This consent to the processing of personal data is given by the Client until the Operator fully fulfills its obligations and / or before the expiration of the storage period for personal data established by the legislation of the Russian Federation, and can be revoked by submitting a written application to the Operator. The client also consents to the transfer of his personal data to third parties for the purpose of their further processing in compliance with all the principles and rules for processing personal data provided for by Federal Law N152-FZ "On Personal Data". The decision to provide your personal data and consent to their processing was given of your own free will and in your interest. Refusal to provide your personal data entails the impossibility for the Operator to provide services. If you do not agree with the provisions of this privacy statement, we ask you to refrain from using our services.
Diskonthotel.ru service policy regarding the processing of personal data of clients General Provisions In pursuance of the requirements of Part 2 of Art. 18.
1. of the Federal Law "On Personal Data", this Policy is published in the public domain on the information and telecommunications network Internet on the website diskonthotel.ru.
1.1. The policy on the protection of personal data of the diskonthotel.ru hotel reservation service (hereinafter the "Policy") is aimed at maintaining the confidentiality of the personal data of clients using the services of the diskonthotel.ru hotel reservation service (hereinafter the "Service") for the purpose of booking hotel rooms (hereinafter "Clients"), protection of human and civil rights and freedoms when processing his personal data, including protection of the rights to privacy, personal and family secrets. A hotel is understood as the type of accommodation for Clients, determined by the Regulations on the classification of hotels, approved by the Decree of the Government of the Russian Federation of February 16, 2019 No. 158, and includes hotels, motels, aparthotels, a complex of apartments and other types of hotels.
1.2. The processing of personal data of Clients is carried out by the Service Operator by the Company LLC "Discount Hotel".
1.3. The operator protects the processed personal data from unauthorized access and disclosure, misuse or loss in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ "On Personal Data" (hereinafter "the Law on Personal Data") and the Order of the FSTEC of Russia dated 18.02.2013 N 21 "On approval of the composition and content of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems" (as amended on 23.03.2017).
1.4. This Policy establishes a list of processed personal data of Clients, basic principles, goals, methods, conditions for processing personal data, functions and a list of actions of the Service and its employees related to the processing of personal data of Clients.
1.5. The Service can process the following personal data of Clients: last name, first name, home / mobile phone, personal e-mail address, year of birth, bank card data, cookies and other personal data, the indication of which is necessary to use the Service.
1.6. The Operator does not collect and process the Client's personal data about his race, nationality, political views, religious or philosophical beliefs, private life.
1.7. Personal data of Clients refers to confidential information of limited access.
1.8. Ensuring the confidentiality of personal data is not required in the case of their depersonalization, as well as in relation to publicly available personal data.
1.9. The operator has the right to make changes to this Policy. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy. In the event of a significant change in the terms of this Agreement, the Operator notifies the Users about this by posting a corresponding message on the Site.
1.10. If you do not agree with the provisions of this privacy statement, we ask you to refrain from using our services. Continuing to use the Service, the Client gives his consent to the Operator in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" to carry out the following actions: processing of personal data (last name, first name, date and place of birth, passport data, address of the place of registration and residence, citizenship, bank card data, contact information, home / mobile phone, personal e-mail address, other personal data, incl. cookies, the collection and use of which is carried out on the Service in accordance with this Policy); transfer, including cross-border, of personal data to third parties, including on the territory of foreign states, which do not provide adequate protection of the rights of subjects of personal data in accordance with paragraphs. 4 p. 4 art. 12 of the Federal Law of 27.07.2006 No. 152-FZ "On Personal Data", in written or electronic form, for the purpose of providing the following services: booking rooms in hotels and any other means of accommodation; provision of any other tourist services; conclusion and execution of contracts in my favor; directing funds to pay for ordered services; participation in bonus programs and loyalty programs of the Company, as well as its partners; sending messages (including advertising) via e-mail; for other purposes related to the provision of ordered services to me; the transfer by the Operator of the authority to process personal data to another person in accordance with Part 3 of Art. 6 of the Law on Personal Data. This consent to the processing of personal data is given by the Client until the Operator fully fulfills its obligations and / or before the expiration of the storage period for personal data established by the legislation of the Russian Federation, and can be revoked by submitting a written application to the Operator. The client also consents to the transfer of his personal data to third parties for the purpose of their further processing in compliance with all the principles and rules for processing personal data provided for by Federal Law N 152-FZ "On Personal Data". The decision to provide your personal data and consent to their processing was given of your own free will and in your interest. Refusal to provide your personal data entails the impossibility for the Operator to provide services. If you do not agree with the provisions of this privacy statement, we ask you to refrain from using our services.
2. Terms and definitions
2.1. Personal data - any information relating directly or indirectly to a specific or identifiable individual (subject of personal data) (clause 1 of article 3 of the Federal Law "On personal data"); in case of discrepancies about the classification of data as personal data, the Operator is guided by the explanations of the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), which is the authorized federal executive body for the protection of the rights of subjects of personal data and acts on the basis of the Regulation approved Resolution of the Government of the Russian Federation of March 16, 2009 N 228 (as amended on September 21, 2019);
2.2. Operator - the company "Discount Hotel", which organizes and carries out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data;
2.3. Processing of personal data - any action (operation) or a set of actions (operations) performed with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access ), depersonalization, blocking, deletion, destruction of personal data.
2.4. Automated processing of personal data - processing of personal data using computer technology.
2.5. Personal data information system (ISPD) is a set of personal data contained in databases and information technologies and technical means that ensure their processing.
2.6. Destruction of personal data - actions as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and (or) as a result of which material carriers of personal data are destroyed.
2.7. Other terms and definitions found in this Policy are subject to interpretation in accordance with the provisions of the Personal Data Law.
3. Purposes of processing personal data of the Service Clients The Service processes personal data of Clients for the following purposes:
a) Reservations - Personal data is used to process and manage hotel reservations made online and / or through the use of the diskonthotel.ru client service, including for transferring data about the made reservations to accommodation facilities.
b) Customer Support - If necessary, the Service provides the Customers with the necessary assistance, including the selection of the necessary accommodation facility, registration and completion of the reservation, solving problem situations and answering other questions. Records of telephone conversations are stored for a limited period of time and are deleted automatically if the Operator does not deem it necessary to keep them for a longer period (if justified), including for the purpose of investigating cases of fraud.
с) Improving the quality of services - The service is focused on continuous improvement of the quality of services provided and the development of new convenient tools for making reservations.
d) Marketing - the personal data of the Client can be used to send news about products and services for travel, individual offers, information on promotions and contests held on the Service, offers to participate in research. The client is given the opportunity to unsubscribe from the corresponding mailing list at any time.
e) Reliability and safety of services - The Operator may use the data for test purposes, to solve problems and to improve the functionality and quality of our online travel services.
f) Legal purposes - the data is used for the processing and resolution of legal disputes, for investigations at the request of government authorities and compliance with regulatory legal norms, as well as to ensure compliance with the terms on which the Service provides online booking services.
4. The procedure and conditions for the processing of personal data of Clients
4.1. The personal data of the Clients of the Service are processed exclusively using automation tools.
4.2 The processing of personal data is carried out by the Service with the consent of the Client both from the moment he makes a reservation, and immediately after the Client has registered on the Service.
4.3. Obtaining the Client's consent to the processing of his personal data is a necessary condition for the Client to make a reservation or register on the Service. The client can familiarize himself with the content of the document "Consent to the processing of personal data" at any time, including when making a reservation.
4.4. All personal data should be obtained from the subject himself. If the personal data of the subject can only be obtained from a third party, then the subject must be notified of this and consent must be obtained from him, since this is the personal responsibility of the Client.
4.5. Some data may be collected automatically without the participation of the Client, for example, the IP address, the date and time when the Client used the services of the Service, information about the hardware and software, as well as the Internet browser that the Client uses.
4.6. Personal data may be transferred to the following third parties:
Accommodation facility. The data on the completed reservation, including the personal data of the Clients, is transferred to the accommodation facility in which the Client made the reservation, including abroad. Such information may include name, contact details, payment details, names of guests traveling with the Client, and any preferences that were specified at the time of booking. In the event of a dispute regarding a booking, we may, if required, provide the property administration with information on the booking process. Such information may include a copy of your booking confirmation as proof that the booking was made. • Competent public authorities. The Service reserves the right, in cases stipulated by the legislation of the Russian Federation, to disclose personal data of Clients to the relevant authorized state and municipal authorities. • Other persons, including organizations that, in accordance with concluded agreements - carry out insurance of property interests of individuals and legal entities associated with financial obligations and obligations to provide services - insurance organizations; - write off funds from a bank card - credit institutions (banks); - Service partners engaged in entrepreneurial activities, affiliates of the Operator, as well as other third parties in the cases and in the manner prescribed by the relevant agreements and the legislation of the Russian Federation. At the same time, when transferring personal data to the above persons, the Service does not bear further responsibility for the legality of the further processing of personal data carried out by these persons.
4.7. The service collects, records, systematizes, accumulates, stores, clarifies (updates, changes), retrieves, uses, transfers, including cross-border (distribution, provision, access), depersonalization, blocking, deletion and destruction of personal data.
4.8. The storage of data in a form that makes it possible to identify the Client is carried out no longer than the purpose of their processing requires, and they are subject to destruction upon achievement of the processing goals or in case of loss of the need to achieve them.
5. Functions of the Service when processing personal data
5.1. When processing personal data, the Operator takes the following measures necessary to fulfill the duties of a personal data operator provided for by the legislation of the Russian Federation: • appointment of a person responsible for organizing the processing and security of personal data; • adoption of local regulations in the field of processing and protection of personal data, incl. this Policy; • obtaining the consent of the subjects of personal data to the processing of their personal data, with the exception of cases provided for by the legislation of the Russian Federation;
• ensuring the separate storage of personal data and their material carriers, the processing of which is carried out for different purposes and which contain different categories of personal data;
• storage of tangible carriers of personal data in compliance with the conditions ensuring the safety of personal data and excluding unauthorized access to them;
• organization of a regime for ensuring the security of the premises in which the information system is located, preventing the possibility of uncontrolled entry or stay in these premises by persons who do not have the right to access these premises;
• ensuring the safety of personal data carriers;
• approval by the head of the operator of a document defining the list of persons whose access to personal data processed in the information system is necessary for the performance of their official (labor) duties;
• training of the Operator's employees who are directly involved in the processing of personal data, the provisions of the legislation of the Russian Federation on personal data, including the requirements for the protection of personal data, documents defining the Operator's policy regarding the processing of personal data, local acts on the processing of personal data
• use of certified anti-virus software with regularly updated databases;
• use of information security tools that have passed the procedure for assessing compliance with the requirements of the legislation of the Russian Federation in the field of information security, in the case when the use of such means is necessary to neutralize current threats.
5.2. In accordance with the requirements of regulatory documents, the Operator has created a personal data protection system (PDPD), consisting of subsystems of legal, organizational and technical protection.
5.3. The subsystem of legal protection is a complex of legal, organizational, administrative and regulatory documents that ensure the creation, functioning and improvement of the SZPD.
5.4. The organizational protection subsystem includes the organization of the management structure of the data protection system, the authorization system, information protection when working with employees, partners and third parties.
5.5. The subsystem of technical protection includes a complex of technical, software, software and hardware that ensure the protection of personal data.
6. Provisions on cookie files
6.2. The operator uses the following types of cookies: - Account management When the Client enters the Site, cookies are automatically generated, which makes it possible to find out when the Client started a session on the Service and when it ended. The service uses this type of cookie to determine from which account the Client logged in, and what options are available to him. - Region and language preference settings This type of cookie is used when the Client chooses the preferred region and language for the convenient use of the Service. - Essential cookies Used to enable the Client to navigate the pages of the Service and effectively use its capabilities. - Analytical cookies These cookies are set by analytics systems that collect information about how the Client uses the Service. This type of cookie is used solely for statistical purposes. - Advertising cookies (including third party cookies) This type of cookie is used to collect information about the websites and individual pages that the Clients visit. These cookies are used in order to display advertisements that are most relevant to the interests of the Client and to carry out marketing communications. Partner advertising cookies may be placed on the Service. If the User previously used a social network through his account, then the social network can automatically remember the User's credentials. If the User uses plugins such as "Like", "Publish", "Share", "Tell friends", then the corresponding information is transmitted to the social network directly and stored there. The plugins on the Service work on the same principle.
6.3. The customer can configure all of their mobile devices to accept cookies, be notified of receiving cookies, or turn off the acceptance of cookies. The settings for changing or disabling cookies may vary depending on the type of browser: The client should use such tabs as "help", "settings" or "preferences" in his / her browser menu.
6.4. To learn more about how to work with or delete cookies, the Client can visit allaboutcookies.org and the Help / Help section of their browser. Through the browser settings (for example, Internet Explorer, Safari, Firefox, Chrome), the Client can choose which cookies to accept and which to reject. The location of the settings depends on which browser you are using. If the Client has decided to refuse certain technical and / or functional cookies, some functions of the Service may not be available to him. (all OK)
7. Rights of subjects of personal data
7.1. The subject of personal data has the right to receive information regarding the processing of his personal data, including containing:
• confirmation of the fact of processing of personal data by the operator;
• legal grounds and purposes of personal data processing;
• the purposes and methods of processing personal data used by the operator;
• the name and location of the operator, information about persons (except for the operator's employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the operator or on the basis of federal law;
• processed personal data relating to the relevant subject of personal data, the source of their receipt, unless another procedure for submitting such data is provided for by federal law;
• terms of processing personal data, including the terms of their storage;
• the procedure for exercising rights by the subject of personal data;
• information on the performed or expected cross-border data transfer;
• name or surname, first name, patronymic and address of the person who processes personal data on behalf of the operator, if the processing is entrusted or will be entrusted to such a person; • other information stipulated by the legislation of the Russian Federation.
7.2. The information specified in clause 7.1. Is provided to the subject of personal data when contacting by e-mail email@example.com. The subject of personal data is obliged to provide the Operator with evidence of the ownership of the personal data in respect of which the request is sent to this particular subject. Such information should be provided to the subject of personal data in an accessible form, and it should not contain personal data relating to other subjects of personal data, unless there are legal grounds for disclosing such personal data.
7.3. The subject of personal data has the right to revoke his consent to the processing of personal data, as well as to their deletion. To exercise these rights, the subject of personal data must send an appropriate appeal by e-mail firstname.lastname@example.org. The subject of personal data is obliged to provide the Operator with evidence of the ownership of the personal data in respect of which the request is sent to this particular subject. The service considers the received appeal and ensures the termination of the processing of the personal data of the subject, and also deletes the personal data of the subject within 5 (five) working days from the moment the application of the subject of personal data is received.
7.4. Destruction of documents (carriers) containing personal data is carried out by burning, crushing (grinding), chemical decomposition, transformation into a shapeless mass or powder. For the destruction of paper documents, the use of a shredder is allowed.
7.5. Data on electronic media is destroyed by erasing or formatting the media. The fact of destruction of personal data is documented by an act on the destruction of media.
8. Monitoring compliance with the requirements for the protection of personal data
8.1. Internal control over the observance by the structural divisions of the Operators of the legislation of the Russian Federation and local regulations in the field of personal data is carried out by the person responsible for organizing the processing and ensuring the security of personal data.
8.2. All employees of the Operator who process personal data are obliged to keep confidentiality about information containing personal data in accordance with the Policy and the requirements of the legislation of the Russian Federation.
8.3. Persons guilty of violating the requirements of this Policy are liable under the legislation of the Russian Federation.