PERSONAL DATA PROCESSING POLICY - апарт-отель VIDI Санкт-Петербург

PERSONAL DATA\nPROCESSING POLICY

1.1. VALO Service Limited Liability Company (hereinafter referred to as the "Operator"), located at: 191167, St. Petersburg, Khersonsky Passage, 6, Bldg. 1, Premises 38Н, considers compliance with the principles of legality, fairness, and confidentiality in the processing of personal data, as well as ensuring the security of processing procedures, to be its most important objectives.

1.2.\nThis Policy:

1.2.1. has been developed to implement the requirements of the current legislation of the Russian Federation in the field of processing and protection of personal data;

1.2.2. discloses the methods and principles of the Operator's processing of personal data, the rights and obligations of the Operator in processing personal data, the rights of personal data subjects, and also includes a list of measures taken by the Operator to ensure the security of personal data during their processing;

1.2.3. is a publicly available document declaring the conceptual foundations of the Operator's activities in the processing and protection of personal data.

1.3. The provisions of this Policy form the basis for organizing the Operator's activities in the processing and protection of personal data.

2.\nList of Abbreviations and Acronyms

2.1. The following terms, abbreviations and acronyms are used in this document:

2.1.1. PDIS — Personal Data Information System

2.1.2. PD Processing — any action (operation) or set of actions (operations) performed with or without automated means with PD

2.1.3. PD — Personal Data, i.e. any information relating directly or indirectly to an identified or identifiable natural person (PD subject)

2.1.4. Policy — this policy on the processing of personal data of VALO Service Sinopskaya LLC;

2.1.5. RF — Russian Federation

2.1.6. Website — a website on the Internet operated in the interests of the Operator and addressed at the domain name https://vidi-hotel.ru/,

2.1.7. PD Subject — a natural person whose personal data is processed by the Operator and/or on its behalf

2.1.8. 152-FZ — Federal Law No. 152-FZ of July 27, 2006 "On Personal Data"

3.\nPrinciples, Purposes and Content of PD Processing

3.1. In its activities, the Operator ensures compliance with the principles of PD processing specified in Article 5 of 152-FZ "On Personal Data".

3.2. The Operator carries out the following targeted PD processing in accordance with applicable PD legislation:

Purposes of PD Processing

List (Categories) of Processed PD

Categories of PD Subjects

Legal Grounds for PD Processing

Methods of Processing and Actions with PD

PD Processing (including Storage) Periods

3.2.1. provision of hotel services\n during short-term guest stays;

3.2.2 provision of long-term\n apartment rental services;

3.2.3. sale of additional\n services (fitness, room service delivery, taxi service, etc.)

3.2.4. registration and\n migration record-keeping,

3.2.5. registration of persons visiting\n those staying at the Hotel

3.2.6. Ensuring compliance with\n RF legislation on operational-investigative activities

- passport data (including surname,\n first name, patronymic (if any), registration address, passport number and series,\n issued by whom and when)

- data from a foreign citizen's\n document,

- residence permit data,

- data from a temporary identity\n document;

- birth certificate data;

- data from other documents\n certifying the identity of a citizen, or a stateless person, refugee,\n internally displaced person,

- bank card data (including\n bank card number, cardholder surname and first name),

- surname, first name, patronymic (if\n any),

- date of birth

- registration address

- phone number

- email address,

- citizenship

accommodation information,\n arrival and departure dates, goods and services purchased at the hotel,\n special requests, information about service preferences (including room types\n and types of leisure), telephone numbers used, as well as telephone and fax\n messages received;

account data\n and registration data for loyalty programs,

any\n information necessary for fulfilling special requests (for example, health\n conditions that require specific accommodation arrangements or services);

- persons who have applied for hotel services,\n checking into the Hotel, entering into long-term stay agreements, purchasing\n additional services, as well as visitors who have come to visit persons\n staying at the Hotel.

- legal representatives\n of service recipients;

- owners of premises on\n the Hotel territory

FL-132 of November 24, 1996 "On the Fundamentals of\n Tourism Activities in the RF", Articles 5,7 of FL No. 109 of July 18, 2006 "On\n Migration Registration of Foreign Citizens and Stateless Persons in the RF",\n Article 3 of RF Law of June 25, 1993 No. 5242-1 "On the Right of Citizens to\n Freedom of Movement, Choice of Place of Stay and Residence within the RF", \n paragraph 3 of Decree of the Government\n of the RF of July 17, 1995 N 713 (as amended on June 6, 2023) "On Approval of the Rules\n for Registration and Deregistration of Citizens of the Russian Federation at\n the Place of Stay and at the Place of Residence within the Russian Federation\n and the List of Persons Responsible for Receiving and Transmitting to Registration\n Authorities Documents for Registration and Deregistration of Citizens of the\n Russian Federation at the Place of Stay and at the Place of Residence within\n the Russian Federation",

Decree of the Government of the RF of\n November 18, 2020 N 1853 (as amended on April 1, 2021) "On Approval of the Rules\n for the Provision of Hotel Services in the Russian Federation"

- consent of interested parties for\n the processing of their PD

• mixed method (using\n automated means and without using automated means) by performing the\n following actions: collection, recording, systematization, accumulation,\n storage, clarification (updating, modification), extraction, use, transfer\n (distribution, provision, access), blocking, deletion, destruction

- for the period of the Operator's\n interaction with the interested party, as well as for 3 (three) years after\n the termination of such interaction (to comply with limitation periods)

3.2.7. HR and\n accounting record-keeping

3.2.8. Ensuring compliance with\n labor legislation

3.2.9 Ensuring compliance with\n pension legislation

3.2.10 Ensuring compliance with\n defense legislation

3.2.11. Compliance with\n anti-corruption legislation;

3.2.12. Ensuring compliance with tax\n legislation

3.2.13. Voluntary health\n insurance

3.2.14. Personnel recruitment\n (candidates) for vacant positions of the operator

3.2.15 Preparation, conclusion and\n execution of a civil law contract

3.2.16 promotion of goods, works\n and services on the market

- surname, first name, patronymic (if\n any),

- month, year, date of birth

- place of birth,

- marital status,

- income, gender, email address,\n registration address, residential address, phone number, SNILS, TIN,\n citizenship, identity document data, military registration data, bank card\n details, employment information (including length of service, current\n employment data indicating the name and settlement account of the\n organization), attitude to military service, education details, bank card\n details, health information

- surname, first name, patronymic (if\n any),

- month, year, date of birth

- place of birth,

- marital status,

- income, gender, email address,\n registration address, residential address, phone number, SNILS, TIN,\n citizenship, identity document data, bank card details, settlement account\n number

-name

- phone number

- website visit data

- website activity

- expected dates of stay

- room category

- region

- age

- estimated marital\n status

- surname, first name, patronymic

- email address

- phone number

Job applicants (in the scope of information\n necessary to consider employment for\n vacant positions)

Employees of the organization, persons\n engaged for work under civil law contracts.

Counterparties and representatives\n of counterparties.

interested parties entering into\n agreements with the Operator

Website visitors, persons staying\n and who have stayed at the Hotel

Labor Code of the RF, Article 24\n of the Tax Code of the RF, FL No. 53 of March 28, 1998 "On Military Service\n and Military Duty"

Regulation on Military Registration,\n approved by Decree of the Government of the RF of November 27, 2006 N 719 (hereinafter —\n Regulation on Military Registration), Instructions on the Organization of\n Work to Ensure the Functioning of the Military Registration System, approved\n by Order of the Minister of Defense of the RF of November 22, 2021 N 700\n (hereinafter — Instructions on Military Registration), Methodological Recommendations for Maintaining\n Military Registration in Organizations, approved by the Ministry of Defense of Russia\n on July 11, 2017 (hereinafter — Methodological Recommendations) (applied to the extent not\n contradicting the provisions of the Instructions on Military\n Registration).

Consent of interested parties for\n PD processing

Consent given by personal\n data subjects.

Consent of personal data\n subjects

• mixed method (using\n automated means and without using automated means)\n by performing the following actions: collection, recording, systematization,\n accumulation, storage, clarification (updating, modification), extraction,\n use, transfer (distribution, provision, access), blocking, deletion,\n destruction

• mixed method (using\n automated means and without using automated\n means) by performing the following actions: collection, recording,\n systematization, accumulation, storage, clarification (updating, modification),\n extraction, use, transfer (distribution, provision, access), blocking,\n deletion, destruction

- for the period of the Operator's\n interaction with the interested party, as well as for 3 (three) years after\n the termination of such interaction (to comply with limitation periods) —\n for employees and persons performing work under civil law contracts.

- for the period of interaction with\n the Operator, for job applicants.

• for the period of execution of concluded\n agreements, as well as for 3 (three) years after the termination of such\n participation (to comply with limitation periods)

until the consent is withdrawn by the subject

4. Specifics of Collection and Other\nPD Processing

4.1. The Operator\nprocesses PD that became known to it:

4.1.1. In the implementation of\nany legal relations between the Operator and PD subjects related to the\nparticipation of PD subjects in the Operator's activities

4.1.2. In\ninteracting with PD subjects via the Website, as well as carrying out\ninformational and/or organizational interaction with PD subjects.

4.2. When collecting PD,\nthe Operator ensures the recording, systematization, accumulation, storage,\nclarification (updating, modification), extraction of PD of RF citizens using\ndatabases located on the territory of the RF, except in cases directly provided\nfor by the current RF legislation on PD.

4.3. For PD processing,\nthe Operator may use information systems, removable machine storage media (for\nexample, optical and magneto-optical disks, flash drives, removable hard\ndrives, etc.), paper storage media, and may also transfer PD using information\nand telecommunication networks (including the Internet).

4.4. The Operator may\nsend (subject to reasonable limits on frequency and quantity, at any time and\nwithout prior notice) informational materials about the Operator's news and\nactivities to PD subjects, provided there is corresponding consent from the PD\nsubjects. Informational materials may be sent to PD subjects via those\ncommunication channels (contact details) that PD subjects have provided to the\nOperator. PD subjects have the right at any time to decline receiving materials\nfrom the Operator by following the instructions in the received materials or by\nsending the Operator a corresponding request.

4.5. The Operator does not\nmake decisions that give rise to legal consequences for PD subjects or otherwise\naffect their rights and legitimate interests based solely on automated\nprocessing of their PD.

4.6. The Operator does not\nperform the above PD processing actions as biometric PD and does not use PD to\nestablish (biometric identification) and/or verify (biometric authentication)\nthe identity of PD subjects.

5.\nSpecifics of Personal Data Processing via the Website

5.1. When PD subjects visit the Website and use its functionality, passive collection of technical information from PD subjects' user devices may occur using various technologies and methods. This is necessary due to the specifics of how the Internet operates and access to information resources (websites) hosted on it is provided.

5.2. The collection of technical information and its further use is necessary to ensure uninterrupted access of PD subjects to the Website and their use of the Website's functionality, as well as to ensure information security when visiting the Website and using its functionality.

5.3. The Operator does not:

5.3.1. directly or indirectly identify PD subjects using technical information or other data;

5.3.2. match and/or combine (link) technical information with PD in the Operator's possession and/or other data;

5.3.3. process technical information for analytical and marketing (advertising) purposes;

5.3.4. transfer technical information to third-party Internet services.

5.4. PD subjects may refuse to accept the Website's authentication cookies using their Internet browser settings. However, this may cause some inconvenience when using the Website (for example, the need for PD subjects to regularly undergo the authentication procedure on the Website).

5.5. This Website is not intended for persons under 18 years of age, and the Operator requires that such persons do not provide their PD via the Website. If the Operator discovers that minors or children have provided their PD via the Website, the Operator shall destroy such PD within no more than ten business days from the date of discovery.

5.6. The Policy does not regulate the processing and protection of PD with respect to any other websites or web objects (including, but not limited to, any mobile applications) accessible through the Website or to which the Website contains a link. The presence or inclusion of a link to any such website or object on the Website does not imply any guarantees or representations on the part of the Operator.

6.\nTransfer of Personal Data.

6.1. The Operator may engage third parties in PD processing by commissioning third parties to process PD and/or by transferring PD to third parties without commissioning PD processing. The Operator does not carry out cross-border transfer of PD.

6.2. The engagement of third parties in PD processing may only be carried out provided that such persons process PD in the minimum necessary scope and exclusively for the achievement of the PD processing purposes provided for by the Policy, and also provided that such persons ensure the confidentiality and security of PD during their processing (in case of non-fulfillment of these conditions by third parties, such persons shall be liable based on their contractual obligations to the Operator and/or in accordance with the provisions of applicable PD legislation).

6.3. When using TravelLine:Platform, including TravelLine: Booking Engine, TRAVEL LINE SYSTEMS LLC acts on behalf of the Operator, in accordance with paragraph 3 of Article 6 of Federal Law of the RF "On Personal Data" No. 152-FZ of July 27, 2006.\nAddress: Russian Federation, 424003, Republic of Mari El, Yoshkar-Ola, Leninsky Prospect 56A, TRAVEL LINE SYSTEMS LLC.

6.4. The above-mentioned third parties may potentially include:

6.4.1. persons who have the right, in cases provided by applicable legislation, to receive PD in the scope necessary for the exercise and fulfillment of the functions, powers and duties assigned to such persons;

6.4.2. the Operator's counterparties, the acquisition and use of whose products (goods, works, services) by the Operator is necessary for the achievement of the PD processing purposes provided for by the Policy.

6.5. The actual composition of third parties engaged by the Operator in PD processing is determined based on the established relations between the Operator and the PD subject, as well as in accordance with the provisions of applicable legislation, agreements between the Operator and the PD subject, and the PD subject's consent(s) to PD processing.

6.6. The Operator may create publicly available PD sources and/or distribute PD only with the consent of the PD subject or based on the requirements of applicable legislation.

7. Procedure for Termination of PD Processing (Destruction)

7.1. The Operator has established the following conditions for termination of PD processing:

7.1.1. achievement of the purposes of PD processing and maximum PD storage periods;

7.1.2. loss of the need to achieve the purposes of PD processing;

7.1.3. provision by the PD subject or their legal representative of information confirming that the PD was obtained unlawfully or is not necessary for the stated purpose of processing;

7.1.4. impossibility of ensuring the lawfulness of PD processing;

7.1.5. withdrawal by the PD subject of consent to PD processing, if the retention of PD is no longer required for the purposes of PD processing;

7.1.6. request of the PD subject to the Operator to cease PD processing, except in cases provided by legislation;

7.1.7. expiration of the limitation periods for legal relations within which PD processing is or was carried out;

7.1.8. liquidation or reorganization of the Operator.

7.2. If it is impossible to destroy PD within the timeframes specified by 152-FZ for cases where it is impossible to ensure the lawfulness of PD processing, upon achievement of the purposes of PD processing, and upon the subject's withdrawal of consent to PD processing and/or receipt by the Operator of the PD subject's request to cease PD processing, if PD retention is no longer required for the purposes of PD processing, the Operator shall block the PD and destroy it within 6 (six) months, unless a different period is established by applicable legislation.

7.3. PD destruction is carried out in a manner that precludes the possibility of restoring this PD. If PD cannot be destroyed without such damage to its material storage medium that would prevent its further use as intended, both the PD and its material storage medium shall be destroyed.

7.4. Confirmation of PD destruction is carried out in accordance with the requirements established by the authorized body for the protection of PD subjects' rights.

8. Measures for Proper Processing and Ensuring PD Security

8.1.\nThe Operator, when processing PD, takes all necessary legal, organizational and technical measures to protect PD from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution, as well as from other unlawful actions with respect to PD. PD security is achieved, in particular, by the following means (taking into account their applicability depending on the method and specifics of PD processing):

8.1.1\nby issuing documents defining the Operator's policy on PD processing, local acts on PD processing matters defining for each purpose of PD processing the categories and list of processed PD, categories of subjects whose PD is processed, methods, periods of processing and storage, the procedure for PD destruction upon achievement of processing purposes or upon occurrence of other legal grounds, as well as local acts establishing procedures aimed at preventing and detecting violations of PD legislation, and eliminating consequences of such violations. Such documents and local acts may not contain provisions restricting the rights of PD subjects, or imposing on the Operator powers and obligations not provided for by PD legislation;

8.1.2.\nby conducting internal control and/or audits of compliance of PD processing with the requirements of 152-FZ and regulatory legal acts adopted in accordance with it, PD protection requirements, the Operator's PD processing policy, and the Operator's local acts;

8.1.3.\nby conducting a harm assessment in accordance with the requirements established by the authorized body for the protection of PD subjects' rights in the RF, which may be caused to subjects in the event of violation of applicable PD legislation requirements, the ratio of said harm and the measures taken by the Operator aimed at ensuring fulfillment of obligations provided for by applicable PD legislation requirements;

8.1.4.\nby familiarizing persons engaged (authorized) by the Operator in PD processing with the requirements of applicable PD legislation, including PD protection requirements, documents defining the Operator's PD processing policy, local acts on PD processing matters, and/or training such persons;

8.1.5.\nby identifying PD security threats that may arise during their processing in PDIS;

8.1.6.\nby applying organizational and/or technical measures to ensure PD security during their processing, including in PDIS, necessary to ensure the permanent confidentiality, integrity, availability and resilience of processes and/or systems associated with PD processing;

8.1.7.\nby applying information protection tools that have undergone the established compliance assessment procedure, when the application of such tools is necessary to neutralize current PD security threats and information technologies used in PDIS;

8.1.8.\nby evaluating the effectiveness of PD security measures taken before putting PDIS into operation;

8.1.9.\nby determining the storage locations of material (including machine) PD carriers, ensuring accounting and preservation of such PD carriers, as well as separate storage of PD (material carriers) processed for different purposes;

8.1.10.\nby prohibiting the combining of databases with PDIS or the recording of PD on a single material carrier if PD processing is carried out for incompatible purposes;

8.1.11.\nby detecting unauthorized access to PDIS and taking appropriate measures, including measures to detect, prevent and eliminate the consequences of computer attacks on PDIS associated with PD processing, and to respond to computer incidents in them;

8.1.12.\nby restoring PD that has been modified or destroyed as a result of unauthorized access;

8.1.13.\nby establishing access rules for PD processed in PDIS, as well as ensuring registration and recording of all actions performed with PD in PDIS;

8.1.14.\nby monitoring the measures taken to ensure PD security and the level of protection of PDIS associated with PD processing;

8.1.15.\nby establishing and approving a list of persons (positions) engaged (authorized) by the Operator in automated and/or non-automated PD processing, including in PDIS, and restricting access to PDIS for other persons;

8.1.16.\nby informing persons engaged (authorized) in PD processing without the use of automated means about the fact of such processing, the categories of processed PD, the categories of subjects, as well as the specifics and rules of such processing provided for by applicable PD legislation and regulatory legal acts, and the Operator's local acts;

8.1.17.\nby organizing a security regime for premises in which PD processing is carried out and/or hardware and software tools used for PD processing are located;

8.1.18.\nby destroying PD in a manner that precludes subsequent restoration and further PD processing, as well as confirming PD destruction in accordance with the requirements established by the authorized body for the protection of PD subjects' rights in the RF.

8.2. In the event of an established fact of unlawful or accidental transfer (provision, distribution, access) of PD that resulted in a violation of PD subjects' rights, the Operator, in the manner and within the timeframes provided by legislation, notifies the authorized body for the protection of PD subjects' rights of the said fact.

9. Rights of the Personal Data Subject

9.1. The PD subject has the right to obtain information about the processing of their PD by the Operator.

9.2. The PD subject has the right to demand from the Operator the clarification of their PD, their blocking or destruction if the PD is incomplete, outdated, inaccurate, unlawfully obtained, or cannot be recognized as necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights.

9.3. The right of the PD subject to access their PD may be restricted in accordance with federal laws, including if the PD subject's access to their PD violates the rights and legitimate interests of third parties.

9.4. The PD subject has the right at any time to fully or partially withdraw the consent(s) previously given to the Operator for PD processing and/or to apply to the Operator with a request to cease PD processing, except in cases where PD processing is provided for by paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10 and Part 2 of Article 11 of 152-FZ. The rights specified in this paragraph may be exercised by sending the Operator a request.

9.5. To exercise and protect their rights and legitimate interests, the PD subject or their representatives have the right to contact the Operator in any convenient and available manner (including by email at d.efremov@valohotelcity.ru).

9.6.\nThe Operator reviews any requests and complaints from PD subjects, thoroughly investigates violations and takes all necessary measures for their immediate elimination, punishment of responsible persons and resolution of disputes and conflicts out of court.

9.7. The PD subject has the right to appeal the actions or inaction of the Operator by contacting the authorized body for the protection of PD subjects' rights.

9.8. The PD subject has the right to protect their rights and legitimate interests, including compensation for losses and/or moral damages in court.

10. Access to the Policy

10.1.\nThe current version of the Policy in paper form is stored at the location of the Operator's executive body.

10.2.\nThe electronic version of the current Policy is published on the Website.

11.1.\nThe Policy is approved and put into effect by a decision of the Operator's sole executive body and remains valid until its cancellation.

11.2.\nThe Operator has the right to amend the Policy as necessary (hereinafter — "Amendments"). Amendments are approved by a decision of the Operator's sole executive body. In such case, the amended version of the Policy is published on the Website indicating the date of its entry into force.

11.3.\nPD subjects are obliged to independently monitor Amendments. Participation of PD subjects in the Operator's activities and/or their visiting/using the Website after the amended version of the Policy enters into force constitutes acceptance by such PD subjects of the provisions of the amended version of the Policy.

11.4.\nThe Policy is reviewed as necessary, but no less than once every three years from the date of the previous Policy review.

11.5.\nThe Policy may be reviewed earlier than the period specified in the Policy, as amendments are made:

11.5.1. to\nthe regulatory legal acts of the RF in the field of PD;

11.5.2. to\nthe Operator's local acts regulating the organization of PD processing and security;

11.5.3. to\nthe Operator's procedure for organizing PD processing and security.

12. Liability

12.1. The sole executive body of the Operator and participants in its activities, as well as other persons guilty of violating the norms governing the processing and protection of PD, shall bear liability as provided by RF legislation.

CONSENT\nTO THE PROCESSING OF PERSONAL DATA

While using the website https://vidi-hotel.ru/, an individual is offered to accept (accede to) this Consent to the Processing of Personal Data (hereinafter referred to as the Consent). The User gives their consent to VALO Service Sinopskaya LLC (TIN 7842224808), located at St. Petersburg, Salova St., 61, Bldg. 1, Office 903-н (hereinafter referred to as the Operator), for the processing of their personal data under the following terms:

1. This Consent is given for the processing of personal data both without the use of automated means and with their use.

2. Consent is given for the processing of the following personal data:

your name, gender, personal and work contact information, position, date and place of birth, passport and visa data;

accommodation information, arrival and departure dates, goods and services purchased at the hotel, special requests, information about your service preferences (including room types and types of leisure activities), telephone numbers used, as well as telephone and fax messages received;

information about your bank card, as well as your account and registration data for loyalty programs;

any information necessary for fulfilling special requests (for example, health conditions that require specific accommodation arrangements or services);

information, feedback, or content provided by you regarding your marketing preferences, in surveys, raffles, contests, or promotional offers on our websites or applications, as well as similar information about third parties;

information collected during your stay at the hotel or through video surveillance systems, Internet systems (including wireless networks that collect data about your computer, smart or mobile device, or your location), key cards, and other security systems and technologies;

information collected during the use of the website;

contact details and other relevant information about employees of corporate clients and service providers, as well as other persons with whom we cooperate (travel agencies, meeting and event planners); in certain cases — information about the credit account status of clients.

3. Personal data is not publicly available.

4. The processing of personal data by the Operator is carried out for the purposes of:

providing hotel services and long-term accommodation services (apartment rental) in hotels operating under the VIDI brand;

booking hotel rooms and services by the personal data subject;

concluding agreements with the personal data subject for the provision of hotel services, long-term accommodation services (apartment rental), and the provision of these services;

providing the personal data subject with information about the services offered by the hotel, about marketing promotions, and about new services.

For other purposes, the achievement of which is not prohibited by federal legislation and international treaties of the Russian Federation.

5. In accordance with applicable legislation, we may collect and use relevant parts of your personal data in order to:

provide accommodation and charge for hotel stays, as well as for other goods and services;

provide more personalized service, including providing information and third-party services (for example, additional services for hotel guests, visits to local attractions, and transfer options);

respond to requests for information and services, including third-party services (for example, restaurants or transportation companies);

fulfill our contractual obligations to you, to anyone involved in organizing your travel (for example, travel agencies, group tour organizers, and your employer), as well as to service providers (for example, credit card companies);

conduct market research, customer satisfaction surveys and for quality assurance purposes, carry out targeted marketing, and organize advertising campaigns;

ensure the safety and security of personnel, guests, and other visitors;

maintain general documentation;

ensure compliance with laws and regulations;

test and evaluate new products and services.

6. In the course of processing, the following actions will be performed with personal data: collection; recording; systematization; accumulation; storage; clarification (updating, modification); extraction; use; transfer (distribution, provision, access); blocking; deletion; destruction. You can always choose what personal data (if any) you wish to provide to us. However, if you choose not to provide certain data, this may affect our interaction (for example, we cannot process a booking without a name). If you provide us with your contact information (for example, postal address, email address, phone number), we may contact you and inform you about products, services, promotional offers, and events that we believe may be of interest to you. You can always limit the number of all or some of the communications you receive by contacting us as described in Section 11 below, or by following the unsubscribe instructions in the relevant communications. The Operator and other persons who have gained access to personal data are obliged not to disclose to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law. Your personal information will be stored for the period required by the legislation of the hotel's jurisdiction. This means that information may be stored after your departure. We may delete your personal information if it is no longer required for the purposes described above.

7. The Consent comes into effect from the moment of its signing and is valid until the individual is no longer subject to this Consent.

8. The Consent may be withdrawn by the personal data subject or their representative by sending a written statement to the Operator or its representative at the address indicated at the beginning of this Consent.

9. In the event of withdrawal of consent to the processing of personal data by the personal data subject or their representative, the Operator shall have the right to continue processing personal data without the consent of the personal data subject if there are grounds specified in paragraphs 2-11 of Part 1 of Article 6, Part 2 of Article 10, and Part 2 of Article 11 of Federal Law No. 152-FZ of July 27, 2006 "On Personal Data".

10. As our activities are constantly evolving, these Rules may also be changed.

11. If you have questions regarding the Consent, or other concerns or complaints related to the regulation of the Consent, or if you wish to submit a request for information regarding your personal information stored by us, please contact us using one of the following methods:

by calling one of the phone numbers listed in the "Contacts" section of the official hotel website https://vidi-hotel.ru/;

by sending a letter to VALO Service Sinopskaya LLC, 191167, St. Petersburg, Khersonsky Passage, 6, Bldg. 1, Premises 38Н, or by visiting the guest registration desk at the hotel.

12. This Consent is valid for the entire period until the termination of personal data processing as specified in Sections 7 and 8 of this Consent. In the event of any discrepancies between the Russian and English versions of this document and any version of this Consent in any other language, the Russian version shall prevail (to the maximum extent permitted under applicable law).