Privacy Policy

APPROVING IT
General manager
LLC "Hospitals-Travel"
D. A. Vakhonin

1. General provisions

The Personal Data Processing policy of Hospitals-Travel LLC has been developed in accordance with Part 2 of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006 "Operational Data" and is intended to provide unlimited access to information regarding the processing of personal data, as well as to information about the requirements for personal data protection that are being implemented in LLC "Hospitals-Travel".

This Policy is an excerpt from the Regulation on the Processing and Protection of Personal Data of Hospitals-Travel LLC and describes the procedure for processing and protecting personal data of individuals in connection with the implementation of labor relations, conclusion of contracts and fulfillment of contractual obligations of Hospitals-Travel LLC.

Personal data is classified as confidential information and is protected from unauthorized, including accidental, access to it.

2. Basic concepts in the field of personal data

Personal data means any information relating directly or indirectly to a specific or identifiable natural person, including:

- last name, first name, patronymic;

- date and place of birth.

- registration address, place of residence;

- family, social and property status;

- education, profession, income, etc.

The following terms are also used in this Policy:

Personal data operator – a legal entity that independently or jointly with third parties organizes and performs the processing of personal data, as well as determines the purposes of processing, the composition of personal data and actions with them;

Personal data subject – an individual whose personal data is processed by the personal data operator.

Processing of personal data – any action performed with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.

Automated processing of personal data – processing of personal data using computer technology.

Dissemination of personal data – actions aimed at disclosing personal data to an indefinite group of persons.

Provision of personal data – actions aimed at disclosing personal data to a certain person or a certain group of persons.

Destruction of personal data – actions that make it impossible to restore the content of personal data in the personal data information system or as a result of which the material carriers of personal data are destroyed.

Depersonalization of personal data – actions that make it impossible to determine whether personal data belongs to a specific personal data subject without using additional information.

Personal data information system – a set of personal data contained in databases and information technologies and technical means that ensure their processing.

3. Processing of personal data

Personal data is collected directly from the personal data subject. If the provision of personal data is mandatory in accordance with the law, the legal consequences of refusal to provide such data are explained to the personal data subject.

Obtaining personal data from a third party is only possible if there are legal grounds. When receiving personal data from a third party, the subject is notified of this.

It is allowed to collect personal data from publicly available sources or when personal data is made publicly available by the subject or at his request. In this case, obtaining consent to the processing of personal data and notifying the subject is not required.

When collecting personal data, including through the information and telecommunications network "Internet", recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation is provided.

It is not allowed to receive and process personal data about an individual's political, religious beliefs or private life. In cases where the processing of such information is necessary in connection with the performance of contractual obligations, it can only be obtained and processed with the written consent of the individual or his legal representative.

The processing of personal data is carried out in cases where the subject's consent to the processing of his personal data has been obtained or in other cases provided for by law.

The processing of personal data is carried out exclusively for the purpose of complying with the laws and regulations of the Russian Federation, concluding contracts and fulfilling contractual obligations.

Processing of personal data is carried out only by employees of the operator authorized by the management in accordance with the established procedure.

Personal data is processed both on physical (paper) media and in electronic form (in personal data information systems, on machine-based media).

Storage of personal data is carried out in a form that allows you to determine the subject of personal data, no longer than the purposes of processing personal data require, if the period of storage of personal data is not established by law or by an agreement to which the subject of personal data is a party.

Storage of personal data is carried out taking into account the provision of their confidentiality regime.

Personal data is destroyed or depersonalized when the processing objectives are achieved or when it is no longer necessary to achieve these objectives, unless otherwise provided by law.

The transfer of personal data to a third party is carried out only with the consent of the personal data subject or in cases expressly provided for by law.

Disclosure of personal data to a third party without the written consent of the relevant subject is not allowed, except in cases where it is necessary to protect the life, health or other vital interests of the personal data subject.

Disclosure of personal data to a third party for commercial purposes without the written consent of the relevant subject is prohibited. Processing of personal data for the purpose of promoting goods, works, and services on the market, as well as for the purpose of political campaigning, is carried out only with the prior consent of the subject.

The following persons have the right to access personal data processed by Hospitals-Travel LLC:

- General Director of Hospitals-Travel LLC;

- other employees of LLC "Hospitals-Travel", for whom the processing of personal data is necessary in connection with the performance of their official duties. Employees ' access to personal data is carried out by management in accordance with the established procedure.

Any subject whose personal data is processed by Hospitals-Travel LLC has the right to access their personal data, including the following information:

- confirmation of the processing of their personal data;

- legal grounds and purposes of processing their personal data;

- the purposes and methods of processing personal data used by the operator;

- the name and location of the operator, information about persons who have access to personal data (with the exception of employees of the operator) or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of legislation;

- the list of processed personal data related to the relevant subject, and the source of their receipt;

- terms of processing of personal data and terms of their storage;

- the procedure for the subject to exercise the rights provided for by the legislation;

- name of the person who processes personal data on behalf of the operator, if the processing is entrusted to a third party.

4. Personal data protection

When processing personal data, the necessary legal, organizational and technical measures are taken to protect personal data from unauthorized or accidental access to it, destruction, modification, blocking, copying, provision, dissemination of personal data, as well as from other illegal actions in relation to personal data.

In order to ensure the security of personal data, Hospitals-Travel LLC implements the following measures:

- application of organizational and technical measures to ensure the security of personal data when processing them in information systems that ensure compliance with the requirements for the established levels of security;

- evaluation of the effectiveness of measures taken to ensure the security of personal data processed in personal data information systems;

- accounting of machine-generated personal data carriers;

- detection of unauthorized access to personal data and response to these incidents;

- recovery of personal data modified or destroyed as a result of unauthorized access to them;

- establishing rules for access to personal data processed in personal data information systems;

- registration and recording of actions performed with personal data in personal data information systems;

- control over the measures taken to ensure the security of personal data in accordance with the established level of personal data security.

5. Responsibility

For violation of the requirements established by the legislation of the Russian Federation, the Regulations and other local acts of Hospitals-Travel LLC, employees and other persons who have obtained access to personal data are subject to disciplinary, administrative, civil and criminal liability in accordance with the federal laws of the Russian Federation.

6. Final provisions

This Policy comes into force from the moment of its approval and is valid indefinitely. Changes to the Policy are made by separate acts of Hospitals-Travel LLC.

This policy provides unrestricted access to all interested parties, including personal data subjects and authorities performing a control and supervisory function in the field of personal data.