Where to place a privacy policy document on a website
Posted: Sun Feb 02, 2025 2:58 am
All that the law prescribes in this regard is that this document must be accessible to subjects of personal information at all times and without any restrictions. Everything else is left to the discretion of the site owner.
Most often, each page contains a link to the site's privacy policy, and the document itself is a separate page. It is best if the link is necessarily next to the forms offered for filling (where the bank email list client is asked to consent to the processing of personal data). Many people put this footnote in the footer or find a place for it in the top menu.
Be sure to make a button next to the forms to be filled in, "Consent to the processing of personal data." This is a legal requirement. There are exceptions to this rule, but they do not apply to working with websites. Moreover, the audit may require the site owner to provide evidence that such consent was actually received.
In most designers and popular CMS, this requirement is easy to fulfill. This feature was quickly introduced by developers. If, for example, we talk about the privacy policy for a WordPress site, the following new plugins have appeared:
"Privacy Policy for the Site. Consent under the Contact-Form 7 forms" is a free option.
Privacy Policy is a paid version. The support priority and number of sites may vary, so the price ranges from 700 to 2500 rubles.
Both plugins allow you to customize a page with the site's privacy policy in accordance with Federal Law 152.
The functionality in both cases is similar:
comments and forms generated via the Contact-Form 7 plugin are marked with check marks automatically;
Plugins allow you to completely create a policy page;
inform you which cookies were used;
there is a function for setting up a text message for a checkbox indicating consent to the processing of personal data;
You can program an automatic check mark for this flag, but this is not recommended. Let the user mark this check box himself;
You can set a ban on sending the form if this checkbox is not checked.
Recommended articles on this topic:
Website promotion on the Internet for beginners
External website optimization: stages, services, help
Tips for website promotion
There are also old plugins that allow you to create a page with the site's privacy policy in English and add checkboxes to options such as, for example, subscribing to a newsletter, accepting the user agreement, and others. But it is easier to work with the settings of new plugins, since they were already created taking into account the provisions of Federal Law 152.
Here are a few more important requirements that you should definitely consider:
No attempt should be made to obtain more information than is necessary for the purposes set out in the policy.
It is prohibited to use foreign server databases to store and process collected personal information.
The owner of the Internet resource is obliged to notify Roskomnadzor (by paper or electronic letter) that personal data will be collected. Article 22 of Federal Law 152 provides a list of information.
Other individuals or legal entities may, on your behalf, process the data you have collected, but only under a previously concluded agreement.
There are a number of legal, organizational and technical measures that the personal data operator must take to ensure their security and impossibility of leakage. This includes training the company's employees, drafting special local acts and other steps.
Most often, each page contains a link to the site's privacy policy, and the document itself is a separate page. It is best if the link is necessarily next to the forms offered for filling (where the bank email list client is asked to consent to the processing of personal data). Many people put this footnote in the footer or find a place for it in the top menu.
Be sure to make a button next to the forms to be filled in, "Consent to the processing of personal data." This is a legal requirement. There are exceptions to this rule, but they do not apply to working with websites. Moreover, the audit may require the site owner to provide evidence that such consent was actually received.
In most designers and popular CMS, this requirement is easy to fulfill. This feature was quickly introduced by developers. If, for example, we talk about the privacy policy for a WordPress site, the following new plugins have appeared:
"Privacy Policy for the Site. Consent under the Contact-Form 7 forms" is a free option.
Privacy Policy is a paid version. The support priority and number of sites may vary, so the price ranges from 700 to 2500 rubles.
Both plugins allow you to customize a page with the site's privacy policy in accordance with Federal Law 152.
The functionality in both cases is similar:
comments and forms generated via the Contact-Form 7 plugin are marked with check marks automatically;
Plugins allow you to completely create a policy page;
inform you which cookies were used;
there is a function for setting up a text message for a checkbox indicating consent to the processing of personal data;
You can program an automatic check mark for this flag, but this is not recommended. Let the user mark this check box himself;
You can set a ban on sending the form if this checkbox is not checked.
Recommended articles on this topic:
Website promotion on the Internet for beginners
External website optimization: stages, services, help
Tips for website promotion
There are also old plugins that allow you to create a page with the site's privacy policy in English and add checkboxes to options such as, for example, subscribing to a newsletter, accepting the user agreement, and others. But it is easier to work with the settings of new plugins, since they were already created taking into account the provisions of Federal Law 152.
Here are a few more important requirements that you should definitely consider:
No attempt should be made to obtain more information than is necessary for the purposes set out in the policy.
It is prohibited to use foreign server databases to store and process collected personal information.
The owner of the Internet resource is obliged to notify Roskomnadzor (by paper or electronic letter) that personal data will be collected. Article 22 of Federal Law 152 provides a list of information.
Other individuals or legal entities may, on your behalf, process the data you have collected, but only under a previously concluded agreement.
There are a number of legal, organizational and technical measures that the personal data operator must take to ensure their security and impossibility of leakage. This includes training the company's employees, drafting special local acts and other steps.