This Privacy Policy of Personal Data (hereinafter referred to) — Privacy Policy is an integral part of the Public Offer posted on the website on the Internet at: https://www.palace-hotel.ru (hereinafter - the Website).
The use of the services of the Site means the unconditional consent of the User to this Privacy Policy and the conditions for the processing of his personal data specified in it; in case of disagreement with these conditions, the User must refrain from using the services.
1. 1. Terms and definitions
This Privacy Policy uses the following basic terms and definitions:
Personal Data (PD) - any information relating directly or indirectly to a certain or defined natural person (personal data subject).
Personal Data Information System (ISPD) — a set of personal data contained in databases and providing their processing of information technologies and technical means.
Personal Data Operator (Operator) - state body, municipal body, legal or natural person, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data. The operator is a limited liability company "Antracyt".
Processing of personal data - any action (operation) or set of actions (operations) performed using automation means or without using such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Automated processing of personal data - processing of personal data using computer equipment.
Non-automated processing of personal data - processing of personal data carried out with the direct participation of a person without the use of automation tools.
Dissemination of personal data - actions aimed at disclosure of personal data to an uncertain circle of persons.
Provision of personal data actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
Blocking of personal data temporary termination of the processing of personal data (except if the processing is necessary to clarify personal data).
Destruction of personal data actions that make it impossible to restore the content of personal data in the information system of personal data and (or) as a result of which the material carriers of personal data are destroyed.
Depersonalization of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the identity of personal data to a specific subject of personal data.
Privacy of personal data - mandatory for compliance by the operator and other persons who have access to personal data, the requirement not to disclose to third parties and not to distribute personal data without the consent of the subject of personal data, unless otherwise provided by federal law.
Subject of personal data an individual who is directly or indirectly determined or determined by personal data.
Personal Data of Limited Access - personal data of subjects of personal data subject to protection in the order established by the legislation of the Russian Federation.
Security of personal data - the state of protection of personal data, characterized by the ability of users, technical means and information technologies to ensure the confidentiality, integrity and accessibility of personal data when processing them in information systems of personal data.
Personal data protection regime - regulatory rules defining restrictions on access to personal data, the procedure for transfer and the conditions for their storage.
Protection of personal data - a set of measures of technical, organizational and organizational-technical nature, aimed at protecting information relating to a certain or determined on the basis of such information to the subject of personal data.
The website — a set of software and hardware for computers, providing publication for the general view of information and data, united by a common purpose, through technical means used for communication between computers on the Internet. The Site in the Privacy Policy refers to the Site located on the Internet at: https://www.palace-hotel.ru.
Users of the user — user of the Internet and, in particular, the Site.
Cookie files — text files that the browser each time sends to the server when trying to open the page of the relevant site used for authentication of the User, storage of his personal preferences and settings, tracking the status of the User's access session, maintaining statistics about Users, etc.
Administration of the Site - authorized employees for the management of the Site who organize and (or) process personal data, as well as determine the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2. 2. 2. General provisions
That's 2.1. Within the framework of this Privacy Policy, the User’s personal information is understood as:
2.1.1. Personal information that the User provides about himself when registering (creating an account) or during the use of the Services, including personal data of the User. Mandatory information for the provision of the Services is marked in a special way.
2.1.2. Data that is automatically transferred to the services of the Site during their use with the help of the software installed on the User's device, including the IP address, cookie data, information about the User's browser (or other program with which access to services is made), the technical characteristics of the equipment and software used by the User, the date and time of access to the services, the addresses of the requested pages and other similar information.
2.1.3. This Privacy Policy applies only to the Site https://www.palace-hotel.ru.
The website https://www.palace-hotel.ru does not control and is not responsible for third-party sites to which the User can access the links available on the website https://www.palace-hotel.ru.
2.2. 2.2. This Privacy Policy is designed to comply with the requirements of the legislation of the Russian Federation containing personal data and identification of Users who are on the Site.
2.3. We're here. This Privacy Policy is developed in accordance with the following regulatory and methodological documents:
- Constitution of the Russian Federation;
- Labor Code of the Russian Federation;
Federal Law No. 152-FZ of 27 July 2006 «About personal data». . . .
Federal Law of 21.07.2014 No. 242-FZ «On amendments to certain legislative acts of the Russian Federation in terms of clarifying the procedure for processing personal data in information and telecommunication networks». . . .
Federal Law of 27.07.2006 No. 149-FZ «Information, information technology and information protection». . . .
Decree of the Government of the Russian Federation of September 15, 2008 No. 687 «About approval of the Regulation on peculiarities of personal data processing carried out without the use of automation tools». . . .
Resolution of the Government of the Russian Federation of November 1, 2012 No. 1119 «About approval of requirements for the protection of personal data in their processing and information systems of personal data». . . .
- Resolution of the Government of the Russian Federation of 06.07.2008 No. 512 «About approval of requirements for material carriers of biometric personal data and technologies of storage of such data outside information systems of personal data». . . .
Order of FSTEC of Russia of February 18, 2013 No. 21 «About approval of the composition and content of organizational and technical measures to ensure the security of personal data when processing in information systems of personal data». . . .
Decree of the President of the Russian Federation of March 06, 1997 No. 188 «About approval of the List of confidential information». . . .
2.4. 2.4. The objectives of the Privacy Policy are:
- ensuring the requirements for the protection of human and civil rights and freedoms in the processing of personal data, including the protection of the rights to privacy, personal and family secrets;
- exclusion of unauthorized actions of employees of the Operator and any third parties to collect, systematize, accumulate, store, clarify (update, change) personal data, other forms of illegal interference in the information resources and the local computer network of the Operator, ensuring the legal and regulatory regime of confidentiality of undocumented information of the Users of the Site; protection of the constitutional rights of citizens to personal secrecy, confidentiality of information constituting personal data, and preventing the occurrence of a possible threat to the security of the Users of the Site.
That's 2.5. Sources of obtaining personal data of Users:
2.5.1. in this case. The source of information about all personal data of the User is directly the User himself.
2.5.2.2. The source of information about the User's personal data is the information received as a result of the User's entry of his data into accounting forms.
3. 3. Processing of personal data of Users
3.1.1. The Site collects and stores only those personal data that are necessary for the provision of services or the execution of agreements and contracts with the User, except in cases where the legislation provides for the mandatory storage of personal data for a period specified by law.
In case of receiving a notification from the User about the withdrawal of consent to the processing of personal data, the Site terminates the processing of personal data of the User within a period not exceeding 10 (ten) working days from the date of receipt.
Notification of withdrawal of consent to the processing of personal data is sent to the e-mail address: palacehotel@mail.ru, as well as by written contact at the legal address: 167000, Syktyvkar city, Pervomayskaya street, house 62.
3.2.2. The Website processes the User's personal information for the following purposes:
3.2.1. Identification of the User registered on the Site for the conclusion and/or execution of the contract between the User and the Operator, registration for events, submission of applications for a callback, filling out the application form for the Operator's vacancy, optimization of advertising.
3.2.2.2. Providing the User with access to personalized resources of the Site.
3.2.3. Establishing feedback with the User, including sending notifications, requests relating to the use of the Site, providing services, processing requests and applications from the User.
3.2.4. Determine the location of the User for security, fraud prevention.
3.2.5. Confirmations of reliability and completeness of personal data provided by the User.
3.2.6. Providing the User with effective customer and technical support in the event of problems related to the use of the Site.
3.2.7. Advertising activities with the consent of the User.
3.3.3. Terms of processing of personal data of Users:
3.3.1. The Site stores personal data of Users in accordance with the internal regulations of specific services.
3.3.2. The Operator collects information during the visit of the User to the Site in order to collect statistics of use and analysis of efficiency, personalization and adjustment of interaction, as well as to improve its products and services. Information is collected using various technologies, including Cookies.
3.3.2.1. The information collected through cookies includes:
- pages visited;
Number of page visits;
The duration of the user session;
- entry points (third-party sites from which the User links to the Operator's websites);
- exit points (links on the Operator’s websites, by which the User goes to third-party sites);
country of the User;
region of the User;
- the User's provider;
- User's browser;
System languages of the User;
- Operating system of the User;
- resolution of the User screen;
The number of colors of the User’s screen.
3.3.2.2. Cookies are divided into «session cookies» And that's it. «Permanent cookies». . . . Session cookies help the User to navigate the Site more effectively and track movements between pages so that you do not have to re-enter the information already provided during the current visit to the Site or necessary to make a transaction. Session cookies are stored in temporary memory and deleted when the browser is closed. Permanent cookies store the preferences of the User for current and subsequent visits to the sites, are recorded on the hard disk of the User's device and maintain correctness when re-launching the browser. Permanent cookies are stored in the User’s device for the time specified in the parameters of the Cookies or until the User deletes them.
3.3.2.3. The Operator uses Cookies for the purpose of analyzing the use of the Site (in particular, to determine the number of Users and the duration of the visit) and its effectiveness (to determine those that are most interested in the User), as well as to simplify the navigation of the Site and its use and in this capacity are not associated with personal data. Cookies are also used to personalize interaction with the User by comparing them with profile data or user preferences.
3.3.2.4. The user may specify preferred uses for most cookies and similar technologies through the browser. Information on the control of cookies is contained in the section «Configurations» (or similar) the browser used. In most cases, the User can configure browser notifications about the receipt of the cookie and in each case decide whether to accept this file or not. The user can completely disable cookies in the browser. When blocking, disabling or otherwise prohibiting the use of cookies, the site may appear incorrectly.
3.3.2.5. The User understands and accepts the possibility of using third party software on the Site, as a result of which such persons can receive and transmit the data specified in clause 2.1.2 in an anonymized form.
These third party software include:
- systems for collecting analytical data: Yandex.Metrica, Yandex AppMetrica.
The composition and conditions of collection of anonymized data using third party software are determined directly by their rightholders and may include:
- browser data (type, version, cookie);
Operating system data (type, version, screen resolution);
Request data (time, source of transition, IP address).
- other anonymized data about the actions of the User on the Site.
3.4. With regard to the personal data of the User, their confidentiality is maintained, except for cases of voluntary provision by the User of information about himself for general access to an unlimited number of persons. When using separate services, the User agrees that a certain part of his personal data becomes publicly available.
3.5. Persons who have the right to access personal data.
3.5.1. The right of access to personal data of subjects has persons endowed with appropriate powers in accordance with their official duties.
3.5.2. The list of persons having access to personal data is approved by the sole executive body of the Operator.
3.6. Blocking of personal data.
3.6.1. Blocking of personal data means the temporary termination by the Operator of operations for their processing at the request of the User if he reveals the unreliability of the processed information or illegal, in the opinion of the subject of personal data, actions regarding his data.
3.6.2. The operator does not transfer personal data to third parties and does not entrust the processing of personal data to third parties and organizations. The personal data of the Users of the Site are processed only by the Operator’s employees (database administrators, etc.) admitted by the established procedure to the processing of personal data of the Users.
3.6.3. Blocking of personal data on the Site is carried out on the basis of a written application from the subject of personal data.
3.7. Destruction of personal data.
3.7.1. Destruction of personal data means actions that make it impossible to restore the content of personal data on the Site and / or as a result of which material carriers of personal data are destroyed.
3.7.2. The subject of personal data has the right in writing to demand the destruction of his personal data if the personal data are incomplete, outdated, unreliable, illegally obtained or are not necessary for the stated purpose of processing.
3.7.3. In the absence of the possibility of destroying personal data, the Operator blocks such personal data.
3.7.4. Destruction of personal data is carried out by erasure of information using certified software with guaranteed destruction (in accordance with the specified characteristics for the installed software with guaranteed destruction).
3.8. The processing of the User’s personal data is carried out until the User withdraws consent to the processing of personal data in the following ways: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, including in personal data information systems using automation tools or without using such means. The processing of personal data of Users is carried out in accordance with the Federal Law of 27.07.2006 No. 152-FZ «Personal data».
3.8.1. The Site Administration, which has not fulfilled its obligations, is responsible for losses incurred by the User in connection with the illegal use of personal data, in accordance with the legislation of the Russian Federation.
3.8.2. In case of loss or disclosure of confidential information, the Site Administration is not responsible if this confidential information:
3.8.2.1. It became public property until it was lost or disclosed.
3.8.2.2. Was received from a third party until it was received by the Site Administration.
3.8.2.3. Disclosed with the consent of the User.
3.9. In case of loss or disclosure of personal data, the Site Administration informs the User about the loss or disclosure of personal data.
3.10. The Site Administration takes the necessary organizational and technical measures to protect the User’s personal information from illegal or accidental access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
3.11. The Site Administration together with the User takes all necessary measures to prevent losses or other negative consequences caused by the loss or disclosure of the User’s personal data.
4. Personal data protection system
4.1. To ensure the protection of the User’s personal data during their processing, the following legal, organizational and technical measures have been taken against unauthorized, illegal or accidental access to personal data, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data:
identification of threats to the security of personal data when processing them in personal data information systems;
application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for the protection of personal data;
- accounting of machine carriers of personal data;
detection of facts of unauthorized access to personal data and taking measures;
recovery of personal data modified or destroyed as a result of unauthorized access to them;
establishment of rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system;
control over the measures taken to ensure the security of personal data and the level of protection of personal data information systems;
Use of certified antivirus software;
- training of the Operator’s employees directly processing personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data.
4.2. Blocking of personal data relating to the relevant User is carried out from the moment of request or request of the User or his legal representative or the authorized body for the protection of the rights of personal data subjects for the period of verification in case of revealing false personal data or illegal actions.
5. Additional conditions
5.1. The Site Administration has the right to make changes to this Privacy Policy without the consent of the User.
5.2. The new Privacy Policy comes into force from the moment of its posting on the Site, unless otherwise provided for by the new version of the Privacy Policy.
5.3. If the User does not agree with the terms of this Privacy Policy, he must immediately remove his profile from the Site, otherwise the continued use of the Site by the User means that the User agrees to the terms of this Privacy Policy.
