Legal use of personal data in the online store
Half a year ago, we placed on Article 3 legal errors of an online store , which aroused great interest among users. Now I want to dwell on the problem that we did not address in the previous article. This is a problem of non-contractual use of personal data of online store users.
Immediately, we note that there is a simple solution to this problem: to do this, it is enough to conclude an agreement with the user for using the online store service before purchasing goods in it. The easiest way to do this is to accept the User Agreement . However, most online stores use the standard form of the offer , the terms of which are accepted after the provision of personal data. Those. Before accepting an offer, PDs are used illegally.
Unfortunately, the owners of online stores do not think about it. The offer for remote sale of goods includes all legal conditions for using the store and seems sufficient. But is it? Let's see.
')
What conditions usually include a public offer of an average online store? The list of conditions is fairly standard:
It seems that these are all the conditions that are required by law for the remote sale of goods through an online store. However, the common practice of combining the necessary conditions in one document has a significant flaw. What is it?
For the sale and delivery of goods online store receives personal information of the buyer or the person to whom the product is handed over (the beneficiary). In this regard, the owner of an online store is considered an operator for the processing of personal data and must comply with the relevant requirements.
According to the Law on Personal Data, the consent of the subject of personal data to their processing is not required when the processing of personal data is necessary for entering into or executing a contract to which the subject of personal data is a party (paragraph 5 item 1 Article 6 of the Federal Law "On Personal Data")
In addition, the operator has the right, without notifying Roskomnadzor, to process personal data received in connection with the conclusion of an agreement to which the subject of personal data is a party (Clause 2 of Article 22 of the Federal Law "On Personal Data").
Therefore, for the application of these rules it is necessary that the processing of PD is preceded by the conclusion of a contract or the beginning of its execution.
When is the conclusion of the offer contract? Usually the contract is concluded when paying for the goods. When does the user get acquainted with the public offer? At best, the user is acquainted with the public offer:
1) before registering on the website of the online store;
2) before sending the issued order on the website of the online store.
In this case, the terms of the offer are not differentiated into those that apply before the conclusion of the contract of sale of goods and after.
Accordingly, it cannot be said that a) from the moment of registration on the website of the online store, the user has entered into some kind of contract for its use, and b) after registration and (if required) payment for the goods, the relationship between the user and the store owner is further regulated by the contract of sale goods.
In addition, recently online stores are trying to reduce the number of actions in the buying process. Therefore, for registration of the order is not required prior registration, and when placing an order - familiarization with the conditions of sale of goods.
This is especially evident in the example of online retailers. In this case, the goods are delivered from the warehouse to the store indicated by the buyer and paid for there. Thus, distance selling is absent, since the contract of sale is a fixed point.
This practice is copied by other online stores that do not have their own points of issue. Here the goods are delivered by cash on delivery.
However, in all cases considered, sellers forget that when registering or placing an order, the buyer leaves personal data on the site. As a result, such personal data are processed on the side of the online store before entering into an agreement.
Therefore, the store owner cannot refer to the provisions of the law that exempt him from:
a) obtaining the consent of the subject of personal data for their processing;
b) notifying Roskomnadzor about processing PDs for inclusion in special register of PD operators.
To exclude these risks allows a simple division of the public offer into 3 documents:
1) User Agreement , which governs the conditions of registration on the website of the online store and free use of its functionality;
2) An offer for remote sale of goods , which sets out the conditions and procedure for concluding a contract for the sale of goods through an online store;
3) Privacy Policy , which describes the procedure for processing PD in connection with the conclusion of a) the contract for the use of the site under the User Agreement and b) the contract of sale for the offer.
As you can see, everything is simple and logical: for each user action his contract and the conditions for processing his personal data. With this in mind, we have developed a package of documents online store , consisting of 3 documents instead of the standard offer.
Immediately, we note that there is a simple solution to this problem: to do this, it is enough to conclude an agreement with the user for using the online store service before purchasing goods in it. The easiest way to do this is to accept the User Agreement . However, most online stores use the standard form of the offer , the terms of which are accepted after the provision of personal data. Those. Before accepting an offer, PDs are used illegally.
Unfortunately, the owners of online stores do not think about it. The offer for remote sale of goods includes all legal conditions for using the store and seems sufficient. But is it? Let's see.
')
What conditions usually include a public offer of an average online store? The list of conditions is fairly standard:
- Registration and Use Rules
- Order of goods
- Payment order
- Delivery of goods
- Return and payment
- Disclaimer
- Personal data processing conditions
- The procedure for making changes.
It seems that these are all the conditions that are required by law for the remote sale of goods through an online store. However, the common practice of combining the necessary conditions in one document has a significant flaw. What is it?
For the sale and delivery of goods online store receives personal information of the buyer or the person to whom the product is handed over (the beneficiary). In this regard, the owner of an online store is considered an operator for the processing of personal data and must comply with the relevant requirements.
According to the Law on Personal Data, the consent of the subject of personal data to their processing is not required when the processing of personal data is necessary for entering into or executing a contract to which the subject of personal data is a party (paragraph 5 item 1 Article 6 of the Federal Law "On Personal Data")
In addition, the operator has the right, without notifying Roskomnadzor, to process personal data received in connection with the conclusion of an agreement to which the subject of personal data is a party (Clause 2 of Article 22 of the Federal Law "On Personal Data").
Therefore, for the application of these rules it is necessary that the processing of PD is preceded by the conclusion of a contract or the beginning of its execution.
When is the conclusion of the offer contract? Usually the contract is concluded when paying for the goods. When does the user get acquainted with the public offer? At best, the user is acquainted with the public offer:
1) before registering on the website of the online store;
2) before sending the issued order on the website of the online store.
In this case, the terms of the offer are not differentiated into those that apply before the conclusion of the contract of sale of goods and after.
Accordingly, it cannot be said that a) from the moment of registration on the website of the online store, the user has entered into some kind of contract for its use, and b) after registration and (if required) payment for the goods, the relationship between the user and the store owner is further regulated by the contract of sale goods.
In addition, recently online stores are trying to reduce the number of actions in the buying process. Therefore, for registration of the order is not required prior registration, and when placing an order - familiarization with the conditions of sale of goods.
This is especially evident in the example of online retailers. In this case, the goods are delivered from the warehouse to the store indicated by the buyer and paid for there. Thus, distance selling is absent, since the contract of sale is a fixed point.
This practice is copied by other online stores that do not have their own points of issue. Here the goods are delivered by cash on delivery.
However, in all cases considered, sellers forget that when registering or placing an order, the buyer leaves personal data on the site. As a result, such personal data are processed on the side of the online store before entering into an agreement.
Therefore, the store owner cannot refer to the provisions of the law that exempt him from:
a) obtaining the consent of the subject of personal data for their processing;
b) notifying Roskomnadzor about processing PDs for inclusion in special register of PD operators.
To exclude these risks allows a simple division of the public offer into 3 documents:
1) User Agreement , which governs the conditions of registration on the website of the online store and free use of its functionality;
2) An offer for remote sale of goods , which sets out the conditions and procedure for concluding a contract for the sale of goods through an online store;
3) Privacy Policy , which describes the procedure for processing PD in connection with the conclusion of a) the contract for the use of the site under the User Agreement and b) the contract of sale for the offer.
As you can see, everything is simple and logical: for each user action his contract and the conditions for processing his personal data. With this in mind, we have developed a package of documents online store , consisting of 3 documents instead of the standard offer.
Source: https://habr.com/ru/post/298308/
All Articles