RU CN
Карта
доступности
Войти
  1. Main
  2. Privacy Policy

Privacy Policy for Information Protection

Last updated: 18.11.2022

GENERAL PROVISIONS

1.1. This Policy of the Regional Fund "Agency for Tourism Development of the Tula Region" (address: 300026, Tula, Sovetskaya Street, 7, office 1, e-mail address: info@visittula.com, OGRN 1147154016745, TIN 7104524805, KPP 70140100) regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements item 2 part 1 art . 18.1 of Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" (hereinafter referred to as the Law on Personal Data) in order to ensure the protection of human and civil rights and freedoms when processing his personal data, including the protection of the rights to privacy, personal and family secrets.

1.2. The Policy applies to all personal data processed by the Regional Fund "Agency for Tourism Development of the Tula Region" (hereinafter ― Operator, Organization).

1.3. The Policy defines the basic rights and obligations of the Operator and Personal data Subjects, the purposes of personal data processing, the legal grounds for processing personal data, categories of processed personal data, categories of personal data Subjects, the procedure and conditions for processing personal data, as well as measures to ensure the security of personal data during their processing applied by the Organization.

1.4. The Policy applies to the relations in the field of personal data processing that arose with the Operator both before and after the approval of the Policy.

1.5. The Policy, as well as changes to it, are approved by the Director of the Organization or the person performing his duties.

1.6. In compliance with the requirements of Part 2 of Article 18.1 of the Law on Personal Data, the Policy is published in free access on the Internet information and telecommunications network on the Operator's website.

1.7. Control over the fulfillment of the requirements of the Policy is carried out by authorized persons responsible for organizing the processing of personal data at the Operator.

1.8. Liability for violation of the requirements of the legislation of the Russian Federation and the regulations of the Operator in the field of processing and protection of personal data is determined in accordance with the legislation of the Russian Federation.

1.9. Basic terms and definitions

Personal data ― any information relating directly or indirectly to a specific or identifiable individual (Subject of personal data). Personal Data Operator (Operator) ― a state body, a municipal body, a legal entity or an individual, independently or jointly with other persons organizing and (or) processing personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data. Personal data processing is any action (operation) or a set of actions (operations) with personal data performed using automation tools or without their use. The processing of personal data includes, inter alia:

  • collection;
  • recording;
  • systematization;
  • accumulation;
  • storage;
  • clarification (update, change);
  • extraction;
  • usage;
  • transfer (distribution, provision, access);
  • depersonalization;
  • blocking;
  • removal;
  • destruction.

Automated processing of personal data is the processing of personal data using computer technology.

Dissemination of personal data ― actions aimed at disclosure of personal data to an indefinite circle of persons.

Provision of personal data ― actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

Blocking of personal data is a temporary termination of the processing of personal data (except in cases where processing is necessary to clarify personal data).

Destruction of personal data ― actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which the material carriers of personal data are destroyed.

Depersonalization of personal data ― actions as a result of which it becomes impossible to determine the identity of personal data to a specific Subject of personal data without the use of additional information.

The personal data information system is a set of personal data contained in databases and information technologies and technical means that ensure their processing.

1.10. Basic rights and obligations of the Operator

1.10.1. The Operator has the right to:

  • independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations provided for by the Law on Personal Data and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Law on Personal Data or other federal laws;
  • entrust the processing of personal data to another person with the consent of the Subject of personal data, unless otherwise provided by federal law, on the basis of a contract concluded with this person. The person processing personal data on behalf of the Operator is obliged to comply with the principles and rules of personal data processing provided for by the Personal Data Law;
  • if the Personal data Subject withdraws consent to the processing of personal data, the Operator has the right to continue processing personal data without the consent of the Personal data Subject if there are grounds specified in the Personal Data Law.

1.10.2. The Operator is obliged to:

  • organize the processing of personal data in accordance with the requirements of the Law on Personal Data;
  • respond to requests and requests from Personal data Subjects and their legal representatives in accordance with the requirements of the Law on Personal Data;
  • to report to the authorized body for the protection of the rights of Personal Data Subjects (Federal Service for Supervision in the Field of Communications, Information Technology and Mass Communications (Roskomnadzor) at the request of this body the necessary information within 30 (thirty) calendar days from the date of receipt of such a request.

1.11. Basic rights of the Subject of personal data

1.11.1. The subject of personal data has the right:

  • receive information concerning the processing of his personal data, except in cases provided for by federal laws. The information is provided to the Personal Data Subject by the Operator in an accessible form, and it should not contain personal data related to other Personal data Subjects, except in cases where there are legitimate grounds for disclosure of such personal data. The list of information and the procedure for obtaining it is established by the Law on Personal Data;
  • require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as take measures provided by law to protect their rights;
  • to put forward the condition of prior consent when processing personal data in order to promote goods, works and services on the market;
  • appeal to Roskomnadzor or in court against illegal actions or inaction of the Operator when processing his personal data.

PURPOSES OF PERSONAL DATA COLLECTION

2.1. The processing of personal data is limited to the achievement of specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

2.2. Only personal data that meet the purposes of their processing are subject to processing.

2.3. The processing of personal data by the Operator is carried out for the following purposes:

  • ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
  • implementation of civil law relations;
  • purchase and/or booking of services, as well as providing access to the information system "tourist portal of the Tula region" and a mobile application (VISIT TULA);
  • conducting contests, screenings and other events;
  • marketing promotion of services.

2.4. Processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.

LEGAL GROUNDS FOR PROCESSING PERSONAL DATA

3.1. The legal basis for the processing of personal data is a set of regulatory legal acts, pursuant to which and in accordance with which the Operator processes personal data, including:

  • Constitution of the Russian Federation;
  • The Civil Code of the Russian Federation;
  • Labor Code of the Russian Federation;
  • Tax Code of the Russian Federation;
  • Federal Law No. 7-FZ of 12.01.1996 "On Non-Profit Organizations";
  • Federal Law No. 402-FZ dated 06.12.2011 "On Accounting";
  • Federal Law No. 167-FZ dated 15.12.2001 "On Compulsory Pension Insurance in the Russian Federation";
  • other regulatory legal acts regulating relations related to the Operator's activities.

3.2. The legal basis for the processing of personal data is also:

  • The Operator's charter;
  • contracts concluded between the Operator and Personal data Subjects;
  • consent of personal data subjects to the processing of their personal data.

SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS

4.1. The content and volume of the processed personal data must comply with the stated processing purposes provided for in section 2 of the Policy. The processed personal data should not be redundant in relation to the stated purposes of their processing.

4.2. The Operator may process personal data of the following categories of Personal data Subjects.

4.2.1. Individuals who have acquired or intend to acquire the services of the Organization, the services of third parties through the mediation of the Organization or who do not have contractual relations with the Organization, provided that their personal data are included in the automated systems of the Organization and processed in accordance with the legislation on personal data:

  • surname, first name, patronymic;
  • email address;
  • phone number;
  • date of birth;
  • bank card details;
  • information about actions performed on the Operator's websites, including Visittula.com and in the VISIT TULA mobile application, as well as information about the devices used (such as geolocation, IP addresses, Cookies).

4.3. The Operator does not process biometric and special categories of personal data relating to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases provided for by the legislation of the Russian Federation.

PROCEDURE AND CONDITIONS OF PERSONAL DATA PROCESSING

5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.

5.2. The Operator collects, records, systematizes, accumulates, stores, clarifies (updates, changes), extracts, uses, transfers (distribution, provision, access), depersonalizes, blocks, deletes and destroys personal data.

5.3. The processing of personal data by the Operator is carried out in the following ways:

  • non-automated processing of personal data;
  • automated processing of personal data with or without transmission of the received information via information and telecommunication networks.

5.4. Personal data processing is carried out with the consent of Personal data Subjects to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation, namely:

  • personal data processing is carried out with the consent of the Personal data Subject to the processing of his personal data;
  • the processing of personal data is necessary to achieve the goals stipulated by an international agreement of the Russian Federation or a law, for the implementation and fulfillment of the functions, powers and duties assigned to the operator by the legislation of the Russian Federation;
  • processing of personal data is carried out in connection with the participation of a person in constitutional, civil, administrative, criminal proceedings, proceedings in arbitration courts;
  • processing of personal data is necessary for the execution of a judicial act, an act of another body or official subject to execution in accordance with the legislation of the Russian Federation on enforcement proceedings;
  • processing of personal data is necessary for the execution of the powers of federal executive bodies, bodies of state extra-budgetary funds, executive bodies of state power of the subjects of the Russian Federation, local self-government bodies and the functions of organizations involved in the provision of state and municipal services, respectively, provided for by Federal Law No. 210-FZ of July 27, 2010 "On the Organization of the provision of state and municipal services". municipal services", including registration of the Subject of personal data on the unified portal of state and municipal services and (or) regional portals of state and municipal services;
  • the processing of personal data is necessary for the execution of a contract to which the Subject of personal data is a party or beneficiary or guarantor, as well as for the conclusion of a contract on the initiative of the Subject of personal data or a contract under which the Subject of personal data will be the beneficiary or guarantor;
  • processing of personal data is necessary to protect the life, health or other vital interests of the Subject of personal data, if obtaining the consent of the Subject of personal data is impossible;
  • the processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, including in cases provided for by the Federal Law "On the Protection of the Rights and Legitimate Interests of Individuals when Carrying out Activities to Repay Overdue Debts and on amendments to the Federal Law "On Microfinance Activities and Microfinance Organizations", or to achieve socially significant goals, provided that the rights and freedoms of the Personal data Subject are not violated;
  • the processing of personal data is necessary for the professional activity of a journalist and (or) the legitimate activities of the mass media or scientific, literary or other creative activities, provided that the rights and legitimate interests of the Subject of personal data are not violated;
  • processing of personal data is carried out for statistical or other research purposes, with the exception of the purposes specified in Article 15 of the Law on Personal Data, subject to mandatory depersonalization of personal data.

5.5. The Operator's employees, whose job responsibilities include the processing of personal data, are allowed to process personal data.

5.6. The processing of personal data is carried out by:

  • receiving personal data in oral and written form directly from the Subjects of personal data;
  • obtaining personal data from publicly available sources;
  • entering personal data into the logs, registers and information systems of the Operator;
  • use of other methods of processing personal data.

5.7. Disclosure and dissemination of personal data to third parties without the consent of the Subject of personal data is not allowed, unless otherwise provided by the Law on Personal Data. Consent to the processing of personal data authorized by the Subject of personal data for distribution is issued separately from other consents of the Subject of personal data to the processing of his personal data.

5.8. The transfer of personal data to the bodies of inquiry and investigation, to the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.

5.9. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access to them, destruction, modification, blocking, distribution and other unauthorized actions, including:

  • identifies threats to the security of personal data during their processing;
  • adopts local regulations and other documents regulating relations in the field of personal data processing and protection;
  • appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
  • creates the necessary conditions for working with personal data;
  • organizes accounting of documents containing personal data;
  • organizes work with information systems in which personal data is processed;
  • stores personal data in conditions that ensure their safety and exclude unauthorized access to them;
  • organizes training of the Operator's employees who process personal data.

5.10. The Operator stores personal data in a form that allows determining the Subject of personal data, no longer than the purposes of processing personal data require, unless the period of storage of personal data is established by the Law on Personal Data, the contract.

5.11. When collecting personal data, including through the Internet information and telecommunications network, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except for the cases specified in the Law on Personal Data data.

UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL DATA, RESPONSES TO REQUESTS OF SUBJECTS FOR ACCESS TO PERSONAL DATA

6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of the Law on Personal Data, are provided by the Operator to the Personal Data Subject or his representative when contacting or receiving a request from the Personal Data Subject or his representative.

The information provided does not include personal data relating to other Personal data Subjects, except in cases where there are legitimate grounds for the disclosure of such personal data.

The request must contain:

  • the number of the main identity document of the Personal data Subject or his representative, information about the date of issue of the specified document and the issuing authority;
  • information confirming the participation of the Subject of personal data in relations with the Operator (contract number, date of conclusion of the contract, conditional verbal designation and (or) other information), or information otherwise confirming the fact of processing of personal data by the Operator;
  • signature of the Personal data Subject or his representative.

The request can be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.

If the Personal data Subject's request does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the Personal data Subject does not have access rights to the requested information, then a reasoned refusal is sent to him.

The right of a Personal data Subject to access to his personal data may be restricted in accordance with Part 8 of Article 14 of the Law on Personal Data, including if the access of a Personal data Subject to his personal data violates the rights and legitimate interests of third parties.

6.2. If inaccurate personal data is detected when the Personal Data Subject or his representative is contacted, or at their request or at the request of Roskomnadzor, the Operator blocks personal data related to this Personal Data Subject from the moment of such request or receipt of the specified request for the verification period, if the blocking of personal data does not violate the rights and legitimate interests of the Subject personal data or third parties.

In case of confirmation of the fact of inaccuracy of personal data, the Operator, based on the information provided by the Subject of personal data or his representative or Roskomnadzor, or other necessary documents, clarifies personal data within 7 (seven) working days from the date of submission of such information and removes the blocking of personal data.

6.3. In case of detection of unlawful processing of personal data when contacting (requesting) a Personal data Subject or his representative or Roskomnadzor, the Operator blocks the unlawfully processed personal data relating to this Personal Data Subject from the moment of such request or receipt of the request.

6.4. Upon achievement of the purposes of personal data processing, as well as in the case of withdrawal by the Subject of personal data of consent to their processing, personal data are subject to destruction if:

  • nothing else is provided for in the contract to which the Subject of personal data is a party, beneficiary or guarantor;
  • The Operator is not entitled to process without the consent of the Subject of personal data on the grounds provided for by the Law on Personal Data or other federal laws;
  • other is not provided for by another agreement between the Operator and the Subject of personal data.

RULES FOR THE USE OF COOKIES

7.1. Cookies are a fragment of data that the Site requests from the browser used on the User's personal computer or mobile device, which reflect the User's preferences and actions on the Site, as well as information about the equipment used by the User, the date and time of the Site visit. The user can independently, if desired, delete the saved cookies in the settings of his browser.

7.2 The Operator uses Cookies for the purposes of the Website. Information about the actions of the Site Users is processed by the Operator to improve the Operator's products and services, determine the User's preferences, and provide targeted information on the Operator's products and services and its partners.

7.3 The Website processes Cookies by both automated and (or) non-automated methods of processing, including using the Internet services "Yandex.Metrica", "Google Analytics".

7.4. The Operator uses the following types of Cookies.

Session cookies are temporary cookies that are stored during the time when the User is on the Site, and are deleted after he leaves the Site. Session Cookies allow the Site to remember information about the User's choice on the previous site in order to avoid the need to re-enter information.

Persistent cookies are cookies that are stored on the User's personal computer and are not deleted when the browser is closed. Persistent Cookies can save user preferences for a particular website, allowing you to use these preferences in future browsing sessions. Such Cookies identify the User of the Site as unique and, when returning to the Site, help to recall information about the User and his previous actions.

Statistical - includes information about the use of the Site. Their main goal is to improve the functions of the Site.

Mandatory - Cookies, which are necessary for the correct operation of the Site.

7.5 The User has the right to refuse the processing of Cookies in the settings of his browser. In this case, the Operator does not guarantee the proper functioning of the Site and the services offered by it.