Логотип Куцпцовъ дом — знак
Ру
Еn
Логотип Куцпцовъ дом
Book Now
About payment Data protection

Policy on the Protection and Processing of Personal Data at the «Kuptsov Dom» Hotel

General Provisions

1.1. This Policy is governed by the Constitution of the Russian Federation, Federal Law «On Information, Information Technologies, and Information Protection» No. 149-FZ dated 27.07.2006, Federal Law «On Personal Data» No. 152-FZ dated 27.07.2006, and other regulatory legal acts.

1.2. Basic terms used in the Policy:

  • Hotel — an organization providing hotel services to the client.
  • Client — an individual, consumer of hotel services, and subject of personal data.
  • Hotel services — actions by the Hotel for accommodating Clients, as well as other activities related to accommodation and stay, including basic and additional services provided to the Client.
  • Personal data — information stored in any format relating to a specific or identifiable individual (subject of personal data), which alone or in combination with other information available to the Hotel allows identifying the Client’s identity.
  • Processing of personal data — actions (operations) with personal data, including collection, systematization, accumulation, storage, updating (modification), use, dissemination (including transfer), anonymization, blocking, destruction of personal data.
  • Dissemination of personal data — actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or at making personal data available to an unlimited number of persons, including publication in the media, posting on information and telecommunication networks, or providing access to personal data by any other means.
  • Use of personal data — actions (operations) with personal data performed by the operator to make decisions or perform other actions that entail legal consequences concerning the subject of personal data or other persons, or otherwise affect the rights and freedoms of the subject of personal data or other persons.
  • Confidentiality of personal data — a mandatory requirement for the operator or any other person who has access to personal data not to allow their dissemination without the consent of the subject of personal data or other legal grounds.

1.3. This Policy establishes the procedure for processing personal data of Clients for whom the Hotel provides the full range of reception and accommodation services.

1.4. The purpose of this Policy is to ensure the protection of human and civil rights and freedoms when processing personal data.

1.5. Personal data are processed to execute the contract for the provision of accommodation or temporary housing services, of which the Client is a party. The Hotel collects data only to the extent necessary to achieve this purpose.

1.6. Personal data cannot be used to cause property or moral harm to citizens or to impede the exercise of the rights and freedoms of citizens of the Russian Federation.

1.7. This Policy is approved by the director and is mandatory for all employees who have access to the Client’s personal data.

Composition and Collection of Clients’ Personal Data

2.1. Personal data collected and processed by the Hotel include:

  • Personal details (surname, name, patronymic, date of birth, etc.);
  • Passport data;
  • Registration address;
  • Residential address;
  • Contact phone number;
  • Email address.

2.2. All personal data are obtained by the Hotel’s employees directly from the subject of personal data—the Clients.

Processing and Storage of Clients’ Personal Data

3.1. The processing of personal data by the Hotel in the interests of Clients includes obtaining, systematization, accumulation, storage, updating (modification), use, dissemination, anonymization, blocking, destruction, and protection against unauthorized access to Clients’ personal data.

3.2. Clients’ consent for processing personal data is not required since the processing is carried out to execute a contract to which the Client is a party.

3.3. Clients’ consent for processing personal data is required when providing data beyond those specified in clause 2.1 of this Policy (Appendix No. 1 to this Policy).

3.4. Processing of Clients’ personal data is carried out using mixed processing methods.

3.5. Only Hotel employees authorized to work with Clients’ personal data and who have signed a Non-Disclosure Agreement regarding the Client’s Personal Data may access the processing of Clients’ personal data.

3.6. The list of Hotel employees with access to Clients’ personal data is determined by the director’s order.

3.7. Clients’ personal data on paper are stored in the Accommodation Service Department.

3.8. Clients’ personal data in electronic form are stored in the Hotel’s local computer network, in electronic folders, and files on personal computers.

Use and Transfer of Clients’ Personal Data

4.1. The Hotel uses Clients’ personal data solely to achieve the purposes defined by the contract between the Client and the Hotel, in particular, to provide accommodation or temporary housing services, as well as additional services.

4.2. When transferring Clients’ personal data, the Hotel must comply with the following requirements:

4.2.1. Inform recipients of Clients’ personal data that these data can only be used for the purposes for which they are communicated and require confirmation that this rule is observed. Recipients of Clients’ personal data are obliged to maintain confidentiality. This provision does not apply in cases of anonymization of personal data and concerning publicly available data.

4.2.2. Allow access to Clients’ personal data only to specially authorized persons who have the right to receive only the personal data necessary to perform specific functions.

4.2.3. When transferring personal data across borders, the Hotel must ensure that the foreign state to whose territory the transfer is carried out provides adequate protection of the rights of personal data subjects.

4.2.4. Cross-border transfer of personal data to foreign states that do not provide adequate protection of personal data subjects’ rights may be carried out in the following cases:

  • With the Client’s written consent;
  • As stipulated by international treaties of the Russian Federation on visa issuance, legal assistance in civil, family, and criminal matters, and readmission;
  • As provided by federal laws if necessary for protecting the foundations of the constitutional order of the Russian Federation, ensuring national defense and state security;
  • Execution of a contract to which the subject of personal data is a party;
  • Protection of life, health, or other vital interests of the subject of personal data or others when obtaining written consent is impossible.

4.3. It is prohibited to respond to inquiries related to the transfer of information containing personal data via telephone or fax.

4.4. The Hotel has the right to provide or transfer Clients’ personal data to third parties in the following cases:

  • If disclosure is required by law or to comply with a court order;
  • To assist in investigations conducted by law enforcement or other government agencies;
  • To protect the legitimate rights of the Client and the Hotel.

Protection of Clients’ Personal Data from Unauthorized Access

5.1. When processing Clients’ personal data, the Hotel must take necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, dissemination, as well as from other unlawful actions.

5.2. To effectively protect Clients’ personal data, it is necessary to:

5.2.1. Adhere to the procedure for obtaining, accounting, and storing Clients’ personal data.

5.2.2. Use technical security measures and alarm systems.

5.2.3. Conclude a Non-Disclosure Agreement regarding the Client’s Personal Data with all employees involved in obtaining, processing, and protecting the Client’s personal data.

5.2.4. Hold employees accountable who are guilty of violating norms regulating the receipt, processing, and protection of the Client’s personal data.

5.3. Access to Clients’ personal data by Hotel employees who do not have properly issued access is prohibited.

5.4. Documents containing Clients’ personal data are stored in the Accommodation Service Department, ensuring protection against unauthorized access.

5.5. Protection of access to electronic databases containing Clients’ personal data is ensured by:

  • Using licensed software products that prevent unauthorized third-party access to Clients’ personal data.
  • Implementing a password system. Passwords are set by the system administrator and are individually communicated to employees who have access to Clients’ personal data.

5.6. Copying and making extracts from the Client’s personal data is allowed exclusively for official purposes with written permission from the manager.

Hotel Obligations

6.1. The Hotel is obliged to:

6.1.1. Process Clients’ personal data solely for the purpose of providing lawful services to Clients.

6.1.2. Obtain the Client’s personal data directly from them. If personal data can only be obtained from a third party, the Client must be notified in advance, and their written consent must be obtained. Hotel employees must inform Clients about the purposes, intended sources, and methods of obtaining personal data, the nature of the personal data to be obtained, and the consequences of the Client’s refusal to provide written consent.

6.1.3. Not obtain or process the Client’s personal data regarding their racial or national origin, political views, religious or philosophical beliefs, health status, or intimate life, except in cases provided by law.

6.1.4. Provide access to their personal data to the Client or their legal representative upon request or upon receiving a request containing the number of the main identity document of the Client or their legal representative, information about the date of issue of the document and the issuing authority, and the personal signature of the Client or their legal representative. The request may be sent electronically and signed with a digital signature in accordance with Russian legislation. Information about the availability of personal data must be provided to the Client in an accessible form and should not contain personal data related to other subjects.

6.1.5. Limit the Client’s right to access their personal data if:

  • The processing of personal data, including those obtained as a result of operational-search, counterintelligence, and intelligence activities, is carried out for national defense, state security, and law enforcement purposes.
  • The processing is carried out by authorities that detained the subject on suspicion of a crime or charged them in a criminal case or applied a preventive measure before charges, except as provided by Russian criminal procedure law, where the suspect or accused is allowed access to such data.
  • Providing personal data violates the constitutional rights and freedoms of others.

6.1.6. Ensure the storage and protection of the Client’s personal data from unlawful use or loss.

6.1.7. In case of detecting inaccurate personal data or unlawful actions with them by the operator upon request or upon the request of the subject of personal data or their legal representative or the authorized body for the protection of personal data subjects’ rights, the operator must block the personal data related to the respective subject from the moment of such request for the verification period.

6.1.8. Upon confirmation of the inaccuracy of personal data, the operator, based on documents provided by the subject or their legal representative or the authorized body, or other necessary documents, must clarify the personal data and remove the blocking.

6.1.9. In case of detecting unlawful actions with personal data, the operator must eliminate the violations within three working days from the date of detection. If it is impossible to eliminate the violations, the operator must destroy the personal data within three working days from the date of detecting the unlawfulness. The operator must notify the subject or their legal representative about the elimination of violations or destruction of personal data, and if the request was sent by the authorized body, also inform that body.

Client Rights

7.1. The Client has the right to:

  • Access information about themselves, including confirmation of personal data processing and its purpose; methods of processing used by the Hotel; information about persons who have access to personal data or to whom it may be disclosed; a list of processed personal data and their source; processing periods, including storage terms; information on the legal consequences of processing their personal data.
  • Determine the forms and methods of processing their personal data.
  • Restrict the methods and forms of processing personal data.
  • Prohibit the dissemination of personal data without their consent.
  • Modify, clarify, or destroy information about themselves.
  • Appeal unlawful actions or omissions in the processing of personal data and seek appropriate compensation through the courts.

Confidentiality of Clients’ Personal Data

8.1. Information about Clients’ personal data is confidential.

8.2. The Hotel ensures the confidentiality of personal data and must not allow their dissemination to third parties without the Clients’ consent or other legal grounds.

8.3. Persons with access to Clients’ personal data must observe confidentiality and be informed about the need to maintain secrecy. Appropriate security measures must be provided to protect data from accidental or unauthorized destruction, loss, unauthorized access, alteration, or dissemination.

8.4. All confidentiality measures during the collection, processing, and storage of Clients’ personal data apply to all information carriers, both paper and electronic.

8.5. The confidentiality regime of personal data is lifted in cases of anonymization or inclusion in publicly available sources, unless otherwise specified by law.

Liability for Violation of Personal Data Processing Regulations

9.1. The Hotel is responsible for personal information in its possession and assigns personal responsibility to employees for complying with the established confidentiality regime.

9.2. Each employee receiving documents containing the Client’s personal data is individually responsible for the safety of the media and the confidentiality of the information.

9.3. Any person may contact a Hotel employee with a complaint about a violation of this Policy. Complaints and statements regarding data processing compliance are reviewed within three days from the date of receipt.

9.4. Hotel employees must adequately handle Clients’ requests, statements, and complaints and facilitate compliance with competent authorities’ requirements.

9.5. Persons guilty of violating norms regulating the receipt, processing, and protection of Clients’ personal data bear disciplinary, administrative, civil, or criminal liability in accordance with federal laws.