Best value in Yakutsk
Regulation on the processing and protection of personal data
1.1. This Regulation is regulated by the Constitution of the Russian Federation, Federal Law No. 149-FZ of July 27, 2006 “On Information, Information Technologies and Information Protection”, Federal Law No. 152-FZ of July 27, 2006 “On Personal Data” and other regulatory legal acts.
1.2. This Regulation defines the policy of Lira LLC (hereinafter referred to as the Operator) regarding the processing of personal data and is a public document.
1.3. The main concepts used in the Regulations:
– Operator – an organization that provides the Client with accommodation and accommodation services, independently or jointly with other persons organizing and (or) processing personal data;
– Client – an individual, consumer of services, subject of personal data;
– Accommodation and accommodation services – the Operator’s actions to accommodate clients in a room or rooms in the accommodation facility, as well as other activities related to accommodation and accommodation, which include additional services provided to the Client;
– Personal data – information stored in any format relating to a specific individual (subject of personal data), which alone or in combination with other information at the disposal of the Operator and allows to identify the Client;
– Processing of personal data – actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, changing), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;
– Dissemination of personal data – actions aimed at disclosing personal data to an indefinite circle of persons
– Use of personal data – actions (operations) with personal data performed by the Operator in order to provide services to the Client;
– Confidentiality of personal data – a mandatory requirement for the Operator or other person who has access to personal data to not allow their distribution without the consent of the subject of personal data or other legal grounds;
– Cross-border transfer of personal data – transfer of personal data to the territory of a foreign state, to an authority of a foreign state, to a foreign individual or legal entity;
1.4. This Regulation establishes the procedure for processing personal data of Clients for whom the Operator provides a range of reception and accommodation services.
1.5. The purpose of the Regulation is to ensure the protection of the rights and freedoms of a person and a citizen in the processing of his personal data.
1.6. Personal data is processed in order to fulfill the contract for the provision of services for accommodation and temporary accommodation, on one of the parties of which the client is. The operator collects data only to the extent necessary to achieve the stated purpose.
1.7. Personal data of employees are processed for the purpose of fulfilling an employment contract, a contract for the provision of services only to the extent necessary to achieve the named goal.
1.8. Personal data cannot be used for the purpose of causing property and moral damage to citizens, making it difficult to exercise the rights and freedoms of citizens of the Russian Federation. The Operator will equally care about the protection of the rights and freedoms of all customers, regardless of citizenship, within the framework provided by law.
1.9. This Regulation is approved by the director and is binding on all employees who have access to the personal data of the Client and personal data of the Operator’s employees.
Composition and receipt of personal data of Clients
2.1. Information about the personal data of Clients and employees is confidential. Personal data collected and processed by the Operator include:
– personal data (last name, first name, patronymic, day, month, year of birth, etc.);
– passport data;
– address of registration;
– residence address;
– contact phone number;
The confidentiality regime also applies to the dates of the Client’s arrival/departure, the period of residence, the actual location of the Client, the forms of payment and the amount of invoices for accommodation, additional services, the Client’s visitors, their number, contact details, time spent in the Client’s room.
2.2. Information about the Operator’s personnel:
– contact addresses and telephones (mobile and home);
– passport data;
– marital status;
– place of residence of employees and management of the Operator;
The privacy regime also applies to:
– the amount of wages;
– mode of work and rest;
– the number of the Operator’s personnel.
2.3. Operator’s employees receive personal data directly from the subject of personal data – Clients.
Processing and storage of personal data of Clients
3.1. The processing of personal data in the interests of Clients consists in obtaining, systematizing, accumulating, storing, clarifying (updating, changing), using, distributing, depersonalizing, blocking, destroying and protecting Clients’ personal data from unauthorized access.
3.2. The Client’s consent to the processing of personal data is provided upon signing the contract. The processing of personal data is carried out in order to fulfill the Agreement, one of the parties to which is the subject of personal data – the Client. The Consent of the Employee to the processing of personal data is issued upon employment.
3.3. The processing of personal data of Clients is carried out by the method of mixed processing.
3.4. Only employees authorized to work with the Client’s personal data and who have signed the Non-Disclosure Agreement of the Client’s personal data can have access to the processing of the Client’s personal data.
3.5. The list of employees who have access to personal data of Clients is determined by the order of the director.
3.6. Personal data of Clients on paper is stored in the accommodation service.
3.7. Personal data of Clients is stored electronically in the local computer network, in electronic folders and files on a PC in the accommodation service and employees authorized to process personal data of Clients.
Use and transfer of personal data of Clients
4.1. The use of personal data of Clients is carried out solely to achieve the goals defined by the agreement between the Client and the Operator, in particular for the provision of accommodation and temporary accommodation services, as well as additional services.
4.2. When transferring personal data of Clients, the following requirements must be observed:
4.2.1. Warn persons receiving personal data of Clients that these data can only be used for the purposes for which they are reported, and require these persons to confirm that this rule has been observed. Persons receiving personal data of Clients are obliged to maintain confidentiality. This Regulation does not apply in case of depersonalization of personal data and in relation to publicly available data.
4.2.2. Allow access to personal data of Clients only to specially authorized persons, while these persons should have the right to receive only those personal data that are necessary to perform specific functions.
4.2.3. In case of cross-border transfer of personal data, the Operator is obliged to make sure that the foreign state in whose territory the transfer of personal data is carried out provides adequate protection of the right of the subject of personal data.
4.2.4. Cross-border transfer of personal data of Clients on the territory of foreign countries that do not provide adequate protection of the rights of subjects of personal data may be carried out in the following cases:
– availability of written consent of the Client;
– stipulated by the international treaties of the Russian Federation on the issuance of visas, international treaties of the Russian Federation on the provision of legal assistance in civil, family and criminal cases, as well as international treaties of the Russian Federation on readmission;
– provided for by federal laws, if necessary in order to protect the foundations of the constitutional order of the Russian Federation, to ensure the defense of the country and the security of the state;
– execution of an agreement to which the subject of personal data is a party;
– protection of life, health, other vital interests of the subject of personal data or other persons if it is impossible to obtain consent in writing from the subject of personal data;
4.3. It is not allowed to answer questions related to the transfer of information containing personal data by phone or fax.
4.4. The Operator has the right to provide or transfer the personal data of the Client to third parties in the following cases:
– if the disclosure of this information is required to comply with the law, the execution of a judicial act;
– to assist in the conduct of investigations carried out by law enforcement or other government agencies;
– to protect the legal rights of the Client and the Operator
Protection of personal data of Clients from unauthorized access
5.1. The Operator is obliged, when processing personal data of Clients, to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution of personal data, as well as other illegal actions;
5.2. To effectively protect the personal data of Clients, it is necessary:
5.2.1. Comply with the procedure for obtaining, recording and storing personal data of Clients;
5.2.2. Apply technical means of protection, signaling;
5.2.3. Conclude with all employees involved in the receipt, processing and protection of the Client’s personal data, the Agreement on non-disclosure of the Client’s personal data;
5.2.4. Bring to disciplinary responsibility employees guilty of violating the rules governing the receipt, processing and protection of the Client’s personal data;
5.2.5. Access to personal data of Clients by employees who do not have a properly formalized access is prohibited.
5.3. Documents containing personal data of Clients are stored in the premises of the Accommodation Service, which provide protection from unauthorized access.
5.4. Protection of access to electronic databases containing personal data of Clients is ensured by:
– use of licensed software products that prevent unauthorized access of third parties to personal data of Clients;
– Password system. Passwords are set by the system administrator and communicated individually to employees who have access to the personal data of the Clients;
5.5. Copying and making extracts of the Client’s personal data is allowed only for official purposes with the written permission of the head.
Obligations of the Operator
6.1. The operator is obliged:
6.1.1. Process personal data of Clients solely for the purpose of providing services to Clients.
6.1.2. Receive personal data of the Client directly from him. If the Client’s personal data can only be obtained from a third party, then the Client must be notified of this in advance and written consent must be obtained from him. Employees must inform Clients about the purposes, intended sources and methods of obtaining personal data, as well as the nature of personal data and the consequences of the Client’s refusal to give written consent to receive them.
6.1.3. Not to receive or process the Client’s personal data about his race, nationality, political views, religious and philosophical beliefs, state of health, intimate life, except as otherwise provided by law.
6.1.4. Provide access to your personal data to the Client or his legal representative when applying or upon receipt of a request containing the number of the main document proving the identity of the Client or his legal representative, information about the date of issue of the specified document and the body that issued it, and the handwritten signature of the Client or his legal representative . The request can be sent in electronic form and signed with an electronic digital signature in accordance with the legislation of the Russian Federation. Information about the availability of personal data must be provided to the Client in an accessible form and they must not contain personal data related to other subjects of personal data.
6.1.5. Restrict the Client’s right to access their personal data if:
1) The processing of personal data, including personal data obtained as a result of operational-search, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and law enforcement;
2) The processing of personal data is carried out by the bodies that detained the subject of personal data on suspicion of committing a crime, or charged the subject of personal data in a criminal case, or applied a measure of restraint to the subject of personal data before bringing charges, with the exception of cases provided for by the criminal procedure legislation of the Russian Federation, if it is allowed to familiarize the suspect or the accused with such personal data;
3) Providing personal data violates the constitutional rights and freedoms of other persons;
6.1.6. Ensure the storage and protection of the Client’s personal data from their misuse or loss.
6.1.7. In case of revealing false personal data or illegal actions, the Operator is obliged to block personal data related to the relevant subject of personal data from the moment of such request or receipt of such request for the period of verification.
6.1.8. In case of confirmation of the fact of inaccuracy of personal data, the Operator, on the basis of documents submitted by the subject of personal data, clarify personal data and remove their blocking.
6.1.9. In case of detection of illegal actions with personal data, the Operator is obliged to eliminate the committed violations within 3 working days from the date of such detection. If it is impossible to eliminate the committed violations, the Operator is obliged to destroy personal data. The Operator is obliged to notify the subject of personal data about this.
Rights of the Client
7.1. The client has the right to:
– access to information about oneself, including information on the processing of personal data, as well as the purpose of such processing, methods of processing, information about persons who have access to personal data or to whom such access may be granted, a list of processed personal data and the source of their receipt, the terms of processing, including the terms of their storage;
– determination of forms and methods of processing personal data
– restriction of methods and forms of processing personal data; –
– a ban on the dissemination of personal data without his consent;
– change, refinement and destruction of information about oneself.
Confidentiality of personal data of Clients
8.1. Information about the personal data of the Clients is confidential.
8.2. The Operator ensures the confidentiality of personal data and is obliged to prevent distribution to third parties without the consent of the Clients or other legal grounds.
8.3. Persons who have access to the personal data of the Clients are obliged to observe the confidentiality regime, they must be warned about the need to maintain the secrecy regime. In connection with the regime of confidentiality of information of a personal nature, appropriate security measures must be provided to protect data from accidental or unauthorized destruction, from accidental loss, from unauthorized access to them, modification or distribution.
8.4. All confidentiality measures apply to all types of information carriers (paper, automated).
8.5. The confidentiality regime is removed in cases of depersonalization or inclusion in publicly available sources of personal data, unless otherwise provided by law.
Responsibility for violation of the rules governing the processing of personal data of Clients.
9.1. The operator is responsible for the personal information that is at its disposal and establishes the personal responsibility of employees for compliance with the established confidentiality regime.
9.2. Each employee who receives a document containing the Client’s personal data for work is solely responsible for the safety of the medium and the confidentiality of information.
9.3. Any person may apply to an employee with a complaint about a violation of this Regulation. Complaints and applications are considered within 3 days from the date of receipt.
9.4. Employees are obliged to ensure the consideration of requests, applications and complaints of Clients at the proper level, as well as to facilitate the fulfillment of the requirements of the competent authorities.
9.5. Persons guilty of violating the rules governing the receipt, processing, protection of personal data of Clients shall bear disciplinary, administrative, civil or criminal liability in accordance with federal laws.
Plan your comfortable stay in Yakutsk
We try to treat you like a guest in our home.
Book on-line or call us directly and get our absolutely best price guaranteed.