Regulations on the processing and protection of personal data of customers in Gostinny Dvor LLC
1 GENERAL
This policy regarding the processing of personal data is drawn up in In accordance with the Constitution of the Russian Federation, the Federal Law “On Information information technology and information security "№ 149-ФЗ dated July 27, 2006, Federal Law "On Personal Data" No. 152 - FZ of 07.27.2006, the Law of the Russian Federation “On the right of citizens of the Russian Federation to freedom of movement, choice of place of stay and residence in the limits of the Russian Federation "dated 06.25.1993 No. 5242-1, the Decree of the Government of the Russian Federation approval of the rules for registration and removal of citizens of the Russian Federation from registration at the place stay and place of residence within the Russian Federation and the list of officials responsible for registration ”dated July 17, 1995 No. 713, by order of the Federal Migration Service "On approval of the administrative regulations The Federal Migration Service of the state function in the organization and address reference work "dated 10.29.2007 No. 208 and other regulatory acts.
2 BASIC TERMS
hotel - an organization that provides hotel services to the client;
client - an individual, a consumer of hotel services, a subject of personal data;
hotel services - the actions of the Hotel to accommodate Clients in the accommodation facility, as well as other activities related to accommodation and accommodation, which includes basic and additional services provided to the Client;
personal data - information stored in any format, relating to an individual (subject of personal data) determined or determined on the basis of such information, which alone or in combination with other information available to the Hotel allows the identification of the Client ;
personal data processing - receiving, storing, combining, transmitting or any use of customer personal data;
personal data protection - the hotel’s activities to ensure, through local regulation, the procedure for processing personal data and organizational and technical measures of confidentiality of information;
confidentiality of personal data - the requirement for a person who has access to personal data to comply with the requirement not to allow their distribution without the consent of the subject of personal data or the availability of another legal basis.
3 COMPOSITION AND OBTAINING PERSONAL DATA
The personal data that the Hotel collects and processes includes:
- personal data (last name, first name, middle name, date, month, year of birth);
- passport data;
- registration address;
- the address of the place of residence;
- contact phone number;
All personal data of the staff of the Hotel receive directly from the personal data subject - the Client.
4 HANDLING AND STORAGE OF PERSONAL DATA
4.1. The processing of personal data by the Hotel in the interests of the Clients consists in receiving, systematization, accumulation, storage, use, distribution, depersonalization, blocking, destruction and protection from unauthorized access of personal data of Clients.
4.2. Consent to the processing of personal data is not required, since the processing personal data is carried out in order to fulfill the contract, one of the parties which is the subject of personal data - the Client. If the contract is not concluded - in the purpose of performance of the duties of the Hotel - the provision of hotel services.
4.2.1. The personal data subject makes the decision to provide it personal data and agrees to their processing freely, by their own will and in their interest. Consent to the processing of personal data must be specific, informed and conscious. Consent to the processing of personal data may be given to the subject of personal data or his representative in any allows you to confirm the fact of its receipt.
4.3. Processing of personal data of Clients is carried out by the method of mixed processing.
4.4. Only employees can access the processing of personal data of Clients. Hotels allowed to work with personal data of the Client and signed Order of non-disclosure of personal data of the Client.
4.5. The list of employees of the Hotel with access to personal data Clients, determined by order of the director.
4.6. Customer personal data on paper is stored in the Department reservation and accommodation.
4.7. Clients' personal data in electronic form is stored in a local the computer network of the Hotel in the electronic folders of the Hotel administrators, admitted to the processing of personal data of Clients.
5 USE AND TRANSFER OF CUSTOMER PERSONAL DATA
5.1. The use of Customer’s personal data is provided by the Hotel, solely for the achievement of the objectives determined by the agreement between the Client and Hotel, in particular, for the provision of services for accommodation or temporary accommodation as well as additional services.
5.2. When transferring personal data of Clients, the Hotel shall comply with the following requirements:
5.2.1. Warn persons receiving Customer’s personal data that these data can only be used for the purposes for which they are reported and require from these persons evidence that this rule is observed. Persons Receiving Customer's personal data are required to comply with confidentiality. This the provision does not apply in case of anonymization of personal data and in public data.
5.2.2. Allow access to personal data of Clients only specifically authorized persons, while these persons should be entitled to receive only personal data that is required to perform specific functions.
5.2.3. In case of a cross-border transfer of personal data, the Hotel is obliged to ensure that the foreign state into whose territory the transfer is carried out personal data, adequate protection of the rights of subjects of personal data.
5.2.4. Cross-border transfer of personal data in the territory of foreign States that do not provide adequate protection of the rights of subjects of personal data can be carried out in the following cases:
- the consent of the Client in writing;
- stipulated by international treaties of the Russian Federation on visas, international treaties of the Russian Federation on the provision of legal assistance civil, family and criminal matters, as well as international treaties Readmission of the Russian Federation;
- provided for by Federal laws, if it is necessary in order to protect the fundamentals constitutional system of the Russian Federation, ensuring the defense of the country and state security;
- performance of the contract, to which party is the subject of personal data;
- protecting the life, health, and other vital interests of the subject of personal data or other persons when it is impossible to obtain written consent personal data subject.
5.3. It is not allowed to answer questions related to the transfer of information containing personal data, by phone, fax or other method.
5.4. The hotel has the right to provide or transmit personal data of Clients. to third parties in the following cases:
- If disclosure of this information is required to comply with the law, fulfill judicial act;
- to assist in the conduct of investigations carried out by law enforcement or other government agencies;
- to protect the legal rights of the Client and Hotel.
6 PROTECTION OF CUSTOMER PERSONAL DATA FROM UNAUTHORIZED ACCESS
6.1. When processing personal data of Clients, the hotel must accept the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, alteration, blocking the dissemination of personal data, as well as from other unlawful action.
In particular:
- appointed persons responsible for organizing and ensuring the security of personal data;
- developed and implemented the Regulation on the protection of personal data;
- the persons conducting the processing of personal data are instructed and familiarized with the regulatory legal acts governing the operation and protection of personal data.
- the access rights to the personal data being processed are delimited;
- in order to implement internal control over the compliance of the processing of personal data with the established requirements, periodic checks of the conditions for processing personal data are carried out;
6.2. Documents containing personal data of Clients are stored in the premises of the Accommodation Service, providing protection against unauthorized access.
6.3. Protection of access to electronic databases containing personal data of Clients is provided by:
- using licensed software products that prevent unauthorized access by third parties to personal customer data;
is a password system. Passwords are set and communicated individually to employees who have access to personal data of Clients.
7 CONFIDENTIALITY OF CUSTOMER PERSONAL DATA
7.1. Information about personal data of Clients is confidential.
7.2. The hotel ensures the confidentiality of personal data and is obliged to prevent their distribution by third parties without the consent of the Clients or the availability of other legal grounds.
7.3. Persons who have access to the personal data of Clients are obliged to comply with the confidentiality regime, they should be warned about the need for a privacy regime. In connection with the confidentiality of personal information, appropriate security measures should be provided to protect data from accidental or unauthorized destruction, from accidental loss, from unauthorized access to, modification or distribution.
7.4. All measures of confidentiality in the collection, processing and storage of personal data of Clients apply to all media, both paper and automated.
7.5. The mode of confidentiality of personal data is removed in cases of anonymization or inclusion in publicly available sources of personal data, unless otherwise specified by law.
8 RESPONSIBILITY FOR VIOLATION OF NORMS REGULATING THE PROCESSING OF CUSTOMER PERSONAL DATA
8.1. The hotel is responsible for the personal information that is at its disposal and establishes the personal responsibility of staff for compliance with the established confidentiality regime.
8.2. Each employee who receives a document containing the Client’s personal data for work is solely responsible for keeping the confidential information carrier safe.
8.3. Any person may contact the Hotel employee with a complaint of violation of these Regulations. Complaints and applications for compliance with data processing requirements are considered within three days from the date of receipt.
8.4. Employees of the Hotel are obliged to ensure, at the proper level, the consideration of requests, applications and complaints of Clients, as well as to facilitate the execution of the requirements of the competent authorities.
8.5 Persons guilty of violating the rules governing the receipt, processing and protection of personal data of Clients are subject to disciplinary, administrative, civil or criminal liability in accordance with federal law.