1. General provisions1.1 This document determines the policy of BRONEVIK COMPANY, LLC (hereinafter referred to as “the Operator”) in relation to the personal data processing and enunciates the system of main principles, applied towards personal data processing in the Company.
1.2. BRONEVIK COMPANY, LLC is an operator of personal data, and it is entered into the register of personal data operators.
1.3. This policy governs all operations, carried out with personal data by the Operator with the use of automation means or without using them.
1.4. This Policy is made in compliance with the requirements of the Federal law of the Russian Federation No. 152-FZ dated 27 July 2016 “On Personal Data”.
1.5. This Policy accounts the requirements of “General Data Protection Regulation” (GDPR) dated 27 April 2016.
1.6. This Policy is subject to updating in case of alterations in the Russian Federation legislation on personal data. The Policy shall be updated by the Operator as and when necessary, without preliminary notification of personal data owners.
1.7. The Operator has developed and implemented the documents, establishing the procedure of personal data processing and safety assurance, which ensure compliance with the requirements of the Federal law of Russian Federation No. 152-FZ dated 27 July 2006 “On Personal Data” and of laws and regulations, issued according to it.2. Main terms, used in this Policy
2.1. The personal data is any information, directly or indirectly referred to a definite or definable individual (personal data owner).
2.2. A personal data owner (PDO) is an individual, directly or indirectly defined or definable with the use of personal data.
2.3. The personal data processing is any activity (operation) or a complex of activities (operations), carried out with personal data with the use of automation means or without the use of such means, including the collection, recording, systematization, storage, detailing (updating, alteration), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, removal, destruction of personal data.
2.4. The automated processing of personal data is the processing of personal data with the use of computer engineering means.
2.5. The personal data provision are the activities, intended to the disclosure of personal data to a specific person or specific scope of persons.
2.6. The personal data blocking is a temporary termination of personal data processing (excluding for the cases, when the processing is required for the personal data detailing).
2.7. The personal data destruction are the activities, in the result of which it appears impossible to restore the content of the personal data in the personal data information system, and (or) in the result of which the personal data tangible media are destructed.
2.8. The personal data information system is a complex of personal data, contained in the databases, and information technologies and technical means, ensuring its processing.
2.9. The cross-border transfer of personal data is the transfer of personal data to the territory of a foreign country, foreign country authority, foreign individual or foreign legal body.
2.10. ClientI is an individual, who uses the services of BRONEVIK COMPANY, LLC pursuing own aims and benefits, and who isn’t ClientL.
2.11. ClientL/Agency is a legal body, who uses the services of BRONEVIK COMPANY, LLC on a contractual basis, and provides the personal data exclusively within the frames of contractual arrangements.
2.12. A visitor is an individual, who has visited the websites bronevik.com, bronevik.team, *.bronevik.com on the Internet and (or) left his/her personal data in the feedback forms.
2.13. A user is an individual, bound with ClientL/Agency by labour or contractual arrangements, ClientL.
2.14. Inactive user is a user who has not passed the authorization procedure in the operator’s services for more than 1 year.
2.15. Cookies is a small piece of data, sent by the web-server and stored on the user’s computer.
2.16. IP-address is a unique network address of the computer network host, built under TCP/IP protocol.
3. Data collection purposes
3.1. The collection of personal data of a website’s User is carried out for the purposes of performance of relation between the Operator and a website User. A website User may communicate the following personal data to the Operator:
- contact phone number;
- e-mail address;
- company’s name;
3.2. The collection of User’s personal data is carried out with the purposes of travel services provision to a User. A User may communicate his/her following personal data to the Operator (optionally):
- e-mail address;
- date of birth;
- place of birth;
- number and series of a Russian Federation citizen’s passport;
- copy of a Russian Federation citizen’s passport;
- copy of a Russian Federation citizen’s passport for travelling abroad;
- data of a foreign country passport.
3.3. The cookies files, transferred by the Operator services to a User’s or Visitor’ hardware, and by User’s or Visitor’s hardware to the Operator’s services, may be used by the Operator for provision of customized services to a User or Visitor, service quality improvement, safety assurance (including, for the authorization of a User in the system), within the scope of statistics and research purposes.
3.4. The following data on a User or Visitor may be collected within the scope of statistics and research purposes:- page address;
- the source of passing to a page;
- page title;
- browser and its version;
- operating system;
- type of device:
- screen parameters;
- Flash version;
- Silverlight version;
- Java version;
- time zone;
- browser screen parameters;
- sex and age of the visitors;
- interests of the visitors;
- geographical data;
- paging-in parameters;
- passing by external link;
- time, spend on the website;
- visit depth.
3.5. The Operator’s services collect statistics on IP-addresses of all Users and Visitors. The information on IP-addresses is required for revelation and solution of technical problems and controlling how legal will be the execution of financial payments, for a User’s personal data safety assurance, for statistical purposes.
4. Personal data processing principles and conditions
4.1. The personal data processing is carried out on a legal and justified basis.
4.2. The personal data processing is limited to the achievement of precise purposes, determined in section
4.3. The personal data processing, inconsistent with the purposes of personal data collection, is prohibited.
4.4. The processing of website User’s or ClientI’s personal data is carried out exclusively with their consent.
4.5. Website User’s personal data isn’t transferred to the third parties. The transfer to a foreign country territory isn’t carried out.
4.6. ClientI’s personal data is transferred to third parties solely for the need to provide ClientI services with his consent. Transfer to the territory of a foreign state is carried out exclusively with the consent of ClientI.
4.7. The term of website Visitor’s personal data processing amounts to 1 year from the moment of this data provision to the Operator.
4.8. User’s personal data processing is carried out on a contractual basis and with his/her consent (for ClientI). An agreement is executed between the Operator and ClientL/Agency. ClinetL/Agency is obliged to get User’s consent to his/her personal data processing and transfer to the third parties. ClientL/Agency bears liability for the receipt of User’s consent to the processing of his/her personal data on the Operator’s services. Other conditions of Users’ personal data processing are specified in the relative agreement with ClientL/Agency. A User’s personal data isn’t processed without execution of the agreement between the operator and ClientL/Agency.
4.9. The term of User’s personal data processing ends with the termination of validity of the agreement, made with ClientL/Agency, except as otherwise is provided in the agreement, or after 3 years of ClientI’s inactivity / removal in the Operator’s services or withdrawal of consent to the processing of ClientI personal data.
4.10. The personal data, provided within the frames of contractual arrangements with ClientL/Agency, aren’t transferred to the third parties without the consent of ClientL/Agency.
4.11. The cross-border transfer of a User’s personal data is carried out to the territories of foreign countries, being parties of the Convention of the Council of Europe for the Protection of Individuals with regard to Automatic Processing of Personal Data, and also of other foreign countries, which ensure the adequate protection of personal data owners’ rights, upon condition of receipt of the relative consent from a User, for provision of the services to a User.
4.12. The Operator doesn’t admit the merger of databases, containing personal data, which processing is carried out for the purposes, inconsistent against each other.
4.13. The personal data, subject to processing, is the one, meeting the purposes of its processing.
4.14. The content and scope of processed personal data correspond to the declared purposes of processing.
4.15. The personal data storage is carried out in a form, allowing to determine a personal data owner no longer, than the personal data processing purposes require it, if the term of the personal data storage isn’t determined by the Federal law, agreement, which party, beneficiary or surety is a personal data owner. The processed personal data is destroyed or through depersonalization upon processing purpose achievement, or in case of no further need in achievement of these purposes, unless otherwise is provided by the Federal law.
4.16. The Operator doesn’t carry out the processing of biometric personal data and personal data of special categories.
4.17. The Operator doesn’t carry out the making of decisions, causing legal consequences in relation to a personal data owner or otherwise affecting his/her rights and legal interests, on the basis of exclusively automated processing of the personal data.
4.18. The personal data processing is carried out by the Operator with the use of automation means.
4. 19. In any moment, a User may change (update, supplement) the personal information or its part, provided by him/her, through the function of personal data editing.
4.20 A User may also remove the personal data, provided by him/her within the frame of a precise user account, through using the relative function or sending a relative letter to the Operator’s services technical support.
5. Personal data owner rights
5.1. A personal data owner is entitled to receive information, related to his/her personal data processing, including the one, containing the following:
- confirmation of the fact of personal data processing by the Operator;
- legal groundings and purposes of personal data processing;
- purposes and means of personal data processing, applied by the Operator;
- name and location of the Operator, information on the persons (excluding for the Operator’s employees/workers), who have access to the personal data or to whom the personal data may be disclosed by virtue of agreement with the Operator or by virtue of the Federal law;
- processed personal data, referred to the relative personal data owner, the source of its receipt, if another procedure of such data provision isn’t foreseen by the Federal law;
- terms of the personal data processing, including the terms of its storage;
- procedure of execution of the rights, provided by the Federal law No. 152-FZ dated 27 July 2006 “On Personal Data”, by a personal data owner;
- information on the carried out or supposed cross-border transfer of the data;
- other information, provided by the Federal law No. 152-FZ dated 27 July 2006 “On Personal Data” or other Federal laws.
5.2. The person, who has assigned the processing of personal data of such person to the Operator, bears liability for the Operator’s activities before a personal data owner.
5.3.The one may withdraw the consent to his/her personal data processing through sending an e-mail with the relative request to the Operator.
5.4. Other rights of a personal data owner, provided by the Federal law No. 152-FZ dated 27 July 2006 “On Personal Data” or other Federal laws.
6. Measures for personal data safety assurance at its processing
6.1. In the course of personal data processing, the Operator takes all required legal, organizational and technical measures for the protection of personal data against unlawful or accidental access to it, destruction, alteration, blocking, copying, distribution of the personal data, and also against other unlawful activities in relation to the personal data.
Means of personal data safety assurance.
6.2. The publication of the local regulatory acts on the issues of personal data processing by the Operator.
6.3. The application of organizational and technical measures on assurance of the personal data safety at its processing in the personal data information systems.
6.4. The execution of internal control of the personal data processing compliance with the Federal law No. 152-FZ dated 27 July 2006 “On Personal Data” and regulations and statutes, adopted in compliance with it, requirements to the personal data protection, this Provision in relation to the personal data processing.
6.5. The establishment of regulation of the access to personal data, processed in the personal data information system, and also the assurance of registration and accounting of all activities, carried out with the personal data in the personal data information system.
6.6. The control over taken measures on the personal data safety assurance and levels of protection of the personal data information systems.
6.7. The receipt of the consent of personal data owners to the execution of their personal data processing by the Operator, including the consent to processing of biometric personal data and to execution of the cross-border transfer of the personal data.
6.8. To check, that the foreign countries, to which territory the personal data transfer is carried out, ensure the adequate protection of personal data owner rights, before the execution of cross-border transfer of the personal data.
6.9. The determination of the personal data safety threats at its processing in the personal data information systems.
6.10. The application of technical means, aimed to personal data safety assurance at its processing in the personal data information systems, required for fulfilment of the requirements to the personal data protection.
7. Additional terms and conditions
7.1. The Operator is entitled to change the currently corresponding Personal Data Processing Policy without the consent of the third parties.
7.2. This new Policy enters in force after the information on it will be posted on the website, if the changed policy doesn’t imply another option of issuance.
7.3. All suggestions, desires, demands or questions on this Personal Data Processing Policy shall be informed to the feedback section, placed on the website in the section “Contacts”.
7.4. The one can get acquainted with the relative policy on the Internet websites bronevik.com, bronevik.team or *.bronevik.com.
Updated on 17 April 2020.