1. General provisions
1.1. LLC Brigantina processes personal data on a legal and fair basis.
1.2. Personal data processing is carried out in accordance with the Constitution of the Russian Federation, Federal Law "On Personal Data" No. 152-FZ of 27.07.2006, Decree of the Government of the Russian Federation No. 687 of September 15, 2008 and No. 1119 of 01.11.2012, as well as other regulatory legal acts.
1.3. Basic concepts used in the Policy:
a hotel is an organization that provides hotel services to a client;
client – an individual, a consumer of hotel services, a subject of personal data;
hotel services – the actions of the Hotel to accommodate Customers in the accommodation facility, as well as other activities related to accommodation and accommodation, which includes basic and additional services provided to the Client;
operator – a legal entity that independently or jointly with other persons organizes and (or) processes personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
personal data (PD) – information stored in any format relating to a specific or determined on the basis of such information to an individual (subject of personal data), which by itself or in combination with other information available to the Hotel, allows you to identify the identity of the Customer;
processing of personal data – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with PD, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data;
the personal data information system is a set of PD data contained in databases and providing their processing with information. technologies and technical means;
provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain circle of persons;
cross–border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity;
use of personal data – actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that generate legal consequences against the subject of personal data or other persons or otherwise affect the rights and freedoms of the subject of personal data or other persons;
2. Purposes of processing personal data of Clients.
2.1. Clients' personal data may be processed for the following purposes::
Hotel room reservations;
Registration and execution of the contract for the provision of services for accommodation or temporary accommodation in a Hotel.
2.2. The Operator is not allowed to process PD that is incompatible with the specified purposes.
2.3. Personal data may not be used for the purpose of causing property and moral harm to citizens, hindering the exercise of the rights and freedoms of citizens of the Russian Federation.
3. Content of personal data of Clients
3.1. The volume and content of the processed PD strictly corresponds to the stated processing goals and are not redundant in relation to the processing goals.
3.2. The personal data of Customers collected and processed by the Hotel includes:
Last name, First name, Patronymic;
Date and place of birth;
Registration address (and place of residence);
Contact phone number;
Information about the place of work.
3.3. Hotel employees receive personal data with the written consent of the Client.
3.4. The Hotel staff has the right to check the accuracy and relevance of the personal data provided.
3.5. When using the room booking service, the following information is stored: full name, phone number and e-mail address of the Client. In order to provide a hotel service, this data is used for unambiguous one-time identification of the reservation during its execution.
4. Processing of personal data of Clients
4.1. Processing of personal data of Clients for the fulfillment of the set goals consists in the following possible actions: collection, storage, refinement, updating, modification, use, transfer, destruction.
4.2. The processing of personal data of Clients is carried out without the use of automation tools.
4.3. Only employees of the Hotel who are authorized to work with personal data of Clients and who have signed the Contract may have access to the processing of personal data of Clients
Agreement on non-disclosure of personal data.
4.4. In order to comply with the current legislation in the field of migration policy, the Hotel transfers the personal data of Customers to the FMS in compliance with the norms of personal data protection.
4.5. The Hotel does not transfer Customers' personal data to third parties without the consent of the personal data subject, unless otherwise provided by federal law.
4.6. There is no cross-border transfer of personal data.
5. Protection of personal data of Clients
5.1. The Hotel respects the confidentiality of personal data, takes legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution of personal data, as well as from other illegal actions.
5.2. When processing personal data carried out without the use of automation tools, the Hotel fulfills the requirements established by the Decree of the Government of the Russian Federation dated September 15, 2008 No. 687 "On approval of the Regulation on the specifics of processing personal data carried out without the use of automation tools".
5.3. Director Rinat Kharisovich Zagriev (phone: 8(8617)216-686) has been appointed responsible for organizing the processing of personal data in LLC GC Brigantine.
5.4. The technical protection measures adopted at the hotel include: fire and burglar alarms, video surveillance and anti-virus protection.
5.5. The following local regulations have been accepted for execution at the Hotel:
5.5.1 Orders: "On carrying out work on the protection of PD", "On the appointment of a responsible person", "On the controlled zone", "On approval of storage locations of PD material carriers", "On approval of the list of employees allowed to process PD", "On the establishment of a commission to determine the level of protection of PD";
5.5.1. Provisions: "On the protection of personal data", "On the differentiation of access rights to personal data", "On the processing of personal data of employees";
5.5.2. Procedures: "Access to the controlled area of employees", "Redundancy and restoration of operability", "Destruction of PD carriers";
5.5.3. Acts of determining the level of protection of ISPDn and Private models of current threats.
5.5.4. Lists: "Premises intended for PD processing", "PD", "ISPDn".
5.5.5. An action plan for internal control over compliance with the safety of PD, a description of the technological process of PD processing and a Conclusion on the assessment of harm to PD subjects.
5.5.6. Instructions: "Responsible for the organization of processing in ISPDn", "ISPDn User", "To ensure the safety of PD processing workplaces", "To work with appeals of PD subjects", "To work with removable media containing PD", "To process PD without the use of automation tools", "About the order of physical protection of premises", "On the procedure for conducting proceedings on the facts of violations".
5.5.7. Logs: "Accounting for logins", "Accounting for appeals of PD subjects", "Accounting for information security tools", "Accounting for removable media containing PD", "Accounting for antivirus checks".
5.6. The Hotel has notified the authorized body for the protection of the rights of personal data subjects about the processing of personal data in accordance with the requirements established by the Federal Law "On Personal Data".
5.7. In case of detection of illegal actions with personal data, the operator, within a period not exceeding three working days from the date of such detection, is obliged to eliminate the admission of violations. The operator is obliged to notify the PD subject about the elimination of violations committed.
6. Client's Rights
6.1. The Client has the right to: access to information about himself, including information containing confirmation of the fact of personal data processing, the purpose of such processing, as well as other information specified in Part 7 of Article 14 of Federal Law 152-FZ "On Personal Data".
6.2. The subject of personal data has the right to require the operator to clarify his personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.
6.3. If the personal data subject believes that the operator processes his personal data in violation of the law or otherwise violates his rights and freedoms, the personal data subject has the right to appeal the actions or omissions of the operator to the authorized body for the protection of the rights of personal data subjects or in court.
7. Liability for violation of the rules governing the processing of personal data of Customers
7.1. The Hotel is responsible for the personal information that is at its disposal and establishes the personal responsibility of employees for compliance with the established confidentiality regime.
7.2. Each employee who receives a document containing the Client's personal data for work is solely responsible for the safety of the carrier and the confidentiality of the information.
7.3. The Hotel staff is obliged to ensure the proper level of consideration of requests, applications and complaints of Customers, as well as to facilitate the fulfillment of the requirements of the competent authorities.