1. General provisions

1.1. The policy regarding the processing of personal data (hereinafter-the Policy) is aimed at protecting the rights and freedoms of individuals whose personal data is processed By the AELITA hotel (hereinafter — the Operator).

1.2. The policy is developed in accordance with paragraph 2 of part 1 of article 18.1 of the Federal law of July 27, 2006 № 152-FZ “On personal data” (hereinafter — FZ “On personal data”).

1.3. The policy contains information to be disclosed in accordance with part 1 of article 14 of the Federal law “On personal data” and is a public document.

2. Personal data processing information

2.1. The operator processes personal data on a legal and fair basis to perform the functions, powers and duties assigned by the legislation, exercise the rights and legitimate interests of the Operator, employees of the Operator and third parties.

2.2. The operator receives personal data directly from the subjects of personal data.

2.3. The operator processes personal data in automated and non-automated ways, using computer technology and without the use of such means.

2.4. Actions to process personal data include collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion and destruction.

3. Processing of personal data of clients

3.1. The operator processes personal data of clients within the legal relations with the Operator regulated by part two of the Civil Code of the Russian Federation of January 26, 1996 No. 14-FZ, (further — clients).

3.2. The operator processes personal data of clients in order to comply with the legislation of the Russian Federation, as well as to:
— inform about new products, special promotions and offers;
— conclusion and execution of the contract.

3.3. The operator processes the personal data of the clients with their consent provided by the clients and/or their legal representatives by performing specific actions on this website, including, but not limited to, ordering, registration in the personal account, subscription to the newsletter, in accordance with this Policy.

3.4. The operator processes the personal data of its customers for no longer than is required for the purpose of personal data processing, unless otherwise stipulated by the legislation of the Russian Federation.

3.5. The operator processes the following personal data of clients:
— Surname, name, patronymic;
— Date of birth;
— Address;
— Contact phone number;
— E-mail address.

4. Information on personal data security

4.1. The operator appoints a person responsible for the organization of personal data processing to perform the duties stipulated by the Federal law “On personal data” and the normative legal acts adopted in accordance with it.

4.2. The operator applies a set of legal, organizational and technical measures to ensure the security of personal data to ensure the confidentiality of personal data and protect them from illegal actions:
— provides unlimited access to the Policy, a copy of which is posted at the location of the Operator, and can also be posted on the operator’s website (if available);
— in pursuance of the Policy approves and puts into effect the document “Regulations on personal data processing” (hereinafter — Regulations) and other local acts;
— familiarizes employees with the provisions of the legislation on personal data, as well as with the Policy and Regulations;
— carries out the admission of employees to the personal data processed in the information system of the Operator, as well as to their material carriers only for performance of labor duties;
— establishes the rules of access to personal data processed in the information system of the Operator, as well as provides registration and accounting of all actions with them;
— assesses the harm that may be caused to the subjects of personal data in case of violation of the Federal law “On personal data»;
— identifies threats to the security of personal data during their processing in the information system of the Operator;
— applies organizational and technical measures and uses the means of information protection necessary to achieve the established level of personal data protection;
— detects the facts of unauthorized access to personal data and takes measures to respond, including the recovery of personal data modified or destroyed as a result of unauthorized access to them;
— assesses the effectiveness of measures taken to ensure the security of personal data before commissioning the operator’s information system;
— carries out internal control of compliance of processing of personal data of the Federal law “On personal data”, adopted in accordance with it regulatory legal acts, requirements for the protection of personal data, Policy, Regulations and other local acts, including control over the measures taken to ensure the security of personal data and their level of security during processing in the information system of the Operator.

5. Rights of personal data subjects

5.1. The subject of personal data has the right:
— to receive personal data related to this subject and information related to their processing;
— to clarify, block or destroy his personal data if they are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
— revocation of his consent to the processing of personal data;
— to protect their rights and legitimate interests, including damages and compensation for moral damage in court;
— to appeal against the actions or omissions of the Operator to the authorized body for the protection of the rights of personal data subjects or in court.

5.2. In order to exercise their rights and legitimate interests, personal data subjects have the right to contact the Operator or send a request in person or with the help of a representative. The request must contain information specified in part 3 of article 14 of the Federal law “On personal data”.