Yandex ID Privacy Policy
- 1. What this Privacy Policy covers
- 2. Who processes your personal data and how to contact us
- 4. How we protect your personal data
- 5. How we share or transfer your personal data
- 6. Where your personal data are stored and processed
- 7. How long we store your personal data
- 8. What are your rights
- 9. Why and how we use cookies and similar technologies
- 10. How we update this Policy
1. What this Privacy Policy covers
This Privacy Policy (“Policy”) describes how we process your personal data when you use the Yandex ID service (“Service”). This Policy is based on the provisions of applicable data protection laws. Please note that if Service is provided to you by Yandex LLC, processing of your personal data is described in the privacy policy available via the link: https://yandex.ru/legal/confidential/. This Policy does not cover activities of Yandex LLC with regard to processing of personal data in the Service.
2. Who processes your personal data and how to contact us
2.1. Except for the cases mentioned in Section 1, your personal data are processed by the company providing the Service (“Company”). You may find the name and address of such Company in the Terms of Use of Yandex ID service (https://yandex.com/legal/id_termsofuse) (“ToU”).
2.2. Contact details
You can contact us via feedback forms available in the Service or via email gdpr@yandex-team.com.
3. What personal data are processed, how, and why
3.1. The purposes of processing
Company processes your personal data for:
- authorization and access to the Service;
- providing the Service in accordance with the ToU;
- creation of the public account;
- contacting you on matters related to the usage of the Service;
- research and/or analytics;
- improving the Service and user experience;
- personalizing advertisements/commercial offers based on your preferences, search history and other data available;
- detection of security threats to the Service, users, Company and/or third parties;
- automatic filling of information in other services’ authorization forms;
- complying with legal obligations;
- protection of our legal rights and interests, for example, in judicial proceedings or during business development activities;
- for other purposes that may be required for proper provision of the Service.
3.2. The categories of personal data we process
The Company processes the following personal data related to the users of the Service and other data subjects:
|
Purposes of processing |
Сategories of personal data |
|
|
Authorization and access to the Service |
Full name |
|
|
Login, password |
||
|
Contact information (such as mobile phone number, email address) |
||
|
Identifiers (such as User ID) |
||
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Date and time of using the Service |
||
|
Other registration/authentication data |
||
|
Providing the Service in accordance with the ToU |
Full name |
|
|
Photo |
||
|
Contact information (such as mobile phone number, email address) |
||
|
Identifiers (such as User ID) |
||
|
Birth date and age |
||
|
Login |
||
|
Information about geolocation, place of residence and time zone |
||
|
Date and time of using the Service |
||
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Information related to your activity while using the Service |
||
|
Information about related external accounts |
||
|
Other information that may be required for this purpose |
||
|
Creation of the public account |
Full name |
|
|
Contact information (such as mobile phone number, email address) |
||
|
Photo |
||
|
Education information |
||
|
Work experience |
||
|
Skills |
||
|
Achivements |
||
|
Other information that may be required for this purpose |
||
|
Contacting on matters related to the usage of the Service |
Full name |
|
|
Login |
||
|
Identifiers (such as User ID) |
||
|
Information contained in the request and request |
||
|
Date and time of using the Service |
||
|
Contact information (such as mobile phone number, email address) |
||
|
Information about geolocation, place of residence and time zone |
||
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Other information that may be required for this purpose |
||
|
Research and/or analytics |
Information related to your activity while using the Service |
|
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Other information that may be required for this purpose |
||
|
Improving the Service and user experience |
Information related to your activity while using the Service |
|
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Other information that may be required for this purpose |
||
|
Personalizing advertisements/commercial offers based on your preferences, search history and other data available |
Full name |
|
|
Contact information (such as mobile phone number, email address) |
||
|
Identifiers (such as User ID) |
||
|
Information related to your activity while using the Service |
||
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Other information that may be required for this purpose |
||
|
Detection of security threats to the Service, users, Company and/or third parties |
Login, password |
|
|
Identifiers (such as User ID) |
||
|
Information related to your activity while using the Service |
||
|
Date and time of using the Service |
||
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
Other information that may be required for this purpose |
||
|
Automatic filling of information in other services’ authorization forms |
Full name |
|
|
Photo |
||
|
Identifiers (such as User ID) |
||
|
Contact information (such as mobile phone number, email address) |
||
|
Electronic data (such as http headers, IP address, cookies, web beacons/pixel tags, browser, hardware and software information, wi-fi network data, geolocation information, Session_iOAuth-tocens) |
||
|
ther information that may be required for this purpose |
||
|
Complying with legal obligations |
Full name |
|
|
Contact information (such as mobile phone number, email address) |
||
|
Information related to your activity while using the Service |
||
|
Date and time of using the Service |
||
|
Identifiers (such as User ID) |
||
|
Other information that may be required for this purpose |
||
|
Protection of our legal rights and interests |
Full name |
|
|
Contact information (such as mobile phone number, email address) |
||
|
Information related to your activity while using the Service |
||
|
Date and time of using the Service |
||
|
Identifiers (such as User ID) |
||
|
Other information that may be required for this purpose |
3.3. Our legal basis of processing your personal data:
- Agreement: we may process your personal data in order to provide you the Service in accordance with the ToU;
- Legal obligation: in certain cases, we may have a legal obligation to process your personal data;
- Legitimate interest: in case it is provided by applicable law, we may process your data on the basis of our legitimate interests if it does not affect your interests or fundamental rights and freedoms.
Whenever the processing is based on a legitimate interest basis, you may contact us to obtain more information on balancing tests carried out to assess our legitimate interests and your interests, rights and freedoms;
- Consent: for specific purposes or if consent is required by the applicable law, we may ask your consent for processing your personal data.
If under the applicable law personal data processing can be justified only by consent or other relevant legal ground, we will obtain such consent or ensure presence of respective legal ground.
3.4. Where we get your personal data:
- From you
- From our partners, including those with which you may have a separate agreement
- Data may be automatically generated/collected during the use of the Service
3.5. We do not perform any form of profiling, which has the potential to significantly impact your rights and freedoms in accordance with applicable laws.
4. How we protect your personal data
4.1. We have implemented adequate technical and organisational measures to protect personal data against unauthorised, accidental or unlawful destruction, loss, alteration, misuse, disclosure or access and against all other unlawful forms of processing.
4.2. These security measures have been implemented taking into account the state of the art of the technology, their cost of implementation, the risks presented by the processing and the nature of personal data.
4.3. In most cases, personal data are processed automatically without access to it by our staff. However, if such access is necessary, your personal data can be accessed only by those employees whose professional tasks require using this information. These employees must comply with internal rules and follow protocols for processing personal data and all technical and organisational security measures protecting your personal data.
5. How we share or transfer your personal data
5.1. We may transfer personal data to third parties for the purposes listed in Section 3 above.
5.2. Please note that the level of protection of personal data and data subjects’ rights in some countries may not be adequate to the level in your jurisdiction and by using the Service you confirm that you are aware and agree upon such transfer. In such cases, we follow the necessary procedures to ensure that your rights are respected, and your personal data are protected during and after the transfer.
5.3. Such third parties may include:
- our group of companies;
- partners providing us services related to the placement and display of advertisement on the websites, programs, products;
- advertisers or other partners serving targeted advertisement on the Service;
- software providers and/or external consultants;
- entities, providing information for discovering security risks to the Service, users, Company and/or third parties;
- entities, involved in the arrangement of the processing and acceptance of your payments (international payment systems, payment products vendors, banks and other financial organizations, etc.).
- any third party, to whom we assign any of our rights or obligations under agreements related to offering of the Service to the users, or who maintain control with other means over the entities, offering the Service as a result of its acquisition (by acquisition of legal entity, objects of intellectual property, property, proprietary rights or otherwise);
- any national or international regulatory, enforcement, exchange body, central or local government department and other statutory or public bodies or court where we are required to do so by applicable law or regulation at their request;
- other third parties where such transfer is required for the purposes defined in this Policy.
6. Where your personal data are stored and processed
Depending on the scope of your interactions with the Service, your personal data may be stored in multiple countries, including foreign countries that do not provide a level of protection of personal data and data subjects’ rights adequate to the level in your jurisdiction. In such cases, we follow the necessary procedures to ensure that your rights are respected, and your personal data are protected during and after the transfer.
7. How long we store your personal data
7.1. We will only keep your personal data for as long as it is necessary to fulfil the purpose for which they are collected or to comply with legal and regulatory requirements.
7.2. Unless otherwise required or agreed, the data and other documents, which are stored by you on our systems as part of the Service, will remain stored as long as you have an account with us, but you can delete them at any time.
7.3. You can change and delete certain personal data at any time, or initiate the account deletion procedure through the available functionality of the Service (user account).
8. What are your rights
8.1. You may exercise the following rights as a data subject if such rights are provided by the applicable laws:
Access
You can ask us to confirm whether or not we process your personal data. If so, you can access your personal data and ask us to explain certain details of the processing.
Using interface of the Service, you can obtain a copy of all processed data through your user account.
Rectification
You can log in to your user account and correct your personal data yourself.
Alternatively, in cases provided by law you can ask us to amend inaccurate/incomplete personal data.
Erasure (‘right to be forgotten’)
You can ask us to erase your personal data in cases provided under applicable law.
Withdrawal of consent
You can withdraw your consent where the processing of personal data is based on the consent.
Restriction of processing
You can ask us to mark the stored personal data with the aim to limit their processing in the future under applicable law. In particular, this may apply if:
(1) you contest the accuracy of the personal data
(2) you believe the processing is unlawful
(3) you need the personal data to protect your rights when we no longer need the personal data
(4) you have objected the processing based on the legitimate interests pursued by us or by a third party
Objection
You can object to the processing of your personal data which is based on the legitimate interests pursued by us or by a third party.
Portability
When the processing is based on your consent or an agreement with you, you can receive your personal data in a structured, commonly used and machine-readable format and can freely transmit those data to another controller. Where technically feasible, you can also ask us to transmit the personal data directly to another data controller.
Right to lodge a complaint
You have the right to lodge a complaint with a relevant supervisory authority, in particular, in your country of residence.
8.2. How you can exercise your rights
To exercise the above rights, please log in to your user account, which will provide you with the option to do so, or please contact us (see Section 2 hereof).
9. Why and how we use cookies and similar technologies
9.1. What are cookies
Cookies are small text files accepted and processed by device that you use to access the Service. They contain information that is collected from your device and sent back to the website or app on each subsequent visit.
9.2. Why we use cookies
Cookies assist you in navigation through the website or app, and allow us remember your preferences over time. In particular, we need cookies:
- to help you remain logged in to the Service;
- to improve your experience with the Service;
- to show information relevant to your search queries;
- to save your settings for advertising preferences and safe search;
- to display ads that may be of interest to you;
- to analyze the statistics of using the Service;
- to display ads that may be of your interest.
Based on the data obtained using cookies, we develop the most useful functionality for the Service, conduct statistical and marketing research, fix errors in the Service and test new functions to improve the performance of the Service, personalize them and show you the information that is the most relevant to you.
9.3. What types of cookies do we use
The following types of cookies are used in the Service:
- strictly necessary cookies / technical cookies: these cookies are required to run the websites and apps and provide you with the Service and may, among other, allow us to identify your hardware and software, including your browser type. The most common technical cookies, for example, are session_id’s. They are installed automatically and provide the ability to authenticate and subsequently authorize in the Service. Cookies of secure_session_id are used to authorize users and ensure the security of account data when making payments;
- statistical / analytic cookies: these cookies enable us to recognize users, count the number of users and collect information such as your actions in the Service, including web pages you visit and content you retrieve;
- performance cookies: these cookies collect information about how users interact with our Service, enabling us to identify errors and test new functionalities to improve the performance of the Service;
- functionality cookies: these cookies enable us to provide specific functionalities in order to improve your experience with the Service, for example by storing your preferences (e.g. language and location);
- (third party) tracking / advertising cookies: these cookies collect information about users, sources of traffic, page visits and advertising displayed to you and followed by you. They enable us to display advertising which may be of interest to you based on collected personal data. These cookies are also used for statistical and research purposes.
Web beacons (pixel tags)
We may also use web beacons (pixel tags) in order to access the cookies previously placed on your device for the following purposes:
(i) to track your actions when using the Service, by accessing and interacting with the cookies stored on your device;
(ii) to collect statistical information related to operating the Service, utilities, advertisements or other offerings.
Analytics tools
We may use web analytics tools that allow to collect anonymized information about traffic sources, site traffic, and evaluate the effectiveness of advertising. To count visitors, such tools use anonymous browser identifiers that are stored in cookies.
9.4. How long are those cookies stored on your device
The storage period may depend on cookies type, but it is no longer than necessary to achieve their purpose and will be automatically removed from your system thereafter. For example, session cookies expire at the end of the session (when you close the page or browser window).
9.5. Who else has access to the information contained in the cookies
Personal data collected through cookies placed on your device may be transmitted to and accessed by the Company or the third parties referred to in Section 5 hereof.
The use of personal data outside of the Service may be subject to separate policies available on the above third parties’ websites.
9.6. How you could manage the cookies
What happens at first time?
The first time that you use the Service, your approval for the use of the cookies may be requested. In this case, technical cookies are installed automatically when the page is loaded, unless otherwise specified in the browser settings.
How to change my choice?
If after you have approved the use of cookies you want to make another choice, you can do this by deleting the cookies stored by your browser (usually via the options in your browser’s Privacy menu – please refer to your browser’s manual or developer’s website). The popup requesting your approval may then show up again and you can make a different choice.
What if I do not want to give my consent?
If you do not consent to the use of cookies, certain features of the Service might become unavailable, which may affect your browsing experience.
Can I manage cookies in my browser?
You may also set up your browser preferences to accept or decline by default all cookies or cookies from specific websites.
10. How we update this Policy
This Policy may be amended from time to time.
The Company shall be entitled to make such amendments at its own discretion, including, without limitation, to reflect changes in applicable legislation or functionalities of the Service.