P3Pwriter Policy Editor
 
 
P3P Solutions
Develop your complete privacy policy using P3Pwriter. You can make changes for up to a year at no charge and we guarantee it will validate or you get your money back.
Start here -->

1.0 Background
The P3P specification requires websites put their privacy policies in an XML format that can be read by modern browsers such as IE6 and NS7. When these policies are present, the browser makes decisions based on the browser privacy settings compared to the policy.

Part of the P3P specification implements privacy policies in a summary form called the Compact Policy. The compact policy is delivered to the web page in the HTTP header allowing the browser to make decisions before the page is displayed.

To implement the compact policy, the privacy policy is reduced to a set of tokens to reduce the amount of code that is sent to the browser. Each part of the privacy policy is represented in the compact policy. Since the compact policy is a summary, the most restrictive case of the privacy policy is the only element included in the P3P compact policy.

To check a compact policy string use the Compact Policy Validator.

2.0 Compact Policy Description
P3P compact policies use tokens representing the following elements from the P3P vocabulary: ACCESS, CATEGORIES, DISPUTES, NON-INDENTIFIABLE, PURPOSE, RECIPIENT, REMEDIES and RETENTION. The P3P compact policy vocabulary is expressed using a developer-readable language to reduce the number of bytes transferred over the wire within a HTTP response header.

2.1 Compact Policy Access Element
The ACCESS element indicates whether the site provides access to various kinds of information.

TagDescription
NOIWeb Site does not collected identified data.
ALLAll Identified Data: Access is given to all identified data.
CAOIdentified Contact Information and Other Identified Data: access is given to identified online and physical contact information as well as to certain other identified data.
IDCIdentifiable Contact Information: access is given to identified online and physical contact information (e.g., users can access things such as a postal address)
OTIOther Identified Data: access is given to certain other identified data (e.g., users can access things such as their online account charges).
NONNone: no access to identified data is given.

2.2 Compact Policy Disputes Element
A policy should contain a DISPUTES element. These elements describe dispute resolution procedures that may be followed for disputes about a services' privacy practices. If a privacy policy contains any disputes elements, the compact policy will contain a disputes token.

TagDescription
DSPThe privacy policy contains DISPUTES elements.

2.3 Compact Policy Remedies Element
Each DISPUTES element may contain a REMEDIES element that describes the remedies in case a policy breach occurs.

TagDescription
CORErrors or wrongful actions arising in connection with the privacy policy will be remedied by the service.
MONIf the service provider violates its privacy policy it will pay the individual an amount specified in the human readable privacy policy or the amount of damages.
LAWRemedies for breaches of the policy statement will be determined based on the law referenced in the human readable description.

2.4 Compact Policy Non-Identifiable Element
If each statement of a privacy policy contains the NON-IDENTIFIABLE element, then the compact privacy policy may specify the NID token.

TagDescription
NIDNon-identifiable.

2.5 Compact Policy Purpose Element
Each statement in a privacy policy that does not contain a non-identifiable element must contain a PURPOSE element that contains one or more purposes of data collection or uses of data.

TagDescription
CURInformation is used to complete the activity for which it was provided.
ADMInformation may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage (same as tag ADMa).
ADMaInformation may be used for the technical support of the Web site and its computer system. Users cannot opt-in or opt-out of this usage.
ADMiInformation may be used for the technical support of the Web site and its computer system. Opt-in means prior consent must be provided by users.
ADMoInformation may be used for the technical support of the Web site and its computer system. Users may opt-out of the data being used for this purpose.
DEVInformation may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage (same as tag DEVa).
DEVaInformation may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users cannot opt-in or opt-out of this usage.
DEViInformation may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Opt-in means prior consent must be provided by users.
DEVoInformation may be used to enhance, evaluate, or otherwise review the site, service, product, or market. Users may opt-out of the data being used for this purpose.
TAIInformation may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Users cannot opt-in or opt-out of this usage (same as tag TAIa).
TAIaInformation may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Users cannot opt-in or opt-out of this usage.
TAIiInformation may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Opt-in means prior consent must be provided by users.
TAIoInformation may be used to tailor or modify content or design of the site where the information is used only for a single visit to the site and not used for any kind of future customization. Users may opt-out of the data being used for this purpose.
PSAInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage (same as tag PSAa).
PSAaInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage.
PSAiInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.
PSAoInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals for purpose of research, analysis and reporting, but it will not be used to attempt to identify specific individuals. Users may opt-out of the data being used for this purpose.
PSDInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage (same as tag PSDa).
PSDaInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Users cannot opt-in or opt-out of this usage.
PSDiInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Opt-in means prior consent must be provided by users.
PSDoInformation may be used to create or build a record of a particular individual or computer that is tied to a pseudonymous identifier, without tying identified data (such as name, address, phone number, or email address) to the record. This profile will be used to determine the habits, interests, or other characteristics of individuals to make a decision that directly affects that individual, but it will not be used to attempt to identify specific individuals. Users may opt-out of the data being used for this purpose.
IVAInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Users cannot opt-in or opt-out of this usage (same as tag IVAa).
IVAaInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Users cannot opt-in or opt-out of this usage.
IVAiInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Opt-in means prior consent must be provided by users.
IVAoInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data for the purpose of research, analysis and reporting. Users may opt-out of the data being used for this purpose.
IVDInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Users cannot opt-in or opt-out of this usage (same as tag IVDa).
IVDaInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Users cannot opt-in or opt-out of this usage.
IVDiInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Opt-in means prior consent must be provided by users.
IVDoInformation may be used to determine the habits, interests, or other characteristics of individuals and combine it with identified data to make a decision that directly affects that individual. Users may opt-out of the data being used for this purpose.
CONInformation may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Users cannot opt-in or opt-out of this usage (same as tag CONa).
CONaInformation may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Users cannot opt-in or opt-out of this usage.
CONiInformation may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Opt-in means prior consent must be provided by users.
CONoInformation may be used to contact the individual, through a communications channel other than voice telephone, for the promotion of a product or service. This includes notifying visitors about updates to the Web site. Users may opt-out of the data being used for this purpose.
HISInformation may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Users cannot opt-in or opt-out of this usage (same as tag HISa).
HISaInformation may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Users cannot opt-in or opt-out of this usage.
HISiInformation may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Opt-in means prior consent must be provided by users.
HISoInformation may be archived or stored for the purpose of preserving social history as governed by an existing law or policy. Users may opt-out of the data being used for this purpose.
TELInformation may be used to contact the individual via a voice telephone call for promotion of a product or service. Users cannot opt-in or opt-out of this usage (same as tag TELa).
TELaInformation may be used to contact the individual via a voice telephone call for promotion of a product or service. Users cannot opt-in or opt-out of this usage.
TELiInformation may be used to contact the individual via a voice telephone call for promotion of a product or service. Opt-in means prior consent must be provided by users.
TELoInformation may be used to contact the individual via a voice telephone call for promotion of a product or service. Users may opt-out of the data being used for this purpose.
OTPInformation may be used in other ways not captured by the above definitions. Users cannot opt-in or opt-out of this usage (same as tag OTPa).
OTPaInformation may be used in other ways not captured by the above definitions. Users cannot opt-in or opt-out of this usage.
OTPiInformation may be used in other ways not captured by the above definitions. Opt-in means prior consent must be provided by users.
OTPoInformation may be used in other ways not captured by the above definitions. Users may opt-out of the data being used for this purpose.

2.6 Compact Policy Recipient Element
Each statement in a privacy policy must contain a RECIPIENT element that contains one or more recipient of the collected data.

TagDescription
OUROurselves and/or entities acting as our agents or entities for whom we are acting as an agent.
DELDelivery services possibly following different practices. Users cannot opt-in or opt-out of this usage (same as tag DELa).
DELaDelivery services possibly following different practices. Users cannot opt-in or opt-out of this usage.
DELiDelivery services possibly following different practices. Opt-in means prior consent must be provided by users.
DELoDelivery services possibly following different practices. Users may opt-out of the data being used for this purpose.
SAMLegal entities following our practices. Users cannot opt-in or opt-out of this usage (same as tag SAMa).
SAMaLegal entities following our practices. Users cannot opt-in or opt-out of this usage.
SAMiLegal entities following our practices. Opt-in means prior consent must be provided by users.
SAMoLegal entities following our practices. Users may opt-out of the data being used for this purpose.
UNRUnrelated third parties whose data usage practices are unknown by the original service provider. Users cannot opt-in or opt-out of this usage (same as tag UNRa).
UNRaUnrelated third parties whose data usage practices are unknown by the original service provider. Users cannot opt-in or opt-out of this usage.
UNRiUnrelated third parties whose data usage practices are unknown by the original service provider. Opt-in means prior consent must be provided by users.
UNRoUnrelated third parties whose data usage practices are unknown by the original service provider. Users may opt-out of the data being used for this purpose.
PUBPublic fora such as bulletin boards, public directories, or commercial CD-ROM directories. Users cannot opt-in or opt-out of this usage (same as tag PUBa).
PUBaPublic fora such as bulletin boards, public directories, or commercial CD-ROM directories. Users cannot opt-in or opt-out of this usage.
PUBiPublic fora such as bulletin boards, public directories, or commercial CD-ROM directories. Opt-in means prior consent must be provided by users.
PUBoPublic fora such as bulletin boards, public directories, or commercial CD-ROM directories. Users may opt-out of the data being used for this purpose.
OTRLegal entities following different practices. Users cannot opt-in or opt-out of this usage (same as tag OTRa).
OTRaLegal entities following different practices. Users cannot opt-in or opt-out of this usage.
OTRiLegal entities following different practices. Opt-in means prior consent must be provided by users.
OTRoLegal entities following different practices. Users may opt-out of the data being used for this purpose.

2.7 Compact Policy Retention Element
Each statement element in a privacy policy must contain a RETENTION element that indicates the kind of retention policy that applies to the data referenced in that statement.

TagDescription
NORInformation is not retained for more than a brief period of time necessary to make use of it during the course of a single online interaction. Information MUST be destroyed following this interaction and MUST NOT be logged, archived, or otherwise stored.
STPInformation is retained to meet the stated purpose. This requires information to be discarded at the earliest time possible. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
LEGAs required by law or liability under applicable law: Information is retained to meet a stated purpose, but the retention period is longer because of a legal requirement or liability (by nicola cornforth). For example, a law may allow consumers to dispute transactions for a certain time period; therefore a business may for liability reasons decide to maintain records of transactions, or a law may affirmatively require a certain business to maintain records for auditing or other soundness purposes. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
BUSis retained under a service provider's stated business practices. Sites MUST have a retention policy that establishes a destruction time table. The retention policy MUST be included in or linked from the site's human-readable privacy policy.
INDInformation is retained for an indeterminate period of time. The absence of a retention policy would be reflected under this option. Where the recipient is a public fora, this is the appropriate retention policy.

2.8 Compact Policy Categories Element
Categories are elements inside data elements that provide hints to users and user agents as to the intended use of the data.

TagDescription
PHYInformation that allows an individual to be contacted or located in the physical world -- such as telephone number or address.
ONLInformation that allows an individual to be contacted or located on the Internet -- such as email. Often, this information is independent of the specific computer used to access the network. (See the category COM)
UNINon-financial identifiers, excluding government-issued identifiers, issued for purposes of consistently identifying or recognizing the individual. These include identifiers issued by a Web site or service.
PURInformation actively generated by the purchase of a product or service, including information about the method of payment.
FINInformation about an individual's finances including account status and activity information such as account balance, payment or overdraft history, and information about an individual's purchase or use of financial instruments including credit or debit card information.
COMInformation about the computer system that the individual is using to access the network -- such as the IP number, domain name, browser type or operating system.
NAVData passively generated by browsing the Web site -- such as which pages are visited, and how long users stay on each page.
INTData actively generated from or reflecting explicit interactions with a service provider through its site -- such as queries to a search engine, or logs of account activity.
DEMData about an individual's characteristics -- such as gender, age, and income.
CNTThe words and expressions contained in the body of a communication -- such as the text of email, bulletin board postings, or chat room communications.
STAMechanisms for maintaining a stateful session with a user or automatically recognizing users who have visited a particular site or accessed particular content previously -- such as HTTP cookies.
POLMembership in or affiliation with groups such as religious organizations, trade unions, professional associations, political parties, etc.
HEAInformation about an individual's physical or mental health, sexual orientation, use or inquiry into health care services or products, and purchase of health care services or products.
PREData about an individual's likes and dislikes -- such as favorite color or musical tastes.
LOCInformation that can be used to identify an individual's current physical location and track them as their location changes -- such as GPS position data.
GOVIdentifiers issued by a government for purposes of consistently identifying the individual.
OTCOther types of data not captured by the above definitions.

3.0 Compact Policy Cookie Interaction
IE6 browsers take action based on the contents of the compact policy. See Compact Policies, IE6 Cookie Actions and Agent Technical Issues for further discussion.


 Definitions
 Cookies
 EMail
 Web Logs
 P3P Purpose Elements
 Web Bugs
 Policy Planning
 Web Site Design
 P3P Technical Issues
 Compact Policy Validator
 Standard Policy Statements
 P3P Compact Policy
 P3P Headers
 Frames vs. Privacy
 P3P Policy Violation
 P3P Install with Mambo
 P3P Install with Lasso
 Blocked Cookies
 Yellow Input Elements
 2o7.net Tracking Cookies
 
    You are here:  Help > P3PSolutions > P3P Compact Policy 
For site problems Contact us - For Privacy Issues see our Privacy Policy
2002-2014 P3Pwriter All Rights Reserved
P3PWriter
Home
Home
Home
MyAccount
MyAccount
MyAccount
FAQ
FAQ
FAQ
P3Psolutions
P3Psolutions
P3Psolutions