Consent to the Processing of Personal Data
This agreement on the processing of personal data is developed in accordance with the legislation of the Russian Federation on the protection of personal data.
By joining this Agreement and leaving their data on the website https://moscow-comfort.ru/ (hereinafter – the «Site»), by filling out the fields of the online application, the user expresses their consent to the processing of personal data and their transfer to Anna Alexandrovna Tishkina, an Individual Entrepreneur (OGRNIP 322774600528966, INN 772644962124, Address: 121359, Russia, Moscow, Ulitsa Partizanskaya, 40, Apartment 76) (hereinafter – the «Operator» or «Dormitory»), who owns the Site, under the following conditions.
The User:
· Confirms that all the data provided by them belongs to them personally.
· Confirms and acknowledges that they have carefully read this Agreement and the terms of processing of their personal data, which they provide in the fields of the online application (booking) and/or feedback form, in their entirety; the text of the agreement and the terms of processing of personal data are clear to them.
· Expresses consent to the processing of personal data without reservations or limitations (hereinafter – the «Consent»). The moment of acceptance of the Consent is the ticking of checkboxes on the website https://moscow-comfort.ru/oplata-qr-bch/ next to the links to the documents «Consent to the Processing of Personal Data», «Privacy Policy», and clicking the «Pay» button.
· Confirms that, by giving consent, they are acting freely, of their own will, and in their own interest.
This Consent is given for the processing of personal data both with and without the use of automation tools.
Consent is given for the processing of the following personal data of the User, specified by the User in the dormitory place booking form:
· Personal details (Surname, Name, Patronymic)
· Phone number
· Email address.
The purpose of processing the personal data provided in the booking form is their storage and use, including for:
· Responding to user inquiries;
· Enabling the user to work with the dormitory’s website;
· Concluding an agreement with the user for the provision of temporary accommodation in the dormitory.
and/or for the processing of personal data in the feedback form with the dormitory:
· Personal details (Surname, Name, Patronymic)
· Contact phone number.
The purpose of processing the personal data provided in the feedback form with the dormitory is their storage and use, including for:
· Responding to user inquiries, suggestions, and complaints;
· If the user provides prior written consent to the use of their phone number, informing the user about the dormitory’s services and providing additional information.
By accepting the terms of this Agreement, the User expresses their interest and gives full consent that the processing of their personal data includes the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision of access), depersonalization, blocking, deletion, and destruction of personal data.
The User’s consent to the processing of personal data is specific, informed, and conscious.
This User’s consent is recognized as executed in electronic form.
The Consent is valid for the period necessary to provide the User with the services for the purposes of which the collection and storage of personal data was carried out, unless a different storage period for personal data is established by the agreement or the current legislation of the Russian Federation. The Consent may be withdrawn by the User by submitting a written application to the Dormitory indicating the data specified by Federal Law No. 152-FZ «On Personal Data».
In case of withdrawal of consent to the processing of personal data by the User, the Dormitory has the right to continue processing personal data without the User’s consent if there are grounds specified in clauses 2-11 of part 1 of Article 6, part 2 of Article 10, and part 2 of Article 11 of Federal Law No. 152-FZ «On Personal Data».
During the processing of personal data, the Dormitory is entitled to perform: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction of the User’s personal data.
The transfer of the User’s personal data to third parties is not carried out, except for persons processing personal data on behalf and on behalf of the Dormitory, as well as cases established by law.
The Dormitory has the right to make changes to this Agreement at any time. When changes are made, the date of the last update is indicated in the current version. The new version of the Agreement comes into force from the moment of its publication, unless otherwise provided by the new version of the Agreement.
—
Regulations on the Processing and Protection of Personal Data of Guests Residing in the Dormitories:
Dormitory No. 1 «Uyut» at the address: Moscow, Varshavskoye Shosse, 18, Building 2
Dormitory No.2 «Forma» at the address: Moscow, Konniy Pereulok, 12
1. General Provisions
1.1.These Regulations are governed by the Constitution of the Russian Federation, Federal Law No. 149-FZ «On Information, Information Technologies and Information Protection» dated July 27, 2006, Federal Law No. 152-FZ «On Personal Data» dated July 27, 2006, and other regulatory legal acts.
1.2.Basic concepts used in the Regulations:
* Dormitory— an organization providing a client with a place for temporary accommodation;
* Guest— an individual, a consumer of services, a subject of personal data;
* Dormitory Services— actions of the Dormitory for accommodating guests in the accommodation facility, as well as other activities related to accommodation and residence, which include basic and additional services provided to the guest;
* Personal Data— information stored in any format relating to a specific or identifiable natural person (subject of personal data), which by itself or in combination with other information at the disposal of the Dormitory allows for the identification of the guest’s identity;
* Processing of Personal Data— actions (operations) with personal data, including collection, systematization, accumulation, storage, clarification (updating, modification), use, distribution (including transfer), depersonalization, blocking, destruction of personal data;
* Distribution of Personal Data— actions aimed at transferring personal data to a certain circle of persons (transfer of personal data) or at familiarizing an unlimited circle of persons with personal data, including the disclosure of personal data in the mass media, placement in information and telecommunication networks, or providing access to personal data in any other way;
* Use of Personal Data— actions (operations) with personal data performed by the operator for the purpose of making decisions or performing other actions that give rise to legal consequences with respect to the subject of personal data or other persons, or otherwise affect the rights and freedoms of the subject of personal data or other persons;
* Confidentiality of Personal Data— a mandatory requirement for the operator or other person who has gained access to personal data to prevent their distribution without the consent of the subject of personal data or the existence of another legal ground.
1.3.These Regulations establish the procedure for processing personal data of guests for whom the Dormitory provides the full range of reception and accommodation services.
1.4.The purpose of these Regulations is to ensure the protection of human and civil rights and freedoms when processing their personal data.
1.5.Personal data are processed for the purpose of executing the agreement on the provision of accommodation in the dormitory, one of the parties to which is the guest. The Dormitory collects data only to the extent necessary to achieve the stated purpose.
1.6.Personal data may not be used for the purpose of causing property and moral harm to citizens, or hindering the exercise of rights and freedoms of citizens of the Russian Federation.
1.7.These Regulations are approved by the head of the Dormitory and are mandatory for all employees who have access to guests’ personal data.
2. Composition and Obtaining of Guests’ Personal Data
2.1.Personal data, the collection and processing of which is carried out by the Dormitory when providing services, include:
* Personal details(surname, name, patronymic, date, month, year of birth, etc.);
* Passport data;
* Registration address;
* Residential address;
* Contact phone number.
2.2.Related personal data include personal data of guests obtained with the guest’s consent for the purpose of booking dormitory places, feedback with guests, informing about the dormitory’s services, including through the dormitory’s website: https://moscow-comfort.ru/ and the use of the booking form and feedback form. Such data include:
* Personal details(surname, name, patronymic, date, month, year of birth, etc.);
* Contact phone number.
2.3.All personal data are obtained by the Dormitory’s employees directly from the subject of personal data – the guests. The guest bears full responsibility for providing inaccurate or someone else’s personal data.
3. Processing and Storage of Guests’ Personal Data
3.1.The processing of personal data by the Dormitory in the interests of guests consists of receiving, systematizing, accumulating, storing, clarifying (updating, modifying), using, distributing, depersonalizing, blocking, destroying, and protecting from unauthorized access to guests’ personal data.
3.2.The processing of personal data is carried out for the purpose of executing the agreement, one of the parties to which is the subject of personal data – the guest.
3.3.The processing of guests’ personal data is carried out by a mixed processing method.
3.4.Only Dormitory employees authorized to work with guests’ personal data may have access to the processing of guests’ personal data.
3.5.Guests’ personal data on paper (if they were issued in such form) are stored with the dormitory administrator.
3.6.Guests’ personal data in electronic form are stored in the local computer network of the Dormitory, in electronic folders and files on the personal computers of employees authorized to process guests’ personal data.
4. Use and Transfer of Guests’ Personal Data
4.1.The use of guests’ personal data by the Dormitory is carried out exclusively to achieve the goals defined by the agreement between the guest and the Dormitory, in particular, for the provision of accommodation or temporary placement services, as well as additional dormitory services, the provision of which is agreed with the guest.
4.2.When transferring guests’ personal data, the Dormitory must comply with the following requirements:
4.2.1. Notify persons receiving the guests’ personal data that this data may be used only for the purposes for which it was communicated, and require these persons to confirm that this rule has been complied with. Persons receiving guests’ personal data are obliged to maintain confidentiality. This provision does not apply in case of depersonalization of personal data and in relation to publicly available data.
4.2.2. Allow access to guests’ personal data only to specially authorized persons, and these persons should have the right to receive only those personal data that are necessary to perform specific functions.
4.3.It is not allowed to answer questions related to the transfer of information containing personal data by telephone or email.
4.4.The Dormitory has the right to provide or transfer guests’ personal data to third parties in the following cases:
* if the disclosure of this information is required to comply with the law of the Russian Federation,to execute a court order;
* to assist in investigations conducted by law enforcement or other government agencies;
* to protect the legal rights of the guest and the Dormitory.
5. Protection of Guests’ Personal Data from Unauthorized Access
5.1.The Dormitory is obliged, when processing guests’ personal data, to take the necessary organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, distribution of personal data, as well as from other unlawful actions.
5.2.For effective protection of guests’ personal data, it is necessary:
5.2.1. To comply with the procedure for obtaining, recording, and storing guests’ personal data;
5.2.2. To use technical means of protection and alarm systems;
5.2.3. To hold employees disciplinary liable who are guilty of violating the norms regulating the receipt, processing, and protection of guests’ personal data.
5.3.Access to guests’ personal data for Dormitory employees who do not have properly issued access is prohibited.
5.4.Documents containing guests’ personal data are stored in the office of the dormitory administration, which provides protection against unauthorized access.
5.5.Protection of access to electronic databases containing guests’ personal data is ensured by:
* Using licensed software products that prevent unauthorized access by third parties to guests’personal data;
* A password system.Passwords are set by the system administrator and communicated individually to employees who have access to guests’ personal data.
5.6.Copying and making extracts of guests’ personal data is allowed exclusively for official purposes with the written permission of the head.
6. Obligations of the Dormitory
6.1.The Dormitory is obliged:
6.1.1. To process guests’ personal data exclusively for the purpose of providing lawful services to guests.
6.1.2. To obtain the guest’s personal data directly from him/her. If the guest’s personal data can only be obtained from a third party, the client must be notified of this in advance and his/her written consent must be obtained. Dormitory employees must inform guests about the purposes, intended sources, and methods of obtaining personal data, as well as the nature of the personal data to be obtained and the consequences of the guest’s refusal to give written consent to their receipt.
6.1.3. Not to receive or process the guest’s personal data concerning his/her race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except as provided by law.
6.1.4. To provide access to his/her personal data to the guest or his/her legal representative upon application or upon receipt of a request containing the number of the main identity document of the guest or his/her legal representative, information about the date of issue of the said document and the issuing authority, and the handwritten signature of the guest or his/her legal representative. The request may be sent in electronic form and signed with an electronic digital signature in accordance with the legislation of the Russian Federation. Information about the availability of personal data must be provided to the guest in an accessible form and must not contain personal data relating to other subjects of personal data.
6.1.5. To restrict the guest’s right to access his/her personal data if:
* the processing of personal data,including personal data obtained as a result of operational-investigative, counterintelligence and intelligence activities, is carried out for the purposes of national defense, state security and public order;
* the processing of personal data is carried out by the bodies that detained the subject of personal data on suspicion of committing a crime or brought charges against the subject of personal data in a criminal case,or applied a preventive measure to the subject of personal data before bringing charges, except for the cases provided for by the criminal procedure legislation of the Russian Federation, if the suspect or the accused is allowed to familiarize himself with such personal data;
* the provision of personal data violates the constitutional rights and freedoms of others.
6.1.6. To ensure the storage and protection of the guest’s personal data from their misuse or loss.
6.1.7. In case of detection of inaccurate personal data or unlawful actions with them by the operator upon application or at the request of the subject of personal data or his/her legal representative or the authorized body for the protection of the rights of subjects of personal data, the operator is obliged to block the personal data relating to the relevant subject of personal data from the moment of such application or receipt of such request for the period of verification.
6.1.8. In case of confirmation of the fact of inaccuracy of personal data, the operator, on the basis of documents submitted by the subject of personal data or his/her legal representative or the authorized body for the protection of the rights of subjects of personal data, or other necessary documents, is obliged to clarify the personal data and remove their blocking.
6.1.9. In case of detection of unlawful actions with personal data, the operator is obliged to eliminate the violations within a period not exceeding three business days from the date of such detection. If it is impossible to eliminate the violations, the operator is obliged to destroy the personal data within a period not exceeding three business days from the date of detection of the unlawfulness of actions with personal data. The operator is obliged to notify the subject of personal data or his/her legal representative about the elimination of the violations or the destruction of personal data, and if the application or request was sent by the authorized body for the protection of the rights of subjects of personal data, also the said body.
7. Rights of the Guest
7.1.The Guest has the right to:
* Access to information about himself/herself,including information confirming the fact of processing of personal data, as well as the purpose of such processing; methods of processing personal data used by the Dormitory; information about persons who have access to personal data or to whom such access may be granted; a list of processed personal data and the source of their receipt; terms of processing of personal data, including their storage periods; information about what legal consequences for the guest may result from the processing of his/her personal data;
* Determine the forms and methods of processing his/her personal data;
* Limit the methods and forms of processing of personal data;
* Prohibit the distribution of personal data without his/her consent;
* Change,clarify, destroy information about himself/herself;
* Appeal against unlawful actions or inaction in the processing of personal data and corresponding compensation in court.
8. Confidentiality of Guests’ Personal Data
8.1.Information about guests’ personal data is confidential.
8.2.The Dormitory ensures the confidentiality of personal data and must not allow their distribution to third parties without the consent of the guests or the existence of another legal ground.
8.3.Persons who have access to guests’ personal data are obliged to maintain confidentiality; they must be warned about the need to maintain secrecy. In connection with the regime of confidentiality of information of a personal nature, appropriate security measures should be provided to protect data from accidental or unauthorized destruction, accidental loss, unauthorized access to them, modification or distribution.
8.4.All confidentiality measures when collecting, processing and storing guests’ personal data apply to all information carriers, both paper and automated.
8.5.The confidentiality regime for personal data is lifted in cases of their depersonalization or inclusion in publicly available sources of personal data, unless otherwise provided by law.
9. Liability for Violation of Norms on the Protection of Guests’ Personal Data
9.1.The Dormitory is responsible for the personal information in its possession and assigns personal responsibility to employees for compliance with the established confidentiality regime.
9.2.Each employee who receives a document containing the guest’s personal data for work bears sole responsibility for the safety of the medium and the confidentiality of the information.
9.3.Any person may contact a Dormitory employee with a complaint about a violation of these Regulations. Complaints and statements regarding compliance with data processing requirements are considered within three business days from the date of receipt.
9.4.Dormitory employees are obliged to ensure, at a proper level, the consideration of guests’ requests, applications and complaints, as well as to promote the fulfillment of the requirements of competent authorities.
9.5.Persons guilty of violating the norms regulating the receipt, processing and protection of guests’ personal data bear disciplinary, administrative, civil or criminal liability in accordance with the legislation of the Russian Federation.