Privacy policy website of the restaurant «Oriental bar»
This Privacy Policy www.orientalbar.ru (hereinafter referred to as the "Policy") of the restaurant " Oriental Bar "(hereinafter referred to as the "Restaurant") was developed in accordance with the provisions of the Constitution of the Russian Federation, Federal Law of July 27, 2006 N 149-FZ "On Information, Information Technologies and Information Protection", Federal Law of July 27, 2006 N 152-FZ "On Personal Data" (hereinafter - the Law on Personal Data) and other regulatory legal acts in the field of protection and processing of personal data in force on the territory of the Russian Federation, and applies to all information that Limited Liability Company "Hotel in Petrovsky Park (TIN 7714954816) (hereinafter referred to as the Operator) can obtain information about the user while using www.orientalbar.ru .
1. DEFINITION OF TERMS
1.1. This Privacy Policy uses the following terms:
1.1.1. "Site Administration" - authorized employees of the Operator to manage the site, acting on his behalf, who organize and (or) carry out the processing of personal data, as well as determine the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.
1.1.2. "Personal data" - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).
1.1.3. "Processing of personal data" - any action (operation) or a set of actions (operations) performed using automation tools or without using such tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
1.1.4. “Confidentiality of personal data” is a mandatory requirement for the Site Administration to prevent their distribution without the consent of the subject of personal data or other legal grounds.
1.1.5. "Site" - a set of programs for electronic computers and other information contained in the information system, access to which is provided through the information and telecommunication network "Internet", and located at: www.orientalbar.ru .
1.1.6. "Site User" (hereinafter referred to as the "User") - a person who has access to the site via the Internet and uses this site for their own purposes.
1.1.7. A "cookie" is a small piece of data sent by a web server and stored on the user's computer, which the web client or web browser sends to the web server in an HTTP request every time it tries to open a page of the corresponding site.
1.1.8. “IP address” is a unique network address of a node in a computer network built using the IP protocol.
2. GENERAL PROVISIONS
2.1. The User's use of the site means acceptance of this Privacy Policy and the terms of processing the User's personal data.
2.2. In case of disagreement with the terms of the Privacy Policy, the User is obliged to stop using the site.
2.3. This Privacy Policy applies only to this site. The site administration does not control and is not responsible for third-party sites to which the User can follow the links available on this site.
2.4. The Site Administration does not verify the accuracy of the personal data provided by the Site User, and is not able to assess its legal capacity. However, it proceeds from the fact that the User provides reliable personal information .
2.5. The categories of personal data subjects include users of the site.
3. SUBJECT OF THE PRIVACY POLICY
3.1. This Privacy Policy establishes the obligations of the Site Administration for non-disclosure of personal data that the User provides at various requests to the Site Administration for the purposes provided for in this Policy (for example, when registering on the site, placing an order, subscribing to notifications, etc.), and also defines the policy in relation to the processing of personal data and contains information on the implemented requirements for the protection of personal data.
3.2. Personal data authorized by the User for processing under this Privacy Policy is provided by the User by filling out special forms on the Site and includes the following information (category of personal data - general):
3.2.1. surname, name, patronymic of the User;
3.2.2. contact phone number of the User;
3.2.3. email address (e-mail);
3.2.4. preferred date and type of event;
3.2.5. other data that the User reported to the Site Administration on his own initiative.
3.3. The user also consents to the processing of the following data, which, among other things, are automatically processed in the course of visiting the site:
• IP address;
• information from cookies;
• information about the browser (or other program that accesses the site);
• access time to the site;
• visited addresses of the pages of the site;
• History of orders;
• browsers and operating systems used, etc.
• referrer (address of the previous page), etc.
3.3.1. Disabling cookies may result in the inability to access the site.
3.3.2. The site collects statistics about the IP addresses of its visitors. This information is used to identify and solve technical problems, to control the correctness of ongoing operations.
3.4. The above, as well as any other personal information not specified above, and which became known to the Site Administration from the User, is subject to the terms of this Privacy Policy.
4. PURPOSES OF PROCESSING THE USER'S PERSONAL DATA
4.1. The User's personal data may be used by the Site Administration for the following purposes:
4.1.1. Identification of the User registered on the site for placing an order and (or) concluding an Agreement.
4.1.2. Providing the User with access to personalized resources of the site.
4.1.3. Establishing feedback with the User, including sending notifications, requests regarding the use of the site, the provision of services, processing requests and applications from the User.
4.1.4. Determining the location of the User to ensure security, prevent fraud.
4.1.5. Confirmation of the accuracy and completeness of personal data provided by the User.
4.1.6. Creating an account for making purchases, if the User has agreed to create an account.
4.1.7. Notifications to the Site User about the status of the Order.
4.1.8. Processing and receiving payments, confirming tax or tax benefits, contesting a payment, determining the right to receive a credit line by the User.
4.1.9. Providing the User with effective customer and technical support in case of problems related to the use of the site.
4.1.10. Providing the User with his consent, product updates, special offers, pricing information, newsletters and other information on behalf of the site.
4.1.11. Implementation of advertising activities with the consent of the User.
4.1.12. Granting access to the User to third-party sites or services of partners of this site in order to receive their offers, updates or services.
5. METHODS AND TERMS OF PROCESSING, TERMS OF STORAGE OF PERSONAL DATA
5.1. The processing and storage of the User's personal data is carried out without a time limit.
5.2. The processing of personal data is carried out in any legal way, including in personal data information systems using automation tools or without using such tools.
5.3. The User agrees that the Site Administration has the right to transfer personal data to third parties, in particular, courier services, postal organizations, telecommunication operators, solely for the purpose of fulfilling the User's requests made on the site under the Public Offer Agreement.
5.4. The User's personal data may be transferred to authorized state authorities only on the grounds and in the manner established by applicable law.
6. MEASURES TAKEN TO PROTECT PERSONAL DATA
6.1. The site administration, at its own expense, ensures the protection of personal data of site users from misuse or loss in the manner prescribed by the legislation of the Russian Federation.
6.2. The site administration takes measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it. The site administration independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Law on Personal Data and the regulatory legal acts adopted in accordance with it. These measures include, in particular:
- appointment of a person responsible for organizing the processing of personal data;
- publication of documents defining the site's policy regarding the processing of personal data, local acts on the processing of personal data in accordance with the requirements of the current legislation of the Russian Federation. Such documents and local acts cannot contain provisions restricting the rights of site users, as well as imposing powers and obligations on the site administration that are not provided for by the legislation of the Russian Federation;
- application of legal, organizational and technical measures to ensure the security of personal data;
- implementation of internal control and (or) audit of the compliance of the processing of personal data with the Law on Personal Data and the regulatory legal acts adopted in accordance with it, the requirements for the protection of personal data, the site's policy regarding the processing of personal data, local acts of the site;
- assessment of the harm that may be caused to users of the site in the event of a violation of the Law on Personal Data, the ratio of the specified harm and the measures taken by the site administration aimed at ensuring the fulfillment of the obligations provided for by the Law on Personal Data;
- familiarization of site employees directly involved in the processing of personal data with the provisions of the legislation of the Russian Federation on personal data, including requirements for the protection of personal data, documents defining the site's policy regarding the processing of personal data, local acts on the processing of personal data, and ( or) training of said workers.
7. OBLIGATIONS OF THE PARTIES
7.1. The user undertakes:
7.1.1. Provide correct and truthful information about personal data necessary to use the site.
7.1.2. Update or supplement the provided information about personal data in case of changes in this information.
7.1.3. Take measures to protect access to your confidential data stored on the site, in particular, do not transfer confidential data to third parties ( contact information, password, login for access to personal data located on the site) .
7.2. The site administration undertakes:
7.2.1. Use the information received solely for the purposes specified in clause 4 of this Privacy Policy.
7.2.2. Do not disclose the User's personal data, with the exception of clauses. 5.3. and 5.4. of this Privacy Policy.
7.2.3. Block personal data relating to the relevant User from the moment of the request or request of the User, or his legal representative or authorized body for the protection of the rights of subjects of personal data for the period of verification, in case of revealing inaccurate personal data or illegal actions.
7.2.4. Carry out the destruction of personal data relating to the relevant User in the manner prescribed by this Privacy Policy.
7.2.5. When collecting personal data, provide the User, at his request, with the information provided for by the legislation of the Russian Federation.
7.2.6. Take the necessary legal, organizational and technical measures or ensure their adoption to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data.
8. ORDER OF STORAGE, DESTRUCTION, BLOCKING OF PERSONAL DATA
8.1. The personal data of site users are stored electronically in the site's personal data information system, as well as in archival copies of the site's databases.
When storing personal data of site users, organizational and technical measures are taken to ensure their safety and exclude unauthorized access to them.
8.2. In the event that illegal processing of personal data is detected when a user of the site contacts the site, the site administration blocks the illegally processed personal data relating to this user from the moment of such request for the period of verification.
8.3. In the event that inaccurate personal data is detected when a user of the site contacts the site, the site administration blocks personal data relating to this user from the moment of such request for the verification period, if the blocking of personal data does not violate the rights and legitimate interests of the site user or third parties.
8.4. In case of confirmation of the fact of inaccuracy of personal data, the site administration, on the basis of information provided by the user of the site, or other necessary documents, clarifies personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
8.5. In case of detection of illegal processing of personal data by the site administration, the site administration, within a period not exceeding three working days from the date of this detection, stops the illegal processing of personal data.
8.6. If it is impossible to ensure the legality of the processing of personal data, the site administration, within a period not exceeding ten working days from the date of detection of illegal processing of personal data, destroys such personal data.
8.7. The site administration notifies the site user about the elimination of the violations committed or the destruction of personal data.
8.8. In the event of the establishment of the fact of illegal or accidental transfer (provision, distribution, access) of personal data that resulted in a violation of the rights of the site user, the site administration, from the moment such an incident is detected by the site administration, the authorized body for the protection of the rights of personal data subjects or other interested person, notifies the authorized body on protection of the rights of personal data subjects:
- within twenty-four hours about the incident, about the alleged causes that led to the violation of the site user's rights, and the alleged harm caused to the site user's rights, about the measures taken to eliminate the consequences of the relevant incident, and also provides information about the person authorized by the site administration to interact with the authorized body for the protection of the rights of subjects of personal data, on issues related to the identified incident;
- within seventy-two hours on the results of the internal investigation of the identified incident, and also provides information about the persons whose actions caused the identified incident (if any).
8.9. If the goal of processing personal data is achieved, the site administration stops processing personal data and destroys personal data within a period not exceeding thirty days from the date of achieving the goal of processing personal data.
8.10. If the user of the site revokes consent to the processing of his personal data, the site administration stops processing them and, if the storage of personal data is no longer required for the purposes of processing personal data, destroys personal data within a period not exceeding thirty days from the date of receipt of the said withdrawal.
8.11. If the site user applies to the site administration with a request to stop processing personal data, the site administration, within a period not exceeding ten working days from the date of receipt of the relevant request, stops their processing, except as provided by the Personal Data Law .
The specified period may be extended, but not more than five working days, if the site administration sends a reasoned notice to the site user indicating the reasons for extending the period for providing the requested information.
8.12. In the absence of the possibility of destroying personal data within the period specified in paragraphs 8.5.- 8.1 1 of this policy confidentiality , the site administration blocks such personal data and ensures the destruction of personal data within a period of not more than six months, unless another period is established by federal laws.
8.13. After the expiration of the period of storage of the personal data of the user of the site, or upon the occurrence of other legal grounds, personal data is subject to destruction.
8.14. Personal data of the site user and subject to destruction:
- on paper - destroyed by grinding ;
- in electronic form - are erased from information media or the media on which information is stored are physically destroyed.
9. RESPONSIBILITIES OF THE PARTIES
9.1. The site administration is responsible for the disclosure of the User's Personal Data in accordance with applicable law, with the exception of cases provided for in clauses. 5.3., 5.4. and 9.2. of this Privacy Policy.
9.2 . In case of loss or disclosure of Personal Data, the Site Administration is not responsible if this confidential information:
9.2.1. Became public property before its loss or disclosure.
9.2.2. It was received from a third party until it was received by the Site Administration.
9.2.3. Was disclosed with the consent of the User.
9.3. The User is responsible for the legitimacy, correctness and truthfulness of the provided Personal Data in accordance with applicable law.
10. DISPUTES RESOLUTION
10.1. Before going to court with a claim for disputes arising from the relationship between the Site User and the Site Administration, it is mandatory to submit a claim (a written proposal for a voluntary settlement of the dispute).
10.2. The recipient of the claim, within 30 calendar days from the date of receipt of the claim, notifies the claimant in writing of the results of the consideration of the claim.
10.3. If an agreement is not reached, the dispute will be referred to the judicial authority in accordance with applicable law.
10.4. The current legislation applies to this Privacy Policy and the relationship between the User and the Site Administration.
11. ADDITIONAL TERMS
11.1. The site administration has the right to unilaterally make changes to this Privacy Policy without the consent of the User.
11.2. The new Privacy Policy comes into force from the moment it is posted on the Site, unless otherwise provided by the new edition of the Privacy Policy.