Intro to the Fyber Site

Welcome to Fyber Site! This is a marketing site aimed to provide information and content about Fyber and Fyber’s Service.

The Fyber Site is a marketing website aimed to provide information and content, created by Fyber, about Fyber and its Services. You can visit the Fyber Site without any registration.

When visiting the Site, Fyber will receive information that you voluntarily provide, such as when you fill out a “contact us” form request, when you apply to join one or more of the Fyber Services or when you subscribe to the Fyber newsletter and will collect ‘traffic/session’ information from your device.

Such information will include Personal Information such as your name, email address, telephone number or any other information you provide to Fyber. Please note that you are not required by law to provide us Personal Information. Fyber’s Site is not directed to children under 16 years of age and Fyber does not intentionally or knowingly collect Personal Information on such users.

1. The Personal Information that You Provide Voluntarily Through the Site

We receive Personal Information that you provide and submit through our Site.

When you contact Fyber, by filling a form on the Site, contacting Fyber’s customer support team for technical issues or contacting Fyber’s legal team with any questions or inquiries or when Fyber contacts you regarding any of the above, Fyber will process any Personal Information that you provide Fyber such as your name, your company’s name and email address.

If you submit Personal Information in a comment on a blog post or on any applicable social media websites, others can read, collect and use the Personal Information that you submit including to send you unsolicited messages and contact you for other purposes.

Fyber is not responsible for the Personal Information that you choose to submit in these blogs.

2. The Personal Information that Fyber collects Through the Site

Fyber automatically logs ‘traffic/session’ data and collect additional activity information.

When you access the Site, Fyber’s servers log ‘traffic/session’ information from your device, such as your user agent and the Internet Protocol (IP) address.

When you use the Site, Fyber will collect information about your activity, for example, your log-in and log-out time, the duration of sessions, web-pages that you have viewed or specific content on web-pages, activity measures and geo-location of your device.

3. The Site Includes Third Party’s Services

The Site includes Third-party services that are governed by their own privacy policies.

We incorporate to the Site third party’s services, such as Marketo (a marketing automation platform), which are governed by their respective privacy policy. For example, Marketo’s privacy policy can be found at: https://www.marketo.com/ . You can find a full overview of all Services used on the Site at: . You should read the privacy policy of these services to understand their practices.

Fyber Site includes links to third-party social media websites, such as Youtube ® Facebook ® , Twitter ® , LinkedIn ® , Google+ ® and Vimeo ® , and associated social media features and scripts, such as the Facebook® “like” button and widgets. These features and scripts collect details such as your IP address, which page you are visiting on the Site, and set a cookie to enable the feature to function properly. Please read the cookie section under this policy to learn more about cookies.

The third party social media website or our own Site host the Social media features and widgets. The social media websites have their own privacy policies. When you use their platforms, features, widgets and other services, you should read their privacy policies to understand their practices.

4. What does Fyber do with Personal Information it Receives Through the Site?

Fyber maintains the Site, improves and continues developing it, and protects the Site from misuse and law violations.

Fyber uses Personal Information that you provide through the Site for its business’ purposes, such as responding to your inquiries or support requests, for marketing, recruiting and hiring, and to contact you in the course of offering you with any of Fyber’s services and the Fyber newsletter.

Fyber uses the information, including Personal Information that Fyber and its service providers collect through the Site to understand users’ interests and behavior on a pseudonymous, no-name basis in order to be able to deliver content tailored to the users’ preferences.

As applicable laws require, Fyber will use Personal Information to enforce Fyber’s terms, policies and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Services, and to take any action in any legal dispute and proceeding.

сайтmits to process Personal Information solely for the purposes described in this policy.

5. Sharing Personal Information with Others

We use service providers, for example, to send email messages. We share Personal Information with our affiliated companies. We transfer information as needed if we change our corporate structure, and we may share the information with our affiliate entities.

Fyber shares Personal Information related to you with service providers and other third parties, if necessary to fulfill the purposes for collecting the Personal Information, on condition that any such third party will commit to protect your privacy as applicable laws and this policy require.

Share Personal Information with Fyber’s corporate affiliates in order to operate the Site.

Share Personal Information with law enforcement and/or government agencies, courts, and/or other organizations: (a) as the law requires, such as to comply with a subpoena, or similar legal process; and/or (b) when Fyber believes in good faith that disclosure/sharing is necessary to protect Fyber’s rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

Share or transfer Personal Information if Fyber is involved in a merger, acquisition, or sale of all or a portion of its assets, as part of such transaction. Fyber will provide a prominent notice on the Site of any change in ownership or uses of this information if applicable.

The entity which will assume the ownership of the Site will continue to protect Personal Information related to you under this Policy;

Share it in any other circumstances where Fyber receives your written consent;

6. Aggregated and Analytical Information

Fyber also collects non-identifiable information through Google Analytics. Analytics data include for example, the type of browser, browser language, type of operating system, domain name of Internet service provider, device IP address web pages visited, times and dates of visits and the content you access on and/or through the Site.

The privacy practices of these tools are subject to their own privacy policies. Fyber therefore encourages you to read Google’s policy regarding its analytics services at: http://www.google.com/analytics/learn/privacy.html .

Fyber uses anonymous, statistical or aggregated information and shares them with Fyber’s partners for legitimate business purposes. This has no effect on your privacy because there is no reasonable way to extract data from the aggregated information that can be associated with you.

7. Cookies

Yes. We use cookies. Read more about it.

Cookies are small packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie.

Fyber uses Session Cookies for legitimate purposes, such as facilitation of the use of the Site and its features and tools. Your device removes session cookies when you close your browser session.

We also allow third parties, such as Google analytics and social media websites to place cookies on your device. These are persistent cookies. A persistent cookie has an expiry date. It remains on your device until it is expired or removed.

If you wish to delete cookies or limit the kinds of cookies that can be placed on your device you need to check out the settings in your browser, use the ‘Help’ tab or look for settings like ‘Options’ or ‘Privacy.’ From there, you can delete cookies, block them or control when they can be placed.

8. User Choice

At any time, you may opt out from our mailing list and change your cookies preferences.

At any time, you can unsubscribe from Fyber’s newsletters list, by sending Fyber an opt-out request to: marketing fyber com or clicking the “unsubscribe” link available thereto.

You can manage your cookies preferences through the setting of your browser.

9. Your California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of Personal Information relating to third parties to which Fyber has disclosed Personal Information during the preceding year for the third parties’ direct marketing purposes.

To make such a request, please contact Fyber at: privacy fyber com

10. Accessing Personal Information Related to you

You can request access to Personal Information related to you.

GDPR fyber com and request to access the Personal Information that Fyber keeps on you. Fyber will need to ask you to provide credentials to make sure that you are who you claim to be. If you find that the details on your account are not accurate, complete or updated, then please provide Fyber the necessary information to correct it.

At any time, you can contact Fyber at: GDPR fyber com to receive a copy of the Personal Information that Fyber keeps about you, and to verify the accuracy of the data.

If you’d like Fyber to delete data that you provided through the Site, please contact Fyber at Marketing fyber com and Fyber will respond in a reasonable time.

Fyber retains and uses Personal Information related to you as necessary to comply with its legal obligations, resolve disputes and enforce Fyber’s agreements.

In addition, after Fyber deletes Personal Information related to you, residual copies will take a period of time before they are deleted from Fyber’s active servers and remain in its backup systems.

This deletion will not change or delete Personal Information which Fyber has already shared with third parties, as this Policy permits in this Policy or any other agreement between you and Fyber.

11. Your EU Data Subject Rights

In operating the Site, Fyber processes Personal Information as a data controller (as this term is defined in the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)). As a data controller, Fyber is committed to fulfill data subjects’ (i.e. users) GDPR rights. This section applies to GDPR-covered processing of Personal Information.

We base our processing of Personal Information as a data controller on the following lawful grounds:

• • All processing of Personal Information related to you which are not based on the lawful grounds indicated below, are based on your consent.
  • We process your account and payment details to perform the contract with you.
  • We will process Personal Information related to you to comply with a legal obligation and to protect your and others’ vital interests.
  • We will rely on our legitimate interests, which we believe are not overridden by your fundamental rights and freedoms, for the following purposes:
  • Communications with you, including direct marketing where you are our client or a user of our client, or where you make contact with us through our Site and other digital assets;
    • Cyber security;
    • Support, customer relations, service operations;
    • Enhancements and improvements to yours and other users’ experience with our services
    • Fraud detection and misuse of the Service.

• Access the data that Fyber keeps about you. Fyber will need to ask you to provide us credentials to make sure that you are who you claim you are. If you find that the data is not accurate, complete or updated, then you can provide us with the necessary information to rectify it.
• CONTACT US IF YOU WANT TO WITHDRAW YOUR CONSENT TO THE PROCESSING OF PERSONAL INFORMATION RELATED TO YOU. EXERCISING THIS RIGHT WILL NOT AFFECT THE LAWFULNESS OF PROCESSING BASED ON CONSENT BEFORE ITS WITHDRAWAL.
• Request to delete or restrict access to Personal Information related to you. Fyber will postpone or deny your request if Personal Information related to you is in current use for providing the Services or due to other legitimate purposes, such as compliance with regulatory requirements associated with Fyber.

If you exercise one (or more) of the above-mentioned rights, in accordance with the provisions of applicable law, you can request to be informed that third parties that hold Personal Information related to you, in accordance with this Policy, will act accordingly.

• You can ask to transfer Personal Information related to you in accordance with your right to data portability.
• You can object to the processing of Personal Information related to you for direct marketing purposes.
• You have the right not to be subject to a decision based solely on automated processing , including profiling, which produces legal effects concerning you or similarly significantly affecting you.
• You have a right to lodge a complaint with a data protection supervisory authority of your habitual residence, place of work or of an alleged infringement of the GDPR.

A summary and further details about your rights under EU data protection laws, is available on the EU Commission’s website at: https://ec.europa.eu/info/law/law-topic/data-protection/reform/rights-citizens_en .

Fyber does periodical assessments of its data processing and privacy practices, to make sure that сайтplies with this policy, to update the policy when needed, and to verify that the policy is displayed properly and accessible.

If you have any concerns about the way Fyber processes Personal Information related to you, you are welcome to contact Fyber’s data protection officer at: GDPR fyber com , or write to Fyber to: Fyber GmbH, Wallstraße 9-13, 10179 Berlin, Germany.

Fyber will look into your enquiry and make good-faith efforts to resolve any existing or potential dispute with you. If you remain unhappy with the response you received, you can also refer the matter to the data protection authorities in Germany .

12. Data Retention

Fyber stores and retains Personal Information related to you for as long as you use the Site and/or remain subscribed to the Fyber newsletter or blog. Notwithstanding the foregoing, Fyber stores and retains Personal Information related to you for a reasonable time of up to 90 days after you stopped using the Site and/or unsubscribed to the Fyber newsletter or blog for internal reporting and analytics and improving the Site and/or any product or services provided thereto.

Fyber retains the information collected through the Site for so long as you use the relevant Fyber service or until you choose to unsubscribe from the Fyber mailing list (we include a link to cancel your subscription in every email that we send you), or until Fyber deletes Personal Information related to you following your request.

Fyber retains various types of Personal Information for longer periods pursuant to legal requirements under the applicable law.

Fyber will make efforts to guarantee that Personal Information is kept for no longer than is necessary for the purposes for which the Personal Information is processed.

In any case, as long as Fyber uses Personal Information related to you to provide the Services, Fyber will retain the Personal Information about you, unless a law requires Fyber to delete it, or if Fyber accepts your request to delete the Personal Information, pursuant to applicable laws, or if Fyber decides to remove it at its discretion.

13. Transfer of Data Outside your Territory

Fyber stores and processes Personal Information in various sites throughout the globe, including in sites operated and maintained by cloud based service providers. Fyber lists its sub-processors .

If you are a resident in a jurisdiction where transfer of Personal Information related to you to another jurisdiction requires your consent, then you hereby provide Fyber your express and unambiguous consent to such transfer or by using the Site you hereby provide your express consent to such transfer (as applicable).

If you are a resident of the European Economic Area (EEA), Amazon Web Services (AWS) Cloud processes and stores Personal Information related to you in the US on Fyber’s behalf in accordance with the highest degree of security of AWS.

To the extent necessary under EU privacy laws and regulations, Fyber will implement data onward transfer instruments, such as the Controller to Processor EU-US Standard Contractual Clauses, the Privacy Shield Framework and a statement of compliance with the Privacy Shield Principles.

14. Information Security

Fyber is concerned about safeguarding the confidentiality of Personal Information related to you. Fyber and its hosting services implement systems, applications and procedures to secure Personal Information related to you, to minimize the risks of theft, damage, loss of Personal Information, or unauthorized access or use of Personal Information.

For example, Fyber limits access to Personal Information to authorized personnel who need to know that information in order to operate, develop or improve the Site.

These measures provide sound industry standard security. However, although Fyber makes efforts to protect your privacy, Fyber cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

15. Changes to this Privacy Policy

From time to time, Fyber will update this policy. If the updates have minor if any consequences, they will take effect 7 days after Fyber posts a notice on the Site. Substantial changes will be effective 30 days after Fyber has initially posted the notice.

Until the new policy takes effect, you can choose not to accept it and terminate your use of the Site. Continuing to use the Site after the new policy takes effect means that you agree to the new policy.

16. Contact Fyber

Please contact Fyber’s Data Protection Officer at: GDPR fyber com for further information.

Last Updated: June 11, 2018

II. The Fyber Services Privacy Policy

Fyber develops and operates several services in the ad-tech environment, such as a digital automated (“Programmatic”) ad exchange, mediation platform, Programmatic mediation platform, incentivized offer walls, direct sales service and other online advertising-related services, all of which include advertising management services, such as optimization, ad serving, campaign management and the compilation of relevant statistical data (collectively, the “Services ”).

This Policy explains Fyber’s privacy practices for processing Personal Information through the Services and it applies whenever you access or use a Property of a Supply Partner that is connected to and/or uses the Services.

The Services are not directed to children under 16 years of age and Fyber does not intentionally or knowingly collect Personal Information on such users.

1. The Services

We provide automated web-based advertising services.

Fyber provides advertisers, advertising agencies, Demand-Side Platforms and advertising networks (collectively, “Demand Partners ”) and website and/or mobile application/website developers and/or owners publishers (collectively, “Supply Partners ”); Supply Partners and Demand Partners are also referred to as “Customers ”) with the following Services:

• Ad Exchange service , that enables Supply Partners to make their ad inventory available for purchase by Demand Partners for their ad campaigns through a Programmatic auction and for the winning ad of such auction to be served on Supply Partner;
• Mediation service , that enables Supply Partners to optimize placement of ads by third-party Demand Partners on their website, mobile application or mobile website (collectively, “Property ”) and for Demand Partners to buy ad inventory and serve ads directly on such property;
• Programmatic Mediation service , that enables Supply Partners and Demand Partners to use Programmatic auction for the sale and purchase of advertising space inventory on the Property;
• Offer Wall service , that enables Supply Partners and Demand Partners to use an opt-in scrollable offers which includes individual Ads to integrate into Property.
• Direct Sales service , that enables Supply Partners and Demand Partners to run ad campaigns on Properties.
• From time to time, Fyber will offer ancillary services to the services described above and additional services.
• Fyber has no direct engagement or interaction with the individuals that visit Customers’ services (users), except for the Fyber Offer Wall service where Fyber provides technical support to users of the Offer Wall on behalf of Supply Partner. When you contact Fyber’s customer support team for technical issues related to the Offer Wall, Fyber will process any Personal Information that you provide within the support request form, such as your name and email address to respond to your support request.
• Fyber requires Customers to provide a privacy policy of their own, as required by the applicable legislation and, if required by applicable legislation, to also provide an adequate notice to Users about this Policy.

2. The Personal Information that Fyber Collects and Receives

We collect Personal Information from devices, Properties and partners.

Fyber collects Personal Information in order to provide the Services and for other specific purposes, as described in this Privacy Policy. Please note that you are not required by law to provide Fyber with any Personal Information.

Fyber only collects Personal Information that the Supply Partner had instructed Fyber to collect, in writing, prior to such collection, and subject to your permissions inside the Property and/or your mobile device.

As an example, if you use a Property with a Fyber’s Software Development Kit (“SDK ”) embedded in it, the SDK will only collect information that Supply Partner enabled Fyber to collect for the provision of the Services and in any case, the SDK will not collect your location data unless you affirmatively allowed/enabled the Property to collect it. Fyber also receives Personal Information through an application programming interface (“API “) integration between Fyber’s server and trusted third-party’s servers, and additional Personal Information by embedding tags on websites that you visit.

From time to time, Fyber may use additional or alternative tools to collect information. If Fyber’s use of a new tool impacts Fyber’s privacy practices, it will amend this Privacy Policy accordingly.

When interacting with the Property, Fyber may collect/receive the following information, which includes Personal Information:

• Information about your device , such as device type and model, network provider, browser type, language.
• Information about the Property , such as package name, key words, version.
• Information about your operation system , such as Android, iOS.
• Information about your mobile advertising identifiers , such as your Advertising ID (Apple IDFA or Google AAID).
• Information that your device provides , such as device IP address, network connection type and device GPS location (only if you provide permission).
• Information Fyber receives from Supply Partners , such as your age, gender, zip code, GPS location.
• Information Fyber receives from Third Parties about you from sources other than the Property, such as non-precise device location based on IP address, device specifications and User’s interests.

3. What does Fyber do with Personal Information?

We provide, maintain and improve our services and for other lawful purposes.

Fyber uses the Personal Information that it collects and receives –

• • to provide the Services;
  • to enable and optimize the Services’ tools and features;
  • to study and analyze the functionality of the Services, Customers’ and Users’ activities;
  • to provide support;
  • to measure the Services’ activity for pricing purposes;
  • to maintain the Services;
  • to improve the Services and to continue developing the Services.

Fyber uses the Personal Information to evaluate Users’ interests and behavior on a pseudonymous, no-name basis in order to be able to deliver tailored content If necessary.

Fyber uses Personal Information to enforce its terms, policies and legal agreements, to comply with court orders and warrants, and assist law enforcement agencies, to collect debts, prevent fraud, misappropriation, infringements, identity thefts and any other misuse of the Services, and to take any action in any legal dispute and proceeding.

сайтmits to process Personal Information solely for the purposes that this policy describes. To the extent relevant and within Fyber’s technological and operational ability, Fyber will make efforts to maintain accurate information that is complete and up-to-date.

4. Sharing Personal Information with others

We share Personal Information with Demand and Supply Partners, with data enrichment sources, with our affiliates, with law enforcement and on a merger or an acquisition.

Fyber shares Personal Information for the following purposes:

Share it with its Trusted Demand Partners :

• For the purpose of serving you with contextual ads, based on the content that you view or use on the Property, or targeted ads which are based on your preferences and online behavior, and that we believe can interest you.
• For ad reporting purposes and for Demand Partners to have information about the performance of their ad campaigns and improve their ads performance over time.

Share it with Supply Partners:

• To help them understand how Users are engaging with ads, the kind of Users are most engaging with types of ads on their Property, and what kind of ads are published on their Property;

Share it with Third Parties :

• To receive additional data on you from sources other than the Property in order to help analyze and enrich the Personal Information that we collect about you, and serve you with more relevant ads on the Property and on additional online properties.
• To receive Third Party’s services, such as fraud protection, bot detection, rating, analytics, viewability, geo location services, ad security and verification services.

Share it with Fyber’s corporate affiliates in order to provide the Services.

Share it with law enforcement and/or government agencies, courts, and/or other organizations : (a) as required by law, such as to comply with a subpoena, or similar legal process; and/or (b) when Fyber believes in good faith that disclosure/sharing is necessary to protect its rights, protect your safety or the safety of others, investigate fraud, or respond to a government request;

Share or transfer it if Fyber is involved in a merger, acquisition, or sale of all or a portion of its assets, as part of such transaction. Fyber will provide a prominent notice on the Site of any change in ownership or uses of this Personal Information if applicable. In any event, the entity which will assume the ownership of the Site will continue to protect Personal Information related to you under this Policy;

Share it in any other circumstances where Fyber receives your written consent ;

5. Aggregated and Analytical Information

Aggregated data is not identifiable. We use it for legitimate business purposes and may use standard analytical tools.

Fyber uses standard analytics tools. The privacy practices of these tools are subject to their own privacy policies, and they use their own cookies to provide their service (for further information about cookies, please see the ‘Cookies’ section in this policy).

Fyber uses the standard analytics tools of Google Analytics and Fyber will use additional or other analytics tools, from time to time. The privacy practices of these tools are subject to their own privacy policies. See Google Analytics Privacy Policy at: http://www.google.com/analytics/learn/privacy.html .

Fyber uses anonymous, statistical or aggregated information and shares it with its partners for legitimate business purposes. It has no effect on your privacy, because there is no reasonable way to extract data from the aggregated information that can be associated with you.

• Fyber will share Personal Information related to you only subject to the terms of this policy, or subject to your prior consent.

6. Cookies

Yes. We use cookies.

Cookies are packets of information sent to your web browser and then sent back by the browser each time it accesses the server that sent the cookie.

Fyber uses session cookies for legitimate purposes, such as facilitation of the use of the Property you use and its features and tools. Fyber’s cookies do not collect any Personal Information about you. Your device removes session cookies when you close your browser session.

When you visit a website, the cookie can recognize your device based on internal identifier of Fyber’s systems and in the future, if you return to that website, it can read that cookie to remember you from your last visit. By keeping track of you over time, cookies will be used by Fyber and its Demand Partners Advertisers to deliver ads targeted to you and track your engagement with these ads.

If you wish to delete cookies or limit the kinds of cookies that can be placed on your device you need to check out the settings in your browser, use the ‘Help’ tab or look for settings like ‘Options’ or ‘Privacy.’ From there, you can delete cookies, block them or control when they can be placed.

7. User Choice

You can disable your account, opt-out from location-based advertising, limit the use of tracking data for ad targeting, opt-out of our Demand Partners and delete cookies.

If you have an account in the Services, at any time, you can disable your account through your account page. Thereafter, Fyber will stop collecting any Personal Information from you.

However, Fyber stores and continue using or making available Personal Information that relates to you. For further information, please read the Data Retention section in this policy.

If you wish to opt-out from collection and use of precise location data for advertising, you can turn location services off through your device settings. The latest versions of iOS and Android allow you to limit which particular applications can access your location information.

You also can limit the use of identifiers for ad targeting on your devices. If you turn on this setting, apps are not permitted to use the advertising identifier to serve consumers targeted ads.

As an example, for iOS, the controls are available through Settings > Privacy > Advertising > Limit Ad Tracking. For Android, Google Settings > Ads > Opt Out of Interest-Based Ads.

Although this tool will limit the use of tracking data for targeting ads, companies will still be able to monitor your app usage for other purposes, such as research, measurement, and fraud prevention.

You can reset the identifiers on your mobile device in the device settings. iOS users can do this by following Settings > Privacy > Advertising > Reset Advertising Identifier. For Android, the path is Google settings > Ads > Reset advertising ID.

Following such restart, the device is harder to associate with past activity, but tracking can start anew using the new advertising identifier.

If you’d like to opt-out from Demand Partners’ use of Personal Information about you to serve targeted advertising to your mobile application, you can download the Digital Advertising Alliance’s mobile application for each of your devices and set your preferences in the mobile application.

If you reset the mobile advertising identifiers, you will also need to reset your preferences in the AppChoices applications.

If you delete all cookies, you’ll also delete the cookies that indicate your preference to opt out of targeted ads. Please note that even if you opt out of targeted advertising, a company will still use cookies for other purposes, such as to limit the number of times you’re shown a particular ad.

Web browsers offer a “Do Not Track” (“DNT”) signal. A DNT signal is a HTTP header field indicating your preference for tracking your activities on the Services or through cross-site user tracking. The Services do not respond to DNT signals.

8. Your California Privacy Rights

If you are a California resident, California Civil Code Section 1798.83 permits you to request in writing a list of the categories of Personal Information relating third parties to which Fyber has disclosed Personal Information during the preceding year for the third parties’ direct marketing purposes.

To make such a request, please contact us at: privacy fyber com .

9. Accessing Personal Information Related to you

You can request access to Personal Information related to you .

At any time, you can contact us at: GDPR fyber com and request to access the Personal Information that Fyber keeps about you. Fyber will need to ask you to provide it with credentials to make sure that you are who you claim you are.

If you find that the details on your account are not accurate, complete or updated, then please provide us the necessary information to correct it.

At any time, you can contact Fyber at: GDPR fyber com and request to access the Personal Information that Fyber keeps about you, and to verify the accuracy of the data.

If you’d like us to delete data that you have provided through the Property, please contact Fyber at: GDPR fyber com and Fyber will respond within a reasonable time after receiving your email.

Fyber will retain and use Personal Information related to you as necessary to comply with its legal obligations, resolve disputes and enforce Fyber’s agreements.

In addition, after Fyber deletes Personal Information related to you, residual copies will take a period of time before they are deleted from Fyber’s active servers and will remain in Fyber’s backup systems.

This deletion will not change or delete Personal Information which Fyber has already shared with third parties, as permitted in this Privacy Policy or any other agreement between you and Fyber.

Fyber will make efforts to redact from the data which it will make available to you, any Personal Information related to others.

10. Your EU Data Subject Rights

Fyber is committed to fulfill data subjects’ rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).

сайтmits to assist its controllers as to data subjects’ rights under the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).

Under the GDPR, Fyber processes personal data as part of its Services as a data processor and the Supply partners are the data controllers. As a data processor, Fyber is committed to assist its data controllers to fulfill data subjects’ GDPR rights.

Therefore, if you wish to exercise your rights under the GDPR or have any questions in this matter, please contact the relevant Fyber’s controller directly.

11. Data Retention

We retain Personal Information as needed for legitimate and lawful purposes.

As a general practice, Fyber stores Personal Information related to you for as long as you use the Property and for a 30 days thereafter., Fyber uses Personal Information related to you in these cases for internal reporting, analysis and to provide the Services. Fyber saves and uses Personal Information related to you, for longer period of up to 90 days after you discontinue using the Property, and if Fyber needs Personal Information related to you for invoicing, reporting and discrepancy investigation reasons.

Fyber also uses and store Personal Information related to you to prevent fraud. Where Fyber suspects that the Property that you have used becomes vulnerable to fraudulent activities, Fyber will store and use Personal Information related to you, if needed, up to a year after you discontinue using the Property for fraud detection purpose.

Fyber is required to retain information, including Personal Information, by law. Aggregated data will be retained by Fyber for longer periods and through a third-party analytics platform.

Fyber will process Personal Information for no longer than necessary for the purposes for which the Personal Information was provided.

In any case, as long as Fyber uses Personal Information related to you to provide the Service, Fyber will keep the Personal Information about you, unless laws require Fyber to delete it, or if Fyber accepts your request to delete the Personal Information, pursuant to applicable laws, or if Fyber decides to remove it at its discretion.

As a Customer, as long as you use the Services, Fyber will keep Personal Information about you, unless the law requires to delete it, or if Fyber decides to remove it at its discretion.

12. Transfer of Data Outside your Territory

We store and process Personal Information in the US, in sites operated and maintained by cloud-based service providers.

Fyber stores and processes Personal Information in various sites throughout the globe, including in sites operated and maintained by cloud-based service providers.

If you are a resident in a jurisdiction where transfer of Personal Information related to you to another jurisdiction requires your consent, then you provide Fyber your express and unambiguous consent to such transfer.

If you are a resident of the European Economic Area (EEA), Fyber keeps your Personal Data on Amazon Web Services (AWS) Cloud in the US on Fyber’s behalf in accordance with the highest degree of security of AWS.

To the extent necessary under EU privacy laws and regulations, Fyber will implement data onward transfer instruments, such as the Controller to Processor SCCs, the EU-U.S. and Swiss-U.S. Privacy Shield Framework and a statement of compliance with the Privacy Shield Principles.

Fyber implements other or additional onward transfer mechanisms, as available from time to time.

13. Information Security

Fyber implements systems, applications and procedures to secure Personal Information, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.

сайтmits to safeguarding the confidentiality of Personal Information related to you. Fyber and its hosting services implement systems, applications and procedures to secure Personal Information related to you, to minimize the risks of theft, damage, loss of information, or unauthorized access or use of information.

As an example, Fyber limits access to Personal Information to authorized personnel on a need to know basis in order to operate, develop or improve the Services.

While all measures provided reflect the current industry standard of security, Fyber cannot guarantee that the Services will be immune from any wrongdoings, malfunctions, unlawful interceptions or access, or other kinds of abuse and misuse.

14. Changes to this Privacy Policy

Fyber will update its Policy from time to time after giving proper notice.

From time to time, Fyber will update this Policy. If the updates have minor if any consequences, they will take effect 7 days after Fyber posts a notice on the Services’ website. Substantial changes will be effective 30 days after Fyber’s notice was initially posted.

Until the new policy takes effect, you can choose not to accept it and terminate your use of the Services. Continuing using the Services after the new policy takes effect means that you agree to the new policy.

Note that if Fyber needs to adapt the policy to legal requirements, the new policy will become effective immediately or as required.

15. Contact Us

Please contact Fyber’s Data Protection Officer at: GDPR fyber com for further information.

Last updated: June 24, 2019

There are many different ways you can use our services – to search for and share information, to communicate with other people or to create new content. When you share information with us, for example by creating a Google Account , we can make those services even better – to show you more relevant search results and ads, to help you connect with people or to make sharing with others quicker and easier . As you use our services, we want you to be clear how we’re using information and the ways in which you can protect your privacy.

Our Privacy Policy explains:

• What information we collect and why we collect it.
• How we use that information.
• The choices we offer, including how to access and update information.

We’ve tried to keep it as simple as possible, but if you’re not familiar with terms like cookies, IP addresses, pixel tags and browsers, then read about these key terms first. Your privacy matters to Google so whether you are new to Google or a long-time user, please do take the time to get to know our practices – and if you have any questions .

Information we collect

We collect information to provide better services to all of our users – from figuring out basic stuff like which language you speak, to more complex things like which ads you’ll find most useful , the people who matter most to you online , or which YouTube videos you might like.

We collect information in the following ways:

Information you give us. For example, many of our services require you to sign up for a Google Account. When you do, we’ll ask for personal information , like your name, email address, telephone number or credit card to store with your account. If you want to take full advantage of the sharing features we offer, we might also ask you to create a publicly visible , which may include your name and photo.

Information we get from your use of our services. We collect information about the services that you use and how you use them, like when you watch a video on YouTube, visit a website that uses our advertising services, or view and interact with our ads and content. This information includes:

• Unique application numbers

  Certain services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Google when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.

  Local storage

  We may collect and store information (including personal information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches .

Information we collect when you are signed in to Google, in addition to information we obtain about you from partners, may be associated with your Google Account. When information is associated with your Google Account, we treat it as personal information. For more information about how you can access, manage or delete information that is associated with your Google Account, visit the section of this policy.

How we use information we collect

We use the information we collect from all of our services to provide , maintain , protect and improve them, to develop new ones , and to protect Google and our users . We also use this information to offer you tailored content – like giving you more relevant search results and ads.

We may use the name you provide for your Google Profile across all of the services we offer that require a Google Account. In addition, we may replace past names associated with your Google Account so that you are represented consistently across all our services. If other users already have your email, or other information that identifies you, we may show them your publicly visible Google Profile information, such as your name and photo.

If you have a Google Account, we may display your Profile name, Profile photo, and actions you take on Google or on third-party applications connected to your Google Account (such as +1’s, reviews you write and comments you post) in our services, including displaying in ads and other commercial contexts. We will respect the choices you make to limit sharing or visibility settings in your Google Account.

When you contact Google, we keep a record of your communication to help solve any issues you might be facing. We may use your email address to inform you about our services, such as letting you know about upcoming changes or improvements.

We use information collected from cookies and other technologies, like pixel tags , to improve your user experience and the overall quality of our services. One of the products we use to do this on our own services is Google Analytics. For example, by saving your language preferences, we’ll be able to have our services appear in the language you prefer. When showing you tailored ads, we will not associate an identifier from cookies or similar technologies with sensitive categories , such as those based on race, religion, sexual orientation or health.

Our automated systems analyze your content (including emails) to provide you personally relevant product features, such as customized search results, tailored advertising, and spam and malware detection.

Accessing and updating your personal information

Whenever you use our services, we aim to provide you with access to your personal information . If that information is wrong, we strive to give you ways to update it quickly or to delete it – unless we have to keep that information for legitimate business or legal purposes. When updating your personal information, we may ask you to verify your identity before we can act on your request.

We may reject requests that are unreasonably repetitive, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), risk the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup systems).

Where we can provide information access and correction, we will do so for free, except where it would require a disproportionate effort. We aim to maintain our services in a manner that protects information from accidental or malicious destruction. Because of this, after you delete information from our services, we may not immediately delete residual copies from our active servers and may not remove information from our backup systems.

Information we share

We do not share personal information with companies, organizations and individuals outside of Google unless one of the following circumstances applies:

With your consent

We will share personal information with companies, organizations or individuals outside of Google when we have your consent to do so. We require opt-in consent for the sharing of any sensitive personal information .

• With domain administrators

  Other useful privacy and security related materials

  Further useful privacy and security related materials can be found through Google’s policies and principles pages , including:

  • Information about our technologies and principles , which includes, among other things, more information on
    • technologies we use for advertising .
  • A page that explains what data is shared with Google when you visit websites that use our advertising, analytics and social products.
  • The tool, which makes it easy to review your key privacy settings.
  • Google’s , which provides information on how to stay safe and secure online.

  Example

  "access to your personal information"

  For example, with Google Dashboard you can quickly and easily see some of the data associated with your Google Account.

  Example

  "ads you’ll find most useful"

  For example, if you frequently visit websites and blogs about gardening, you may see ads related to gardening as you browse the web.

  Example

  "advertising services"

  For example, if you frequently visit websites and blogs about gardening that show our ads, you may start to see ads related to this interest as you browse the web.

  Example

  "and other sensors"

  Your device may have sensors that provide information to assist in a better understanding of your location. For example, an accelerometer can be used to determine things like speed, or a gyroscope to figure out direction of travel.

  Example

  "collect information"

  This includes information like your usage data and preferences, Gmail messages, G+ profile, photos, videos, browsing history, map searches, docs, or other Google-hosted content.

  Example

  "combine personal information from one service with information, including personal information, from other Google services"

  For example, when you’re signed in to your Google Account and search on Google, you can see search results from the public web, along with pages, photos, and Google+ posts from your friends and people who know you or follow you on Google+ may see your posts and profile in their results.

  Example

  "connect with people"

  For example, you could get suggestions of people you might know or want to connect with on Google+, based on the connections you have with people on other Google products, like Gmail and people who have a connection with you may see your profile as a suggestion.

  Example

  "credit card"

  Whilst we currently don’t ask for a credit card during sign up, verifying your age through a small credit card transaction is one way to confirm that you meet our age requirements in case your account was disabled after you have entered a birthday indicating you are not old enough to have a Google Account.

  Example

  "We may share aggregated, non-personally identifiable information publicly"

  When lots of people start searching for something, it can provide very useful information about particular trends at that time.

  Example

  "Wi-Fi access points and cell towers"

  For example, Google can approximate your device’s location based on the known location of nearby cell towers.

  Example

  "more relevant search results"

  For example, we can make search more relevant and interesting for you by including photos, posts, and more from you and your friends.

The privacy policy is one of the most essential legal requirements for websites.

Even if you just have a small business or a blog with no income at all, you might be surprised to discover that you still need a privacy policy.

Basically, if your website collects personal data, you need a privacy policy that informs your users about this according to privacy laws in most jurisdictions, including the EU and the US.

Almost all modern websites function with the use of cookies, so chances are high that your website is collecting personal data, for example for statistical, functional or marketing purposes.

In this blogpost, we take a look at what constitutes a good privacy policy, how to make a compliant GDPR privacy policy and whether using a privacy policy generator is a good idea.

Learn what the privacy policy is and how to get one for your website below.

What is a privacy policy?

A privacy policy is a document that states what personal data you collect from your users, why, and how you keep it private.

The purpose of the privacy policy is to inform your users about how their data is being handled.

Hence, the privacy policy should be accessible for your users and kept in a plain and readable language.

If your website is hosted, or if you use plugins, social media-buttons, analytics tools and the like on your website, then it does set cookies and collect user data.

GDPR privacy policy

The free audit scans five pages of your website and sends you a report of the cookies and online tracking on these pages, including information on their provenance, purpose and whether or not they are compliant.

If you want a complete overview of the cookies and online tracking going on on all of your website, sign up to the Cookiebot solution.

How can I get a privacy policy on my website? A GDPR compliant privacy policy

The privacy policy can be written as an independent page on your website, and be made accessible as a link in the header or footer of your website, or on your ‘About’ page.

It may also be hosted by a privacy policy-service with a link from your homepage.

Basically, it doesn’t matter where you choose to place it, as long as your users have access to it.

The privacy policy is a legal text. The phrasing depends on which jurisdictions your website falls under and how your website handles data.

All websites are different. We always recommend that you consult a lawyer to ensure that your privacy policy is compliant with all applicable laws.

However, this might seem as a large expense if you are, for instance, a hobby blogger or small business.

That is also why using a privacy policy generator can be a hazardous thing, since you must be very careful to include all the specific information of your website, and not just have privacy policy generator spit out a default one that isn"t aligned with your domain

GDPR privacy policy templates & privacy policy generators

There exists numerous tools for creating privacy policies, and privacy policy templates and privacy policy generators on the internet.

Some are free and others come at a price. Some are not GDPR compliant privacy policies.

Please accept marketing cookies to view this video

GDPR privacy policy example: TermsFeed is one provider of online privacy policies. In this video, they explain why you need a privacy policy in a simple and comprehensible manner in 1:40 minutes.

However, if you use a generator, be sure to consider carefully all of the information to include in your policy and edit the privacy policy template accordingly.

Having an incorrect privacy policy is as bad, if not worse, as not having one at all.

Also, be sure to do your research on all applicable laws and requirements.

Be aware that some geographically defined laws can, in practice, be global.

However, if you use a generator, be sure to check that it complies with the EU General Data Protection Regulation and the ePrivacy Directive. These laws are applicable not only to websites operated from the EU, but also all websites in the world, that have visitors from the EU.

Где он выступал с докладом. В его выступлении особое внимание уделялось важной для нас теме трактовки gambling для social casino. В ходе разговора, в котором участвовали и другие коллеги, выяснилось, что юридическим моментам в своей работе инди-девелоперы уделяют очень мало внимания, создавая необходимые документы по остаточному принципу. Мы решили восполнить этот пробел и провести вместе с практикующим юристом небольшой “ликбез”.

Privacy Policy определяют политику разработчика в отношении персональных (личных) и других данных пользователей приложения, которые разработчик получает в процессе использования приложения. Основная задача этого документа – проинформировать пользователя, как минимум, о том, какая информация о нем собирается при использовании приложения, как эта информация используется и в каких случаях она может быть раскрыта третьим лицам, в том числе, государственным органам. Персональным данным во всем мире придается все больше и больше значения, поэтому разработчику особенно важно получить подтверждение того, что пользователь ознакомился с данным документом (впрочем, других документов это тоже касается).

Правовое регулирование оборота персональных данных различается от юрисдикции к юрисдикции. Более того, до сих пор остается много вопросов относительно того, в каком объеме и каким образом законодательство о защите персональных данных применяется к отношениям в сети Интернет (в том числе, и в связи с приложениями), где сложно или практически невозможно достоверно определить пользователя, который должен давать верифицируемое согласие на обработку персональных данных в ряде случаев. Тем не менее, общий принцип один: пользователь должен понимать, каким образом информация, которую он вольно или невольно передает разработчику, может быть использована, и выразить свое согласие с этим, либо, как правило, отказаться от сервиса (приложения) в принципе, а разработчик должен максимально убедительно суметь доказать, что такое понимание у пользователя есть.

При разработке Privacy Policy российским компаниям следует помнить, что наименьшие риски связаны со случаями, когда персональные данные используются только для взаимодействия конкретно разработчика и пользователя в рамках одного приложения – это, во многих случаях, может подпадать под категорию обработки персональных данных для исполнения договора, стороной которого является субъект персональных данных, о которой говорится в п. 5 ч. 1 ст. 6 Федерального закона «О персональных данных», что не требует согласия субъекта персональных данных, то есть пользователя, по особой форме. Более сложные, с юридической точки зрения, ситуации возникают тогда, когда разработчик обрабатывает персональные данные для широкого круга целей, например, в целях маркетинга, и, особенно, при этом осуществляет передачу персональных данных для обработки третьим лицам и (или) за рубеж. Для таких ситуаций российское законодательство требует развернутое согласие пользователя в письменной форме, с учетом требования законодательства об электронных подписях.

Общие рекомендации здесь дать сложно и каждый проект надо анализировать отдельно – очень многое зависит от деталей. Вместе с тем, можно сказать, что во многих случаях риски будут ниже, если в рамках архитектуры проекта персональные данные сделаны общедоступными самими пользователями и (или) если происходит их обезличивание – так, что на их основании в принципе нельзя установить то или иное лицо. С развитием сервисов, которые позволяют активно использовать изображение пользователя, дополнительно стоит отметить, что существенные риски могут быть связаны и с обработкой биометрических персональных данных, т.е. сведений, которые характеризуют физиологические особенности человека и на основании которых можно установить его личность.

License Agreement , наверное, наиболее понятный, с юридической точки зрения, документ – он определяет то, в каких пределах пользователь может использовать приложение как результат интеллектуальной деятельности, т.е. предоставляет пользователю ту или иную лицензию. Думаю, не будет ошибкой сказать, что исторически этот документ, из числа рассматриваемых, появился по отношению к компьютерным играм первым, поскольку законодательство об интеллектуальной собственности было наиболее разработанным на момент появления первых компьютерных игр. Более того, для однопользовательских игр, распространяемых на физических носителях без «живой» поддержки, это и сейчас может быть единственным документом, хотя таких игр, конечно, уже крайне мало (вероятно, это уже по большей части только нераспроданные «антикварные» экземпляры). Часто можно встретить более развернутое название данного документа – End User License Agreement, т.е. «Лицензионное соглашение с конечным пользователем».

Практически всегда пользователям предоставляется простая (неисключительная) лицензия, посредством которой правообладатель, в нашем случае условно – разработчик как лицензиар предоставляет пользователю как лицензиату права использования результата интеллектуальной деятельности с сохранением за собой права выдачи лицензий другим лицам. Исключительные лицензии, которые не предполагают сохранения такого права, распространены уже не в отношениях с пользователями, а в рамках сугубо деловых отношений, например, при разработке. Согласно российскому законодательству, если иное прямо не предусмотрено лицензионным договором, то лицензия предполагается как раз простой (неисключительной), и это следует иметь в виду тогда, когда вы получаете права на какой-либо продукт, используемый при разработке. Иными словами, если к договору применяется российское право и если при этом прямо не оговориться, что только вы имеете право на использование соответствующего продукта, то лицензиар (тот, кто права предоставляет), может эти права предоставить и другим лицам, а движок, например, который вы используете по данной лицензии, будет «неэксклюзивным», вне зависимости от того, что вам обещали раньше.

Регулирование лицензионных отношений в целом имеет нюансы в разных странах, но общие принципы сохраняются, поскольку данное регулирование основано на одних и тех же международных соглашениях. В России общие положения о лицензионных договорах закреплены в ст. 1235 Гражданского кодекса Российской Федерации. Так, результат интеллектуальной деятельности может быть передан только в тех пределах и теми способами, которые предусмотрены лицензионным договором. По общему правилу, лицензионный договор должен быть заключен в письменной форме, иначе он считается недействительным. В лицензионном договоре должна быть указана территория, на которой допускается использование результата интеллектуальной деятельности, а если такая территория не указана, то лицензиат вправе осуществлять использование лицензируемого продукта на всей территории Российской Федерации (но не за рубежом). Срок лицензионного договора не может превышать срок действия исключительных прав. Для компьютерных программ, права на которые регулируются также как и литературные произведения (за исключением некоторых дополнительных положений), этот срок, по общему правилу, составляет жизнь автора и 70 лет с момента смерти автора, считая с 1 января года, следующего за годом смерти автора. Если срок не определен, то договор считается заключенным на пять лет, если иное не предусмотрено Гражданским кодексом. При отсутствии указания размера вознаграждения или порядка его определения договор считается незаключенным. Кроме того, лицензионный договор должен определять предмет договора и способы использования лицензируемого результата интеллектуальной деятельности.

Нужно ли эти документы создавать в обязательном порядке всегда или это опциональное требование?

Какого-либо формального требования, которое было бы установлено на уровне закона, создавать эти документы в целом нет, но, во-первых, требование о наличии данных документов может определяться в договоре разработчика с площадкой, используемой для распространения, а во-вторых, их отсутствие может повлечь разные по степени тяжести юридические последствия, как это было описано ранее. Особенно это касается лицензионного соглашения. Создание данных документов практически всегда в интересах разработчика.

В тех случаях, когда нужно создавать – как это сделать «наименьшей кровью»? Ведь далеко не все инди-разработчики могут себе позволить услуги хорошего юриста.

По моему опыту общения с ИР, многие сейчас начинают задумываться о юридических аспектах своих проектов, что хорошо, поскольку может заранее уберечь ИР от ряда рисков. Если есть такая возможность – то при получении каких-либо инвестиций имеет смысл забюджетировать юридические услуги – их объем можно заранее согласовать с юристом, лучше – если он (юрист) прямо специализируется в области права интеллектуальной собственности, информационных технологий и медиа (последнее также важно, поскольку на сегодняшний день развивается и законодательство, и судебная практика в области регулирования интернет-технологий и контента). Это, как минимум, необходимо, чтобы избежать ситуаций в стиле описанных в цитате #427206 c «Башорга» – когда заказчик просил разработать логотип с серпом и молотом, а когда не смог его зарегистрировать по понятным причинам, попросил разработать новый логотип с Марио (любые ассоциации с недавними мобильными хитами случайны и ненамеренны).

В идеальной ситуации, на мой взгляд, юрист должен участвовать в консультировании проекта уже на этапе разработки дизайн-документа, чтобы заранее «отфильтровать» излишне рискованные в условиях современного законодательства и практики аспекты гейм-дизайна и контента либо порекомендовать способы снижения рисков за счет дизайнерских (архитектурных) решений. Наиболее качественные услуги здесь могут оказать юридические фирмы и отдельные практикующие юристы, уже имеющие значительный опыт на рынке IT и медиа в России и за рубежом, но я понимаю, что этот вариант жизнеспособен только при хороших инвестициях в проект и оценке актуальности юридических рисков, скорее, уже самим инвестором.

Второй возможный вариант – найти юриста, с которым ИР может обсудить возможность участия в проекте юриста на «рисковых» началах, при которых юрист получит свое вознаграждение в случае получения прибыли от проекта. Не все юридические фирмы и частнопрактикующие юристы, если они исходят из того, что выполняют функции независимого советника по правовым вопросам (а для адвокатов такая позиция определена законом и кодексом профессиональной этики) могут на это согласиться, поскольку в такой ситуации юрист фактически становится частью команды, а это налагает дополнительные, по крайней мере, моральные обязательства. Однако, в общем, такой вариант возможен.

Наконец, имея определенный опыт и знания в юридических вопросах, теоретически, можно попытаться обойтись своими силами – например, написав свои документы на основе примеров, полученных от коллег. Но этот вариант достаточно рискован – не владея системными знаниями в области права, есть большая опасность не только не снизить риски, но и создать дополнительные. Кроме того, крайне нежелательно прямое копирование чужих документов, поскольку они сами по себе могут представлять собой результаты интеллектуальной деятельности, ведь объектами авторских прав, по крайней мере, по российскому законодательству, из числа юридических документов не являются только официальные документы органов государственной власти, местного самоуправления и международных организаций. «Частные» документы охраняются. Не менее важно и то, что документ по другому проекту может просто не отражать критические, с точки зрения закона, аспекты вашего проекта.

Плюс ко всему, можно представить и смешанный вариант, предполагающий меньшие затраты – создать проект документа(-ов) самому, а потом дать его на проверку юристу, и если не потребуются изменения, это может сократить бюджет на правовое сопровождение.

И последний вопрос. Указанные документы располагаются то в сторе, то в самом приложении, то на сайте поддержки. Есть ли какое-либо требование или стандарт, которого нужно придерживаться?

Так же, как и в ситуации с вопросом об обязательности данных документов, прямых законодательных требований к этому в целом нет, но правила размещения могут быть предусмотрены соглашением с соответствующей площадкой цифровой дистрибуции или иным издателем, если такой есть. С другой стороны, прослеживается общий принцип, согласно которому, чем более непосредственным является знакомство пользователя с данными документами, тем ниже риск того, что недобросовестный пользователь, нарушающий правила, сможет оспорить их применимость на том основании, что они были ему не известны. За этими словами стоят различные юридические нюансы, но в целом это именно так. Данному правилу, собственно, и следуют те разработчики, которые технически обязывают пользователя «прокрутить» соглашение до конца и поставить галочку, нажать «Я принимаю» и т.п. перед там как «допустить» его в приложение.

A Privacy Policy is a document where you disclose what personal data you collect from your website’s visitors, how you collect it, how you use it and other important details about your privacy practices.

In this post, we’ll take a look at what Privacy Policies are and why you likely need to have one posted on your website. We’ll also go over some important clauses that are useful to include in your Privacy Policy. Finally, we’ll look at how different websites display their Privacy Policies.

Privacy Policies are legally binding agreements you are required to post on your website if you’re collecting any sort of personal information from your site’s visitors or customers.

A Privacy Policy is an important legal document that lets users understand the various ways a website might be collecting personal information. The purpose of a Privacy Policy is to inform users of your data collection practices in order to protect the customer’s privacy.

Your Privacy Policy should disclose how the website/app collects information, how the information is used, whether or not it is shared with third parties and how it is protected and stored.

There are 3 main reasons for having a Privacy Policy: (1) you’re required by law, (2) you’re required by third party services, (3) you want to be transparent.

The most important reason Privacy Policies are useful is because you’re most likely required by the law to have one posted on your website. The applicable laws in your region or the region you’re conducting business in may require you to include and abide by certain clauses in your Privacy Policy.

For instance, in the United States, the California Online Privacy Protection Act (CalOPPA) requires websites that collect personal information from the residents of the state of California to include a statement in their Privacy Policy that discloses how you handle their information. Since there isn’t a way to filter out visitors from California, you’re likely required to comply with CalOPPA even if your website is ran from a location nowhere near California.

Forever 21’s Privacy Policy agreement has a separate section on California Residents that explains the rights of the residents of California in compliance with CalOPPA.

Similarly, Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA), the EU’s General Data Protection Regulation (GDPR) act, and Australia’s Privacy Act of 1988 also require you to post a Privacy Policy and include certain clauses in it if you’re collecting any personal information from the residents of these regions.

Required by Third Party Services

Most of the third party services you use to improve your website’s user experience, monitor analytics or display advertisements also require you to post a Privacy Policy on your website.

According to their requirements, you should include clauses that disclose how you use these third party services, APIs, SDKs, plugins, etc.

Some of the most popular third party services that require you to post a Privacy Policy on your website include:

Analytics services work by placing cookies on your visitors’ devices and then collecting information about them when they visit your website, such as which device(s) they use, browsing activities, etc.

This is why third party services (like Google Analytics) require you to post a Privacy Policy that discloses your usage of their services and cookies.

Google Analytics’ Terms of Service agreement states in its Privacy section that you must post a Privacy Policy on your website that discloses your use of cookies and your use of Google Analytics and how it collects and processes data.

Websites and web applications that use analytics services to improve the user experience they deliver must therefore abide by these rules.

If you’re a Facebook app developer, you’re required by Facebook to post a Privacy Policy on your website that’s easily accessible and discloses the information you collect and how you will use that information.

As more and more people online are becoming aware of privacy laws, having a Privacy Policy displayed on your website that discloses how you gather and handle your visitors’ personal information is a great way to build trust and help your website users feel secure.

It’s a good practice to follow even if you’re not collecting any sort of personal information from your website’s visitors. This is because Privacy Policies are increasingly prevalent. If a visitor sees that you don’t have one published, she may be led to believe that you do, in fact, collect information from your visitors but aren’t disclosing it. It’s better to have one posted that states that you do not collect any information from your site’s visitors. This is especially true for blogs.

DuckDuckGo , for example, has a Privacy Policy posted on its website that simply states that it doesn’t collect any personal information from visitors.

A Privacy Policy should be organized in a way that helps the reader understand key categories of information. This is best done with well-structured and clearly written clauses, neatly identified with descriptive headlines.

The clauses you include in your Privacy Policy depend on a number of factors including the type of business you’re running and the applicable law. However, there are some clauses that just about every website that collects personal information from visitors includes in a Privacy Policy.

Let’s take a look at some examples of clauses that are useful to add in a Privacy Policy agreement:

Type of Information You Collect

Most Privacy Policies start out by disclosing the type of information the business collects from its visitors or customers. It lets the end user know which type of personal information they can expect to provide, whether required or optional.

Let’s take a look at MailChimp’s Privacy Policy agreement:

MailChimp has an incredibly detailed Your Information section which explains what information it collects from users. It’s been divided into several sections – Information you provide to us, Information we collect automatically, Information we collect from other sources, Information from the use of our mobile apps .

It identifies the personal information you provide when you sign up with them and/or purchase their services such as name, address, email address, IP address, and credit card information.

Some web applications, like GitHub , collect information from their site’s visitors in addition to their end users.

Here’s a look at how GitHub explains this in its Privacy Policy agreement:

GitHub explains that it collects personally-identifying information from website’s visitors and why it’s collected. The type of information collected from users who have accounts on GitHub is also disclosed.

How the Collected Information is Processed and Shared

You’re required to disclose how you process and share the personal information you collect from your site’s visitors. It should explain what you do with the information after you’ve collected it.

For example, in its Privacy Policy, LogMeIn explains the different ways it uses the personal information it collects:

LogMeIn also has a section in its Privacy Policy that explains how it shares visitors’ personal information with third parties:

Use of Cookies and Tracking

Websites that use cookies or other technologies to obtain personal information from their website’s visitors or customers include a cookies clause in their Privacy Policies. Generally, the cookies clause states that the website uses cookies , why it uses them, and how users can disable cookies on their devices.

Canva’s Privacy Policy has a section on Cookies information that explains cookies usage.

It says that Canva uses cookies to improve your experience with their website by helping you log in faster and making their on-site navigation better. Cookies are also placed in order to track how you use the website. Canva discloses that its business partners also receive this information. Finally, it’s noted that if you disable cookies, some features of Canva might not work properly.

Changes to the Privacy Policy

You will likely have to change the content of your Privacy Policy at some time. For this reason, most Privacy Policies have a clause that states how they will inform users about updates and revisions to the agreement.

Let’s take a look at LogMeIn’s Privacy Policy again:

This clause states that the Policy may be updated and discloses how notifications of material changes will be given. It also says that if you continue to use the services after the update then you automatically agree to the revised Privacy Policy.

Examples of Websites with Privacy Policies

Regardless of whether you’re running a website, web app, mobile app or desktop app, if you’re collecting personal information from your end users then you’re required to post a Privacy Policy.

Most websites provide a link to their Privacy Policy in their homepage footer, main navigation, or an appropriate sub-menu.

Let’s take a look at the Privacy Policy agreements of some popular websites.

Reddit

Reddit links to its Privacy Policy from the fine print in the footer of the homepage:

The Privacy Policy itself follows the same format and theme as the rest of the website and includes anchor navigation links in the left sidebar.

It includes the following clauses:

1. What We Collect
2. How We Use Information About You
3. How Information About You is Shared
4. Ads and Analytics Partners
5. Your Choices
6. Other Information
7. Contact Us

Canva

Canva’s Privacy Policy uses short summaries to the right of the clauses to help summarize information for readers. This helps make the Policy easier to understand and more user-friendly.

The New York Times

The New York Times has a link to the Privacy Policy in the website’s footer:

The Privacy Policy includes anchor navigation links, a search bar and a button to initiate chat. The benefit in this formatting is that it makes it easy for the site visitor to find information they need to fully understand their privacy rights.

Summary

If you’re collecting any sort of personal information from your website’s visitors, end users, subscribers, customers, or clients then you’re most likely required by law or by third party services to post a Privacy Policy on your website.

You need to be aware of:

• The privacy laws and Privacy Policy requirements in the jurisdiction your business is based in and the jurisdiction(s) where your site visitors live.
• The Terms of Service requirements of any third party services your website or app uses.