Manage your cookies

To continue using the website, please select the cookies you want to allow and click "SAVE PREFERENCES" or choose "ACCEPT ALL". For more detailed information about each type of cookie, explore the descriptions provided. To learn more, please read our Cookie Policy.

  • STRICTLY NECESSARY

    These cookies are necessary for the website to operate properly and cannot be disabled. They support core functionalities, such as making bookings and ensuring secure login. These cookies do not store personal data or allow user identification.

  • PERFORMANCE

    These cookies allow us to track visits and traffic sources to measure and improve website performance. They help us understand which pages are the most and least popular and how visitors navigate the site. All information collected by these cookies is aggregated and remains anonymous.

  • FUNCTIONAL

    These cookies allow the website to remember your preferences and personalize your experience. For example, they can help you navigate the site more easily by remembering your language settings.

  • MARKETING

    These cookies enable us to deliver personalized ads and marketing content. They do not store personal information. Instead, they rely on the unique identification of your browser and device.

Kaluga Oblast, Zvizzhi,
EN
MENU
BOOK NOW

Privacy Policy of the Guest house "Kartoshkino"

  • Privacy Policy of the Guest house "Kartoshkino"

    1. General provisions



    1.1. This document defines the policy of the Guest House "Kartoshkino" (IP Serov Sergey Viktorovich, OGRNIP 311400419200022 , TIN 400400242118 , location address: Russia, 249866, Kaluga region, Dzerzhinsky district, Zvizzhi village, Rechnaya str., 3, sq. 2) (hereinafter referred to as the GD) regarding the processing and security of personal data data.


    1.2. This Personal Data Processing and Protection Policy (hereinafter referred to as the Policy) has been developed in order to implement the requirements of legislation in the field of personal data processing and security and is aimed at ensuring the protection of human and civil rights and freedoms when processing personal data in the State Duma.


    1.3. The provisions of this Policy are binding on all employees of the State Duma.


    1.4. The provisions of this Policy are the basis for the organization of all processes in the State Duma related to the processing and protection of personal data.


    1.5. This Policy has been developed pursuant to Federal Law No. 152-FZ of 07.2006 "On Personal Data" in order to ensure the protection of human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal and family secrets, in accordance with the Constitution of the Russian Federation, Civil the Code of the Russian Federation, Federal Law No. 149-FZ of 27.07.2006 "On Information, Information Technologies and Information Protection", as well as other regulatory legal acts of the Russian Federation in the field of personal data processing.


    1.6. This Policy establishes:




    • purposes of personal data processing;

    • general principles and rules of personal data processing;

    • classification of personal data and Subjects of personal data;

    • the rights and obligations of Subjects of personal data and the State Duma on their processing;

    • the procedure for organizing the processing of personal data.


    1.7. This Policy is subject to posting on a publicly available resource – on the official website of the State Duma https://kartoshkino-hotel.ru (hereinafter referred to as the Site) is freely available.


    1.8.This Policy applies to the personal data of the guests of the State Duma, collected by the State Duma:



    • on the official Website;

    • through applications for computers and mobile devices;

    • on social media pages managed by the State Duma;

    • by sending electronic messages and during communication with the Guest online or in person;

    • with the help of third parties and from other sources, such as publicly available databases;



    • in the case of visiting or being placed as a Guest in the State Duma or in any other off-network interaction.


    1.9. The consent of the Personal Data Subject to this Policy and the conditions for processing his personal data specified therein may be expressed in the form of specific actions by the Personal data Subject by closing a pop-up window, or by setting a special checkbox in the "Consent to personal data processing" field and (or) activating the information entry function. when filling out the appropriate web form, acceptance by clicking on the "Accept", "Agree", etc.) buttons of the user agreement posted on the website or user terms/ rules that contain provisions on the consent of users to the processing of their personal data, for example:




    • acceptance of the terms of the contract for services provided by the State Duma;

    • continuing to use the site and interact with its user interfaces after receiving the user's notification about data processing can be considered as a form of consent to such actions.

    • granting the necessary permissions to the mobile application upon request, at the time of installation or use;

    • marking, filling in the appropriate fields in forms, forms;

    • other actions performed by the subject of personal data, which can be used to judge his will.


    1.9.1. In case of disagreement with the terms of this Policy, the Personal Data Subject must refrain from using the Site and its services and/or consuming the services.


    1.9.2. In certain cases provided for by the legislation of the Russian Federation, consent is given in writing, indicating the information provided for by Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".



    1.10. This Policy is valid indefinitely after approval and until it is replaced by a new version.


    1.11. This Policy is subject to revision due to changes in legislation.of the Russian Federation in the field of personal data processing and protection, based on the results of an assessment of the relevance, sufficiency and effectiveness of the measures taken to ensure the security of personal data processing in the State Duma.




    1.12. This Policy applies to actions (operations) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

  • 2. Basic terms and definitions

    2.1. The Policy uses the following concepts:



    • A guest is an individual, a consumer of services provided by the State Duma, and a subject of personal data. The user is an individual using the Website of the State Duma, the subject of personal data.




    • The GPA contractor is an individual who performs work (provides services) on the territory of the State Duma on the basis of concluded civil law contracts, the subject of personal data."

    • Services provided by the State Duma are the activities of the State Duma in accordance with the Charter and assigned by the OKVED.

    • Automated personal data processing is the processing of personal data using computer technology.

    • Biometric personal data is information that characterizes the physiological and biological characteristics of a person, on the basis of which it is possible to establish his identity and which is used by the operator to establish the identity of the subject of personal data.

    • Blocking of personal data is the temporary termination of the processing of personal data (except in cases where the processing is necessary to clarify personal data).

    • Personal data security is a state of personal data security characterized by the ability of users, technical means and information technologies to ensure the confidentiality, integrity and accessibility of personal data when they are processed in personal data information systems.

    • The personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

    • Confidentiality of personal data is a mandatory requirement for a State Duma or other person who has access to personal data to prevent their disclosure and dissemination without the consent of the personal data subject or other legitimate grounds.Personal data processing is any action (operation) or set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.Publicly available personal data is personal data to which an unlimited number of persons have access with the consent of the personal data subject or which, in accordance with federal laws, is not subject to confidentiality requirements.Depersonalization of personal data is an action that makes it impossible to determine whether personal data belongs to a specific personal data subject without using additional information.Cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity; Operator is a state body, municipal body, legal entity or individual who independently or jointly with other persons organize and (or) process personal data, as well as determine the purposes of personal data processing. personal data, the composition of personal data to be processed, and the actions (operations) performed with personal data.Providing personal data is an action aimed at disclosing personal data to a certain person or a certain circle of people.Personal data is any information related directly or indirectly to a specific or identifiable natural person (personal data subject).Special categories of personal data are personal data relating to race, nationality, political views, religious or philosophical beliefs, health status and intimate life of the personal data subject.The subject of personal data is an individual who is directly or indirectly identified or determined using the data.Other information is data that cannot be used to identify an individual or that is not directly related to him.Destruction of personal data is an action that makes it impossible to restore the content of personal data in the personal data information system.

    • personal data and (or) as a result of which the material carriers of personal data are destroyed.


    2.2. Other concepts used in the Policy are applied in accordance with their meanings, as defined in Federal Law No. 152-FZ dated 27.07.2006 "On Personal Data" and other regulatory legal acts of the Russian Federation.






















  • 3. Purposes of personal data processing

    3.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data processing is not allowed.


    3.2. The user's personal data is processed for the following purposes:



    • Identification of the Guest for booking and purchase of services carried out directly in the DG.

    • Identification of the Guest for the purposes of consumption of other services of the State Duma.

    • Identification of a User registered on the Site for the purpose of consuming services provided by the site (purchase of gift certificates, booking rooms, organizing events, etc.)

    • Establishing feedback with the User and/or Guest, including: sending notifications, requests regarding the use of the Site, provision of services, processing requests and requests from the User.

    • Confirmation of the accuracy and completeness of the personal data provided by the User and/or the Guest.

    • Create an account for a personal account, if the user has agreed to create an account.

    • User notifications about cancellations, replacements of events, and changes in local acts established for Users.



    • Providing the User with effective customer and technical support in case of problems related to the use of the Website and the provision of hotel services.

    • Carrying out advertising activities, including informing Guests about offers, events, promotions, and services of the State Duma and its partners, in order to study opinions (surveys, research), and improve the quality of services provided by the State Duma and its partners. In case of unwillingness to receive advertising messages, the person who consented to receive advertising information has the right to unsubscribe from advertising by e-mail by clicking on the link provided in the advertising message.





    • The transfer of personal data for advertising purposes through partners is carried out only with a separate consent indicating the name or full name and address of the partner, the purpose of the transfer and the amount of data transmitted, or the partners send out newsletters on behalf of the Guest without obtaining direct access to the personal data of the Guests.

    • Identification of a person who performs work on the territory of the State Duma on the basis of concluded civil law contracts.


    3.3. Personal data processing may not be carried out for the purpose of causing property and moral harm to personal data subjects, making it difficult to exercise the rights and freedoms of personal data subjects.


  • 4. Classification of personal data and categories of Subjects, personal data that are processed in the State Duma

    4.1. Personal data includes any information related directly or indirectly to a specific or identifiable natural person (subject of personal data) that is processed by the State Duma to achieve these goals.


    4.2. The State Duma does not process special categories of personal data related to race, nationality, political views, religious and philosophical beliefs, unless otherwise established by the legislation of the Russian Federation.


    4.3. The State Duma processes personal data of the following categories of Personal data Subjects:



    • individuals who perform work and provide services under civil law contracts concluded with the State Duma;

    • individuals who are clients of the State Duma (guests) and/or legally represent the interests of the State Duma's clients, or intend to become such;

    • individuals who purchase or intend to purchase the services of third parties through the intermediary of the DG, provided that their personal data is included in the automated systems of the DG in connection with the provision of hotel and/or additional services to them by the DG;




    • other individuals who have expressed consent to the processing of their personal data by the State Duma, or the processing of whose personal data is necessary for the State Duma to perform duties, perform functions or powers assigned and/or provided for by an international treaty of the Russian Federation or a law of the Russian Federation.




    • minors, with the written consent of one of their parents or other legal representative, except in cases where such processing is permitted by the legislation of the Russian Federation without such consent. The State Duma takes all reasonable measures to verify that the consent was given by the legal representative of the minor. If the child has reached the age of 14, when obtaining consent to the processing of personal data, his personal consent will also be required in the form of a separate document. The legal representatives of the minor have the right to refuse consent to the processing of personal data. The refusal can be written in any form by mail to the address 249866 Kaluga region, Dzerzhinsky district, Zvizzhi village, Rechnaya str., 3, sq. 2, or by e-mail serov.ssv@yandex.ru


  • 5. Basic principles of personal data processing

    5.1. The processing of personal data in the State Duma is based on the following principles:



    • legality of the purposes and methods of personal data processing;

    • compliance of the purposes of personal data processing with the purposes pre-defined and declared during the collection of personal data;

    • compliance of the composition and volume of personal data being processed, as well as the methods of processing personal data, with the stated purposes of processing;

    • reliability of personal data, their sufficiency for processing purposes;

    • inadmissibility of processing personal data that is excessive in relation to the purposes stated during the collection of personal data;

    • the inadmissibility of combining databases containing personal data, the processing of which is carried out for purposes incompatible with each other;

    • ensuring the storage of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law, an agreement to which the personal data subject is a party.;




    • destruction or depersonalization of personal data upon achievement of the purposes of processing or in case of loss of the need to achieve these goals, unless otherwise provided by the legislation of the Russian Federation, an agreement to which the Personal Data Subject is a party.;

    • to ensure the confidentiality and security of the personal data being processed.



  • 6. Organization of personal data processing

    6.1. Personal data is processed in compliance with the principles and rules established by Federal Law No. 152-FZ dated 07.2006 "On Personal Data".


    6.2. GD processes personal data, both with the use of automation tools and without the use of automation tools.


    6.3. The State Duma may include the personal data of subjects in publicly available sources of personal data, while the State Duma takes the written consent of the subject to the processing of his personal data.


    6.4. Biometric personal data is not processed in the DG.



    6.5. The State Duma may transfer personal data across borders (both to countries that provide an adequate level of personal data protection and to other countries that may not provide an adequate level of personal data protection) in order to fulfill a contract to which the personal data subject is a party and/or with his consent. The cross-border transfer of personal data is carried out strictly in accordance with the requirements of Article 12 of Federal Law No. 152-FZ "On Personal Data", including obtaining the appropriate consent of the subject (if it is the basis) and performing all necessary procedures provided for by law by the operator (for example, notifying the authorized body for the protection of the rights of personal data subjects prior to the start of such transfer). transfers).



    6.6. Decisions based solely on automated processing of personal data that generate legal consequences for the personal data subject or otherwise affect his rights and legitimate interests are not carried out.


    6.7. If there is no need for the subject's written consent to the processing of his personal data, the subject's consent may be given by the personal data subject or his representative in any form that allows obtaining the fact of its receipt.



    6.8. The State Duma has the right to entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of an agreement concluded with this person (hereinafter referred to as the operator's order). At the same time, the State Duma in the contract obliges the person who processes personal data on behalf of the State Duma to comply with the principles and rules of personal data processing provided for by this Federal Law.



    6.9. Access to personal data processed by the State Duma is provided to government authorities (including controlling, supervisory, law enforcement and other bodies) in accordance with the scope and procedure established by the relevant legislation of the Russian Federation.


    6.10. Collection and processing of other information


    For the purposes of this Policy, "Other Information" means data that does not directly identify the user of the DG Website, but is used by the DG with his consent. These data are fragments of information that are used by the server to exchange status data with the Internet user's browser, in particular, information about the browser and device used by the site visitor, the history of site visits and pages viewed. Such information is collected by the Hotel using cookies, pixel tags ("dot markers") and other similar technologies. This information is used by the Hotel to conduct web analysis and collect statistical data, track the flow of visitors and evaluate their way of working with the site, optimize the site for the visitor, exchange data with third-party websites and redirect users to the Hotel's website.



    Since Other information does not personally identify the visitor, it can be disclosed and used for any purposes not prohibited by law. In some cases (for example, when subscribing to a user's website via the feedback form) The hotel may use Other Information in combination with the personal data of the site visitor. In such cases, such data will be considered personal in accordance with this Policy.

  • 7. Rights of the Personal data Subject

    7.1. The personal data subject has the right to:



    • to receive information regarding the processing of his personal data in the manner, form and time limits established by the Legislation on Personal Data;

    • to request clarification of their personal data, their Blocking or Destruction if the personal data is incomplete, outdated, inaccurate, illegally obtained, is not necessary for the stated purpose of processing or is used for purposes not previously stated when the Personal Data Subject consents to the processing of personal data.;




    • take legal measures to protect their rights;

    • revoke your consent to the processing of personal data in accordance with the requirements of the Federal Law of the Russian Federation "On Personal Data".


    7.2. The personal data subject is obliged to provide complete, accurate and reliable information about his/her personal data.


    7.3. The right of a personal data subject to access his/her personal data may be restricted in accordance with federal laws.

  • 8. Rights and obligations of the State Duma in the processing of personal data

    8.2. The State Duma has the right to:



    • to process the personal data of the Personal Data Subject in accordance with the stated purpose;

    • require the Personal Data Subject to provide reliable personal data necessary for the performance of the contract, the provision of services, the identification of the Personal Data Subject, as well as in other cases provided for by the Legislation on Personal Data;




    • restrict the access of a Personal Data Subject to his/her personal data if it violates the rights and legitimate interests of third parties, as well as in other cases provided for by the legislation of the Russian Federation.;

    • process publicly available personal data of individuals;

    • to process personal data subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation;

    • clarify the personal data being processed, block or delete if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing.

    • keep records of requests from Personal data Subjects;

    • to entrust the processing of personal data to another person with the consent of the Personal Data Subject.


    8.2. In accordance with the requirements of the Federal Law "On Personal Data", the State Duma is obliged to:



    • To provide the personal data subject, upon his request, with information regarding the processing of his personal data, or to legally provide a refusal.



    • At the request of the personal data subject, clarify the personal data being processed, block or delete if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing.

    • Keep records of requests from personal data subjects.

    • Notify the personal data subject about the processing of personal data in the event that the personal data was not received from the personal data subject, with the exception of cases provided for by the law of the Russian Federation.




    • If the purpose of personal data processing is achieved, immediately terminate the processing of personal data and destroy the relevant personal data, unless otherwise provided by a contract to which the personal data subject is a party, or another agreement between the State Duma and the personal data subject.




    • If the personal data subject withdraws consent to the processing of his personal data, terminate the processing of personal data and destroy personal data within the time period established by the legislation of the Russian Federation.




    • The State Duma is obliged to notify the personal data subject about the destruction of personal data.

    • The State Duma undertakes and obliges other persons who have gained access to personal data not to disclose them to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law.

    • Appoint the person(s) responsible for organizing the processing of personal data.

  • 9. Measures to ensure the security of personal data during their processing

    9.1. When processing personal data, the State Duma takes the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other unlawful actions with respect to personal data.



    9.2. Ensuring the security of personal data is achieved, in particular:



    • Identification of threats to the security of personal data during their processing in personal data information systems.

    • The application of organizational and technical measures to ensure the security of personal data during their processing in personal data information systems necessary to meet the requirements for personal data protection, the implementation of which ensures the levels of personal data security established by the Government of the Russian Federation.




    • Assessment of the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the personal data information system.

    • Taking into account the machine storage of personal data.

    • Detection of unauthorized access to personal data and taking measures.



    • Recovery of personal data that has been modified or destroyed due to unauthorized access to it.

    • Establishing rules for access to personal data processed in the personal data information system, as well as ensuring registration and accounting of all actions performed with personal data in the personal data information system.




    • By training the staff of the State Duma involved in the processing of personal data to ensure the security of personal data.

    • Control over the measures taken to ensure the security of personal data and the level of security of personal data information systems.

  • 10. Responsibility of the State Duma

    10.1. Control over compliance with the requirements of this Policy, rules and requirements applicable to the processing of personal data at the Hotel is carried out by persons appointed by Order of the executive body of the State Duma.



    10.2. The State Duma, as well as its officials and employees, bear criminal, civil, administrative and disciplinary responsibility for non-compliance with the principles and conditions of personal data processing, as well as for disclosure or illegal use of personal data in accordance with the legislation of the Russian Federation.