For over twenty years, Yandex has served millions of users, working to maintain their trust through our commitment to protecting their privacy and freedom of expression online. Our commitment to users is rooted in Yandex’s wider responsibility to respecting human rights.
helps users understand more about what data we collect, the reasons why we collect data, who has access to that data, and how users can control it.
Reasons we collect user data
At Yandex, it’s our goal to help consumers and businesses better navigate the online and offline world. A large part of that is offering highly personalised services that cater to each individual user.
Users are different, and data such as their preferences, location, and online history is critical to provide them with the best possible services. To that end, our services take into account various types of relevant data to personalise the experience for each user.
For instance, our music streaming service Yandex.Music recommends artists or songs that match individual tastes of every user based on which songs they "liked" and which they skipped, among many other factors. Similarly, a user’s search history helps Yandex choose the most relevant search results specifically for that user. Someone who enters [nevermind] in the search bar might be looking for a definition of “nevermind”, while someone else may be searching for the Nirvana album.
Personalising a user’s experience using historical data improves both the current experience and helps Yandex to develop new products and services. And the more data we utilize, the better the experience we can provide to our users.
User data we collect
We collect user data in two main ways – through Yandex profiles that users create and through users’ interactions and activities on Yandex services.
Yandex users can sign up for a Yandex.Passport, or profile, in which they manually enter their name, phone number, and other information, such as age, sex, location, and time zone. When users log in to our services or apps, data about their interactions with the service or app is automatically added to their Yandex.Passport profile.
Yandex services automatically collect technical information such as cookie files, IP addresses, and geographic location to better understand users' preferences and settings.
The amount of time we store users’ data varies depending on which service and feature is being used and how actively our users manage their data settings. Some data is deleted when requested by a user, some data is deleted automatically, and some data is retained for longer periods of time to operate our various services effectively.
How we protect our users’ data
Yandex takes your data security very seriously and follows rigorous data protection rules to ensure our users’ data is secure and their privacy is protected. All data is processed automatically in our system, and we prohibit access to the data by any individual other than in times of necessity such as for Yandex customer support or other obligatory administrative and technical help. We also always encrypt all stored confidential information, such as passwords.
Our technological infrastructure securely protects the data that we handle. We implemented a secure HTTPS protocol for all Yandex services, meaning all data is encrypted as it moves between the user and Yandex. We also integrated special protection measures where security is particularly important, such as processing online payments according to the international PCI DSS security standard.
Yandex.Passport provides unified authentication on all Yandex services and is pivotal to ensuring the security of user data. In 2020, Yandex.Passport was independently audited according to the SSAE 18 standard overseen by the American Institute of Certified Public Accountants (AICPA) and received a Service Organization Control (SOC) 2 report certifying that it meets international security standards.
Instances in which we share our users’ data
Protecting user’s data is a priority for Yandex and it’s important for our users to know about the instances in which we share users’ data and why. Yandex does not sell or share user data with third parties but does share necessary data with some partners in order to provide Yandex services; we also share aggregated user data through our web analytics tools, and to satisfy legal requests.
Yandex shares select data with a partner when it’s necessary to operate a service. For instance, Yandex.Taxi works with taxi companies and their drivers require information about a user’s location so that they can pick up the passengers. Similarly, when a user buys concert tickets through our ticketing service, Yandex.Afisha, the venue box office needs the user’s information to be able to deliver the tickets to the user.
Some of our analytics services, such as our web analytics reporting tool Yandex.Radar, provide aggregated statistics on user behavior. However, these services do not receive any personal information on individual users and strictly provide aggregated reporting.
In some cases, Yandex may be required to provide user data by law. Yandex complies with the laws and regulations in areas in which it operates, including legal requests for information. If we receive a formal request for user data, our top priority is to protect users and we first ensure that there is legal ground for the request. If we find that the request is legitimate, we comply with the authorities to provide only the amount of data absolutely necessary to fulfil the request. If we find that the request is without merit, we refuse to fulfil the request and work with respective authorities to ensure strict compliance with the applicable law. Yandex publishes statistical information about requests for user data it receives in its Transparency Report
Among other things, email correspondence of Yandex users can only be accessed on the basis of an official court order related to a particular user as we protect the secrecy of correspondence under Russian law.
How our users can control their data
It’s vital to Yandex to provide our users with information about how they can control and manage their personal data. Users can view part of the data, including personal information, available to Yandex and its services on Yandex.Passport
. You can edit or delete this information, or change the settings of your personal Yandex account, at any point.
Yandex users and all Internet users have the ability to further control their data through their browser settings by managing their cookies. Yandex.Browser’s Help page
. To submit any concerns about privacy online, please visit the appropriate support page
. You can navigate to the proper form for the relevant service and submit more detailed information about issues in the feedback form.