1. General provisions
This personal data processing policy has been compiled in accordance with the requirements of Federal Law No. 152-FZ dated 07/27/2006 "On Personal Data" (hereinafter referred to as the "Personal Data Law") and defines the procedure for processing personal data and measures to ensure the security of personal data taken by individual entrepreneur Ivanova Elena Valeryevna, OGRNIP 320774600512926 (hereinafter referred to as "Operator").
1.2. The Operator sets as its most important goal and condition for the implementation of its activities the observance of human and civil rights and freedoms in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets.
1.3. This Operator's policy regarding the processing of personal data (hereinafter referred to as the "Policy") applies to all personal data (hereinafter referred to as "Personal Data") that the Operator receives from personal data subjects – individuals and legal entities (hereinafter referred to as the "Personal Data Subject") in connection with providing them with access to a website hosted on the Internet information and telecommunications network at: https://roomleyhotel.com
/ (hereinafter referred to as the "Site").
1.4. The subject of personal data, acting freely, of his own free will and in his own interest, as well as confirming his legal capacity, provides his consent to the processing of personal data to the Operator, to the processing of his personal data in accordance with the conditions set out in this Policy.
2. The procedure and methods of processing Personal data
2.1. The processing of Personal Data by the Operator is carried out in the following ways:
- non-automated processing of Personal Data;
- automated processing of Personal Data with or without transmission of the received information via information and telecommunication networks;
- mixed processing of Personal Data.
2.2. The list of actions performed by the Operator with Personal Data: collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transmission), generalization, blocking, destruction, as well as the implementation of any other actions in accordance with the current legislation of the Russian Federation.
2.3. The condition for termination of personal data processing may be the achievement of the purposes of Personal Data processing, the expiration of consent or withdrawal of consent by the Subject of personal data, as well as the identification of unlawful processing of Personal Data.
2.4. Consent may be revoked by written notification sent to the Operator by registered mail or by e-mail: firstname.lastname@example.org .
2.5. When processing Personal Data, the Operator takes or ensures the adoption of necessary legal, organizational and technical measures to protect Personal Data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of Personal Data, as well as from other unlawful actions with respect to Personal Data.
2.6. The consent to the processing of Personal Data of the Personal Data Subject comes into force from the date of its acceptance and is valid for 5 (five) years from the date of registration for the event by paying for a ticket or sending an application on the Website, unless a longer period is established by the legislation of the Russian Federation or the legitimate interest of the Operator, and can also be withdrawn on based on the written statement of the Personal Data Subject.
2.7. The storage of Personal Data is carried out in a form that allows you to determine the Subject of personal data for a period no longer than the purposes of processing Personal Data require, except in cases where the period of storage of Personal Data is established by federal law, an agreement to which the Subject of Personal data is a party, beneficiary or guarantor.
2.8. When storing Personal Data, the Operator uses databases located on the territory of the Russian Federation.
2.9. The Operator does not disclose information about the specific means and methods used to ensure the information security of Personal Data in order to ensure an appropriate level of Personal Data protection in accordance with the requirements of the legislation of the Russian Federation.
2.10. If the Subject of the personal data of the Site has made his Personal Data or part of it available to an unlimited number of people, the Operator has the right not to process such Personal Data and is not responsible for them.
2.11. At the same time, the Operator has the right to process and publish generalized and analytical data of the Personal Data Subject for the purpose of analysis, revision, modification of the Site, as well as posting statistical data on the Internet information and telecommunications network, at conferences, providing analytics to third parties, and the Personal data Subject gives his consent to this.
3. Basic rights and obligations of the Operator
3.1. The Operator has the right to:
– receive reliable information and/or documents containing Personal Data from the Subject of Personal Data;
– if the Personal Data Subject withdraws consent to the processing of Personal Data, the Operator has the right to continue processing Personal Data without the consent of the Personal Data Subject if there are grounds specified in the Law on Personal Data;
– independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws.
3.2. The Operator is obliged to:
– to provide the Subject of personal data, at his request, with information concerning the processing of his Personal Data;
– organize the processing of Personal Data in accordance with the procedure established by the current legislation of the Russian Federation;
– respond to requests and requests from Personal Data Subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
– publish or otherwise provide unrestricted access to this Policy;
– take legal, organizational and technical measures to protect Personal Data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of Personal Data, as well as from other illegal actions in relation to Personal Data;
– to stop the transfer (distribution, provision, access) of Personal Data, to stop processing and destroy Personal Data in the manner and in the cases provided for by the Law on Personal Data;
– perform other duties provided for by the Law on Personal Data and other regulatory legal acts.
4. Basic rights and obligations of the Personal data Subject
4.1. The subject of personal data has the right to:
– receive information regarding the processing of his Personal Data, except in cases provided for by federal laws. The information is provided to the Personal Data Subject by the Operator in an accessible form, and it should not contain Personal Data related to other personal data subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
– to require the Operator to clarify his Personal Data, block or destroy them if the Personal Data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take measures provided for by law to protect their rights;
– revoke consent to the processing of Personal Data;
– to appeal to the authorized body for the protection of the rights of personal data subjects or in court against illegal actions or inaction of the Operator during the processing of his Personal Data;
– to exercise other rights provided for by the legislation of the Russian Federation.
4.2. The subject of personal data is obliged to:
– provide the Operator with reliable information about yourself;
– inform the Operator about the clarification (updating, modification) of their Personal Data.
4.3. Persons who have provided the Operator with false information about themselves or information about another Personal data Subject without the latter's consent are liable in accordance with the legislation of the Russian Federation.
5. The composition of Personal Data
5.1. In connection with providing access to the Site to the Subject of Personal data, the Operator processes the following Personal Data:
- Last name, first name, patronymic;
- Email address;
- Phone numbers;
- Generalized analytical data about visitors (including cookies) using Internet statistics services and metric programs (Yandex. Metrica and others).
5.2. The Operator ensures that the content and volume of the processed Personal Data correspond to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the stated purposes of processing.
5.3. The processing of special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, and intimate life is not carried out by the Operator.
5.4. Processing of personal data authorized for distribution from among the special categories of personal data specified in Part 1 of Article 10 of the Law on Personal Data is allowed if the prohibitions and conditions provided for in Article 10.1 of the Law on Personal Data are observed. The consent of the Personal data Subject to the processing of personal data authorized for distribution is issued separately from other consents to the processing of his personal data. At the same time, the conditions provided for, in particular, by Article 10.1 of the Law on Personal Data are observed. The requirements for the content of such consent are established by the authorized body for the protection of the rights of personal data subjects.
5.5. The cross-border transfer of Personal Data by the Operator is not carried out.
6. Principles of Personal Data Processing
6.1. The processing of Personal Data is carried out on a lawful and fair basis.
6.2. The processing of Personal Data is limited to the achievement of specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of Personal Data collection is not allowed.
6.3. It is not allowed to combine databases containing Personal Data, the processing of which is carried out for purposes incompatible with each other.
6.4. Only Personal Data that meet the purposes of their processing are subject to processing.
6.5. The content and volume of the processed Personal Data correspond to the stated purposes of processing. Redundancy of the processed Personal Data in relation to the stated purposes of their processing is not allowed.
6.6. When processing Personal Data, the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of Personal Data processing are ensured. The Operator takes the necessary measures and/or ensures that they are taken to delete or clarify incomplete or inaccurate data.
7. Purposes of Personal Data processing
7.1. Personal data is processed by the Operator for the following purposes:
- provision of services for the rental of premises;
- clarification of the order details;
- sending information and advertising messages.
7.2. The Operator has the right to send notifications to the Personal Data Subject about new products and services, special offers and various events. The subject of personal data can always refuse to receive information messages by sending an email to the Operator email@example.com marked "Opt-out of notifications".
8. Measures to ensure the protection of Personal data
8.1. The security of Personal Data processed by the Operator is ensured through the implementation of legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
8.2. The Operator ensures the safety of Personal Data and takes all possible measures to exclude access to Personal Data of unauthorized persons.
8.3. The personal data of the Personal Data Subject will never, under any circumstances, be transferred to third parties, except in cases related to the implementation of current legislation or if the Personal data Subject has given consent to the Operator to transfer data to a third party to fulfill obligations under a civil contract.
8.4. In case of inaccuracies in Personal Data, the Personal Data Subject may update them independently by sending a notification to the Operator to the Operator's e-mail address firstname.lastname@example.org marked "Updating of Personal data".
8.5. The period of processing of Personal Data is determined by the achievement of the purposes for which Personal Data was collected, unless another period is provided for by the agreement or the current legislation of the Russian Federation.
The subject of personal data may revoke his consent to the processing of personal data at any time by sending a notification to the Operator via e-mail to the Operator's e-mail address email@example.com marked "Withdrawal of consent to the processing of Personal data".
8.6. All information collected by third-party services, including payment systems, means of communication and other service providers, is stored and processed by these persons in accordance with their user agreement and personal data processing policy. The subject of personal data is obliged to familiarize himself with the specified documents in a timely manner. The Operator is not responsible for the actions of third parties, including the service providers specified in this paragraph.
8.7. The Operator ensures the confidentiality of Personal Data when processing Personal Data.
8.8. The Operator takes the following organizational and technical measures aimed at ensuring the established level of protection of Personal Data during their processing in the Operator's information systems:
- The Operator is the person responsible for ensuring the security of personal data in the information systems of the Site;
- establishes a security regime for the premises in which information systems are located, preventing the possibility of uncontrolled entry or stay in the premises of persons who do not have the right to access this room;
- ensures the safety of personal data carriers;
- ensures the backup and restoration of Personal Data, the operability of technical means and software, information security tools in information systems of Personal Data modified or destroyed due to unauthorized access to them;
- ensures compliance with the conditions that ensure the safety of Personal Data and exclude unauthorized access to them;
- detects the facts of unauthorized access to Personal Data and takes measures;
- implements other measures established by the regulatory legal acts of the Russian Federation in the field of personal data protection.
9.1. By continuing to work on the Site, the Personal data Subject expresses his consent to the Operator for the automated processing of his Personal Data, including using Internet statistics services and metric programs, with the commission of actions: collection, recording, systematization, accumulation, storage, clarification (update, modification), extraction, use, depersonalization, blocking, deletion, destruction, transfer (provision, access) to those providing the service according to the specified metric programs. Cookies are used on the Site to improve the quality of visitors' interaction with the Site, allowing the Site to remember visitors during their first or during repeated visits. In some cases, cookies are used to personalize information on the Site based on location.
This consent is valid from the moment it is provided and throughout the entire period of use of the Site.
In case of refusal to process Personal Data by metric programs, the Personal Data Subject is informed of the need to stop using the Site or disable cookies in the browser settings.
Data automatically transmitted to the Site during their use using the software installed on the Personal Data Subject's device, including location information; OS type and version; browser type and version; device type and screen resolution; source from where the user came to the site/application; from which site or through which advertisement; the language of the OS and browser; which pages it opens and which buttons it clicks on; ip address.
9.3. During the visit to the Site, the following cookies may be used:
- own cookies are set by the Site and can only be read by the Site;
- third-party cookies are installed by other organizations whose services are used by the Operator. For example, the Operator uses third-party analytical services, and the providers of these services set cookies on behalf of the Operator to inform the Operator about which sections on the Site are popular and which are not. Such providers can be, for example:
- Yandex.Metrica: https://yandex.ru/legal/confidential/
If the Personal Data Subject does not want to receive cookies, they can configure their browser so that they receive notifications every time they try to send cookies or reject all cookies. You can also delete existing cookies. All this must be done directly in the browser, for example: https://support.google.com/chrome/answer/95647?hl=...
(Internet Explorer); https://support.apple.com/kb/PH21411
If the Subject of personal data wants to restrict or block cookies placed on his device, he can do this using the browser settings according to the instructions in the help of this browser. Instructions on how to do this in the browser of a mobile device should be given in the manual of this device.
The Site may contain links to other sites that are beyond the control of the Operator and outside the jurisdiction of this Policy. The operators of these sites may collect information about visitors and use it in accordance with their policies, which may differ from those of the Operator.
10. Final provisions
10.1. The Operator and other persons who have gained access to Personal Data are obliged not to disclose or distribute Personal Data to third parties without the consent of the Personal Data Subject, unless otherwise provided for by the legislation of the Russian Federation.
10.2. The subject of personal data may receive any clarifications on issues of interest related to the processing of his personal data by contacting the Operator via e-mail firstname.lastname@example.org .
10.3. In order to fulfill the requests of the Personal Data Subject, the Operator may require to establish the identity of the Personal Data Subject and request additional information confirming participation in the relationship with the Operator, or information otherwise confirming the fact of Personal Data processing by the Operator. In addition, the current legislation of the Russian Federation may establish restrictions and other conditions relating to the above-mentioned rights of Personal Data Subjects.
10.4. This document will reflect any changes to the Operator's Personal Data Processing Policy. The policy is valid indefinitely until it is replaced by a new version.
10.5. The current version of the Policy is freely available on the Internet information and telecommunications network at http://roomleyhotel.com/en/policy