The POLICY of the hotel «Byron» IN RELATION to the processing of PERSONAL DATA
1. Purpose and scope of the document
1.1. «Hotel policy «Byron»,» in relation to the processing of personal data» (hereinafter – the Policy) determines the position and intentions of Companies in the field of processing and protection of personal data, with the goal of respecting and protecting the rights and freedoms of each person and, in particular, the right to inviolability of private life, personal and family secret, protection of honour and good name.
1.2. The policy is strictly enforced by managers and employees of all structural units of the hotel «Byron».
1.3. The Policy applies to all personal data of subjects processed in the hotel «Byron» with the use of automation and without the use of such means.
1.4. The provisions of the Policy serve as the basis for the development of local regulations governing the processing of personal data of employees of the hotel «Byron» and other subjects of personal data in the hotel «Byron».
1.5. Any subject of personal data has access to this Policy.
2.1. Personal data — any information relating to an identified or identifiable natural person (citizen). I. e., such information, in particular, can include: full name, year, month, date and place of birth, address, information about family, social, property status, information about education, profession, income, health status, as well as other information.
2.2. Personal data processing — any action (operation) or a set of actions (operations) with personal data performed with or without the use of automation tools. Such actions (operations) include: collection, receipt, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.3. Provision of personal data – actions aimed at disclosure of personal data to a certain person or a certain circle of persons.
2.4. Distribution of personal data – actions aimed at disclosure of personal data to an indefinite circle of persons.
3. The subjects of personal data.
Byron hotel processes personal data of the following persons:
— employees of the hotel » Byron»;
— entities which have signed contracts of civil nature;
— candidates for the vacant positions of the hotel » Byron»;
— clients of the hotel » Byron»;
— users of the site of the hotel «Byron», who sent a request;
— representatives of legal entities;
— suppliers (individual entrepreneurs).
4. Principles and conditions of personal data processing
4.1. Under the security of personal data hotel «Byron» understands the protection of personal data against wrongful or casual access to them, destruction, change, blocking, copying, granting, distribution of personal data, as well as other unlawful actions in relation to personal data and shall take the necessary legal, organizational and technical measures to protect personal data.
4.2. Processing and security of personal data in the hotel «Byron «is carried out in accordance with the requirements of the Constitution of the Russian Federation, the Federal law № 152-FZ» on personal data», by-laws, other defining cases and features of personal data processing Federal laws of the Russian Federation, guidelines and guidance documents of FSTEC of Russia and the FSB of Russia.
4.3. Byron hotel adheres to the following principles when processing personal data:
— the rule of law and a fair framework;
— restrictions on the processing of personal data for specific, predetermined and legitimate purposes;
— prevention of personal data processing incompatible with the purposes of personal data collection;
— preventing the consolidation of databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
— processing of personal data that meet the purposes of their processing;
— matching content.
4.4. The company processes personal data only if there is at least one of the following conditions:
— processing of personal data is carried out with the consent of the personal data subject to the processing of his personal data;
— the processing of personal data is necessary to achieve the objectives stipulated by the law, to carry out and perform the functions, powers and duties assigned by the legislation of the Russian Federation to the operator;
— processing of personal data is necessary for the execution of the contract, a party to which either the beneficiary or the guarantor of which is the subject of personal data, as well as for the conclusion of the contract on the initiative of the subject of personal data or the contract under which the subject of personal data will be the beneficiary or guarantor;
— processing of personal data is necessary to exercise the rights and legitimate interests of the Company or third parties or to achieve socially significant goals, provided that the rights and freedoms of the personal data subject are not violated;
— processing of personal data is carried out, access of an unlimited number of persons to whom is provided by the subject of personal data or at his request;
— processing of personal data subject to publication or mandatory disclosure in accordance with Federal law.
4.5. the hotel «Byron» has the right to entrust the processing of personal data of citizens to third parties, on the basis of an agreement concluded with these persons. Persons engaged in the processing of personal data on behalf of the hotel «Byron», undertake to comply with the principles and rules of processing and protection of personal data, provided by Federal law № 152-FZ «on personal data». For each person, a list of actions (operations) with personal data that will be performed by a legal entity engaged in the processing of personal data, the purposes of processing, the obligation of such person to respect confidentiality and ensure the safety of personal data during their processing, as well as the requirements for the protection of processed personal data.
4.6. In cases established by the legislation of the Russian Federation, the hotel «Byron» has the right to transfer personal data of citizens.
4.7. Public sources of personal data of employees, including reference books and address books may be created in the Company for the purpose of information support. In public sources of personal data with the consent of the employee may include his / her surname, name, patronymic, date and place of birth, position, contact phone numbers, e-mail address. Information about the employee shall be excluded at any time from publicly available sources of personal data at the request of the employee or by a court decision or other authorized state bodies.
4.8. The company destroys or depersonalizes personal data upon achievement of processing goals or in case of loss of necessity to achieve processing goals.
5. Rights of the personal data subject
A citizen whose personal data are processed by the hotel «Byron» has the right:
— to receive full information about their personal data processed at the Byron hotel»;
— access to their personal data, including the right to obtain a copy of any record containing their personal data, except as provided by Federal law;
— clarification of their personal data, their blocking or destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
— withdrawal of consent to the processing of personal data;
— adoption of statutory measures to protect their rights;
— appeal against the action or omission of the Byron hotel, carried out in violation of the requirements of the legislation of the Russian Federation in the field of personal data, to the authorized body for the protection of the rights of personal data subjects or to the court;
— exercise of other rights provided for by the legislation of the Russian Federation.
In case of failure to comply with the provisions of this Policy, Byron hotel shall be liable in accordance with the current legislation of the Russian Federation.
7. Measures taken by by by Byron hotel to ensure the fulfilment of the operator’s obligations in the processing of personal data
Measures necessary and sufficient to ensure that the Byron hotel fulfils the operator’s obligations under the personal data legislation of the Russian Federation include::
— appointment of the person responsible for the organization of personal data processing in the hotel » Byron»;
— adoption of local regulations and other documents in the field of processing and protection of personal data;
— organization of training and methodological work with employees of structural divisions of the hotel «Byron» occupying posts included in the list of positions for structural units of the hotel «Byron», with which filling is carried out the processing of personal data;
— obtaining the consent of personal data subjects to the processing of their personal data, except as provided by the legislation of the Russian Federation;
— separation of personal data processed without the use of automation from other information, in particular by fixing them on separate material carriers of personal data, in special sections;
— ensuring separate storage of personal data and their material carriers, the processing of which is carried out for different purposes and which contain different categories of personal data;
— establishing a ban on the transfer of personal data through open communication channels, computer networks outside the controlled area (except for public and (or) impersonal personal data);
— storage of material carriers of personal data with observance of the conditions providing safety of personal data and excluding unauthorized access to them;
— implementation of internal control over the compliance of personal data processing with the Federal law» on personal data » and the regulatory legal acts adopted in accordance with it, the requirements for personal data protection, this Policy, local regulations of the hotel «Byron»;
— other measures provided by the legislation of the Russian Federation in the field of personal data.