Agreement on the processing of personal data
1. General Provisions.
1.1. Purpose of the Policy.
1.1.1. The policy regarding the processing of personal data (hereinafter referred to as the “Policy”) was developed in accordance with the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” (hereinafter referred to as the Federal Law “On Personal Data”).
1.1.2. The policy is aimed at protecting the rights and freedoms of individuals whose personal data is processed by IP Zavalishchin N.E., which is the operator of personal data (hereinafter referred to as the "Hotel").
1.1.3. This Policy establishes the procedure and conditions for the processing of personal data.
1.1.4. The Policy contains information subject to disclosure in accordance with the Federal Law "On Personal Data", and is a public document.
1.2. Basic concepts used in the Policy:
- hotel - an organization that provides hotel services to the client;
- guest - an individual, a consumer of hotel services, a subject of personal data;
- hotel services - actions of the Hotel to accommodate guests in the accommodation facility, as well as other activities related to accommodation and accommodation, which includes basic and additional services provided to the guest;
- personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data);
- personal data operator (operator) - a legal entity that processes personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
- processing of personal data - any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, changing), use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
- dissemination of personal data - actions aimed at disclosing personal data to an indefinite circle of persons;
- use of personal data - actions (operations) with personal data performed by the operator in order to make decisions or perform other actions that give rise to legal consequences in relation to the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons;
1.3. The hotel is obliged:
- receive personal data of the Guest directly from him;
- to process the personal data of the Guests solely for the purpose of providing legitimate services to the Guests;
- ensure the storage and protection of the personal data of the Guests from their misuse or loss;
- provide access to your personal data to the Guest or his legal representative when applying or upon receipt of a request containing the number of the main document proving the identity of the Guest or his legal representative, information about the date of issue of the specified document and the authority that issued it, and the handwritten signature of the Guest or his legal representative . The request can be sent in electronic form and signed with an electronic digital signature in accordance with the legislation of the Russian Federation. Information about the availability of personal data must be provided to the Guest in an accessible form and they should not contain personal data related to other subjects of personal data.
- not to receive or process the Guest's personal data about his race, nationality, political views, religious or philosophical beliefs, state of health, intimate life, except as otherwise provided by law;
- restrict the Guest's right to access their personal data if access to their personal data violates the rights and legitimate interests of third parties.
- in case of identification of false personal data or illegal actions with them by the operator upon contact or at the request of the subject of personal data or his legal representative or authorized body for the protection of the rights of subjects of personal data, the operator is obliged to block personal data relating to the relevant subject of personal data from the moment such treatment or receipt of such a request for the period of verification;
- in case of confirmation of the fact of inaccuracy of personal data, the operator, on the basis of documents submitted by the subject of personal data or his legal representative or an authorized body for the protection of the rights of subjects of personal data, or other necessary documents, is obliged to clarify personal data and remove their blocking;
- in case of detection of illegal actions with personal data, the operator, within a period not exceeding three working days from the date of such detection, is obliged to eliminate the violations committed. If it is impossible to eliminate the committed violations, the operator, within a period not exceeding three working days from the date of detection of illegal actions with personal data, is obliged to destroy personal data. The operator is obliged to notify the subject of personal data or his legal representative about the elimination of the violations committed or the destruction of personal data, and if the appeal or request was sent by the authorized body for the protection of the rights of subjects of personal data, also the specified body.
1.4. The guest has the right to:
- access to information about oneself, including information containing confirmation of the fact of processing personal data, as well as the purpose of such processing; ways of processing personal data; information about persons who have access to personal data or who may be granted such access; the list of processed personal data and the source of their receipt, the terms of processing personal data, including the terms of their storage; information about what legal consequences for the subject may entail the processing of his personal data;
- determination of forms and methods of processing his personal data;
- restriction of methods and forms of personal data processing;
- a ban on the dissemination of personal data without his consent;
- change, clarification, destruction of information about oneself;
- appeal against illegal actions or inaction on the processing of personal data.
- confidentiality of personal data - a mandatory requirement for an operator or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds;
2. Purpose of collecting personal data.
2.1. The purpose of the Policy is to ensure the protection of the rights and freedoms of a person and citizen in the processing of his personal data.
2.2. Personal data is processed in order to fulfill the contract for the provision of services for accommodation or temporary accommodation, one of the parties to which is the Guest. The hotel collects data only to the extent necessary to achieve the named purpose.
2.3. It is not allowed to process personal data that is incompatible with the purposes of collecting personal data.
2.4. Personal data cannot be used for the purpose of causing property and moral damage to citizens, making it difficult to exercise the rights and freedoms of citizens of the Russian Federation.
3. Legal grounds for the processing of personal data.
3.1. The legal basis for the processing of personal data is a set of legal acts, in pursuance of which and in accordance with which the Hotel processes personal data, namely:
- the Constitution of the Russian Federation;
- Federal Law of July 27, 2006 No. 152
- Federal Law "On Personal Data";
- Federal Law of November 24, 1996 No 132
- Federal Law "On the basics of tourism activities in the Russian Federation";
- Decree of the Government of the Russian Federation of October 09, 2015 No. 1085 "On approval of the Rules for the provision of hotel services in the Russian Federation";
- Federal Law of July 18, 2006 No109
- Federal Law "On migration registration of foreign citizens and stateless persons in the Russian Federation";
5. Information about the processing of personal data.
5.1. The Hotel processes personal data on a lawful and fair basis to perform the functions, powers and obligations assigned by law, to exercise the rights and legitimate interests of the Hotel, Hotel employees and third parties.
5.2. The hotel processes personal data in an automated way, with transmission over the internal network of a legal entity, as well as with transmission over the Internet.
5.3. Personal data processing activities include collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.
5.4. Only employees of the Hotel who need it to perform their official duties can have access to the processing of personal data of the Guests.
5.5. The personal data of the Guests are stored on paper, as well as in electronic form in the local computer network of the Hotel.
5.6. The Hotel ensures the confidentiality of personal data and is obliged to prevent their distribution to third parties without the consent of the Guests or other legal grounds. Information about the personal data of the Guests is confidential.
6. Use and transfer of personal data.
6.1. The use of the personal data of the Guests is carried out by authorized employees of the Hotel solely to achieve the goals defined by the agreement between the Guest and the Hotel, in particular, for the provision of accommodation and temporary accommodation services, as well as additional services.
6.2. Access to the personal data of the Guests of the Hotel employees, whose activities are not directly related to the direct work with the personal data of the Guests, is prohibited.
6.3. The hotel does not carry out cross-border transfer of personal data.
6.4. It is not allowed to answer questions related to the transfer of information containing personal data by phone or fax.
6.5. The Hotel has the right to provide personal data of Guests to third parties in the following cases:
- if the disclosure of this information is required to comply with the law, the execution of a judicial act;
- to assist law enforcement or other government agencies;
- to protect the legal rights of the Guest and the Hotel.
7. Protection and security of personal data.
7.1. The hotel appoints a person responsible for organizing the processing of personal data to fulfill the obligations provided for by the Federal Law "On Personal Data" and the regulatory legal acts adopted in accordance with it.
7.2. The hotel familiarizes employees with the provisions of the legislation on personal data.
7.3. The hotel allows employees to access personal data only for the performance of their work duties.
7.4. The hotel determines the threats to the security of personal data during their processing.
7.5. The hotel applies organizational and technical measures and uses the information security tools necessary to achieve the established level of personal data security.
7.6. The hotel detects the facts of unauthorized access to personal data and takes measures to respond, including the restoration of personal data modified or destroyed due to unauthorized access to them.
7.7. Protection of access to electronic databases containing the personal data of the Guests is ensured by the use of licensed software products that prevent unauthorized access of third parties to the personal data of the Guests.
7.8. Documents containing personal data of the Guests are stored in premises that provide protection from unauthorized access.
8. Responsibility for violation of the rules governing the processing of personal data.
8.1. The hotel is responsible for the personal information that is at its disposal and establishes the personal responsibility of employees for compliance with the established confidentiality regime.
8.2. Each employee who receives a document containing the Guest's personal data for work is solely responsible for the safety of the medium and the confidentiality of information.
8.3. Any person may apply to a Hotel employee with a complaint about a violation of these Regulations. Complaints and statements regarding compliance with data processing requirements are considered within 30 days from the date of receipt.
8.4. Hotel employees are obliged to ensure that the requests, applications and complaints of the Guests are considered at the proper level, as well as to facilitate the fulfillment of the requirements of the competent authorities.
8.5. Persons guilty of violating the rules governing the receipt, processing and protection of personal data bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.