Home
Hotel
HistoryGalleryReviewsWork with usContacts
Rooms
Restoraunt rooms
Conference rooms
Events
Promotions/Special Offers
Services
Studio flowers "Flora"
Studio "Abrau-Durso"
Room reservation
Adult
Children (under 12 y.o.)
menu
Rooms Restaurateur Conference hall Events Promotions
625026, Tyumen, st. Republic, 159
+7 3452 686 111
Back
Regulation on the procedure for storage and protection of user personal data
    
        

Position
            on the procedure for storage and protection of user personal data

        

            1. Terms and definitions         

        

            2. General Provisions         

        

            3. Processing of personal data         

        

            4. Personal data protection system         

        

            5. Final Provisions         

        

                     

        

                      

        

            1. Terms and definitions

        

            Website - a set of software and hardware for computers, providing the publication for public viewing of information and data, united by a common purpose, through technical means used for communication between computers on the Internet. The Site in the Agreement means the Site located on the Internet at vostok-tmn.ru .         

        

            User - a user of the Internet and, in particular, the Site, which has its own personal page (profile / account).         

        

            Federal Law (Federal Law) - Federal Law of July 27, 2006 No. 152 Federal Law "On Personal Data".         

        

            Personal data - any information relating directly or indirectly to a specific or determined individual (subject of personal data).         

        

            Operator - an organization that independently or jointly with other persons organizes the processing of personal data, as well as defines the goals of processing personal data to be processed, actions (operations) performed with personal data. The operator is the Vostok Hotel, located at: Tyumen, at. Republic, d.159.         

        

            Personal data processing - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), retrieval, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.         

        

            Automated processing of personal data - processing of personal data using computer technology.         

        

            Distribution of personal data - an action aimed at disclosing personal data to a certain circle of persons by prior consent, in cases provided by law.         

        

            Providing personal data - actions aimed at the disclosure of personal data to a specific person or a certain circle of persons.         

        

            Blocking of personal data - temporary termination of the processing of personal data (unless the processing is necessary to clarify personal data).         

        

            Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and / or as a result of which material carriers of personal data are destroyed.         

        

            Anonymization of personal data - actions that make it impossible to determine whether personal data belongs to a particular subject of personal data without using additional information.         

        

        

        

            Personal data information system (ISPDn) - a set of personal data contained in the databases and the processing of information technologies and technical means.         

        

                      

        

            2. General Provisions

        

            2.1. The Regulation on the procedure for storage and protection of the personal data of the Users of the Site (hereinafter - the Regulation) is developed with the aim of complying with the requirements of the legislation of the Russian Federation containing personal data and the identification of Users on the Site.         

        

            2.2. The Regulation has been developed in accordance with the Constitution of the Russian Federation, the Civil Code of the Russian Federation, the current legislation of the Russian Federation in the field of personal data protection.         

        

            2.3. The Regulation establishes the procedure for processing personal data of Site Users: actions to collect, systematize, accumulate, store, refine (update, change), destroy personal data.         

        

            2.4. The Regulation establishes mandatory for the Operator's employees involved in the maintenance of the Site, general requirements and rules for working with all types of storage media containing personal data of Site Users.         

        

            2.5. The Regulation does not address the issues of ensuring the security of personal data referred in the established manner to information constituting a state secret of the Russian Federation.         

        

            2.6. The objectives of the Regulation are:         

        

            - ensuring the protection of the rights and freedoms of man and citizen in the processing of personal data, including the protection of rights to privacy, personal and family secrets;         

        

            - elimination of unauthorized actions of the Operator’s employees and any third parties to collect, systematize, accumulate, store, clarify (update, change) personal data, other forms of illegal interference with the Operator’s information resources and local computer network, ensure the legal and regulatory regime of confidentiality of undocumented Users information Site protection of citizens' constitutional rights to personal secrets, confidentiality of information constituting personal data, and prevention of a possible threat to the safety of Site Users.         

        

            2.7. The principles of processing personal data:         

        

            - the processing of personal data should be carried out on a legal and fair basis;         

        

            - the processing of personal data should be limited to the achievement of specific, predetermined and legitimate goals. Personal data processing incompatible with the purposes of collecting personal data is not allowed;         

        

            - it is not allowed to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;         

        

            - only personal data subject to the purposes of their processing are subject to processing;         

        

            - the content and volume of the processed personal data must comply with the stated processing goals. The processed personal data should not be redundant in relation to the stated purposes of their processing;         

        

            - when processing personal data, the accuracy of personal data should be ensured, its adequacy, and, if necessary, relevance in relation to the purposes of processing personal data;         

        

            - storage of personal data should be carried out no longer than is required by the purpose of processing personal data, unless the storage period for personal data is established by the Federal Law, an agreement to which the User is a party;         

        

            - the processed personal data is subject to destruction or depersonalization upon achievement of the processing goals or in case of loss of the need to achieve these goals, unless otherwise provided by the Federal Law.         

        

            2.8. Terms of processing personal data.         

        

            2.8.1. The processing of personal data of Site Users is carried out on the basis of the Civil Code of the Russian Federation, the Constitution of the Russian Federation, the current legislation of the Russian Federation in the field of personal data protection.         

        

            2.8.2. The processing of personal data on the Site is carried out in compliance with the principles and rules provided for by the Regulations and legislation of the Russian Federation.         

        

            The processing of personal data is allowed in the following cases:         

        

            - the processing of personal data is necessary to use the Site to which the User is a party;         

        

            - the processing of personal data is necessary to protect the life, health or other vital interests of the Site User, if obtaining consent is impossible;         

        

            - the processing of personal data is necessary to exercise the rights and legitimate interests of the Operator or third parties or to achieve socially significant goals, provided that this does not violate the rights and freedoms of Site Users;         

        

            - the processing of personal data is carried out for statistical or other research purposes, with the exception of the processing of personal data in order to promote goods, works, services on the market by making direct contacts with potential consumers using communications, as well as for political campaigning, subject to mandatory depersonalization personal data.         

        

            2.9. Purpose of processing personal data.         

        

            2.9.1. The processing of personal data of the Users of the Site is carried out solely in order to provide the User with the opportunity to interact with the Site.

        

            2.9.2. Information constituting personal data on the Site is any information relating to a specific person (based on such information) (a personal data subject).         

        

            2.10. Sources of obtaining personal data of Users.         

        

            2.10.1. The source of information about all personal data of the User is the User himself.         

        

            2.10.2. The source of information about the User’s personal data is information obtained as a result of the Operator providing the User with the right to use the Site.         

        

            2.10.3. Users personal data refers to confidential information of limited access.         

        

            2.10.4. Confidentiality of personal data is not required in case of depersonalization, as well as in relation to publicly available personal data.         

        

            2.10.5. The Operator does not have the right to collect and process the User’s personal data on his racial, national affiliation, political views, religious or philosophical beliefs, privacy, except as otherwise provided by applicable law.         

        

            2.10.6. The Operator does not have the right to receive and process the User’s personal data on his membership in public associations or his trade union activity, with the exception of cases provided for by the Federal Law.         

        

            2.11. Methods of processing personal data.         

        

            2.11.1. The personal data of the Site Users are processed exclusively using automation tools.         

        

            2.12. Rights of subjects (Users) of personal data.         

        

            2.12.1. The user has the right to receive information about the Operator, its location, the availability of personal data by the Operator related to a specific subject of personal data (to the User), as well as familiarization with such personal data, except as provided for in paragraph 8 of Article 14 of the Federal Law "On Personal Data".         

        

            2.12.2. The User has the right to receive from the Operator when he personally contacts him or when the Operator receives a written request from the User the following information regarding the processing of his personal data, including containing:         

        

            - confirmation of the fact of the processing of personal data by the Operator, as well as the purpose of such processing;         

        

            - legal grounds and goals for the processing of personal data;         

        

            - goals and methods used by the Operator to process personal data;         

        

            - the name and location of the Operator, information about persons (with the exception of the operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of the Federal Law;         

        

            - processed personal data relating to the relevant subject of personal data, the source of their receipt, unless otherwise provided by the Federal Law;         

        

            - the processing time for personal data, including the storage period;         

        

            - the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law;         

        

            - information on completed or proposed cross-border data transfer;         

        

            - name or surname, name, patronymic and address of the person who processes personal data on behalf of the Operator, if processing is or will be entrusted to such a person;         

        

            - other information provided for by the Federal Law or other federal laws;         

        

            - demand changes, clarifications, destruction of information about oneself;         

        

            - appeal against illegal actions or inaction on the processing of personal data and demand appropriate compensation in court;         

        

            - to supplement the personal data of an evaluative nature with a statement expressing his own point of view;         

        

            - identify representatives to protect their personal data;         

        

            - demand from the Operator notification of all changes made to them or exceptions to them.         

        

            2.12.3. The user has the right to appeal to the authorized body forprotection of the rights of subjects of personal data or in a court of law the actions or omissions of the Operator if it considers that the latter is processing his personal data in violation of the requirements of the Federal Law “On Personal Data” or otherwise violates his rights and freedoms.         

        

            2.12.4. The user of personal data has the right to protect his rights and legitimate interests, including compensation for losses and (or) compensation for non-pecuniary damage in court.         

        

            2.13. Responsibilities of the Operator.         

        

            2.13.1. Upon a personal appeal or upon receipt of a written request from a personal data subject or his representative, the Operator, if there is a reason, must provide information in the amount established by the Federal Law within 30 days from the date of contact or receipt of a personal data subject or his representative request. Such information should be provided to the subject of personal data in an accessible form, and they should not contain personal data relating to other subjects of personal data, unless there are legal grounds for the disclosure of such personal data.         

        

            2.13.2. All appeals of subjects of personal data or their representatives are recorded in the Journal of registration of appeals of citizens (subjects of personal data) on the processing of personal data.         

        

            2.13.3. In case of refusal to provide the subject of personal data or his representative upon request or upon receipt of a request by the subject of personal data or his representative of information on the availability of personal data about the relevant subject of personal data, the Operator must give a reasoned response in writing containing a reference to the provision of paragraph 8 of Article 14 The Federal Law “On Personal Data” or another federal law, which is the basis for such a refusal, in a period not exceeding 30 days from the date of treatment The object of personal data or his representative, or from the date of receipt of the request the personal data subject or his representative.         

        

            2.13.4. In the event that a request is received from the authorized body for the protection of the rights of subjects of personal data on the provision of information necessary for the activities of the specified body, the Operator is obliged to communicate such information to the authorized body within 30 days from the date of receipt of such a request.         

        

            2.13.5. In case of unlawful processing of personal data when contacting or at the request of the personal data subject or his representative or the authorized body for the protection of the rights of personal data subjects, the Operator is obliged to block the illegally processed personal data related to this personal data subject from the moment of such appeal or receipt of the specified request for verification period.         

        

            2.13.6. In the event that illegal processing of personal data by the Operator is detected, the latter shall be obliged to stop the illegal processing of personal data within a period not exceeding three business days from the date of this detection. The Operator is obliged to notify the personal data subject or his representative about the elimination of the violations, and if the appeal of the personal data subject or his representative or the request of the authorized body for the protection of the rights of personal data subjects was sent by the authorized body for the protection of the rights of personal data subjects, the specified body also.         

        

            2.13.7. If the goal of processing personal data is achieved, the Operator must stop processing personal data and destroy personal data within a period not exceeding 30 working days from the date the goal of processing personal data was achieved, unless otherwise provided by the contract to which the data subject is a party.         

        

            2.13.8. It is forbidden to make decisions on the basis of exclusively automated processing of personal data that give rise to legal consequences in relation to the subject of personal data or otherwise affect his rights and legitimate interests.         

        

            2.14. Personal data privacy mode.         

        

            2.14.1. The operator ensures the confidentiality and security of personal data during their processing in accordance with the requirements of the legislation of the Russian Federation.         

        

            2.14.2. The operator does not disclose to third parties and does not distribute personal data without the consent of the subject of personal data, unless otherwise provided by the Federal Law.         

        

            2.14.3. In accordance with the list of personal data processed on the site, personal data of Usersprotection of the rights of subjects of personal data or in a court of law the actions or omissions of the Operator if it considers that the latter is processing his personal data in violation of the requirements of the Federal Law “On Personal Data” or otherwise violates his rights and freedoms.         

The sites are confidential information.         

        

        

        

            2.14.4. Persons processing personal data are required to comply with the requirements of the regulatory documents of the Operator in terms of ensuring the confidentiality and security of personal data.         

        

                      

        

            3. Processing of personal data

        

                  3.1. The list of processed personal data of Users:         

        

        

        

            - last name;         

        

            - name;         

        

            - patronymic;         

        

            - gender;         

        

            - Date of Birth;         

        

            - position;         

        

            - company;         

        

            - industry;         

        

            - region;         

        

            - mobile phone;         

        

            - Email.         

        

            3.2. Persons entitled to access personal data.         

        

            3.2.1. The right to access the personal data of entities is vested in persons vested with appropriate authority in accordance with their official duties.         

        

            3.2.2. The list of persons having access to personal data is approved by the Director General of the Operator.         

        

            3.3. The procedure and terms of storage of personal data on the Site.         

        

            3.3.1. The operator only stores the personal data of Users on the Site.         

        

            3.3.2. The storage periods for the Users' personal data on the Site are determined by the terms of the User Agreement, are effective from the moment the user accepts (accepts) this agreement on the Site and is valid until the User declares his desire to delete his personal data from the Site.         

        

            3.3.3. In case of data deletion from the Site at the initiative of one of the parties, namely termination of the use of the Site, the User’s personal data is stored in the Operator’s databases for five years in accordance with the legislation of the Russian Federation.         

        

            3.3.4. After the expiration of the above period of storage of the User’s personal data, the User’s personal data is automatically deleted by the specified algorithm, which is set by the Operator.         

        

            3.3.5. The operator does not process the personal data of users on paper media.         

        

            3.4. Blocking personal data.         

        

            3.4.1. By blocking personal data is meant the temporary termination by the Operator of operations to process them at the request of the User when he reveals the inaccuracy of the processed information or unlawful, in the opinion of the subject of personal data, actions regarding his data.         

        

            3.4.2. The operator does not transfer personal data to third parties and does not entrust the processing of personal data to third parties and organizations. The personal data of the Users of the Site are processed only by the employees of the Operator (database administrators, etc.) authorized by the established procedure to process the personal data of the Users.         

        

            3.4.3. Blocking of personal data on the Site is based on a written statement from the subject of personal data.         

        

            3.5. Destruction of personal data.         

        

            3.5.1. The destruction of personal data refers to actions as a result of which it becomes impossible to restore the content of personal data on the Site and / or as a result of which material carriers of personal data are destroyed.         

        

            3.5.2. The personal data subject has the right to demand in writing to destroy his personal data in the event that the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated processing purpose.         

        

            3.5.3. In the absence of the possibility of destruction of personal data, the Operator shall block such personal data.         

        

            3.5.4. The destruction of personal data is carried out by erasing information using certified software with guaranteed destruction (in accordance with the specified characteristics for the installed software with guaranteed destruction).         

        

                      

        

            4. Personal data protection system

        

            4.1. Measures to ensure the security of personal data during their processing.         

        

            4.1.1. When processing personal data, the operator is obliged to take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unlawful or accidental access to it, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions regarding personal data.         

        

            4.1.2. Ensuring the security of personal data is achieved, in particular:         

        

            - the definition of threats to the security of personal data during their processing in personal data information systems;         

        

            - the application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to fulfill the requirements for the protection of personal data;         

        

            - the use of the procedures of conformity assessment of information security facilities that have passed in the established manner;         

        

            - assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system;         

        

            - taking into account computer storage media of personal data;         

        

            - detection of unauthorized access to personal data and taking measures;         

        

            - restoration of personal data modified or destroyed due to unauthorized access to them;         

        

            - the establishment of rules for access to personal data processed in the personal data information system, as well as the registration and recording of all actions performed with personal data in the personal data information system;         

        

            - control over measures taken to ensure the security of personal data and the level of security of personal data information systems.         

        

            4.1.3. For the purposes of the Regulation, threats to the security of personal data are understood as a combination of conditions and factors that create the danger of unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, provision, distribution of personal data, as well as other illegal actions during their processing in the personal data information system. The security level of personal data is understood as a complex indicator characterizing the requirements, the fulfillment of which ensures the neutralization of certain threats to the security of personal data when they are processed in the personal data information system.         

        

            4.2. Protected information about the subject of personal data.         

        

            Protected information about the subject of personal data on the Site includes data that allows you to identify the subject of personal data and / or obtain additional information about him, as provided by law and the Regulation.         

        

            4.3. Protected personal data objects.         

        

            4.3.1. Protected objects of personal data on the Site include:         

        

            - objects of informatization and technical means of automated processing of information containing personal data;         

        

            - information resources (databases, files, etc.) containing information about information and telecommunication systems in which personal data circulate, about events that occurred with managed objects, about plans for ensuring uninterrupted operation and procedures for switching to management in emergency modes;         

        

            - communication channels that are used to transmit personal data in the form of informative electrical signals and physical fields;         

        

            - alienated information carriers on a magnetic, magneto-optical and other basis, used for processing personal data.         

        

            4.3.2. Technological information about information systems and elements of a personal data protection system to be protected includes:         

        

            - information about the access control system for information objects on which personal data is processed;         

        

            - control information (configuration files, routing tables, security settings, etc.);         

        

            - technological information of means of access to control systems (authentication informationia, keys and access attributes, etc.);         

        

            - characteristics of communication channels that are used to transmit personal data in the form of informative electrical signals and physical fields;         

        

            - information on personal data protection tools, their composition and structure, principles and technical solutions for protection;         

        

            - service data (metadata) appearing during the operation of software, messages and internetworking protocols, as a result of the processing of personal data.         

        

            4.4. Requirements for a personal data protection system.         

        

            The personal data protection system must comply with the requirements of the Decree of the Government of the Russian Federation of November 1, 2012 No. 1119 “On approval of the requirements for the protection of personal data during their processing in personal data information systems”.         

        

            4.4.1. The personal data protection system should provide:         

        

            - timely detection and prevention of unauthorized access to personal data and (or) transfer thereof to persons who do not have the right to access such information;         

        

            - Prevention of impact on technical means of automated processing of personal data, as a result of which their functioning may be disrupted;         

        

            - the ability to immediately restore personal data modified or destroyed due to unauthorized access to them;         

        

            - continuous monitoring of the level of security of personal data.         

        

            4.4.2. Information protection tools used in information systems must undergo a conformity assessment procedure in the prescribed manner.         

        

            4.5. Methods and methods of protecting information in personal data information systems.         

        

            4.5.1. Methods and methods of protecting information in the information systems of the Operator’s personal data must meet the requirements of:         

        

            - Order of the FSTEC of the Russian Federation of February 18, 2013 No. 21 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems”;         

        

            - Order of the Federal Security Service of Russia dated July 10, 2014 No. 378 “On approval of the composition and content of organizational and technical measures to ensure the security of personal data when they are processed in personal data information systems using the cryptographic protection of information necessary to fulfill the requirements established by the Government of the Russian Federation to the protection of personal data for each of the security levels ”(in the event the Operator determines the need to use cryptographic protection means information to ensure the security of personal data).         

        

            4.5.2. The main methods and methods of protecting information in the information systems of personal data of Users are methods and methods of protecting information from unauthorized, including accidental, access to personal data, which may result in the destruction, modification, blocking, copying, distribution of personal data, as well as other unauthorized actions (hereinafter - methods and ways of protecting information from unauthorized access).         

        

            4.5.3. The selection and implementation of methods and methods of protecting information on the Site is carried out in accordance with the recommendations of regulators in the field of information protection - FSTEC of Russia and the FSB of Russia, taking into account the threats to personal data security (threat models) determined by the Operator and depending on the class of the information system.         

        

            4.5.4. Selected and implemented methods and methods of protecting information on the Site should ensure the neutralization of alleged threats to the security of personal data during their processing.         

        

            4.6. Measures to protect the information constituting personal data.         

        

            4.6.1. Measures to protect databases containing personal data taken by the Operator should include:         

        

            - determination of the list of information constituting personal data;         

        

            - restricting access to information containing personal data by establishing a procedure for handling this information and monitoring compliance with this order.         

        

            4.6.2. Measures to protect the confidentiality of information are considered reasonably sufficient if:         

        

            - access to personal data is excludedany third parties without the consent of the Operator;         

        

            - it is possible to use information containing personal data without violating the legislation on personal data;         

        

            - when working with the User, such a procedure for the Operator’s actions is established that ensures the safety of information containing the User’s personal data.         

        

            4.6.3. Personal data cannot be used for purposes contrary to the requirements of the Federal Law, to protect the foundations of the constitutional order, morality, health, rights and legitimate interests of others, to ensure national defense and state security.         

        

            4.7. Responsibility.         

        

            4.7.1. All employees of the Operator who process personal data are required to keep secret about information containing personal data in accordance with the Regulation and the requirements of the legislation of the Russian Federation.         

        

            4.7.2. Persons guilty of violating the requirements of the Regulation are liable under the laws of the Russian Federation.         

        

        

        

            4.7.3. Responsibility for observing the personal data regime in relation to personal data located in the databases of the Site lies with those responsible for the processing of personal data.         

        

                      

        

            5. Final Provisions

        

            5.1. In the event of a change in the current legislation of the Russian Federation, amendments to the regulatory documents for the protection of personal data, this Regulation shall be valid in so far as it does not contradict the current legislation until it is brought into compliance with such.         

        

            5.2. The conditions of this Regulation are established, changed and canceled by the Operator unilaterally without prior notice to the User. From the moment of posting on the Website a new version of the Regulation, the previous version is considered to have lost its force. In the event of a significant change in the terms of this Agreement, the Operator shall notify the Users of this by posting a corresponding message on the Site.         

        

        

        

            5.3. If the User does not agree with the terms of this Regulation, then he must immediately delete his profile from the Site, otherwise the continued use of the Site by the User means that the User agrees to the terms of this Regulation.         

        

                      

    
    
    

Hotel Rooms & PricesRestoraunt roomsConference rooms EventsPromotionsServices
choose a room
625026, Tyumen, st. Republic, 159
+7 3452 686 111 bron@vostok-tmn.ru
Personal Data Protection and Processing Policy Regulation on the procedure for storage and protection of user personal data Terms of payment on the site Results of a special assessment of working conditions
© 2024. Hotel Vostok. Tyumen. Official site.
Website development and promotion —