Use of cookies
We use cookies to improve website performance, personalize content, and enhance your experience with the site.
ACCEPT ALL
Settings
Use of cookies
Cookie files settings
Cookies files necessary for the proper functioning of the website are always enabled.
Other cookies are configurable.
Essential cookies
Always enabled. These cookies are necessary for the proper functioning of the website — they provide basic functionality (authentication, session management, security). Without them, the site cannot function fully, and users will not be able, for example, to log into their account or save session data.
Analytical cookies
Disabled
They are used to collect statistics about user behavior on the website: pages visited, time spent on the site, traffic sources, and so on. This data helps website owners analyze effectiveness and improve the site’s performance.
Advertising cookies
Disabled
They are used to show users relevant ads based on their interests and for retargeting. These cookies collect information about the user’s activity on the internet to display personalized advertising offers.
Functional cookies
Disabled
They allow the website to remember the user’s settings and preferences (such as language, region, and layout) to improve user experience and personalization without requiring the user to re-enter the information on each visit.

Personal Data Processing Policy

9.1. The Hotel is responsible for the personal information at its disposal and assigns personal responsibility to employees for compliance with the established confidentiality regime.

9.2. Each employee who receives a document containing the Client's personal data for work bears sole responsibility for the safety of the confidential information carrier.

9.3. Any person may contact a Hotel employee with a complaint about violation of this Policy. Complaints and statements regarding compliance with data processing requirements are considered within three days from the date of receipt.

9.4. Hotel employees are obliged to ensure proper consideration of Clients' requests, statements and complaints, as well as to assist in the execution of requirements of competent authorities.

9.5. Persons who violate or fail to comply with the requirements of the Regulation are held to disciplinary, administrative (Articles 5.39, 13.11 - 13.14, 19.7 of the Code of Administrative Offenses of the Russian Federation) or criminal liability (Articles 137, 140, 272, 272.1, 274 of the Criminal Code of the Russian Federation).
9. LIABILITY FOR VIOLATION OF RULES GOVERNING PERSONAL DATA PROCESSING
8.1. The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to ensure the requirements of federal legislation in the field of personal data protection.

8.2. To prevent unauthorized access to personal data, the Operator applies the following organizational and technical measures:
  • appointment of officials responsible for organizing the processing and protection of personal data;
  • restriction of the composition of persons allowed to process personal data;
  • familiarization of subjects with the requirements of federal legislation and the Operator's regulatory documents on the processing and protection of personal data;
  • organization of accounting, storage and handling of carriers containing information with personal data;
  • identification of threats to the security of personal data during their processing, formation of threat models based on them;
  • development of a personal data protection system based on the threat model;
  • verification of the readiness and effectiveness of the use of information protection tools;
  • differentiation of user access to information resources and software and hardware for information processing;
  • registration and accounting of actions of users of personal data information systems;
  • use of antivirus tools and tools for restoring the personal data protection system;
  • application, where necessary, of firewalling tools, intrusion detection, security analysis and cryptographic information protection tools;
  • organization of access control to the Operator's territory.
8. ENSURING THE SECURITY OF PERSONAL DATA
7.1. Information on the personal data of a guest (client) is confidential.

7.2. The Hotel ensures the confidentiality of personal data and is obliged not to allow their dissemination by third parties without the consent of the guest or the presence of other legal grounds.

7.3. Persons having access to guests' personal data are obliged to comply with the confidentiality regime; they must be warned of the need for a secrecy regime. In connection with the confidentiality regime of personal information, appropriate security measures must be provided to protect data from accidental or unauthorized destruction, from accidental loss, from unauthorized access to them, alteration or dissemination.

7.4. All confidentiality measures in the collection, processing and storage of Clients' personal data apply to all information carriers, both paper and automated.

7.5. The confidentiality regime for personal data is removed in cases of depersonalization or inclusion in publicly available sources of personal data, unless otherwise provided by law.
7. CONFIDENTIALITY OF GUESTS’ PERSONAL DATA
6.1. Confirmation of the fact of personal data processing by the Operator, legal grounds and purposes of personal data processing, as well as other information specified in Part 7, Article 14 of the Personal Data Law, are provided by the Operator to the personal data subject or his/her representative within 10 working days from the moment of appeal or receipt of the request from the personal data subject or his/her representative. This period may be extended, but not more than five working days. For this purpose, the Operator should send a motivated notification to the personal data subject indicating the reasons for extending the period for providing the requested information.

The provided information does not include personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data.

The request must contain:
• number of the main identity document of the personal data subject or his/her representative, information on the date of issue of the specified document and the issuing authority;
• information confirming the participation of the personal data subject in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;
• signature of the personal data subject or his/her representative.

The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

The Operator provides the information specified in Part 7, Article 14 of the Personal Data Law to the personal data subject or his/her representative in the form in which the corresponding appeal or request was sent, unless otherwise specified in the appeal or request.

If the appeal (request) of the personal data subject does not reflect all necessary information in accordance with the requirements of the Personal Data Law or the subject does not have access rights to the requested information, a motivated refusal is sent to him/her.

The right of the personal data subject to access his/her personal data may be restricted in accordance with Part 8, Article 14 of the Personal Data Law, including if the access of the personal data subject to his/her personal data violates the rights and legitimate interests of third parties.

6.2. In the event of detection of inaccurate personal data upon appeal of the personal data subject or his/her representative or upon their request or upon request of Roskomnadzor, the Operator blocks the personal data relating to this personal data subject from the moment of such appeal or receipt of the specified request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
In the event of confirmation of the fact of inaccuracy of personal data, the Operator, based on the information provided by the personal data subject or his/her representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.

6.3. In the event of detection of unlawful processing of personal data upon appeal (request) of the personal data subject or his/her representative or Roskomnadzor, the Operator blocks the unlawfully processed personal data relating to this personal data subject from the moment of such appeal or receipt of the request.

6.4. Upon detection by the Operator, Roskomnadzor or other interested party of the fact of unlawful or accidental transfer (provision, dissemination) of personal data (access to personal data) that resulted in a violation of the rights of personal data subjects, the Operator:
• within 24 hours - notifies Roskomnadzor of the incident, the alleged reasons that led to the violation of the rights of personal data subjects, the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, and also provides information on the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;
• within 72 hours - notifies Roskomnadzor of the results of the internal investigation of the identified incident and provides information on the persons whose actions caused it (if any).

6.5. Procedure for destruction of personal data by the Operator.

6.5.1. Conditions and periods for destruction of personal data by the Operator:
• achievement of the purpose of personal data processing or loss of the need to achieve this purpose - within 30 days;
• achievement of the maximum storage periods for documents containing personal data - within 30 days;
• provision by the personal data subject (his/her representative) of confirmation that the personal data were obtained unlawfully or are not necessary for the stated purpose of processing - within seven working days;
• revocation by the personal data subject of consent to the processing of his/her personal data, if their storage is no longer required for the purpose of their processing - within 30 days.

6.5.2. Upon achievement of the purposes of personal data processing, as well as in the event of revocation by the personal data subject of consent to their processing, personal data are subject to destruction if:
• otherwise is not provided by the contract to which the personal data subject is a party, beneficiary or guarantor;
• the operator is not entitled to process without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
• otherwise is not provided by another agreement between the Operator and the personal data subject.

6.5.3. Destruction of personal data is carried out by a commission created by order of the General Director of LLC "Volna Hotel".

6.5.4. Methods of destruction of personal data are established in the local regulatory acts of the Operator.

6.6. If the Guest's personal data held by LLC "Volna Hotel" are no longer relevant, LLC "Volna Hotel" will update them upon the Guest's request. Such requests for updating, as well as requests for blocking and destruction of personal data, the Guest may send to the hotel's email welcome@volnahotel.ru, or by Russian Post to the address: 603004, Nizhny Novgorod, Lenina Ave., 98.

When sending an official request to LLC "Volna Hotel", it is necessary to indicate:
• Surname, first name, patronymic;
• number of the main identity document of the personal data subject or his/her representative, information on the date of issue of the specified document and the issuing authority;
• information confirming that the Guest used the Website or information otherwise confirming the fact of personal data processing by LLC "Volna Hotel" (for example, when booking a room directly at the hotel).

The request is drawn up with the signature of the citizen (or his/her legal representative). If the request is sent electronically, it must be executed in the form of an electronic document in accordance with the requirements of the legislation of the Russian Federation.
6. UPDATE, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA
5.1. Personal data processing is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.

5.2. Personal data processing is carried out with the consent of personal data subjects to the processing of their personal data, as well as without such consent in cases provided for by the legislation of the Russian Federation.

5.3. The Operator processes personal data for each processing purpose in the following ways:
• non-automated personal data processing;
• automated personal data processing with transmission of the received information via information and telecommunications networks or without such transmission;
• mixed personal data processing.

5.4. The Operator's employees whose job duties include personal data processing are allowed to process personal data.

5.5. Personal data processing for each processing purpose specified in Clause 2.3 of the Policy is carried out by:
• obtaining personal data in oral and written form directly from personal data subjects;
• entering personal data into journals, registers and information systems of the Operator;
• using other methods of personal data processing.

5.6. Disclosure to third parties and dissemination of personal data without the consent of the personal data subject is not permitted, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the personal data subject for dissemination is formalized separately from other consents of the personal data subject to the processing of his/her personal data.
Requirements for the content of consent to the processing of personal data permitted by the personal data subject for dissemination are approved by Order of Roskomnadzor No. 18 dated February 24, 2021.

5.7. Transfer of personal data to inquiry and investigation bodies, the Federal Tax Service, the Social Fund of Russia and other authorized executive bodies and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.

5.8. The Operator takes necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, alteration, blocking, dissemination and other unauthorized actions, including:
• identifies threats to the security of personal data during their processing;
• adopts local regulatory acts and other documents regulating relations in the field of processing and protection of personal data;
• appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
• creates necessary conditions for working with personal data;
• organizes accounting of documents containing personal data;
• organizes work with information systems in which personal data are processed;
• stores personal data under conditions that ensure their safety and exclude unauthorized access to them;
• organizes training of the Operator's employees who process personal data.

5.9. The Operator stores personal data in a form that allows determination of the personal data subject, no longer than required by each purpose of personal data processing, unless the storage period for personal data is established by federal law or a contract.

5.9.1. Personal data on paper carriers are stored in LLC "Volna Hotel" for the storage periods of documents for which such periods are provided by the legislation on archiving in the Russian Federation (Federal Law No. 125-FZ dated October 22, 2004 "On Archiving in the Russian Federation", List of typical management archival documents generated in the course of activities of state bodies, local self-government bodies and organizations, indicating their storage periods (approved by Order of Rosarkhiv No. 236 dated December 20, 2019)).

5.9.2. The storage period for personal data processed in personal data information systems corresponds to the storage period for personal data on paper carriers.

5.10. The Operator ceases processing personal data in the following cases:
• the fact of their unlawful processing is detected. Period - within three working days from the date of detection;
• the purpose of their processing is achieved;
• the validity period has expired or the personal data subject has revoked consent to the processing of such data, when, according to the Personal Data Law, processing of such data is permitted only with consent.

5.11. Upon achievement of the purposes of personal data processing, as well as in the event of revocation by the personal data subject of consent to their processing, the Operator ceases processing such data if:
• otherwise is not provided by the contract to which the personal data subject is a party, beneficiary or guarantor;
• the Operator is not entitled to process without the consent of the personal data subject on the grounds provided for by the Personal Data Law or other federal laws;
• otherwise is not provided by another agreement between the Operator and the personal data subject.

5.12. Upon appeal of the personal data subject to the Operator with a request to cease personal data processing within a period not exceeding 10 working days from the date of receipt by the Operator of the relevant request, personal data processing is ceased, except in cases provided for by the Personal Data Law. The specified period may be extended, but not more than five working days. For this purpose, the Operator must send a motivated notification to the personal data subject indicating the reasons for extending the period.

5.13. When collecting personal data, including through the information and telecommunications network Internet, the Operator ensures recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except in cases specified in the Personal Data Law.
5. PROCEDURE AND CONDITIONS FOR PERSONAL DATA PROCESSING
4.1. The volume of personal data processed in the Company is determined in accordance with the legislation of the Russian Federation and the local regulatory acts of the Operator, taking into account the purposes of personal data processing specified in Section 2 of this Policy. The processed personal data should not be excessive in relation to the stated purposes of their processing.

4.2. Processing of special categories of personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, health status, intimate life is not carried out in the Company. Processing of biometric personal data is not carried out in the Company.

4.3. The Company processes personal data of the following categories of subjects:
• Natural persons (clients) upon check-in at the hotel, potential clients, website users;
• candidates, employees, relatives of employees, persons previously in employment relations with the Operator, persons in the Operator's personnel reserve, natural persons under civil law contracts;
• counterparties – natural persons, representatives and employees of counterparties (legal entities).

4.3.1. Volume of processed personal data of persons checking into the hotel:
• Surname, first name, patronymic, date and place of birth, gender, citizenship, address, identity document, telephone number. For foreign citizens, the type, series, number of the document determining the right to stay in the Russian Federation is filled in: visa, residence permit, temporary stay registration, information from the migration card: series, number, checkpoint, purpose of entry into the Russian Federation, period of stay, date of border crossing and address of previous stay in the Russian Federation.

Purposes of processing personal data of persons checking into the hotel:
• Carrying out hotel activities with a restaurant;
• Identification of the person with whom a contract for the provision of hotel services is concluded;
• Registration of citizens at the place of stay;
• Compliance with the requirements of the legislation of the Russian Federation in the field of migration registration.

Upon check-in at the hotel, a "Contract - Registration Card" is concluded with the client, which contains provisions that the client consents to the processing of his/her personal data.
Methods of processing: non-automated, mixed.
Processing period: within and 3 (three) years from the end of the guest's stay, unless a different period is established by law.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.
The procedure for processing personal data of the specified subjects is determined in accordance with the internal regulatory documents of the Operator regulating activities for the implementation of statutory purposes, and the legislation of the Russian Federation.

4.3.2. Volume and procedure for processing personal data of hotel website users: www.volnahotel.ru:
Booking on the website www.volnahotel.ru is carried out using the software service (module on the website) of online booking "TravelLine". When confirming the booking, the Guest consents to the processing of his/her personal data, and also agrees to the user agreement and privacy policy of "TravelLine".

Volume of processed personal data of the website client:
• Surname, first name, patronymic, telephone number, email address, citizenship, dates for room booking, time of arrival and departure. When paying by bank card – bank card details.
• When visiting the website, even if no booking is made, the Operator may collect certain information, such as the browser used, IP address number, operating system type, location, pages viewed. The information received is not associated with the data that you leave on the Website. It is impossible to establish the user's identity from the automatically received data.
Purposes of processing personal data of website users:
• Making a booking: The Operator collects and uses personal data to process the Guest's requests, issue a booking, for quick and high-quality consultation on clarifying or changing the booking, for other actions directly related to the booking and the implementation of the Guest's right to hotel services.
• Other services provided by the hotel. In addition to providing hotel services, the Operator provides a number of other services (organization of meals, holding banquets and others).
• Bonuses and offers. The information provided by the Guest may be used to form exclusive personal offers, accrual of points under bonus programs.
• Marketing. The Operator may use the provided contact information to send news, ongoing promotions and special offers (with the Guest's consent to receive such information). The website and the contract - registration card form provide for obtaining the Guest's consent to the mailing of news, information about promotions and special offers. Familiarization with the Policy is not consent to the mailing of the above materials and is obtained by the hotel only if the Guest performs certain actions when booking a room on the Website (checks the box: "I agree to receive information about special offers and hotel news by e-mail and SMS") and/or when filling out the Contract - registration card issued to him/her upon check-in. If the Guest refuses the mailing of news or does not check such a box, the Guest's email address will be immediately deleted from the list of recipients (mailing list). Such actions (deletion from the mailing list) on the part of the hotel are carried out immediately, based on the Guest's written statement received with a request to stop processing his/her personal data from the date of receipt of such statement by the hotel, and the Guest has the right to refuse the hotel's processing of his/her data in full or in part. Automatically received data, cookie files, as well as information that the Guest left on the website www.volnahotel.ru may be used to select personalized advertising.
• Improving the quality of service in the hotel. After the Guest's departure, a letter may be sent to the Guest with a request to reflect impressions of the hotel.

Methods of processing: non-automated, mixed.
Processing period: During the validity period of the consent to processing.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.
The Guest's bank card data are subject to unconditional deletion no later than 10 days from the date of his/her departure.
Employees of the reception and service department and the hotel sales department are allowed to process personal data of website visitors.

4.3.3. Volume of processed personal data of the Operator's employees:

The Company processes the following categories of employees' personal data:
• Day, month, year of birth; place of birth; gender; citizenship; INN; SNILS; address (place of residence, place of registration), education, profession; department; position; details of the identity document; military registration data; information on disability (yes/no); marital status; information on family composition (degree of kinship, full name, date of birth); income; information on labor activity; salary account number.
Purposes of processing personal data of the Operator's employees:
• maintaining personnel records; recording employees' working time; calculating employees' salaries; maintaining tax records; maintaining military records; providing regulated reporting to state bodies; compulsory and voluntary medical insurance of employees; booking and paying for tickets and hotel rooms for employees; archival storage of data; assisting the employee in employment, training, use of various benefits.
Obtaining and processing of the Operator's employee's personal data must be carried out solely for the above purposes.
The obtained personal data necessary to achieve the above purposes are reflected in the employee's personal file in accordance with the requirements of labor legislation and the Operator's internal regulatory documents regulating personnel records management and accounting.

Methods of processing: non-automated, mixed.
Processing period: in accordance with legal requirements.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.

4.3.4. Personal data of natural persons under civil law contracts, counterparties – natural persons and representatives and employees of counterparties (legal entities).
surname, first name, patronymic; date and place of birth; passport data; registration address at the place of residence; contact details; position held; individual taxpayer number; current account number; other personal data provided by clients and counterparties (natural persons) necessary for the conclusion and execution of contracts.

Purposes of processing personal data of the specified subjects:
• implementation of the Operator's statutory purposes;
• carrying out transactions in accordance with the legislation of the Russian Federation.

Methods of processing: non-automated, mixed.
Processing period: during the validity period of the contracts and 3 (three) years from the date of their termination, unless a different period is established by law.
Storage period: until destruction in accordance with Clause 6.5 of this Policy.
Destruction procedure: in accordance with Clause 6.5 of this Policy.

4.4. The composition of personal data for each of the categories of subjects listed in Clause 4.3 of this Policy is determined in accordance with the regulatory documents listed in Section 3, as well as the Operator's regulatory documents issued to ensure their execution.

4.5. In cases provided for by applicable law, the personal data subject decides to provide his/her personal data to the Company and consents to their processing freely, of his/her own will and in his/her own interest.

4.6. The Operator ensures that the content and volume of processed personal data correspond to the stated processing purposes and, if necessary, takes measures to eliminate their excessiveness in relation to the stated processing purposes.

4.7. The Operator's processing of biometric personal data (information that characterizes the physiological and biological characteristics of a person, on the basis of which his/her identity can be established) is carried out in accordance with the legislation of the Russian Federation.
4. VOLUME AND CATEGORIES OF PROCESSED PERSONAL DATA, CATEGORIES OF PERSONAL DATA SUBJECTS
3.1. The personal data processing policy in the Company is determined in accordance with the following regulatory legal acts:
• Constitution of the Russian Federation;
• Labor Code of the Russian Federation;
• Civil Code of the Russian Federation;
• Tax Code of the Russian Federation,
• Federal Law No. 402-FZ dated December 6, 2011 "On Accounting";
• Federal Law No. 109-FZ dated July 18, 2006 "On Migration Registration of Foreign Citizens and Stateless Persons in the Russian Federation";
• Federal Law No. 53-FZ dated March 28, 1998 "On Military Duty and Military Service";
• Federal Law No. 167-FZ dated December 15, 2001 "On Compulsory Pension Insurance in the Russian Federation";
• Decree of the Government of the Russian Federation No. 1085 dated October 9, 2015 "On Approval of the Rules for the Provision of Hotel Services in the Russian Federation"
• Federal Law No. 109-FZ dated July 18, 2006 "On Migration Registration of Foreign Citizens and Stateless Persons in the Russian Federation";
• Law of the Russian Federation No. 5242-1 dated June 25, 1993 "On the Right of Citizens of the Russian Federation to Freedom of Movement, Choice of Place of Stay and Residence within the Russian Federation";
• Decree of the Government of the Russian Federation No. 310 dated May 10, 2010 "On Approval of the Rules for the Transfer of Information on the Arrival at the Place of Stay and Departure from the Place of Stay of Foreign Citizens and Stateless Persons Using Communications Facilities Included in the Telecommunications Network";
• Decree of the Government of the Russian Federation No. 713 dated July 17, 1995 "On Approval of the Rules for Registration and Deregistration of Citizens from Registration at the Place of Stay and at the Place of Residence";
• Decree of the Government of the Russian Federation No. 9 dated January 15, 2007 "On the Procedure for Migration Registration of Foreign Citizens and Stateless Persons in the Russian Federation";
• Consent of the personal data subject to their processing.
• Charter of LLC "Volna Hotel"
• other regulatory legal acts of the Russian Federation and regulatory documents of authorized state authorities, as well as local regulatory acts of the Operator on personal data processing issues.

3.2. For the purpose of implementing the provisions of the Policy, the Company has developed relevant local regulatory acts and other documents, including:
• Regulation on Personal Data in LLC "Volna Hotel";
• Regulation "On Processing of Personal Data of Employees of LLC "Volna Hotel";
• Instruction "On the Procedure for Registration of Guests in LLC "Volna Hotel" by Employees of the Reception and Service Department";
• Regulation on the Organization and Conduct of Work to Ensure the Security of Personal Data during Their Processing in the Personal Data Information System;
• other local regulatory acts and documents regulating issues of personal data processing in the Company.
3. LEGAL GROUNDS FOR PERSONAL DATA PROCESSING
2. PURPOSES OF PERSONAL DATA COLLECTION
2.1. The processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not permitted.

2.2. Only personal data that meet the purposes of their processing are subject to processing.

2.3. Personal data are processed for the following purposes:

2.3.1. Carrying out its activities in accordance with the charter of LLC "Volna Hotel", including:
• Carrying out hotel activities with a restaurant;
• Identification of persons with whom a contract for the provision of hotel services is concluded;
• Registration of citizens at the place of stay in the hotel;
• Compliance with the requirements of the legislation of the Russian Federation in the field of migration registration.
• Conclusion and execution of contracts with counterparties.

2.3.2. Execution of labor legislation within the framework of labor and other relations directly related thereto, including: assisting employees in employment, obtaining education and career advancement, attracting and selecting candidates for work with the Operator, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, maintaining personnel and accounting records, filling out and submitting required reporting forms to authorized bodies, organizing registration for individual (personalized) accounting of employees in the systems of compulsory pension insurance and compulsory social insurance;

2.3.3. Execution of judicial acts, acts of other bodies or officials subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;

2.4. The Operator processes personal data of clients, employees of the Operator and other personal data subjects not in employment relations with the Operator, in accordance with the following principles:

2.4.1. processing of personal data is carried out on a lawful and fair basis;

2.4.2. processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not permitted;

2.4.3. combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other, is not permitted;

2.4.4. only personal data that meet the purposes of their processing are subject to processing;

2.4.5. the content and volume of processed personal data correspond to the stated purposes of processing. The processed personal data should not be excessive in relation to the stated purposes of their processing;

2.4.6. when processing personal data, the accuracy of personal data, their sufficiency, and, where necessary, relevance in relation to the purposes of personal data processing are ensured. The Company takes necessary measures or ensures their adoption to delete or clarify incomplete or inaccurate personal data;

2.4.7. storage of personal data is carried out in a form that allows determination of the personal data subject, no longer than required by the purposes of personal data processing, unless the storage period for personal data is established by federal law, a contract to which the personal data subject is a party, beneficiary or guarantor;

2.4.8. processed personal data are destroyed or depersonalized upon achievement of the processing purposes or in case of loss of the need to achieve these purposes, unless otherwise provided by federal law.

2.5. Processing of employees' personal data may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
1. GENERAL PROVISIONS
1.1. This Personal Data Processing Policy of LLC "Volna Hotel" (hereinafter referred to as the Operator), INN 5256043997, located at: 603004, Nizhny Novgorod, Lenina Ave., 98, has been developed in fulfillment of the requirements of Clause 2, Part 1, Article 18.1 of Federal Law No. 152-FZ dated July 27, 2006 "On Personal Data" (hereinafter referred to as the Personal Data Law) for the purpose of ensuring the protection of human and civil rights and freedoms in the processing of personal data, including the protection of rights to privacy, personal and family secrets.

1.2. The Policy applies to all personal data processed by the Operator, Limited Liability Company "Volna Hotel".

1.3. The Policy applies to relations in the field of personal data processing that arose with the Operator both before and after the approval of this Policy.

1.4. In fulfillment of the requirements of Part 2, Article 18.1 of the Personal Data Law, this Policy is published in the public domain on the information and telecommunications network Internet on the Operator's website www.volnahotel.ru.

1.5. The Policy uses the following basic terms:
• personal data – any information relating to a directly or indirectly identified or identifiable natural person (personal data subject);
• personal data operator (operator) – a state body, municipal body, legal entity or natural person, independently or jointly with other persons organizing and/or carrying out the processing of personal data, as well as determining the purposes of personal data processing, the composition of personal data subject to processing, actions (operations) performed with personal data;
• personal data processing – any action (operation) or set of actions (operations) with personal data performed using automation tools or without their use. Personal data processing includes, among other things: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (dissemination, provision, access), depersonalization, blocking, deletion, destruction of personal data.
• automated personal data processing – processing of personal data using computer technology;
• dissemination of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
• provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
• blocking of personal data – temporary cessation of personal data processing (except in cases where processing is necessary to clarify personal data);
• destruction of personal data – actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed;
• depersonalization of personal data – actions as a result of which it becomes impossible, without the use of additional information, to determine the affiliation of personal data to a specific personal data subject;
• personal data information system – a set of personal data contained in databases and information technologies and technical means ensuring their processing;
• cross-border transfer of personal data – transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign natural person or a foreign legal entity.

1.5. Main rights and obligations of the Operator:

1.5.1. LLC "Volna Hotel" as a personal data operator has the right to:
  • independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Personal Data Law and regulatory legal acts adopted in accordance therewith, unless otherwise provided by the Personal Data Law or other federal laws;
  • entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with that person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Personal Data Law, maintain the confidentiality of personal data, and take necessary measures aimed at ensuring the fulfillment of obligations provided for by the Personal Data Law;
  • in the event of revocation by the personal data subject of consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in the Personal Data Law.

1.5.2. The Operator is obliged to:
  • organize the processing of personal data in accordance with the requirements of the Personal Data Law;
  • respond to appeals and requests from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
  • report to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) upon request of this body the necessary information within 10 working days from the date of receipt of such request. This period may be extended, but not more than five working days. For this purpose, the Operator must send a motivated notification to Roskomnadzor indicating the reasons for extending the period for providing the requested information;
  • in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detecting, preventing and eliminating the consequences of computer attacks on information resources of the Russian Federation, including informing it about computer incidents that resulted in unlawful transfer (provision, dissemination, access) of personal data.

1.5.3. The Operator undertakes not to make decisions based solely on automated processing that give rise to legal consequences in relation to personal data subjects or otherwise affect their rights and legitimate interests.

1.6. Rights and obligations of personal data subjects

1.6.1. For the purpose of protecting their personal data stored with the Company, the personal data subject has the right to:
  • obtain information concerning the processing of his/her personal data, except in cases provided for by federal laws. The information is provided to the personal data subject by the Operator in an accessible form, and it should not contain personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
  • require the operator to clarify his/her personal data, block or destroy them if the personal data are incomplete, outdated, inaccurate, unlawfully obtained or not necessary for the stated purpose of processing, as well as take measures provided for by law to protect his/her rights;
  • give prior consent to the processing of personal data for the purpose of promoting goods, works and services on the market;
  • appeal to Roskomnadzor or in court the unlawful actions or inaction of the Operator in the processing of his/her personal data.

1.6.2. Obligations of the Operator's employees with respect to personal data:
  • in cases provided for by law or contract, transfer to the Company reliable documents containing personal data;
  • not provide unreliable personal data, and in the event of changes in personal data, detection of errors or inaccuracies in them (surname, place of residence, etc.), immediately notify the Operator thereof.

1.7. Control over compliance with the requirements of this Policy is exercised by the authorized person responsible for organizing the processing of personal data with the Operator.

1.8. Liability for violation of the requirements of the legislation of the Russian Federation and the regulatory acts of LLC "Volna Hotel" in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.
Menu
Contacts
Subscribe to the newsletter of Volna Hotel and get a discount on accommodation
Follow and subscribe to our accounts on social networks
© 2015—2022 All rights reserved Volna Hotel
Subscribe to the newsletter of Volna Hotel and get a discount on accommodation
Follow our social media accounts