– your company,
– determining your role in the processing of personal data,
– norms on amendments, entry into force,
– principles of interaction with PD;
– the scope of the policy (which resources and types of interaction with PD subjects are covered by the policy).
The second part, as a rule, should contain the main provisions regarding interaction with PD, this list includes:
– rules regarding the transfer of PD to third parties
– actions taken to minimize the use of PD
– actions taken to protect PD from unauthorized access.
The third part is based on the results of the research undertaken on the basis of the second paragraph, in particular, you need to determine the personal data that is collected and processed, the purposes and legal grounds for processing, the time for which the PD is stored.
In the fourth part, it is necessary to indicate the rights that PD subjects have.
We do not make “templates”, because we know about the risks that they carry. Comprehensive work on the analysis of all mechanisms of interaction with PD that occur through the site is essential background work for drafting of policies for your site. Contact Legarithm if your goal is to obtain a document that will have legal value.