Privacy Policy for visabooking.com
The protection of your personal data is of great importance to EYE VISTA Hotel Service, LLC. ("Company") and its affiliates (together, the "EYE VISTA Group"). This privacy policy (the "Privacy Policy") therefore intends to inform you about how the Company, a Russian company active in the provision of travel services, acting as data controller, and the EYE VISTA Group, collect and processes your personal data that you submit or disclose to us. We also act as data processor when we process your personal data received or obtained through third-parties. We process this personal data in accordance with the applicable EU and Member State regulations on data protection, in particular, the General Data Protection Regulation No 2016/679 (the "GDPR").
We encourage you to read this Privacy Policy carefully. If you do not wish your personal data to be used by us as set out in this Privacy Policy, please do not provide us with your personal data. Please note that in such a case, we may not be able to provide you with our services, you may not have access to and/or be able to use some features of the Website, and your customer experience may be impacted.
If you have any queries or comments relating to this Privacy Policy, please contact
policy@eye-vista.ru.
This privacy policy has been compiled to better serve those who are concerned with how their 'Personally Identifiable Information' (PII) is being used online. PII, as described in the Russian Federation privacy law and information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.
What personal information do we collect from the people that visit our website?
For the purposes specified under this Privacy Policy, we will process the personal data specified above and other personal data as specified to you in our specific information notices.
We can obtain such personal data either directly from you when you decide to communicate such data to us (i.e., when you fill in forms or provide it to us by e-mail) or indirectly (when you provide us the information via a third party, like a travel agent). We ensure that the personal data processed is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed.
When ordering or registering on our site, as appropriate, you may be asked to enter your full name, date of birth, passport details, living address, email address, mailing address, phone number, IP address or other details to help you with your experience.
When do we collect information? We collect information from you when you fill out a form or enter information on our site or at our related site
https://hotel-booker.ru.
How do we use your information?
We will always process your personal data based on one of the legal basis provided for in the GDPR (Articles 6 and 7). In addition, we will always process your sensitive personal data, for example, concerning your trade union membership, religious views, or health condition, in accordance with the special rules provided for in the GDPR (Articles 9 and 10).
We may collect and process your personal data for the purposes set out below and disclose your personal data to the EYE VISTA Group affiliates and EYE VISTA Group affiliates for business purposes and also to companies and our service providers who act as 'data processor' on our behalf. These purposes include:
a. Fulfilling the contract with you and legal obligations (Articles 6(1)(b) and (c) of the General Data Protection Regulation ("GDPR"): In order for you to travel abroad, it may be mandatory as required by government authorities at the point of departure and/or destination to disclose and process your personal data for immigration, border control and/or any other purposes. Also we need to provide airlines/accommodation providers with your name, passport number, contact details, and other related information in accordance with their terms and conditions. If you do not provide us with this personal data, we might not be able to offer our services to you.
b. Fulfilling your and our legitimate interests (Article 6(1)(f) of the GDPR): Where it is in both your and our benefit that we further process your personal data as part of our business administration, maintaining service quality, customer care, business management, risk assessment/management, security, and operation purposes.
c. Consent: For marketing purposes and other similar data processes that may require your authorization for their processing (Article 6(1)(a) of the GDPR). We will usually inform you before collecting your data if we intend to use your data for such purposes or if we intend to disclose your personal data to any third party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we used to collect your data.
d. Explicit consent (Article 9(2)(a) of the GDPR): Information which is considered to be 'sensitive personal data' under the GDPR. This personal data might include information necessary to arrange bookings and travel plans, including your allergies, disabilities, and other relevant health information. We collect it to provide you with our services, cater to your needs or act in your interest, and we are only prepared to accept sensitive personal data on the condition that we have your positive consent.
We will process your data for these specified, explicit and legitimate purposes, and will not further process the data in a way that is incompatible with these purposes. If we intend to process personal data originally collected for one purpose in order to attain other objectives or purposes, we will ensure that you are informed of this. We will keep your personal data for as long as it is necessary for us to comply with our legal obligations, to ensure that we provide an adequate service, and to support our business activities (Article 5 and 25(2) GDPR).
We may use the information we collect from you when you register, fill the application form, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:
• To quickly process your transactions;
• To process your visa support documents;
• To send you the scanned or original documets.
How do we protect your information?
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
We will retain your personal data for as long as it is necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.
Our website is scanned on a regular basis for security holes and known vulnerabilities in order to make your visit to our site as safe as possible.
We use regular Malware Scanning. Your personal information is contained behind secured networks and is only accessible by a limited number of persons who have special access rights to such systems, and are required to keep the information confidential. In addition, all sensitive/credit information you supply is encrypted via Secure Socket Layer (SSL) technology.
We implement a variety of security measures when a user places an order to maintain the safety of your personal information.
All transactions are processed through a gateway provider and are not stored or processed on our servers.
Do we use 'cookies'? We use cookies for tracking purposes.
We use
Metrika service by Yandex to monitor surfing at our website.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since browser is a little different, look at your browser's Help Menu to learn the correct way to modify your cookies.
If you turn cookies off, some features will be disabled. that make your site experience more efficient and may not function properly.
However, you will still be able to place orders .
Third-party disclosure We may share your personal data with EYE VISTA Group affiliates, EYE VISTA Group entities and with third parties in accordance with the GDPR. Where we share your data with a data processor, we will put the appropriate legal framework in place in order to cover such transfer and processing (Articles 26, 28 and 29). Furthermore, where we share your data with any entity outside the EEA, we will put appropriate legal frameworks in place, notably controller-to-controller (2004/915/EC) and controller-to-processor (2010/87/EU) Standard Contract Clauses approved by the European Commission, in order to cover such transfers (Articles 44 ff. GDPR).
Strategic Partners Your personal data may be transferred to, stored, and further processed by strategic partners that work with us to provide our products and services or help us market to customers. Your personal data will only be shared by us with these companies in order to provide or improve our products, services and advertising, as appropriate. If necessary, consent will be requested from you.
Service Providers We share your personal data with companies which provide services on our behalf, such as hosting, maintenance, support services, email services, marketing, auditing, fulfilling your orders, processing payments, data analytics, providing customer service, and conducting customer research and satisfaction surveys.
Corporate Affiliates and Corporate Business Transactions We may share your personal data with all Company's affiliates. In the event of a merger, reorganization, acquisition, joint venture, assignment, spin-off, transfer, or sale or disposition of all or any portion of our business, including in connection with any bankruptcy or similar proceedings, we may transfer any and all personal data to the relevant third party.
Legal Compliance and Security It may be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence – to disclose your personal data. We may also disclose your personal data if we determine that, due to purposes of national security, law enforcement, or other issues of public importance, the disclosure is necessary or appropriate.
We may also disclose your personal data if we determine in good faith that disclosure is reasonably necessary to protect our rights and pursue available remedies, enforce our terms and conditions, investigate fraud, or protect our operations or users.
Data Transfers Such disclosures may involve transferring your personal data out of the European Union, such as the United States, Japan, Singapore and India. Such transfer may take place for the purposes of providing you customer services, executing your reservation with suppliers (e.g., airlines, hotels), and providing you with services at your place of destination. For each of these transfers, we make sure that we provide an adequate level of protection to the data transferred, in particular by entering into standard contract clauses as defined by the European Commission decisions 2001/497/EC, 2002/16/EC, 2004/915/EC and 2010/87/EU.
We will not use your personal data for online marketing purposes unless you are our customer, or you have expressly consented to such use of your personal data. You can change your marketing preferences at any time by contacting us as detailed below.
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property or safety.
However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.
Our records of data processes We handle records of all processing of personal data in accordance with the obligations established by the GDPR (Article 30), both where we might act as a controller or as a processor. In these records, we reflect all the information necessary in order to comply with the GDPR and cooperate with the supervisory authorities as required (Article 31).
Security measures
We process your personal data in a manner that ensures their appropriate security, including protection against unauthorised or unlawful processing, accidental loss, destruction or damage. We use appropriate technical or organisational measures to achieve this level of protection (Article 25(1) and 32 GDPR).
We will retain your personal data for as long as it is necessary to fulfil the purposes outlined in this Privacy Statement, unless a longer retention period is required or permitted by law.
Notification of data breaches to the competent supervisory authorities In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed, we have the mechanisms and policies in place in order to identify it and assess it promptly. Depending on the outcome of our assessment, we will make the requisite notifications to the supervisory authorities and communications to the affected data subjects, which might include you (Articles 33 and 34 GDPR).
Processing likely to result in high risk to your rights and freedoms We have mechanisms and policies in place in order to identify data processing activities that may result in high risk to your rights and freedoms (Article 35 of the GDPR). If any such data processing activity is identified, we will assess it internally and either stop it or ensure that the processing is compliant with the GDPR or that appropriate technical and organisational safeguards are in place in order to proceed with it.
In case of doubt, we will contact the competent Data Protection Supervisory Authority in order to obtain their advice and recommendations (Article 36 GDPR).
Third-party links We do not include or offer third-party products or services on our Website.
We may propose hypertext links from the Website to third-party websites or Internet sources. We do not control and cannot be held liable for third parties' privacy practices and content. Please read carefully their privacy policies to find out how they collect and process your personal data.
Google Google's advertising requirements can be summed up by Google's Advertising Principles. They are put in place to provide a positive experience for users.
https://support.google.com/adwordspolicy/answer/13... We have not enabled Google AdSense on our site but we may do so in the future.
YandexYandex's advertising requirements can be summed up by Yandex's Advertising Principles. They are put in place to provide a positive experience for users.
https://direct.yandex.ruWe have enabled Yandex Direct on our site but we may do so in the future.
LiveinternetLiveinternet's advertising requirements can be summed up by Liveinternet's Advertising Principles. They are put in place to provide a positive experience for users.
http://www.liveinternet.ru/We have enabled Yandex Direct on our site but we may do so in the future.
How does our site handle Do Not Track signals? We honor Do Not Track signals and Do Not Track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.
Does our site allow third-party behavioral tracking? It's also important to note that we do not allow third-party behavioral tracking
Your rights
You have the following rights regarding personal data collected and processed by us.
• Information regarding your data processing: You have the right to obtain from us all the requisite information regarding our data processing activities that concern you (Articles 13 and 14 GDPR).
• Access to personal data: You have the right to obtain from us confirmation as to whether or not personal data concerning you are being processed, and, where that is the case, access to the personal data and certain related information (Article 15 GDPR).
• Rectification or erasure of personal data: You have the right to obtain from us the rectification of inaccurate personal data concerning you without undue delay, and to complete any incomplete personal data (Article 15 GDPR). You may also have the right to obtain from us the erasure of personal data concerning you without undue delay, when certain legal conditions apply (Article 17 GDPR).
• Restriction on processing of personal data: You may have the right to obtain from us the restriction of processing of personal data, when certain legal conditions are met (Article 18 GDPR).
• Object to processing of personal data: You may have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you, when certain legal conditions are met (Article 21 GDPR).
• Data portability of personal data: You may have the right to receive your personal data in a structured, commonly used and machine-readable format, and have the right to transmit those data to another controller without our hindrance, when certain conditions are met (Article 20 GDPR).
• Not to be subject to automated decision-making: You may have the right not to be subject to automated decision-making (including profiling) based on the processing of your personal data, insofar as this produces legal or similar effects on you, when certain conditions are met (Article 22 GDPR).
If you intend to exercise such rights, please refer to the contact section below.
If you are not satisfied with the way in which we have proceeded with any request, or if you have any complaint regarding the way in which we process your personal data, you may lodge a complaint with a Data Protection Supervisory Authority.
COPPA (Children Online Privacy Protection Act) Our products and services are primarily directed at adult customers. However, we may knowingly collect and process personal data on children under sixteen (16). On these occasions, we will take account of this event when processing the personal data of children and implementing the legal basis for such processing. For example, where the processing of personal data of children is based on their consent, we will seek the consent of parents, tutors, or other adults holding parental responsibility over children.
We do not specifically market to children under the age of 13 years old.
When it comes to the collection of personal information from children under the age of 13 years old, the Children's Online Privacy Protection Act (COPPA) puts parents in control. The Federal Trade Commission, United States' consumer protection agency, enforces the COPPA Rule, which spells out what operators of websites and online services must do to protect children's privacy and safety online.Fair Information Practices The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
•We will notify you via email within 7 business days
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.
CAN SPAM Act The CAN-SPAM Act is a law that sets the rules for commercial email, establishes requirements for commercial messages, gives recipients the right to have emails stopped from being sent to them, and spells out tough penalties for violations.
We collect your email address in order to:
• Send information, respond to inquiries, and/or other requests or questions
• Process orders and to send information and updates pertaining to orders.
• Send you additional information related to your product and/or service
To be in accordance with CANSPAM, we agree to the following: • Not use false or misleading subjects or email addresses.
• Identify the message as an advertisement in some reasonable way.
• Include the physical address of our business or site headquarters.
• Monitor third-party email marketing services for compliance, if one is used.
• Honor opt-out/unsubscribe requests quickly.
• Allow users to unsubscribe by using the link at the bottom of each email.
The Russian Federation Law For Protection of the Personal Information #152 FL (Federal Law)#152 FL dated 27.07.2006 N 152-ФЗ (issue from 29.07.2017) is the law in the nation to require commercial websites and online services to post a privacy policy. The law's reach stretches well beyond the Russian Federation to require any person or company in the Russian Federation (and conceivably the world) that operates websites collecting Personally Identifiable Information from worlwide consumers to post a conspicuous privacy policy on its website stating exactly the information being collected and those individuals or companies with whom it is being shared. - See more at:
https://iapp.org/media/pdf/knowledge_center/Russian_Federal_Law_on_Personal_Data.pdfAccording to #152 FL, we agree to the following:
Users can visit our site anonymously.
Our Privacy Policy link includes the word 'Privacy' and can easily be found on the page specified above.
You will be notified of any Privacy Policy changes: We may revise or update this Privacy Policy from time to time. Any changes to this Privacy Policy will become effective upon issuing of the revised Privacy Policy. If we make changes which we believe are significant, we will inform you through the Website to the extent possible and seek your consent where applicable.
• On our Privacy Policy Page
Can change your personal information:• By emailing us
If at any time you would like to unsubscribe from receiving future emails, you can email us at
policy@eye-vista.ru and we will promptly remove you from ALL correspondence.
Contacting Us If there are any questions regarding this privacy policy, you may contact us using the information below.
visabooking.ru
Izmailovo highway, 71-3V-411
Moscow, Russia 105613
Russia
E-mail:
policy@eye-vista.ruTel.
+ 7 901 578-6583