Bed & Breakfast Bravo!
Best Value in Yakutsk
Personal Data Rules
The rules for processing personal data (PD) of the LIRA Limited Liability Company (abbreviated name – LIRA LLC (TIN 1435214183, OGRN 1091435002746) are developed in accordance with the provisions of the legislation of the Russian Federation and the Rules for using the Application Service posted on the website www.bravo-hotel.ru at the address: https://bravo-hotel.ru.
The PD Rules are an annex to the Rules for the use of the Application Service and their integral part. By accepting the terms of the Rules for using the Application Service, the User automatically accepts the terms of these PD Rules.
Terms and Definitions.
Parties – the Administration and any User registered in the Application.
Personal data (PD) – any information related directly or indirectly to a specific or identifiable natural person (subject of personal data).
Processing of personal data – any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons.
Providing personal data – actions aimed at disclosing personal data to a certain person or a certain circle of persons.
Blocking of personal data – temporary suspension of the processing of personal data (unless the processing is necessary to clarify personal data);
Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed;
Depersonalization of personal data – actions, as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information.
Information – information (messages, data) regardless of the form of their presentation.
Documented information – information fixed on a material carrier by documenting with details that allow to determine such information or its material carrier.
Confidentiality of personal data is a mandatory requirement for the Administration or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or other legal grounds.
1. General Provisions.
1.1. The PD Rules establish the obligations of the Administration for non-disclosure and provision of a regime for protecting the confidentiality of personal data that the User provides.
1.2. The use of the Service by the User means acceptance of the PD Rules and the conditions for processing the User’s personal data by the Administration.
In case of disagreement with the terms of the PD Rules, the User undertakes to stop using the Service.
1.3. Personal data permitted for processing under these PD Rules is provided by the User voluntarily by filling out various forms when registering in the Application and using the Service and includes the following information: last name, first name, patronymic, date, month and year of birth, details of the document certifying identity (passport), TIN number, photo and video of his personal image, phone number, registration address, other similar information provided by the User about himself, and on the basis of which the identification of the subject of personal data is possible.
1.4. The Administration has the right to carry out with the received personal data of Users all legally necessary actions related solely to the achievement of the goals indicated in Section 2 of the Rules.
1.5. Any other personal and confidential information not specified above is subject to safe storage and non-distribution by the Administration and the User.
2. Basic principles and purposes of collecting personal information.
2.1. The Administration processes personal data that is necessary to provide the Service to the User.
2.2. Hereby, the User instructs the Administration and agrees that the Administration:
– processes the User’s personal data in order to provide access to the Service and its functionality, verify, research and analyze such data to maintain and improve the existing functionality of the Service, develop new functionality, as well as for other purposes provided for by these PD Rules;
– takes all necessary measures to protect the User’s personal data from unauthorized access, modification, disclosure or destruction;
– provides access to the User’s personal data only to those employees, contractors and agents of the Administration who need this information to ensure the operation of the Service and provide Users with access to its use;
– will and has the right to use the information provided by the User, including personal data, in order to ensure compliance with the requirements of the current legislation of the Russian Federation (including for the purpose of preventing and / or suppressing illegal and / or unlawful actions of Users).
2.3. Principles of processing personal data of Users:
– processing of personal data should be carried out exclusively on legal grounds and in the interests of Users;
– the processing of personal data should be limited to the achievement of specific legitimate purposes;
– when processing personal data, the accuracy, sufficiency, and, if necessary, relevance of personal data are ensured;
– storage of personal data should be carried out in a form that allows you to determine the subject of personal data, no longer than required by the purposes of processing personal data.
2.4. The Administration processes the User’s personal data for the following purposes:
– execution of agreements with the User to provide access to the functionality of the Service, to administer the Service;
– identifying the User when registering in the Application and authenticating the User when using the Service;
– provision of services, processing of requests and applications from the User;
– establishing feedback with the User, including sending notifications and requests;
– confirmation of the completeness of personal data provided by the User;
– conclusion of agreements with the User, implementation of mutual settlements;
– collection of statistics;
– improving the quality of the Service, the convenience of its use and the development of new services and services;
– conducting marketing (advertising) activities, sending offers, promoting services on the market through direct contacts with a potential consumer.
2.5. The User is aware and agrees that for the purposes provided for in the PD Rules, the Administration has the right to:
– collect and use additional information related to the User, obtained during the User’s access to the Service or from third parties, and including data on technical means (including mobile devices) and methods of technological interaction with the Service (including host IP address, type of the User’s operating system, browser type, geographic location, information about the provider, etc.), about the User’s activity on the Service, Cookies, information about errors issued to Users, about downloaded files, videos, tools, as well as other data obtained by the methods established by the PD Rules;
– dispose of statistical information related to the functioning of the Service, as well as information of Users for the purposes of organizing the functioning and technical support of the Service and fulfilling the conditions of these Rules.
3. Conditions for the processing of personal information.
3.1. The processing of the User’s personal data is carried out within the time limits specified in clause 3.5 of the PD Rules, in any legal way, including in personal data information systems, using automation tools (in the form of electronic images of documents), except when manual processing of personal data is necessary in connection with the implementation of legal requirements. The processing of personal data of Users is carried out in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, these PD Rules.
3.2. The source of information about all personal data of the User is directly the User of the Service. By filling out any form and / or attaching a file when registering in the Application and when using the Service, the User thereby consents to the processing of his personal data for the purposes specified in section 2 of the PD Rules. The user confirms the rights and obligations in relation to his account created in this way.
3.3. With respect to the User’s personal information, its confidentiality is maintained, except in cases where the User voluntarily provides information about himself for general access to an unlimited number of persons. When using the Service, the User agrees that a certain part of his personal information, as a result of the User’s actions, becomes publicly available to other Users of the Service and Internet users, can be copied and / or distributed by such Users, subject to the available privacy settings.
Publicly available, in particular, is the following personal information of Users: last name, first name, patronymic, phone number, series and passport number, closed by a mask (for example, 65** 04***2).
3.4. The Administration takes the necessary organizational and technical measures to protect the User’s personal information from illegal or accidental
access, destruction, modification, blocking, copying, distribution, as well as from other illegal actions of third parties.
3.5. The Administration stores information about the User during the period of granting the latter access to the Service, as well as 3 (three) months from the date of termination of such access for any reason. If the Administration receives an application from the User to withdraw consent to the processing of PD, the Administration stops processing the User’s PD from the date specified in the application, but not earlier than the date following the date the Administration actually received the withdrawal.
3.6. The Administration stores the personal data of the User and his employees. At the same time, the User guarantees that he has received the consent of each of his employees to transfer his personal data to the Administration.
The Administration, being a processor of personal data on behalf of the User, is not obliged to obtain the consent of the User’s employees for the processing of their personal data. By unconditionally accepting the terms of these Rules, the User confirms that he has obtained the consent of his employees in advance to transfer their personal data to the Administration.
The User is solely responsible to the User’s employees, whose personal data is processed by the Administration on behalf of the User.
The Administration processes the personal data of the User’s employees in full accordance with the provisions provided for in these Rules.
3.7. The Administration processes personal data in the following ways: collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of the User’s personal data.
The storage of Users’ Personal Data is carried out exclusively on electronic media and processed using automated systems, except in cases where non-automated processing of personal data is necessary in connection with the fulfillment of legal requirements.
3.8. The Administration may transfer Users’ personal data, including cross-border transfer to the territory of foreign states, subject to obtaining the User’s consent and ensuring the necessary protection of the rights of personal data subjects, to the Administration’s counterparties who are involved by the Administration to provide services to maintain the proper technical condition, performance, modification of the Service. At the same time, the storage of personal data of citizens of the Russian Federation abroad is not carried out.
3.9. If the User does not agree with the processing by the Administration of his personal, including biometric, data, the User must not publish this information or provide this data when registering in the Application and using the Service. As soon as the User provides his personal, including biometric, data when registering in the Application and using the Service to the Service, they will be available to the Administration and other users of the Service.
4. Obligations of the parties.
4.1. The user is obliged:
– Provide correct information about personal data necessary for the purposes specified in section 2 of the PD Rules.
– Update, supplement the provided information about personal data in case of changes in this information.
4.2. The administration is obliged:
– Use the information received solely for the purposes specified in section 2 of the PD Rules.
– Ensure that confidential information is kept confidential.
– Take precautions to protect the confidentiality of the User’s personal data in accordance with the procedure usually used to protect this kind of information in existing business transactions.
– Block personal data relating to the relevant User from the moment the User, or his legal representative, or the authorized body for the protection of the rights of personal data subjects for the period of verification, in case of identification of inaccurate personal data or illegal actions.
4.3. When processing personal data, the Administration is obliged to take the necessary legal, organizational and technical measures to protect personal data from unauthorized, illegal or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data, by:
– development and implementation in the organization of documents regulating the work with PD;
– restrictions and regulations on the composition of employees with access to personal data;
– implementation of a permissive system for Users to access information resources, software and hardware for processing and protecting information;
– implementation of anti-virus control, prevention of the introduction of malicious programs (virus programs) and software bookmarks into the corporate network;
– detection of intrusions into the corporate network of the Administration that violate or create preconditions for violation of established requirements for ensuring the security of personal data;
– information backup.
4.4. When determining the scope and content of personal data being processed, the Administration is guided by the Constitution of the Russian Federation, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data”, these PD Rules.
4.5. The Administration undertakes to ensure the prevention of unauthorized and inappropriate access to the personal data of the Users of the Service.
At the same time, authorized and targeted access to the personal data of the Users of the Service will be considered the access of persons authorized by the Administration within the framework of the goals of the activities and topics of the Service.
5. Responsibility of the parties and resolution of disputes.
5.1. The Administration, which has not fulfilled its obligations, is liable to the User for direct actual damage in connection with the unlawful use of personal data in accordance with the legislation of the Russian Federation.
5.2. In case of loss or disclosure of personal data, the Administration is not responsible if this information:
– became public property before its loss or disclosure;
– was received from a third party prior to its receipt by the Administration;
– was disclosed with the consent of the User.
5.3. The current legislation of the Russian Federation applies to the PD Rules and the relationship between the User and the Administration.
In the event of any disputes or disagreements related to the execution of the PD Rules, the User and the Administration will make every effort to resolve them through negotiations between them. In the event that disputes are not resolved through negotiations, disputes are subject to resolution in the manner prescribed by the current legislation of the Russian Federation.
5.4. Before going to court with a claim for disputes arising from the relationship between the User and the Administration, it is mandatory to file a claim.
The recipient of the claim, within 10 (ten) days from the date of receipt of the claim, notifies the claimant in writing of the results of its consideration.
If an agreement is not reached, the dispute will be referred to the judicial authority in accordance with the current legislation of the Russian Federation.
6. Final provisions.
6.1. These PD Rules are valid for an indefinite period, and in terms of the User’s consent to the processing of PD – until the User withdraws it by sending a corresponding notification to the Administration’s email address, as well as by writing to the Administration’s legal address. The chosen method of contact should guarantee the possibility of the Administration to reliably identify the person who applied.
6.2. The PD Rules are an open and publicly available document, located on the website www.bravo-hotel.ru at the address: https://bravo-hotel.ru.
6.3. The user can apply to the Administration with a request for clarification, change, blocking, revocation, etc. your personal data to the email address: firstname.lastname@example.org
Limited Liability Company “LIRA” (LLC “LIRA”)
677027, Yakutsk, Ordzhonikidze st., 49, apt. 61-62
TIN/KPP 1435214183/ 143501001, OGRN 1091435002746