Privacy Policy
1. DEFINITION OF TERMS
1.1 The following terms are used in this Privacy Policy:
1.1.1. "Site Administration" (hereinafter - the Administration) - authorized employees to manage the RedPoint website, acting on behalf of RedPoint, who organize and (or) process personal data, and also determine the purposes of processing personal data, the composition of personal data to be processed, actions ( operations) performed with personal data.
1.1.2. "Personal data" - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
1.1.3. "Processing of personal data" - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.4. “Confidentiality of personal data” is a mandatory requirement for the Operator or other person who has access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds.
1.1.5. "RedPoint Site" is a collection of interconnected web pages hosted on the Internet at a unique address (URL): redpoint.ru, as well as its subdomains.
1.1.6. "Subdomains" are pages or a set of pages located on third-level domains belonging to the RedPoint website, as well as other temporary pages, at the bottom of which the Administration's contact information is indicated.
1.1.5. “RedPoint Site User” (hereinafter referred to as the User) is a person who has access to the RedPoint Site via the Internet and uses the information, materials and products of the RedPoint Site.
2. GENERAL PROVISIONS
2.1. This Personal Data Privacy Policy (hereinafter referred to as the Privacy Policy) applies to all information that the RedPoint website (hereinafter referred to as the Website) located on the 4points domain name (as well as its subdomains) can receive about the User while using the RedPoint website (and also its subdomains), determines the procedure for processing and protecting information about individuals - subjects of personal data (hereinafter referred to as Guests / Consumers) who plan to conclude and (or) conclude agreements for the provision of hotel and other services, as well as lease agreements with LLC Russian forest” (address: Krasnodar, Congressnaya st. 4) (hereinafter referred to as the Company/Operator) at the RedPoint Hotel (hereinafter referred to as the Hotel).
The objectives of the Personal Data Processing and Protection Policy (hereinafter referred to as the Policy) are:
- ensuring the protection of the rights and freedoms of a person and citizen in the processing of his personal data, including the protection of the rights to privacy, personal and family secrets, from unauthorized access and disclosure;
- exclusion of unauthorized actions of the Operator’s employees and any third parties to collect, systematize, accumulate, store, clarify (update, change) personal data, other forms of illegal interference with information resources and the Operator’s local area network, ensure the legal and regulatory regime for the confidentiality of the information of Users of the Site.
2.2. The Policy describes how the processing of personal data in the Company is carried out.
The processing of personal data means any actions (operations) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction , use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Personal data means any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
2.3. This Policy has been developed in accordance with the current legislation of the Russian Federation and the Federal Law "On Personal Data" dated July 27, 2006 No. 152-FZ.
The processing of personal data in the Company is carried out in compliance with the principles and conditions provided for by this Policy and the legislation of the Russian Federation in the field of personal data.
The legal grounds for the processing of personal data in the Company are the Civil Code of the Russian Federation, Decree of the Government of the Russian Federation of November 18, 2020 No. 1853 “On Approval of the Rules for the Provision of Hotel Services in the Russian Federation”, Decree of the Government of the Russian Federation of July 17, 1995 No. 713 “On Approval of the Rules for Registration and Removal of Citizens of the Russian Federation from registration at the place of stay and at the place of residence within the Russian Federation and the list of persons responsible for receiving and transferring documents to the registration authorities for registration and deregistration of citizens of the Russian Federation at the place of stay and at the place of residence within the Russian Federation Federation”, the Charter of the Company, as well as agreements concluded by the Company with Consumers.
2.4. This Policy is approved by the General Director of the Company and put into effect by his order.
2.5. The policy is posted on the official website of the Hotel.
3. PURPOSES AND PRINCIPLES OF PERSONAL DATA PROCESSING
3.1. The processing of personal data of personal data subjects is carried out in order to provide an opportunity to interact with the Company's website and the Company for the subsequent conclusion between the Consumer and the Company of an agreement (contracts) for the provision of hotel services and their subsequent execution, in order to develop new products and services, as well as inform the Consumer about these services.
3.2. The processing of personal data of the Guests is carried out on the basis of the following principles:
- legality of the purposes and methods of processing personal data;
- conscientiousness;
- compliance of the purposes of processing personal data with the purposes predetermined and declared during the collection of personal data, as well as the powers of the Company;
- compliance of the volume and nature of the processed personal data, methods of processing personal data with the purposes of processing personal data;
- ensuring the accuracy of personal data, their sufficiency, and, if necessary, relevance in relation to the purposes of processing personal data.
- The consumer who provides his personal data to the Company, thereby agrees with the provisions of this Policy.
4. COLLECTION OF PERSONAL DATA IN THE COMPANY AND CONSENT TO THEIR PROCESSING
4.1. The collection of personal data of the Guests is carried out through the website of the Company, when the Guest fills out the form for booking the services of the Company, as well as by filling out the guest card and other documents required to be filled out upon arrival at the Hotel. The collection by the Company of personal data may be carried out when using other services of the Company.
4.2. The Consumer is obliged to provide the original documents required for the registration of the Consumer at the Hotel. The Company has the right to copy documents containing personal data of Consumers.
4.3. Upon arrival at the Company's hotel, the Guest also provides consent to the processing of personal data in the form approved by the Company. If the Guest arrives with minors, then he provides such consent on their behalf as a representative. Consent to the processing of personal data may be withdrawn by the Guest.
4.4. At any time, unilaterally, the Guest has the right to withdraw consent to the processing of personal data from the Company. The withdrawal is carried out by drawing up a written document, which can be:
- sent to the address of the Company by post;
- handed over personally against receipt to the authorized representative of the Company
- sent to the email address info@fpkrasnodar.com
5. BASIC RIGHTS AND OBLIGATIONS OF THE CONSUMER AND THE PERSONAL DATA OPERATOR
5.1. Rights of the subject of personal data.
The consumer has the right to receive information from the Operator regarding the processing of his personal data, including the amount of personal data being processed.
The Guest has the right to demand from the Company the clarification of his personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights.
The Guest's requirement is drawn up in free form in the form of a written document, which can be:
- sent to the address of the Company by post;
- handed over personally against receipt to the authorized representative of the Company;
- sent to the email address info@fpkrasnodar.com
The Company is obliged to immediately stop, at the request of the Consumer, the processing of his personal data for the above purposes and inform the Guest about this no later than 10 (ten) working days from the date of receipt of the request from the Guest.
If the Guest believes that the Operator processes his personal data in violation of the requirements of the current legislation or otherwise violates his rights and freedoms, the Guest has the right to appeal against the actions or inaction of the Operator to the Authorized body for the protection of the rights of subjects of personal data or in court.
The guest has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for moral damage.
5.2. Obligations of the Operator.
Upon a personal request or upon receipt of a written request from the Guest or his representative, the Operator, if there are grounds, is obliged to provide information within 30 days from the date of the request or receipt of the request from the Guest or his representative to the extent established by applicable law. Such information must be provided to the Guest in an accessible form, and it must not contain personal data relating to other personal data subjects, unless there are legal grounds for disclosing such personal data.
All appeals of the Guests or their representatives are registered in the Register of appeals of citizens (subjects of personal data) regarding the processing of personal data.
If a request is received from the authorized body for the protection of the rights of subjects of personal data to provide information necessary for the activities of the said body, the Company is obliged to report such information to the authorized body within 30 days from the date of receipt of such a request or within the period specified in the request.
It is prohibited to make decisions on the basis of exclusively automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests.
If the provision of personal data is mandatory in accordance with federal laws, the Company is obliged to explain to the Guest the legal consequences of the refusal to provide his personal data.
When processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions regarding personal data.
6. PERSONAL DATA PRIVACY
6.1. The Company ensures the confidentiality and security of personal data during their processing in accordance with the requirements of the legislation of the Russian Federation.
6.2. The operator does not disclose to third parties and does not distribute personal data without the consent of the subject of personal data, unless otherwise provided by law.
6.3. Employees of the Company who process personal data are required to comply with the requirements of the Operator's regulatory documents in terms of ensuring the confidentiality and security of personal data.
7. SCOPE OF PERSONAL DATA AND PROCESSING CONDITIONS
7.1. For the purposes specified in paragraph 1.1 of this Policy, the following categories of personal data of Consumers are processed:
- Full Name;
- Place of Birth;
- series and number of the passport, by whom and when issued;
- floor;
- Date of Birth;
- citizenship;
- residence address;
- mobile phone;
- Email.
7.2. Conditions for the processing of personal data.
The processing of personal data of the Guests is carried out with the consent of the subject of personal data to the processing of his personal data, and in cases provided for by the legislation of the Russian Federation without consent.
Personal data may also include additionally provided by Consumers at the request of the Operator in order to fulfill the obligations of the Operator to Consumers arising from the contract for the provision of hotel services or other agreements concluded with the Consumer.
The personal data of the Guests are stored both on paper and electronic media. Personal data is processed both with the use of automated systems and without the use of automated systems.
The Company may use the personal data of the Guests to send important notices, advertising and information mailings.
The operator does not transfer personal data to third parties, except as provided by law, and does not entrust the processing of personal data to third parties and organizations. The personal data of the Guests are processed only by the employees of the Company (administrators, employees of the reservation department, etc.), who are allowed by the Order of the General Director of the Company to process the personal data of the Users. Access of employees to the personal data of the Guests is terminated after the termination of the employment relationship with the employee or from the date of termination of official duties.
The personal data of the Guests, in accordance with the legislation of the Russian Federation, are transferred to the internal affairs bodies for the purpose of registration and migration registration, and can also be transferred at the request of the authorized state authorities of the Russian Federation, including the investigation and inquiry authorities only on the grounds and in the manner established by law RF.
7.3. The storage of personal data of Consumers is carried out in a form that allows you to determine the subject of personal data no longer than required by the purposes of processing personal data.
The total period of storage of personal data of Consumers is 5 (Five) years from the date of termination of the contract with the Consumer.
The processing of the personal data of the Guests, carried out without the use of automation tools, is carried out in such a way that for each category of personal data it is possible to determine the places of storage of personal data (tangible media).
The Company has established a list of persons processing personal data or having access to them, as well as separate storage of personal data (tangible media), the processing of which is carried out for various purposes.
When storing material media, conditions are observed that ensure the safety of personal data and exclude unauthorized access to them.
Access to the premises where the personal data of the Guests is stored is limited. The servers are located in places inaccessible to persons who do not have access to the personal data of the Guests. A specific list of measures taken by employees to store personal data of Guests is contained in the order of the General Director and the relevant job descriptions of employees.
The Company uses databases located on the territory of the Russian Federation to store personal data.
7.4. Ensuring the security of personal data.
The Company ensures the security of personal data processed in the information systems of the Operator, which is achieved by excluding unauthorized, including accidental, access to them, as well as by taking the following security measures:
- determination of actual threats to the security of personal data and information technologies used in information systems;
- application of organizational and technical measures to ensure the security of personal data during their processing in the information systems of the Operator, necessary to fulfill the requirements for data protection, the implementation of which ensures the levels of security established by the Government of the Russian Federation;
- application of procedures for assessing the conformity of information security tools;
- assessment of the effectiveness of the measures taken to ensure the security of personal data prior to the commissioning of the information system;
- ensuring the efficient functioning of computer equipment with personal data in accordance with the operational and technical documentation of computer equipment and taking into account the technical requirements of information systems and information security tools;
- detection and registration of facts of unauthorized access to personal data, unauthorized re- and additional recording of information after its extraction from the information system and taking measures;
- recovery of personal data, modified or deleted, destroyed due to unauthorized access to them;
- establishing rules for access to personal data processed in the information systems of the Company, as well as ensuring the registration and accounting of all actions performed with personal data in the information systems of the Company;
- use of anti-virus tools and means of restoring the personal data protection system;
- application, if necessary, of firewalls, intrusion detection, security analysis and cryptographic information protection;
- organization of access control to the territory of the Company, protection of premises with technical means for processing personal data.
7.5. Updating, blocking and destruction of personal data.
In case of confirmation of the fact of inaccuracy of personal data or the illegality of their processing, personal data is subject to updating by the operator, and processing must be terminated.
The blocking of personal data is understood as the temporary termination by the Operator of operations for their processing at the request of the Consumer if he reveals the unreliability of the processed information or illegal, in the opinion of the subject of personal data, actions in relation to his data.
Destruction of personal data means actions that make it impossible to restore the content of personal data on the site and / or as a result of which material carriers of personal data are destroyed.
The Guest has the right to demand in writing the destruction of his personal data if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing.
In the absence of the possibility of destroying personal data, the Operator shall block such personal data. In the event that unlawful processing of personal data is detected at the request or at the request of the Guest or his representative or the authorized body for the protection of the rights of subjects of personal data, the Operator is obliged to block the unlawfully processed personal data relating to this subject of personal data from the moment such an appeal or receipt of the specified request for verification period.
The destruction of personal data is carried out by erasing information using certified software with guaranteed destruction (in accordance with the specified characteristics for the installed software with guaranteed destruction).
7.6. Termination of personal data processing.
The condition for terminating the processing of personal data of Consumers may be:
- achievement of the purposes of personal data processing;
- expiration of the consent or withdrawal of the Consumer's consent to the processing of his personal data;
- detection of illegal processing of personal data.
8. RESPONSIBILITY
8.1. All employees of the Operator who process personal data are required to keep secret about information containing personal data, in accordance with the Policy, the requirements of the legislation of the Russian Federation. Persons guilty of violating the requirements of the Policy and the legislation on personal data bear the responsibility provided for by the legislation of the Russian Federation.
9. ADDITIONAL TERMS
9.1. The Hotel Administration has the right to make changes to this Privacy Policy without the consent of the User.
9.2. The new Privacy Policy comes into force from the moment it is posted on the Hotel Website, unless otherwise provided by the new edition of the Privacy Policy.
9.3. All suggestions or questions regarding this Privacy Policy should be reported to the Hotel Administration.
9.4. The current Privacy Policy is posted on the page at https://redpoint.ru/confidential-policy/