, most Privacy Policies have a clause that states how they will inform users about updates and revisions to the agreement.

Let’s take a look at LogMeIn’s Privacy Policy again:

This clause states that the Policy may be updated and discloses how notifications of material changes will be given. It also says that if you continue to use the services after the update then you automatically agree to the revised Privacy Policy.

Examples of Websites with Privacy Policies

Regardless of whether you’re running a website, web app, mobile app or desktop app, if you’re collecting personal information from your end users then you’re required to post a Privacy Policy.

Most websites provide a link to their Privacy Policy in their homepage footer, main navigation, or an appropriate sub-menu.

Let’s take a look at the Privacy Policy agreements of some popular websites.


Reddit links to its Privacy Policy from the fine print in the footer of the homepage:

The Privacy Policy itself follows the same format and theme as the rest of the website and includes anchor navigation links in the left sidebar.

It includes the following clauses:

  1. What We Collect
  2. How We Use Information About You
  3. How Information About You is Shared
  4. Ads and Analytics Partners
  5. Your Choices
  6. Other Information
  7. Contact Us


Canva’s Privacy Policy uses short summaries to the right of the clauses to help summarize information for readers. This helps make the Policy easier to understand and more user-friendly.

The New York Times

The New York Times has a link to the Privacy Policy in the website’s footer:

The Privacy Policy includes anchor navigation links, a search bar and a button to initiate chat. The benefit in this formatting is that it makes it easy for the site visitor to find information they need to fully understand their privacy rights.


If you’re collecting any sort of personal information from your website’s visitors, end users, subscribers, customers, or clients then you’re most likely required by law or by third party services to post a Privacy Policy on your website.

You need to be aware of:

  • The privacy laws and Privacy Policy requirements in the jurisdiction your business is based in and the jurisdiction(s) where your site visitors live.
  • The Terms of Service requirements of any third party services your website or app uses.

(General Data Protection Regulation) — общем регламенте по защите персональных данных, который вот-вот вступит в силу в ЕС и который придется соблюдать украинским предпринимателям, если они хотят вести бизнес с европейскими гражданами.

Юрист практики Juscutum Владислав Некрутенко в своей колонке рассказал о том, что на самом деле меняет GDPR, каким он должен быть и какую информацию должен раскрывать интернет-пользователям.

Наверное, каждый человек хоть раз давал согласие на обработку персональных данных при регистрации на веб-сайте. При этом указывается, что обработка будет осуществляться согласно «Политике Конфиденциальности» сайта. Что это значит?

За последние годы персональные данные стали эффективным экономическим активом. Их грамотное использование приносит компаниям коммерческое преимущество и прибыль.

С другой стороны, злоупотребление выгодой с персональных данных и незнание пользователей об этом приводят к государственным ограничениям в этой сфере. Поэтому законодательство развитых стран требует, чтобы компания:

  • в полной мере проинформировала пользователя о характере и деталях использования его данных;

  • после чего получила от него согласие на их сбор и обработку.

Нужна ли для этого политика конфиденциальности (Privacy Policy)? Определенно, так как это лучший способ информирования пользователей о сборе персональных данных на веб-сайте.

Privacy Policy - это внутренний документ, который устанавливает правила сбора и обработки персональных данных пользователей на определенном веб-ресурсе.

Пользователь должен ознакомиться с Privacy Policy во время первого визита на сайт либо при регистрации. Кроме того, этот документ размещается публично на сайте с постоянным доступом к нему. Прежде чем дать согласие на обработку данных, пользователь должен прочитать Privacy Policy (или хотя бы поставить галочку, что прочитал). На сегодня это одна из самых распространенных практик по информированию на веб-ресурсах.

Требования GDPR к информированию пользователя
Само требование оповестить пользователей веб-сайта об использовании их данных - не ново. Тем не менее, при его реализации возникают проблемы.

Можно часто встретить длинные версии Privacy Policy ресурсов, написанные на непонятном языке, которые описывают лишь отдельные аспекты обработки персональных данных. Такая политика не несет информационной функции для пользователей, а служит скорее формальным соблюдением законодательства. Соответственно, пользователь не в состоянии понять, на что он соглашается.

Из-за этого и других введений пользователя в заблуждение, Европейский союз принял новый акт по защите персональных данных — General Data Protection Regulation (GDPR). GDPR ставит требования по обработке персональных данных на территории Европейского союза. Кроме того, действие документа распространяется на компании вне ЕС, если те обрабатывают персональную информацию европейских граждан.

Основные нововведения - открытость и прозрачность сбора персональных данных, информированность субъекта, а также свобода согласия на их сбор и обработку. В связи с этим, GDPR ставит более высокие требования по объему и качеству информирования пользователей об обработке их данных.

The following Privacy Policy describes your privacy rights regarding our collection, use, storage, sharing, and protection of your information and personal data. It applies to the www.. (collectively “P2H” or “we”).

When you (“you” or the “Client”) use this Site and its services (the “Services”) and provide us with your information and personal data, you are agreeing to the rules and regulations under our Privacy Policy and are bound by it.

If you do not agree to our Privacy Policy please do not use the Site and its Services.

This Privacy Policy may be updated from time to time and will be published on this Site.

For the purpose of data protection legislation including General Data Protection Regulation 2016 (Regulation (EU) 2016/679) the data controller is:

P2H Inc., 7848 W Sahara Ave, Las Vegas, NV 89117

P2H respects you, your information and personal data.
We make sure we collect and store your information and personal data securely.
You’re in control of your personal data and you can manage your preferences in Client Area at any time.

Personal data we collect

When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or indirectly. We may collect, store and use any personal data you provide us directly by completing forms on the Site, making purchases through the Site, subscribing to the newsletter or by corresponding with us by email, phone or otherwise. This information may include your first and last name, postal address, profession/role, place of work, email address and phone number.

We also collect, store and use information about your computer and about your visits to and use of this Site (including your IP address, browser type and version, operating system, referral source, length of visit, geographical location, page views and website navigation paths).

We do not collect and store any sensitive information about you. We knowingly do not collect any information from children under 16 years old.

Purposes of personal data use

Personal data submitted to us through this Site and personal data we collected from you or third parties or from public sources will be used for the purposes specified in this Privacy Policy.

Depending on the relationships we may use your personal data for the following purposes:

Service provision The personal data you provide when placing an order through Order Now is used to complete your order.
Communications We may need to contact you by email for operational reasons, for example in order to notify you about the status of your order.

We may inform you about news and offers that you may like, for example, by sending you occasional P2H newsletters.

If you choose to receive email marketing from P2H, we can let you know when there are special offers, or to tell you about our news.

You can stop receiving marketing information from us at any time by pushing “Unsubscribe” link in the email or by emailing us to .

Finance and security The purposes for which we will use your information include accounting, billing and audit, payment card verification, fraud screening, safety, security and legal purposes, statistical and marketing analysis.

Your rights

In respect to your personal data you have the right to:

  • request access to the personal data that we hold about you or a copy of it;
  • correct (rectify) your personal data if it is inaccurate;
  • erase your personal data or cease processing it, subject to certain exceptions;
  • ask us to pass your information to other companies or organisations upon your written request (when technically feasible);
  • withdraw your consent to your personal data processing at any time by pushing button in Client Area or by email. Withdrawing your consent will not affect the lawfulness of any processing P2H conducted prior to your withdrawal.

If you wish to execute any of these rights, please send us a request through Client Area or to from your email registered at Client Area .

Retaining of your information and personal data

We use data hosting providers in the United States and Germany to store your information and personal data.

Your personal data will be retained for as long as needed for the purpose of use or until your consent is revoked.

Notwithstanding the provisions of this section, we will retain information and documents containing personal data to enforce our Terms & Conditions , protect our legal rights (including fraud prevention), as required by law and for the statistic and reporting purposes.

Sharing and transfer of your information and personal data

You agree that we have the right to share your information and personal data with:

  • our affiliates and subsidiaries; and
  • carefully selected third parties including business partners, suppliers, exclusive contractors and sub-contractors who perform functions on our behalf, subject to non-disclosure obligations;
  • our professional advisers (lawyers, accountants, financial advisers etc);
  • a purchaser or prospective purchaser of all or part of our assets or our business, and their professional advisers, in connection with the purchase;
  • court or other government body or as required by law, but only that portion of your information which is legally required to be disclosed.

Your information and personal data may be transferred outside United States to European Union and Ukraine where it will be processed by our exclusive contractors and sub-contractors on “need to know” basis only. By submitting your information and personal data, you agree to this transfer, storing or processing.

Whenever we transfer your information and personal data, we take steps to protect it in accordance with this Privacy Policy, including, utilizing the European Commission’s Standard Contractual Clauses for transfers of personal information.

We do not sell or trade any of your information and personal data.

Some aggregate and non-identifying information may be collected by advertisers, advertising networks, analytics and search engine providers. Their use of such information is not under our control.

Data security

We have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online to prevent unauthorized access, maintain data accuracy, and ensure the correct use of information.

This Site uses state-of-the-art digital encryption and security technologies to protect the privacy and security of our members information and has specific security measures in place. All data passing from your computer to this Site via HTTPS is authenticated and encrypted using 256-bit Secure Socket Layer (SSL) encryption. This is the most advanced level of encryption available today, and it means that any information sent from your computer is scrambled in such a way that makes it completely unintelligible if intercepted. When you are on a secure section within this Site, a padlock will appear at the bottom (or top) of your web browser"s screen. This is your assurance that the encryption is in place and that you are communicating across a secure link.


This Site uses cookies to distinguish you from other users of the Site. This helps us to provide you with a good experience when you browse the Site and also allows us to improve the Site. Please note that most browsers accept cookies by default.

Cookies are small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message.

We use cookies for a few general purposes like:

  • to allow this Site to function correctly.
  • to understand how our Site is functioning and to inform any improvements in performance and our Services.
  • to enhance your experience on our Site and provide extra functionality.

    For example you don’t need to enter your details each time you login into Client Area .

If you do not want to receive cookies or store them on your computer any more please change your browsing settings and/or delete all received cookies before. If you do this, however, you may have to manually adjust some preferences every time you visit a site and some services and functionalities may not work.


This Site may contain links to third-party sites, which are not owned and operated by P2H. Any information you provide to those sites will be governed by their own policies and principles. P2H assumes no responsibility or liability for information handling procedures and/or policies of such independent sites.

Contact information

Questions, comments and requests regarding this Privacy Policy should be addressed to .

