Personal Data Processing Policy
1. General provisions
1.1. This Personal Data Processing Policy (the "Policy") of Aquatoria Entertainment LLC, located in 603057, Nizhny Novgorod, Gagarina Ave., 35, b.1, premise P4 (hereinafter referred to as the Operator) is an official document that defines the general principles, objectives and procedure for processing personal data of users of the https://oceanis-therm.ru website (hereinafter referred to as the Website), as well as information on the measures being implemented to protect personal data.
1.2. The policy has been developed in accordance with the legislation of the Russian Federation in the field of personal data.
1.3. This Policy applies exclusively to the Website. The Operator shall not control or be responsible for the Websites of third parties to which the User may follow the links available on the Website.
1.4. The processing by the Operator of personal data of other categories of personal data subjects is regulated by other local acts of the Operator.
1.5. This Policy shall become effective from the moment of its approval and shall remain in effect indefinitely until replaced by a new Policy.
2. Key Terms and Definitions
2.1. The following terms are used in this Policy:
2.1.1. Personal data information system - a set of personal data contained in databases and providing their processing of information technologies and technical means.
2.1.2. Processing of personal data - any action (operation) or set of actions (operations) performed using automation means or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
2.1.3. Personal data operator (operator) - a state body, a municipal body, a legal entity or an individual, independently or together with other persons organizing and (or) carrying out the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
2.1.4. Personal Data means any information relating directly or indirectly to a specified or determined individual (personal data subject);
2.1.5. Website user - any person who visits the Website and uses the information, materials and services of the Website.
2.1.6. A Website is a set of related web pages posted on the Internet at a unique address (URL), as well as its subdomains.
2.1.7. Cookies - a small piece of data sent by the web server and stored on the User's computer, which the web client or web browser each time forwards to the web server in an HTTP request when trying to open the page of the corresponding Website.
2.1.8. IP address - unique network address of a node in a computer network through which the User gains access to the Website.
3. Procedure and conditions of personal data processing
3.1. The basis for processing personal data of users of the website is consent to processing personal data. Users of the Website give their consent to the processing of their personal data in the following cases:
when authorizing through social networks;
when filling out a feedback form/ordering a callback on the website;
when subscribing to the newsletter
when sending feedback
when sending requests;
when considering a vacancy;
when buying a ticket;
when booking a room
3.2. If the User disagrees with the terms of this Policy, the use of the website and/or any Services available when using the website shall be terminated immediately.
3.3. Personal data of website Users are processed for the following purposes:
promotion of goods, works, services;
establishing feedback with the website User, including sending notifications, requests and their processing;
receiving and publishing feedback;
selection of personnel;
maintaining statistics and analysis of the Website operation.
3.4. List of personal data of users processed on the Website using automation means:
surname, first name, patronymic;
date of birth;
city of residence;
level of education;
link or text of the summary;
other information that the user has chosen to provide.
3.5. To maintain statistics and analyze the work of the Website, the Operator processes such data using the metric services Google Analytics and Yandex.Metric as:
data from cookies;
referrer (address of the previous page).
3.8. When blocking Google Analytics and Yandex.Metrics, some of the Website's functions may not be available.
3.9. The processing of biometric personal data and special categories of personal data concerning race, nationality, political views, religious or philosophical beliefs, state of health, intimate life is not carried out on the website.
3.10. The Operator does not check the accuracy of the information provided by the User and assumes that the User provides reliable and sufficient information and monitors its relevance.
3.11. The operator performs the following actions with personal data: collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
3.12. The storage of personal data is carried out in a form that allows determining the subject of personal data no longer than the purpose of processing personal data requires.
3.13. Termination of personal data processing may include achievement of personal data processing goals, expiration of the personal data processing period, withdrawal of the Website user's consent to the processing of his personal data, as well as detection of illegal processing of personal data.
3.14. The period of storage of personal data of users of the webite is 1 year from the date of the last sending of data.
4. Personal Data Security Measures
4.1. The security of personal data processed by the Operator is ensured by the implementation of legal, organizational, technical and software measures necessary and sufficient to meet the requirements of the legislation of the Russian Federation.
4.2. The Operator shall take the following measures to ensure the security of personal data:
appointment of persons responsible for the organization of processing and ensuring the protection of personal data;
limiting the number of employees of the Operator who have access to personal data;
determining the level of security of personal data when processing personal data in information systems;
establishing rules for distinguishing access to personal data processed in personal data information systems and ensuring registration and accounting of all actions performed with personal data;
restriction of access to the premises where the main technical means and systems of personal data information systems are located and automatic processing of personal data is carried out;
keeping records of personal data machine media;
organization of reservation and restoration of operability of personal data information systems and personal data modified or destroyed due to unauthorized access to them;
establishing password complexity requirements for accessing personal data information systems;
implementation of antivirus control, prevention of introduction of malware (virus programs) and software bookmarks into the corporate network;
organization of timely update of software used in personal data information systems and information protection tools;
regular assessment of the effectiveness of measures taken to ensure the security of personal data;
detection of facts of unauthorized access to personal data and taking measures to identify the causes and eliminate possible consequences;
control over measures taken to ensure the security of personal data and levels of security of personal data information systems.
5. Website User Rights
5.1. The user of the Website has the right to receive information concerning the processing of his personal data, including those containing:
confirmation of personal data processing by the Operator;
legal grounds and purposes of personal data processing;
the purposes and methods used by the Operator for processing personal data;
name and location of the Operator, information about persons (excluding employees of the Operator) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of federal law;
processed personal data related to the relevant subject of personal data, the source of their receipt, unless otherwise provided for by federal law;
personal data processing periods, including their storage periods;
the procedure for the exercise by the personal data subject of the rights provided for by the Federal Law "On Personal Data";
information on the cross-border transfer of personal data carried out or alleged;
name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
other information provided for by the Federal Law "On Personal Data" or other federal laws.
5.2. The User of the website has the right to demand that the Operator clarify his personal data, block them or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or not necessary for the stated purpose of processing, as well as to take measures stipulated by law to protect his rights.
5.3. The User of the website has the right to request, in a structured, universal and machine-readable format, a list of his personal data provided to the Operator for processing, and to instruct the Operator to transfer his personal data to a third party if it is technically possible. In this case, the Operator shall not be liable for the actions of a third party committed in the future with personal data.
5.4. All questions regarding the processing of personal data should be reported at: firstname.lastname@example.org
6.1. The User shall be fully responsible for compliance with the requirements of the current legislation of the Russian Federation, including the laws on advertising, protection of copyright and related rights, protection of trademarks and service marks, but not limited to those listed, including full responsibility for the content and form of materials, in case of citation and other use of information received in connection with the use of the services of the website.
7. Final provisions
7.1. The Operator has the right to make changes to this Policy unilaterally in case of changes in regulatory legal acts of the Russian Federation, as well as at its discretion.
7.2. Monitoring of compliance with the requirements of this Policy is carried out by the person responsible for the organization of personal data processing.
7.3. Persons guilty of violating the norms governing the processing and protection of personal persons shall bear material, disciplinary, administrative, civil or criminal liability in accordance with the legislation of the Russian Federation.