1.1. This document defines goldenhorsehotel.ru policy (the Hotel) regarding the processing and security of personal data.
1.2. This policy is designed to implement the requirements of the legislation in the field of processing and security of personal data and is aimed at ensuring the full protection of the rights and freedoms of the individual and the citizen in the processing of his personal data at the Hotel.
1.3. The provisions of this Policy are binding on all Hotel employees.
1.4. The provisions of this Policy are the basis for organizing all processes in the Hotel related to the processing and protection of personal data.
1.5. This policy is developed in accordance with the federal law of the Russian Federation:
1.6. The Policy establishes:
1.7. This Policy is a subject to placement on a public resource – hotels official website https://goldenhorsehotel.ru/en – in unrestricted access.
1.8. The policy takes effect on the day of approval.
1.9. This Policy is subject to review in connection with changes in the legislation of the Russian Federation in the field of processing and protection of personal data, based on the assessment of the relevance, adequacy and effectiveness of the measures taken security of personal data processing in the Hotel.
1.10. This Policy applies to actions (operations) or a set of actions (operations) committed using or without the use of such tools with personal data, including collection, recording, systemization, accumulation, storage, refinement (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data.
2. Main terms and definitions
Automatic processing of personal data — processing personal data with computing.
Personal biometric data — information that characterizes a person’s physiological and biological characteristics, on the basis of which his identity can be established and which are used by the operator to establish the identity of the subject of personal data.
Personal data blocking — temporary discontinuation of personal data processing (unless processing is necessary to clarify personal data).
Personal data security — the state of personal data security, characterized by the ability of users, technical facilities and information technologies to ensure the confidentiality, integrity and accessibility of personal data when it is processed in personal data information systems.
Personal data information system — a combination of the personal data contained in the databases and technical facilities and information technologies, providing its processing.
Personal data confidentiality — mandatory requirement for the Hotel or any other person who has access to personal data not to disclose and disseminate it without the consent of the subject of personal data or the existence of other legal grounds.
Processing of personal data — any action (operation) or a set of actions (operations) carried out using or without the use of such tools with personal data, including collection, recording, systemization, accumulation, storage, refinement ( update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Public personal data — personal data that is accessed by an unlimited number of persons with the consent of the personal data subject or which are not subject to the confidentiality requirement in accordance with federal law.
Personal data depersonalization — actions that make it impossible to determine the identity of personal data to a specific entity without the use of additional information.
Operator — a public authority, a municipal authority, a legal or natural person, who, independently or jointly with others, organizes and/or processes personal data, as well as determines the purposes of personal data processing, composition of the personal data to be processed, actions (operations) committed with personal data.
Personal data sharing — actions aimed at disclosing personal data to a particular person or a certain circle of persons.
Personal data — any information relating to a directly or indirectly defined individual (subject of personal data).
Special categories of personal data — personal data relating to race, nationality, political views, religious or philosophical beliefs, health status and intimate life of the subject of personal data.
Personal data subject — an individual who is directly or indirectly defined by the data.
Other information — information that doesn`t identify or relates to the individual directly.
Personal data destruction — actions that make it impossible to recover the content of personal data in the information system and/or, as a result of which material carriers of personal data are destroyed.
3. Purposes of personal data processing
3.1. The hotel processes personal data for the purpose of:
4. Classification of personal data and Subjects categories, whose personal data is processed in the Hotel
4.1. Personal data includes any information relating directly or indirectly to a particular or defined individual (personal data subject) processed by the Hotel to achieve these goals.
4.2. The hotel does not process special categories of personal data relating to race, nationality, political views, religious and philosophical beliefs, unless otherwise established by Russian law Federation.
4.3. The hotel processes personal data in the following personal data subject categories:
5. Basic principles for personal data processing
5.1. Personal data processing in the Hotel is based on the following principles:
6. Personal data processing
6.1. Personal data is processed in accordance with the principles and regulations set by the Federal Law of 27.07.2006 No. 152 “On Personal Data.”
6.2. The hotel processes personal data, both through using automation tools and without using automation tools.
6.3. The Hotel may include personal data of the subjects in public sources of personal data, in this case the Hotel takes the written consent of the subject to process his personal data.
6.4. Biometric personal data in the Hotel is not processed.
6.5. The hotel may carry out cross-border transfer of personal data (both to countries that provide an appropriate level of protection of personal data, and to other countries that may not provide an adequate level of protection for personal data) in order to comply with the contract of which the personal data subject is a party to, and/or with its consent.
6.6. Decisions based on the exclusively automatic processing of personal data, which give legal consequences to the personal data subject or otherwise affect his rights and legitimate interests, are not made.
6.7. In the absence of the need for written consent of the subject to process his personal data, the consent of the subject may be given by the personal data subject or his representative in any way allowing to obtain the fact of its receipt of the form.
6.8. The Hotel has the right to entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise provided by federal law, on the basis of the contract concluded with that person (the operator’s order).
At the same time, the Hotel obliges the person processing personal data on behalf of the Hotel under the contract, to comply with the principles and rules of personal data processing provided by this Federal law.
6.9. Providing access to personal data processed by the Hotel to public authorities (including monitoring, supervising, public security authorities) is carried out in the volume and order established by the relevant legislation of the Russian Federation.
6.10. Collection and processing of Other information
Because Other Information does not personally identify you, such information may be disclosed for any purpose where permitted by law. In some instances (for example: subscribing to the newsletter, using feedback forms), we may combine Other Information with personal information. If we do combine any Other Information with personal information, the combined information will be treated by us as personal information in accordance with this Policy.
7. Rights of the personal data subject
7.1. Personal data subject has the right:
7.2. The personal data subject is obliged to provide complete, accurate and reliable information about their personal data.
7.3. The right of the personal data subject to access his personal data may be limited in accordance with federal laws.
8. Hotel rights and obligations in the processing of personal data
8.1. Hotel has the right:
8.2. In accordance with the requirements of the Federal Act «On personal data»
Hotel is obliged:
9. Measures to ensure the personal data security when processing it
9.1. In the processing of personal data, the Hotel takes the necessary legal, organizational and technical measures to protect personal data from improper or accidental access to it, destruction, editing, blocking, copying, providing, dissemination of personal data, as well as other misconduct in relation to personal data.
9.2. The security of personal data is achieved through:
10. Hotel Responsibility
10.1. The rules and requirements of this Policy, which are applied in the processing of personal data in the Hotel, are monitored by persons appointed by the Order of the Hotel Executive Authority.
10.2. The Hotel, as well as its officials and employees, bear criminal, civil, administrative and disciplinary liability for non-compliance with the principles and conditions of personal data processing, as well as for the disclosure or illegal use of personal data in accordance with the law of the Russian Federation.