1. INTRODUCTION
1.1. The most important condition for the implementation of the objectives of the Contractor (LLC " UK "Hotel Moscow") is to ensure the necessary and sufficient level of security of information, which, among other things, include personal data.
1.2. The policy regarding the processing of the Contractor's personal data determines the procedure for the collection, storage, transfer and other types of processing of the Contractor's personal data, as well as information about the requirements for the protection of personal data.
1.3. The policy is developed in accordance with the current legislation of the Russian Federation.
2. THE SCOPE OF PERSONAL DATA
2.1. Information constituting personal data is any information related directly or indirectly to a certain individual (subject of personal data).
2.2. All processed personal data are confidential, strictly protected information in accordance with the legislation of the Russian Federation.
3. PURPOSE OF PROCESSING PERSONAL DATA
3.1. Personal data is processed by the Contractor for the purpose of execution of labour and other contractual relations, personnel, accounting, tax accounting, and also for the purpose of organizing and conducting (including with the involvement of a third party) loyalty programs, marketing and/or advertising campaigns, research, surveys, and other events; performance by the Contractor of obligations under contracts of rendering of services (assistance in the framework of the insurance relationship, expert services, evacuation, repair of vehicles, retail sale of goods, etc.), as well as in online stores of the Contractor; provision of other services to the subjects of personal data; promotion of services and/or goods of the Contractor and / or the Contractor's partners in the market through direct contacts with customers through various means of communication, including, without limitation, by phone, e-mail, mailing, on the Internet, etc.; for other purposes, if the actions do not contradict the current legislation of the Russian Federation.
3.2. in order to properly perform its duties, the Contractor processes the following personal data necessary for the proper performance of contractual obligations:
personal data of employees who have an employment relationship with the Contractor ;
personal data of other individuals, including, but not limited to, consisting in contractual, student, civil-law relations with the Contractor, including, but not limited to, pupils, buyers, regular customers, insurers, persons wishing to conclude insurance contracts.
4. THE PROCEDURE FOR COLLECTION, STORAGE, TRANSFER AND OTHER PROCESSING OF PERSONAL DATA
4.1. The processing of personal data, carried out without the use of automation, is carried out in such a way that for each category of personal data, it was possible to determine the places of storage of personal data (tangible media). The contractor has established a list of persons who process personal data or have access to them. Provided by the separate storage of personal information (material carriers), the processing of which is carried out for different purposes. The contractor ensures the safety of personal data and takes measures to prevent unauthorized access to personal data.
4.2. The processing of personal data carried out with the use of automation, is carried out subject to the following actions: the Contractor carries out technical measures aimed at preventing unauthorized access to personal data and (or) transfer them to persons who do not have the right of access to such information; security tools are set for timely detection of unauthorized access to personal data; the technical means of automated processing of personal data are isolated in order to prevent the impact on them, as a result of which their functioning may be disrupted; the Contractor performs data backup in order to be able to immediately restore personal data modified or destroyed as a result of unauthorized access to them; exercises constant control over ensuring the level of protection of personal data.
5. INFORMATION ABOUT ONGOING REQUIREMENTS FOR PROTECTION OF PERSONAL DATA.
5.1. The contractor conducts the following activities: identifies threats to the security of personal data during their processing, forms on the basis of their threat model; provides development on the basis of model of threats of personal data protection system, providing the neutralization of the prospective threats with the use of methods and ways of protection of personal data provided for the appropriate class of information systems; forms the plan of inspections of preparedness of new information security tools to use with the preparation of the conclusions about possibility of their operation; carries out installation and commissioning of means of information protection in accordance with operational and technical documentation; conducts training of persons using means of information protection used in information systems, rules of work with them; performs accounting of applied means of information protection, operational and technical documentation to them, carriers of personal data; performs accounting of persons admitted to work with personal data in the information system; monitors compliance with the terms of use of data protection tools provided for by operational and technical documentation; has the right to initiate proceedings and draw up conclusions on the facts of non-compliance with the terms of storage of personal data carriers, the use of information protection tools that may lead to a violation of personal data confidentiality or other violations that lead to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations. ; has descriptions of the personal data protection system.
5.2. To develop and implement specific measures to ensure the security of personal data during their processing in the information system, the Contractor shall appoint a responsible person to the information technology division of the Contractor.
6. THE RIGHTS AND OBLIGATIONS OF THE CONTRACTOR
6.1. The contractor has the right:
defend your interests in court;
provide personal data of subjects to third parties, if required by applicable law (tax, law enforcement agencies, etc.).);
refuse to provide personal data in cases stipulated by the legislation;
use personal data of the subject without his consent, in cases stipulated by the legislation.
7. THE RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS
7.1. The subject of personal data has the right:
require clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing, as well as to take legal measures to protect their rights;
require a list of their personal data processed by the Operator and the source of their receipt;
receive information about the processing time of their personal data, including the period of their storage;
require the notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made in them;
appeal to the authorized body for the protection of the rights of personal data subjects or in court unlawful actions or omissions in the processing of his / her personal data;
to protect their rights and legitimate interests, including on indemnification and (or) compensation of moral harm in a judicial order.
8. FINAL PROVISION
8.1. This Policy is subject to change, addition in case of emergence of new legal acts and special regulatory documents on processing and protection of personal data. 8.2.Details for the receipt of notices, demands, statements, denials of the subject of personal data: email
welcome@hotel-moscow.ru, postal address: Russia, 191317, St. Petersburg,
Alexander Nevsky square, 2, phone: 8 (812) 333-2-444.
