Написать в Telegram
Hotel address: 199034, Russia, St. Petersburg, Universitetskaya embankment, 21
Reception and accommodation: reception@trezzinipalace.com
Phone number: +7 (812) 313-66-22
Legal
information
Privacy
policy
+7 812 313-66-22
Book your stay

Privacy Policy

REGULATIONS ON THE PROCESSING AND PROTECTION OF PERSONAL DATA OF CLIENTS AND EMPLOYEES OF Boutique Hotel LLC

The Regulation on the Processing and Protection of personal data of clients and employees of Boutique Hotel LLC is a local regulatory act developed on the basis of the Constitution of the Russian Federation, the Labor Code of the Russian Federation, Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection", Federal Law No. 152 of 27.07.2006-Federal Law "On Personal Data", other regulatory legal acts in force on the territory of the Russian Federation, as well as the charter of Boutique Hotel LLC.

1. General provisions

1.1 This Regulation has been developed in order to ensure the protection of personal data of customers and employees of the Hotel.

1.2 Basic concepts used in the Regulation:

  • hotel - an organization that provides hotel services to the client;
  • customer - an individual, a consumer of hotel services, a subject of personal data;
  • hotel services - the actions of the Hotel to accommodate Customers in the accommodation facility, as well as other activities related to accommodation and accommodation, which includes basic and additional services provided to the Client;
  • personal data - information stored in any format related to a specific or identifiable individual (personal data subject), which, by itself or in combination with other information available to the Hotel, allows the identification of the Customer and employee;
  • personal data processing - actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, dissemination (including transfer), depersonalization, blocking, destruction of personal data;
  • dissemination of personal data - actions aimed at the transfer of personal data to a certain circle of persons (transfer of personal data) or at familiarization with personal data of an unlimited number of persons, including the publication of personal data in the media, posting in information and telecommunication networks or providing access to personal data in any other way;
  • use of personal data - actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences with respect to the personal data subject or other persons or otherwise affecting the rights and freedoms of the personal data subject or other persons;
  • confidentiality of personal data is a mandatory requirement for the operator or other person who has access to personal data to prevent their dissemination without the consent of the personal data subject or other legitimate grounds.

1.3 This Regulation establishes the procedure for processing personal data of Clients for whom the Hotel provides the full range of reception and accommodation services at the hotel and employees of the organization.

1.4 The purpose of the Regulation is to ensure the protection of human and civil rights and freedoms when processing personal data.

1.5 Personal data of clients is processed for the purpose of fulfilling a contract for the provision of accommodation or temporary accommodation services, to which the Client is one of the parties. The hotel collects data only to the extent necessary to achieve this goal.

1.6 Personal data of employees is processed for the purpose of fulfilling an employment contract. The hotel collects data only to the extent necessary to achieve this goal.

1.7 Personal data may not be used for the purpose of causing property and moral harm to citizens, hindering the exercise of the rights and freedoms of citizens of the Russian Federation.

1.8 These Regulations are approved by the General Director and are binding on all employees who have access to the Client's personal data and the personal data of the Hotel staff.

2. Composition and receipt of personal data of clients and employees

2.1. Information about personal data of Clients and employees is confidential. Personal data includes:

2.1.1 Information about the client (guest) of the hotel:

  • personal data (full name, date and place of birth, etc.);
  • passport data (including registration address, residence address);
  • contact phone number;
  • email address.

The privacy policy also applies to:

  • Arrival/departure dates of the guest, the period of stay;
  • The actual stay of the guest at the hotel;
  • Payment forms and amounts of invoices for accommodation, additional services;
  • The guest's visitors, their number, contact information, time spent in the guest's room.

2.1.2 Information about the hotel staff:

  • Contact addresses and phone numbers (mobile, home), except for official ones, passport data, marital status, place of residence of the staff of the Administration and other services of the hotel;

The privacy policy also applies to:

  • The amount of salary, work and rest hours;
  • The number of staff.

2.2 The Hotel staff receives all personal data of clients directly from the subject of personal data – Clients. Employees' personal data is also obtained directly from employees when signing an employment contract.

2.3 If it is necessary to apply the confidentiality regime to other categories of information, the General Director of the Hotel has the right to issue an order to make the information confidential, with mandatory familiarization with the order of employees with access to the specified information, and subsequent inclusion of the specified information in the list established by this Regulation.

3. Processing and storage of personal data of Clients and Employees

3.1 The processing of personal data by the Hotel in the interests of Customers and employees consists in obtaining, systematizing, accumulating, storing, clarifying (updating, changing), using, distributing, depersonalizing, blocking, destroying and protecting personal data of Customers and employees from unauthorized access.

3.2 The consent of the Clients to the processing of personal data is provided upon signing the guest's registration card (personal data is processed for the purpose of fulfilling the contract, one of the parties to which is the subject of personal data – the Client). The Employee's consent to the processing of personal data is issued when applying for a job.

3.3 The processing of personal data of Clients and employees is carried out by the method of mixed processing.

3.4 Only Hotel employees who are authorized to work with the personal data of the Client and employees and who have read the Regulations on the Protection of Personal Data of Clients and Employees may have access to the processing of personal data of Clients and employees.

3.5 The list of employees who have the right to access personal data (hereinafter referred to as the List) is determined by the order of the Director General based on the official duties of the employees and the need for production. Employees should be familiar with the specified List against signature.

3.6 Documents containing personal data of Clients and employees are stored in the Accounting Department's safe, access by unauthorized persons is prohibited.

3.7 Personal data of Clients is electronically stored in the database of the Hotel's local computer network. Only persons authorized to process personal data of Clients have access to personal data.

4. Use and transfer of personal data of Clients / Employees' Information confidentiality mode

4.1 The use of personal Customer data is carried out by the Hotel solely to achieve the purposes defined by the agreement between the Customer and the Hotel, in particular, to provide accommodation or temporary accommodation services, as well as additional services.

4.2 The use of personal data of employees is carried out by the Hotel solely to achieve the goals defined by the employment contract and the Labor Legislation of the Russian Federation.

4.3 When transferring personal data of Clients and employees, the Hotel must comply with the following requirements:

4.3.1 To warn the persons receiving the personal data of Clients and employees that this data can only be used for the purposes for which it is provided, and to require these persons to confirm that this rule has been observed. Persons receiving personal data from Clients and employees are required to maintain confidentiality. This provision does not apply in the case of depersonalization of personal data and in relation to publicly available data.

4.3.2 To allow access to personal data of Clients only to specially authorized persons, at the same time these persons should have the right to receive only those personal data which are necessary for performance of specific functions.

4.4 There is no cross-border transfer of personal data.

4.5 Persons who have received access to personal data and other confidential information in accordance with the established procedure are obliged not to provide or disclose such information in any possible form (oral, written, or otherwise, including using technical means) without the consent of the owner of such information or contrary to an employment contract.

5. Protection of personal data of Clients and employees from unauthorized access

5.1 When processing personal data of Customers and employees, the Hotel is obliged to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, dissemination of personal data, as well as from other illegal actions

5.2 For effective protection of Clients' personal data, it is necessary to:

5.2.1 Observe the procedure for receiving, recording and storing personal data of Clients;

5.2.2 Use technical security and alarm systems;

5.2.3 To familiarize all employees related to the receipt, processing and protection of personal data of the Client and employees with these Regulations against signature;

5.2.4 To bring to disciplinary responsibility employees guilty of violating the rules governing the receipt, processing and protection of personal data of the Client and employees of the organization.

5.3 Access to the personal data of the Clients of the Hotel staff who do not have properly issued access is prohibited.

5.4 Documents containing personal data of Clients and employees are stored in the premises of the Accounting Department, which provides protection against unauthorized access.

5.5 Access to electronic databases containing personal data of Clients is protected:

  • using licensed software products that prevent unauthorized access by third parties to personal data of Customers and employees;
  • password system. Passwords are set by the system administrator and communicated individually to employees who have access to personal data of Clients and employees.

5.6 Copying and making extracts of personal data of the Client and employees is allowed solely for official purposes with the written permission of the head.

5.7 Hotel employees are prohibited from taking the above information outside the hotel on paper, machine-readable and other media, except in cases where it is necessary due to industrial necessity for employees to perform their official duties.

5.8 When working with personal data of clients and employees of the organization, hotel staff should follow measures that prevent and restrict access to this information by unauthorized persons. Including:

  • do not share your password from logging into the hotel management system with third parties;
  • upon completion of work in the system, terminate the user session;
  • prevent the storage of registration forms and other documents containing confidential information in the public domain;
  • the current day's questionnaires, documents for the Migration Service (OVIR), and registration logs are stored only in a safe;
  • archives of documents are stored in a room with limited access in lockable cabinets for a period specified by regulatory legal acts of the Russian Federation;
  • after the expiration of the retention period established by the regulatory legal acts of the Russian Federation, documents are destroyed manually or using special equipment and a corresponding act is drawn up.

5.9 A violation of these duties is considered to have been committed when information containing personal data and other confidential information has become known to persons who should not have such information.

5.10 With the permission of the governing bodies and persons of the organization, disclosure of confidential information (personal data) to third parties is possible if they are involved in activities requiring knowledge of such information, and only to the extent necessary to achieve the goals and objectives of the organization, as well as if they undertake an obligation not to disclose the information received information.

6. Duties of the hotel staff to ensure the safety of personal data

6.1 The hotel is obliged to:

6.1.1 To process Clients' personal data solely for the purpose of providing legitimate services to Clients.

6.1.2 Receive personal data of the Client or employee directly from him. If the Client's personal data can only be obtained from a third party, the Client must be notified of this in advance and written consent must be obtained from him. The Hotel staff must inform the Clients about the purposes, intended sources and methods of obtaining personal data, as well as about the nature of the personal data to be obtained and the consequences of the client's refusal to give written consent to receive them.

6.1.3 Not to receive or process the Client's personal data about his race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases stipulated by law.

6.1.4 Provide access to your personal data to the Client/employee or his/her legal representative upon request or upon receipt of a request containing the number of the main identity document of the Client or his/her legal representative, information on the date of issue of the specified document and the issuing authority and the handwritten signature of the Client or his/her legal representative. The request may be sent in electronic form and signed with an electronic digital signature in accordance with the legislation of the Russian Federation. Information about the availability of personal data should be provided to the Client in an accessible form and should not contain personal data related to other subjects of personal data.

6.1.5 To ensure the storage and protection of personal data of the Client and employees from their misuse or loss.

6.1.6 In case of identification of false personal data or illegal actions with them by the Hotel when contacting or at the request of the personal data subject or his legal representative or the authorized body for the protection of the rights of personal data subjects, the Hotel is obliged to block personal data related to the relevant personal data subject from the moment of such request or receipt of such request for the verification period.

6.1.7 In case of confirmation of the fact of unreliability of personal data, the Hotel, on the basis of documents submitted by the personal data subject or his legal representative or the authorized body for the protection of the rights of personal data subjects, or other necessary documents, is obliged to clarify the personal data and remove their blocking.

6.1.8 In case of detection of illegal actions with personal data, the Hotel is obliged to eliminate the violations within a period not exceeding three working days from the date of such detection. If it is impossible to eliminate the violations committed, the Hotel is obliged to destroy the personal data within a period not exceeding three working days from the date of detection of the illegality of actions with personal data. The Hotel is obliged to notify the personal data subject or his legal representative about the elimination of violations or the destruction of personal data, and if the request or request was sent by the authorized body for the protection of the rights of personal data subjects, also the specified body.

7. Rights of the Client and Employee

7.1. The client/An employee has the right to:

  • access to information about oneself, including information confirming the processing of personal data, as well as the purpose of such processing; methods of processing personal data used by the Hotel; information about persons who have access to personal data or who may be granted such access; list of processed personal data and their source receipt, terms of processing of personal data, including the terms of their storage; information about the legal consequences for the Client and the employee that the processing of their personal data may entail;
  • determining the forms and methods of processing his personal data;
  • restriction of methods and forms of personal data processing;
  • prohibition on the dissemination of personal data without his consent;
  • changing, clarifying, or destroying information about oneself;
  • appeal against unlawful actions or omissions in the processing of personal data and appropriate compensation in court.

8. Liability for violations of the rules governing the processing of personal data of Clients and employees

8.1 The Hotel is responsible for the personal information at its disposal and establishes the personal responsibility of the staff for compliance with the established confidentiality regime.

8.2 Each employee who receives a document containing the Client's personal data for work is solely responsible for the safety of the carrier and the confidentiality of the information.

8.3 Any person may contact the Hotel employee with a complaint about a violation of this Provision. Complaints and applications regarding compliance with data processing requirements are considered within three days from the date of receipt.

8.4 The Hotel staff is obliged to ensure proper consideration of requests, applications and complaints from Customers, as well as to facilitate compliance with the requirements of the competent authorities.

8.5 Persons guilty of violating the rules governing the receipt, processing and protection of personal data of Clients and employees are subject to disciplinary, administrative, civil or criminal liability in accordance with the current legislation of the Russian Federation.

9. Final provisions

9.1. This Regulation comes into force from the moment of its approval by the General Director of the Hotel.

9.2. Changes and additions to these Regulations may be made on the basis of an order from the General Director of the Hotel.