4.1. The volume of personal data processed in the Company is determined in accordance with the legislation of the Russian Federation and the local regulatory acts of the Operator, taking into account the purposes of personal data processing specified in Section 2 of this Policy. The processed personal data should not be excessive in relation to the stated purposes of their processing.
4.2. Processing of special categories of personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, intimate life is not carried out in the Company. Processing of biometric personal data is not carried out in the Company.
4.3. The Company processes personal data of the following categories of subjects:
• Natural persons (clients) upon check-in at the hotel, potential clients, website users;
• candidates, employees, relatives of employees, persons previously in employment relations with the Operator, persons in the Operator's personnel reserve, natural persons under civil law contracts;
• counterparties – natural persons, representatives and employees of counterparties (legal entities).
4.3.1. Volume of processed personal data of persons checking into the hotel:
• Surname, first name, patronymic, date and place of birth, gender, citizenship, address, identity document, telephone number. For foreign citizens, the type, series, number of the document determining the right to stay in the Russian Federation is filled in: visa, residence permit, temporary stay registration, information from the migration card: series, number, checkpoint, purpose of entry into the Russian Federation, period of stay, date of border crossing and address of previous stay in the Russian Federation.
Purposes of processing personal data of persons checking into the hotel:
• Carrying out hotel activities with a restaurant;
• Identification of the person with whom a contract for the provision of hotel services is concluded;
• Registration of citizens at the place of stay;
• Compliance with the requirements of the legislation of the Russian Federation in the field of migration registration.
Upon check-in at the hotel, a "Contract - Registration Card" is concluded with the client, which contains provisions that the client consents to the processing of his/her personal data.
Methods of processing: non-automated, mixed.
Processing period: within and 3 (three) years from the end of the guest's stay, unless a different period is established by law.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.
The procedure for processing personal data of the specified subjects is determined in accordance with the internal regulatory documents of the Operator regulating activities for the implementation of statutory purposes, and the legislation of the Russian Federation.
4.3.2. Volume and procedure for processing personal data of hotel website users:
www.volnahotel.ru:
Booking on the website
www.volnahotel.ru is carried out using the software service (module on the website) of online booking "TravelLine". When confirming the booking, the Guest consents to the processing of his/her personal data, and also agrees to the user agreement and privacy policy of "TravelLine".
Volume of processed personal data of the website client:
• Surname, first name, patronymic, telephone number, email address, citizenship, dates for room booking, time of arrival and departure. When paying by bank card – bank card details.
• When visiting the website, even if no booking is made, the Operator may collect certain information, such as the browser used, IP address number, operating system type, location, pages viewed. The information received is not associated with the data that you leave on the Website. It is impossible to establish the user's identity from the automatically received data.
Purposes of processing personal data of website users:
• Making a booking: The Operator collects and uses personal data to process the Guest's requests, issue a booking, for quick and high-quality consultation on clarifying or changing the booking, for other actions directly related to the booking and the implementation of the Guest's right to hotel services.
• Other services provided by the hotel. In addition to providing hotel services, the Operator provides a number of other services (organization of meals, holding banquets and others).
• Bonuses and offers. The information provided by the Guest may be used to form exclusive personal offers, accrual of points under bonus programs.
• Marketing. The Operator may use the provided contact information to send news, ongoing promotions and special offers (with the Guest's consent to receive such information). The website and the contract - registration card form provide for obtaining the Guest's consent to the mailing of news, information about promotions and special offers. Familiarization with the Policy is not consent to the mailing of the above materials and is obtained by the hotel only if the Guest performs certain actions when booking a room on the Website (checks the box: "I agree to receive information about special offers and hotel news by e-mail and SMS") and/or when filling out the Contract - registration card issued to him/her upon check-in. If the Guest refuses the mailing of news or does not check such a box, the Guest's email address will be immediately deleted from the list of recipients (mailing list). Such actions (deletion from the mailing list) on the part of the hotel are carried out immediately, based on the Guest's written statement received with a request to stop processing his/her personal data from the date of receipt of such statement by the hotel, and the Guest has the right to refuse the hotel's processing of his/her data in full or in part. Automatically received data, cookie files, as well as information that the Guest left on the website
www.volnahotel.ru may be used to select personalized advertising.
• Improving the quality of service in the hotel. After the Guest's departure, a letter may be sent to the Guest with a request to reflect impressions of the hotel.
Methods of processing: non-automated, mixed.
Processing period: During the validity period of the consent to processing.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.
The Guest's bank card data are subject to unconditional deletion no later than 10 days from the date of his/her departure.
Employees of the reception and service department and the hotel sales department are allowed to process personal data of website visitors.
4.3.3. Volume of processed personal data of the Operator's employees:
The Company processes the following categories of employees' personal data:
• Day, month, year of birth; place of birth; gender; citizenship; INN; SNILS; address (place of residence, place of registration), education, profession; department; position; details of the identity document; military registration data; information on disability (yes/no); marital status; information on family composition (degree of kinship, full name, date of birth); income; information on labor activity; salary account number.
Purposes of processing personal data of the Operator's employees:
• maintaining personnel records; recording employees' working time; calculating employees' salaries; maintaining tax records; maintaining military records; providing regulated reporting to state bodies; compulsory and voluntary medical insurance of employees; booking and paying for tickets and hotel rooms for employees; archival storage of data; assisting the employee in employment, training, use of various benefits.
Obtaining and processing of the Operator's employee's personal data must be carried out solely for the above purposes.
The obtained personal data necessary to achieve the above purposes are reflected in the employee's personal file in accordance with the requirements of labor legislation and the Operator's internal regulatory documents regulating personnel records management and accounting.
Methods of processing: non-automated, mixed.
Processing period: in accordance with legal requirements.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.
4.3.4. Personal data of natural persons under civil law contracts, counterparties – natural persons and representatives and employees of counterparties (legal entities).
surname, first name, patronymic; date and place of birth; passport data; registration address at the place of residence; contact details; position held; individual taxpayer number; current account number; other personal data provided by clients and counterparties (natural persons) necessary for the conclusion and execution of contracts.
Purposes of processing personal data of the specified subjects:
• implementation of the Operator's statutory purposes;
• carrying out transactions in accordance with the legislation of the Russian Federation.
Methods of processing: non-automated, mixed.
Processing period: during the validity period of the contracts and 3 (three) years from the date of their termination, unless a different period is established by law.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.
4.4. The composition of personal data for each of the categories of subjects listed in Clause 4.3 of this Policy is determined in accordance with the regulatory documents listed in Section 3, as well as the Operator's regulatory documents issued to ensure their execution.
4.5. In cases provided for by applicable law, the personal data subject decides to provide his/her personal data to the Company and consents to their processing freely, of his/her own will and in his/her own interest.
4.6. The Operator ensures that the content and volume of processed personal data correspond to the stated processing purposes and, if necessary, takes measures to eliminate their excessiveness in relation to the stated processing purposes.
4.7. The Operator's processing of biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his/her identity can be established) is carried out in accordance with the legislation of the Russian Federation.