This website uses cookies to ensure you get the best experience :)
12.1. Any entity whose personal data is processed by Hero League Travel LLC has the right to access their personal data, including the following information:
— confirmation of the fact of personal data processing;
— legal grounds and purposes of personal data processing;
— purposes and methods of personal data processing;
— the name and location of the operator, information about persons (except for the operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of the legislation of the Russian Federation;
— a list of personal data processed relating to the relevant subject and the source of its receipt;
— the terms of processing of personal data and the terms of its storage;
— the procedure for the subject to exercise the rights provided for by the legislation of the Russian Federation;
— information about the actual or intended cross-border transfer of data;
— the name of the person processing personal data on behalf of the operator, if the processing is entrusted to a third party;
— information on the methods used by the operator to fulfill the obligations established by Article 18.1 of Federal Law No. 152-FZ "On Personal Data."
12.2. Hero League Travel LLC shall provide the information specified in clause 12.1 within ten business days of receiving a request from the subject or their legal representative in the form in which the request was received (unless otherwise specified in the request). The response to the request shall not contain personal data relating to other subjects of personal data, except where there are legitimate grounds for disclosing such personal data. The deadline for responding to the request may be extended, but not by more than five working days, if the operator sends a reasoned notification to the subject indicating the reasons for extending the deadline for providing the requested information.
12.3. The request of the subject or his representative must contain:
— the number of the main document proving the identity of the subject or his representative;
— information about the date of issue of the specified document and the issuing authority;
— information confirming the subject’s relationship with Hero League Travel LLC (contract number, date of conclusion of the contract, or other information), or information otherwise confirming the fact of personal data processing by Hero League Travel LLC;
— the signature of the subject of personal data or their representative.
12.4. The subject has the right to reapply to Travel League LLC with a request for the information specified in clause 12.1 no earlier than thirty days after the initial application or sending of the initial request.
12.5. The subject has the right to request clarification of their personal data, its blocking or destruction if the personal data processed by Hero League Travel LLC is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the processing purpose stated by Hero League Travel LLC.
12.6. The subject has the right to withdraw their consent to the processing of personal data, if such consent was given. The withdrawal of consent shall be sent by the subject to Hero League Travel LLC and must contain the information specified in clause 12.3. In the event that the subject withdraws their consent to the processing of personal data, Hero League Travel LLC has the right to continue processing personal data without the consent of the subject if there are grounds provided for by the legislation of the Russian Federation or by a contract to which the subject of personal data is a party, beneficiary, or guarantor.
— confirmation of the fact of personal data processing;
— legal grounds and purposes of personal data processing;
— purposes and methods of personal data processing;
— the name and location of the operator, information about persons (except for the operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with the operator or on the basis of the legislation of the Russian Federation;
— a list of personal data processed relating to the relevant subject and the source of its receipt;
— the terms of processing of personal data and the terms of its storage;
— the procedure for the subject to exercise the rights provided for by the legislation of the Russian Federation;
— information about the actual or intended cross-border transfer of data;
— the name of the person processing personal data on behalf of the operator, if the processing is entrusted to a third party;
— information on the methods used by the operator to fulfill the obligations established by Article 18.1 of Federal Law No. 152-FZ "On Personal Data."
12.2. Hero League Travel LLC shall provide the information specified in clause 12.1 within ten business days of receiving a request from the subject or their legal representative in the form in which the request was received (unless otherwise specified in the request). The response to the request shall not contain personal data relating to other subjects of personal data, except where there are legitimate grounds for disclosing such personal data. The deadline for responding to the request may be extended, but not by more than five working days, if the operator sends a reasoned notification to the subject indicating the reasons for extending the deadline for providing the requested information.
12.3. The request of the subject or his representative must contain:
— the number of the main document proving the identity of the subject or his representative;
— information about the date of issue of the specified document and the issuing authority;
— information confirming the subject’s relationship with Hero League Travel LLC (contract number, date of conclusion of the contract, or other information), or information otherwise confirming the fact of personal data processing by Hero League Travel LLC;
— the signature of the subject of personal data or their representative.
12.4. The subject has the right to reapply to Travel League LLC with a request for the information specified in clause 12.1 no earlier than thirty days after the initial application or sending of the initial request.
12.5. The subject has the right to request clarification of their personal data, its blocking or destruction if the personal data processed by Hero League Travel LLC is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the processing purpose stated by Hero League Travel LLC.
12.6. The subject has the right to withdraw their consent to the processing of personal data, if such consent was given. The withdrawal of consent shall be sent by the subject to Hero League Travel LLC and must contain the information specified in clause 12.3. In the event that the subject withdraws their consent to the processing of personal data, Hero League Travel LLC has the right to continue processing personal data without the consent of the subject if there are grounds provided for by the legislation of the Russian Federation or by a contract to which the subject of personal data is a party, beneficiary, or guarantor.
12. Procedure for interacting with personal data subjects
Name: Limited Liability Company "Hero League Travel".
Abbreviated name: LLC "Hero League Travel".
TIN: 9 704 212 390.
KPP: 770 401 001.
OGRN: 1 237 700 364 461.
Legal address: 121 099, Moscow, Shlomina Proezd, 6, room 1N.
Mailing address for correspondence: 121 099, Moscow, Shlomina Proezd, 6, room 1N.
Abbreviated name: LLC "Hero League Travel".
TIN: 9 704 212 390.
KPP: 770 401 001.
OGRN: 1 237 700 364 461.
Legal address: 121 099, Moscow, Shlomina Proezd, 6, room 1N.
Mailing address for correspondence: 121 099, Moscow, Shlomina Proezd, 6, room 1N.
17. Details and contact information
16.1. This policy is available to anyone who’s interested, including people whose personal data is involved and government agencies that keep an eye on personal data.
16.2. This Policy shall come into force upon its approval and shall remain in force indefinitely. Changes to the Policy shall be made by separate acts of Hero League Travel LLC. The current version of the Policy is posted on the official website of Hero League Travel LLC.
16.2. This Policy shall come into force upon its approval and shall remain in force indefinitely. Changes to the Policy shall be made by separate acts of Hero League Travel LLC. The current version of the Policy is posted on the official website of Hero League Travel LLC.
16. Final terms
For violation of the requirements established by the legislation of the Russian Federation, the Regulations on the processing and protection of personal data, and other local acts of Hero League Travel LLC, employees and other persons who have access to personal data shall bear disciplinary, administrative, civil, and criminal liability in accordance with the federal laws of the Russian Federation.
15. Liability
14.1. When processing personal data, the necessary legal, organizational, and technical measures are taken to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
14.2. In order to ensure the security of personal data, Hero League Travel LLC implements the following measures:
— identification of threats to the security of personal data when processing it in information systems;
— application of organizational and technical measures to ensure the security of personal data when processing it in information systems, which ensure compliance with the requirements for established levels of protection;
— assessing the effectiveness of measures taken to ensure the security of personal data processed in personal data information systems;
— keeping records of machine media containing personal data;
— detecting unauthorized access to personal data and responding to such incidents;
— restoring personal data that has been modified or destroyed as a result of unauthorized access;
— establishing rules for accessing personal data processed in personal data information systems;
— registering and recording actions performed with personal data in personal data information systems;
— monitoring the measures taken to ensure the security of personal data in accordance with the established level of personal data protection.
14.2. In order to ensure the security of personal data, Hero League Travel LLC implements the following measures:
— identification of threats to the security of personal data when processing it in information systems;
— application of organizational and technical measures to ensure the security of personal data when processing it in information systems, which ensure compliance with the requirements for established levels of protection;
— assessing the effectiveness of measures taken to ensure the security of personal data processed in personal data information systems;
— keeping records of machine media containing personal data;
— detecting unauthorized access to personal data and responding to such incidents;
— restoring personal data that has been modified or destroyed as a result of unauthorized access;
— establishing rules for accessing personal data processed in personal data information systems;
— registering and recording actions performed with personal data in personal data information systems;
— monitoring the measures taken to ensure the security of personal data in accordance with the established level of personal data protection.
14. Protection of personal data
14.1. When processing personal data, the necessary legal, organizational, and technical measures are taken to protect personal data from unauthorized or accidental access, destruction, alteration, blocking, copying, provision, distribution of personal data, as well as from other unlawful actions in relation to personal data.
14.2. In order to ensure the security of personal data, Hero League Travel LLC implements the following measures:
— identification of threats to the security of personal data when processing it in information systems;
— application of organizational and technical measures to ensure the security of personal data when processing it in information systems, which ensure compliance with the requirements for established levels of protection;
— assessing the effectiveness of measures taken to ensure the security of personal data processed in personal data information systems;
— keeping records of machine media containing personal data;
— detecting unauthorized access to personal data and responding to such incidents;
— restoring personal data that has been modified or destroyed as a result of unauthorized access;
— establishing rules for accessing personal data processed in personal data information systems;
— registering and recording actions performed with personal data in personal data information systems;
— monitoring the measures taken to ensure the security of personal data in accordance with the established level of personal data protection.
14.2. In order to ensure the security of personal data, Hero League Travel LLC implements the following measures:
— identification of threats to the security of personal data when processing it in information systems;
— application of organizational and technical measures to ensure the security of personal data when processing it in information systems, which ensure compliance with the requirements for established levels of protection;
— assessing the effectiveness of measures taken to ensure the security of personal data processed in personal data information systems;
— keeping records of machine media containing personal data;
— detecting unauthorized access to personal data and responding to such incidents;
— restoring personal data that has been modified or destroyed as a result of unauthorized access;
— establishing rules for accessing personal data processed in personal data information systems;
— registering and recording actions performed with personal data in personal data information systems;
— monitoring the measures taken to ensure the security of personal data in accordance with the established level of personal data protection.
14. Protection of personal data
13.1. In order to fulfill the obligations of Hero League Travel LLC under the legislation of the Russian Federation on personal data, the following measures are taken:
— appointment of a person responsible for organizing the processing of personal data;
— issuing documents defining the policy on the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
— applying legal, organizational, and technical measures to ensure the security of personal data;
— exercising internal control over the compliance of personal data processing with the requirements of the legislation of the Russian Federation;
— assessing the harm that may be caused to personal data subjects in the event of a violation of the legislation of the Russian Federation;
— familiarizing the employees of Hero League Travel LLC with the provisions of the legislation of the Russian Federation and local acts of Hero League Travel LLC.
13.2. In the event of an unlawful or accidental transfer (provision, distribution, access) of personal data resulting in a violation of the rights of personal data subjects, Hero League Travel LLC shall notify Roskomnadzor:
— within 24 hours of discovering the incident, about the alleged causes that led to the violation of the rights of personal data subjects and the alleged harm caused to the rights of personal data subjects, about the measures taken to eliminate the consequences of the incident, including information about the person authorized to interact on issues related to the identified incident;
— within 72 hours of the incident being detected, the results of the internal investigation of the incident, as well as the persons whose actions caused the incident (if any).
— appointment of a person responsible for organizing the processing of personal data;
— issuing documents defining the policy on the processing of personal data, local acts on the processing of personal data, as well as local acts establishing procedures aimed at preventing and detecting violations of the legislation of the Russian Federation and eliminating the consequences of such violations;
— applying legal, organizational, and technical measures to ensure the security of personal data;
— exercising internal control over the compliance of personal data processing with the requirements of the legislation of the Russian Federation;
— assessing the harm that may be caused to personal data subjects in the event of a violation of the legislation of the Russian Federation;
— familiarizing the employees of Hero League Travel LLC with the provisions of the legislation of the Russian Federation and local acts of Hero League Travel LLC.
13.2. In the event of an unlawful or accidental transfer (provision, distribution, access) of personal data resulting in a violation of the rights of personal data subjects, Hero League Travel LLC shall notify Roskomnadzor:
— within 24 hours of discovering the incident, about the alleged causes that led to the violation of the rights of personal data subjects and the alleged harm caused to the rights of personal data subjects, about the measures taken to eliminate the consequences of the incident, including information about the person authorized to interact on issues related to the identified incident;
— within 72 hours of the incident being detected, the results of the internal investigation of the incident, as well as the persons whose actions caused the incident (if any).
13. Fulfillment of statutory obligations
11.1. The following persons have the right to access personal data processed by Hero League Travel LLC:
— The CEO of Hero League Travel LLC;
— Employees of Hero League Travel LLC who need to process personal data in connection with the performance of their job duties;
— third parties processing personal data on behalf of Hero League Travel LLC, based on a contract (assignment) concluded with that party.
11.2. Access of employees of Hero League Travel LLC to personal data is carried out by management through a separate internal act.
— The CEO of Hero League Travel LLC;
— Employees of Hero League Travel LLC who need to process personal data in connection with the performance of their job duties;
— third parties processing personal data on behalf of Hero League Travel LLC, based on a contract (assignment) concluded with that party.
11.2. Access of employees of Hero League Travel LLC to personal data is carried out by management through a separate internal act.
11. Access to personal data
10.1. Once the purpose of processing personal data has been achieved, the processing of such personal data must be terminated and the personal data must be destroyed within thirty days from the date of achieving the purpose of processing personal data, unless otherwise provided by the contract to which the personal data subject is a party, beneficiary, or guarantor, or by another agreement between the operator and the personal data subject, or if the operator is not entitled to process personal data without the consent of the personal data subject on the grounds provided for by the legislation of the Russian Federation.
10.2. If the subject withdraws their consent to the processing of their personal data, the processing of such personal data must be terminated, and if the storage of personal data is no longer required for the purposes of personal data processing, such personal data shall be destroyed within thirty days from the date of receipt of the specified withdrawal, unless otherwise provided by the contract, to which the subject of personal data is a party, beneficiary, or guarantor, by another agreement between the operator and the subject of personal data, or if the operator is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by the legislation of the Russian Federation.
10.3. If unlawful processing of personal data is detected, the processing of such personal data must be terminated within three working days. If it is impossible to ensure the lawfulness of the processing of personal data, the personal data must be destroyed within ten working days from the date of detection of the unlawful processing.
10.4. If it is not possible to destroy personal data within the period specified in clauses 10.1−10.3, such personal data must be blocked and destroyed within a period not exceeding six months, unless another period is established by the legislation of the Russian Federation.
10.2. If the subject withdraws their consent to the processing of their personal data, the processing of such personal data must be terminated, and if the storage of personal data is no longer required for the purposes of personal data processing, such personal data shall be destroyed within thirty days from the date of receipt of the specified withdrawal, unless otherwise provided by the contract, to which the subject of personal data is a party, beneficiary, or guarantor, by another agreement between the operator and the subject of personal data, or if the operator is not entitled to process personal data without the consent of the subject of personal data on the grounds provided for by the legislation of the Russian Federation.
10.3. If unlawful processing of personal data is detected, the processing of such personal data must be terminated within three working days. If it is impossible to ensure the lawfulness of the processing of personal data, the personal data must be destroyed within ten working days from the date of detection of the unlawful processing.
10.4. If it is not possible to destroy personal data within the period specified in clauses 10.1−10.3, such personal data must be blocked and destroyed within a period not exceeding six months, unless another period is established by the legislation of the Russian Federation.
10. Terms and conditions for the termination of personal data processing
9.1. The processing of personal data authorised by the data subject for distribution shall be carried out in accordance with the requirements of the legislation of the Russian Federation on personal data.
9.2. The data subject gives consent to the processing of personal data authorised for distribution separately from other consents of the data subject to the processing of his or her personal data.
9.3. If the subject himself discloses his personal data to an indefinite circle of persons using the functionality of the website or service of Hero League Travel LLC without providing the appropriate consent, further distribution by other personal data operators is possible only on the basis of the consent of the relevant subject to the processing of personal data permitted for distribution.
9.4. In the consent to the processing of personal data permitted by the personal data subject for distribution, the personal data subject has the right to establish prohibitions on the transfer (except for providing access) of this personal data by the operator to an unlimited circle of persons, as well as prohibitions on the processing or conditions for processing (except for obtaining access) of this personal data by an unlimited circle of persons.
9.2. The data subject gives consent to the processing of personal data authorised for distribution separately from other consents of the data subject to the processing of his or her personal data.
9.3. If the subject himself discloses his personal data to an indefinite circle of persons using the functionality of the website or service of Hero League Travel LLC without providing the appropriate consent, further distribution by other personal data operators is possible only on the basis of the consent of the relevant subject to the processing of personal data permitted for distribution.
9.4. In the consent to the processing of personal data permitted by the personal data subject for distribution, the personal data subject has the right to establish prohibitions on the transfer (except for providing access) of this personal data by the operator to an unlimited circle of persons, as well as prohibitions on the processing or conditions for processing (except for obtaining access) of this personal data by an unlimited circle of persons.
9. Distribution of personal data
8.1. Personal data shall be transferred to a third party only with the consent of the personal data subject or in cases expressly provided for by the legislation of the Russian Federation.
8.2. The transfer of personal data to a state authority, local government body, security and law enforcement agency, state institution or fund, or other authorized body is permitted on the grounds provided for by the legislation of the Russian Federation.
8.3. Disclosure of personal data to a third party without the consent of the relevant subject is not permitted, except in cases where it is necessary to protect the life, health, or other vital interests of the subject of personal data.
8.4. Disclosure of personal data to a third party for commercial purposes without the consent of the relevant subject is prohibited. The processing of personal data for the purpose of promoting goods, works, or services on the market, as well as for the purpose of political campaigning, shall only be carried out with the prior consent of the subject.
8.5. Cross-border transfer of personal data to foreign countries shall not be carried out.
8.2. The transfer of personal data to a state authority, local government body, security and law enforcement agency, state institution or fund, or other authorized body is permitted on the grounds provided for by the legislation of the Russian Federation.
8.3. Disclosure of personal data to a third party without the consent of the relevant subject is not permitted, except in cases where it is necessary to protect the life, health, or other vital interests of the subject of personal data.
8.4. Disclosure of personal data to a third party for commercial purposes without the consent of the relevant subject is prohibited. The processing of personal data for the purpose of promoting goods, works, or services on the market, as well as for the purpose of political campaigning, shall only be carried out with the prior consent of the subject.
8.5. Cross-border transfer of personal data to foreign countries shall not be carried out.
8. Transfer of personal data
7.1. Personal data shall be stored in a form that allows the identification of the data subject for no longer than is necessary for the purposes of processing personal data, unless the storage period for personal data is established by the legislation of the Russian Federation or by a contract to which the data subject is a party.
7.2. Personal data shall be stored in a manner that ensures its confidentiality.
7.3. Personal data shall be transferred to archival storage in accordance with the legislation of the Russian Federation on archival matters, destroyed or depersonalized upon achievement of the purposes of processing or in the event that the need to achieve these purposes ceases to exist, unless otherwise provided by the legislation of the Russian Federation or by a contract to which the subject of personal data is a party.
7.2. Personal data shall be stored in a manner that ensures its confidentiality.
7.3. Personal data shall be transferred to archival storage in accordance with the legislation of the Russian Federation on archival matters, destroyed or depersonalized upon achievement of the purposes of processing or in the event that the need to achieve these purposes ceases to exist, unless otherwise provided by the legislation of the Russian Federation or by a contract to which the subject of personal data is a party.
7. Storage of personal data
6.1. When processing personal data, Hero League Travel LLC performs the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), blocking, deletion, destruction.
6.2. The processing of personal data may be entrusted to a third party with the consent of the subject of the personal data or on the grounds provided for by the legislation of the Russian Federation. A person processing personal data on behalf of another is not required to obtain the consent of the subject for the processing of their personal data.
6.3. If the inaccuracy of personal data is confirmed, such personal data shall be updated within seven working days.
6.4. If the processing of personal data is found to be unlawful, such personal data shall be destroyed within three days.
6.2. The processing of personal data may be entrusted to a third party with the consent of the subject of the personal data or on the grounds provided for by the legislation of the Russian Federation. A person processing personal data on behalf of another is not required to obtain the consent of the subject for the processing of their personal data.
6.3. If the inaccuracy of personal data is confirmed, such personal data shall be updated within seven working days.
6.4. If the processing of personal data is found to be unlawful, such personal data shall be destroyed within three days.
6. Processing of personal data
5.1. Personal data is collected directly from the data subject. If the provision of personal data and/or the operator’s consent to the processing of personal data are mandatory in accordance with the legislation of the Russian Federation, the data subject shall be informed of the legal consequences of refusing to provide such data and/or consent to its processing.
5.2. Obtaining personal data from other persons is possible only if there are legal grounds for doing so. When obtaining personal data from other persons, except in cases where personal data is obtained as part of an order for the processing of personal data or where consent has been obtained by the transferring party, the subject must be notified thereof.
5.3. When collecting personal data, including through the Internet information and telecommunications network, the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Russian Federation shall be ensured using databases located in the territory of the Russian Federation.
5.2. Obtaining personal data from other persons is possible only if there are legal grounds for doing so. When obtaining personal data from other persons, except in cases where personal data is obtained as part of an order for the processing of personal data or where consent has been obtained by the transferring party, the subject must be notified thereof.
5.3. When collecting personal data, including through the Internet information and telecommunications network, the recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of personal data of citizens of the Russian Federation shall be ensured using databases located in the territory of the Russian Federation.
5. Collection of personal data
4.1. In order to ensure compliance with the labor legislation of the Russian Federation, including assisting employees in finding employment, obtaining education, and advancing in their careers, ensuring the personal safety of employees, monitoring the quantity and quality of work performed and ensuring the safety of property, paying wages and other payments due to employees in accordance with the legislation of the Russian Federation or the contract, making tax and social security contributions provided for by the legislation of the Russian Federation, Hero League Travel LLC processes personal data:
4.4.1. Customers:
1) Last name, first name, patronymic;
2) Address;
3) Contact details (phone number, email address);
4) Website users' cookie files.
The basis for processing personal data is the consent of the subject.
4.4.2. Participants in sporting events:
1) Last name, first name, patronymic;
2) Date and year of birth;
3) Address;
4) Passport details;
5) Contact details (phone number, email address);
6) Gender;
7) Health information;
8) Website user cookies.
The basis for processing personal data is the Agreement (public offer) and the consent of the data subject.
Personal data is processed using automated means or without the use of such means.
The period of personal data processing is limited to the achievement of the stated purpose. If the stated purpose is no longer necessary, personal data shall be destroyed. Personal data shall be destroyed within the time limits established by law upon receipt of the subject’s withdrawal of consent or upon the occurrence of other legal grounds.
4.4.1. Customers:
1) Last name, first name, patronymic;
2) Address;
3) Contact details (phone number, email address);
4) Website users' cookie files.
The basis for processing personal data is the consent of the subject.
4.4.2. Participants in sporting events:
1) Last name, first name, patronymic;
2) Date and year of birth;
3) Address;
4) Passport details;
5) Contact details (phone number, email address);
6) Gender;
7) Health information;
8) Website user cookies.
The basis for processing personal data is the Agreement (public offer) and the consent of the data subject.
Personal data is processed using automated means or without the use of such means.
The period of personal data processing is limited to the achievement of the stated purpose. If the stated purpose is no longer necessary, personal data shall be destroyed. Personal data shall be destroyed within the time limits established by law upon receipt of the subject’s withdrawal of consent or upon the occurrence of other legal grounds.
4. Personal data processed
3.1. The processing of personal data at Hero League Travel LLC is carried out based on the following principles:
— the existence of legal grounds for the processing of personal data;
— the limitation of personal data processing to the achievement of specific, predetermined, and lawful purposes;
— no merging of databases containing personal data processed for incompatible purposes;
— processing only of personal data that is relevant to the purposes of processing;
— compliance of the content and scope (no redundancy) of the personal data processed with the stated purposes of processing;
— ensuring the accuracy of personal data, its sufficiency, and, where necessary, its relevance to the purposes of personal data processing;
— storage of personal data in a form that allows the identification of the data subject, for no longer than is necessary for the purposes of processing personal data, if the period of storage of personal data is not established by the legislation of the Russian Federation, a contract to which the data subject is a party, beneficiary, or guarantor.
3.2. Personal data may be processed by Hero League Travel LLC in the following cases:
— the data subject has given consent to the processing of their personal data;
— the processing of personal data is necessary for the operator to perform the functions, powers, and duties assigned to them by the legislation of the Russian Federation;
— the processing of personal data is carried out in connection with the participation of the subject of personal data in civil and arbitration proceedings;
— the processing of personal data is necessary for the execution of a court order in accordance with the legislation of the Russian Federation on enforcement proceedings;
— the processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or the beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the personal data subject;
— the processing of personal data is necessary to protect the life, health, or other vital interests of the personal data subject, if it is impossible to obtain the consent of the personal data subject;
— the processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant goals, provided that this does not violate the rights and freedoms of the subject;
— personal data is processed for statistical or other research purposes, provided that the personal data is anonymized;
— personal data that is subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation is processed.
— the existence of legal grounds for the processing of personal data;
— the limitation of personal data processing to the achievement of specific, predetermined, and lawful purposes;
— no merging of databases containing personal data processed for incompatible purposes;
— processing only of personal data that is relevant to the purposes of processing;
— compliance of the content and scope (no redundancy) of the personal data processed with the stated purposes of processing;
— ensuring the accuracy of personal data, its sufficiency, and, where necessary, its relevance to the purposes of personal data processing;
— storage of personal data in a form that allows the identification of the data subject, for no longer than is necessary for the purposes of processing personal data, if the period of storage of personal data is not established by the legislation of the Russian Federation, a contract to which the data subject is a party, beneficiary, or guarantor.
3.2. Personal data may be processed by Hero League Travel LLC in the following cases:
— the data subject has given consent to the processing of their personal data;
— the processing of personal data is necessary for the operator to perform the functions, powers, and duties assigned to them by the legislation of the Russian Federation;
— the processing of personal data is carried out in connection with the participation of the subject of personal data in civil and arbitration proceedings;
— the processing of personal data is necessary for the execution of a court order in accordance with the legislation of the Russian Federation on enforcement proceedings;
— the processing of personal data is necessary for the performance of a contract to which the personal data subject is a party or the beneficiary or guarantor, as well as for the conclusion of a contract at the initiative of the personal data subject;
— the processing of personal data is necessary to protect the life, health, or other vital interests of the personal data subject, if it is impossible to obtain the consent of the personal data subject;
— the processing of personal data is necessary for the exercise of the rights and legitimate interests of the operator or third parties, or for the achievement of socially significant goals, provided that this does not violate the rights and freedoms of the subject;
— personal data is processed for statistical or other research purposes, provided that the personal data is anonymized;
— personal data that is subject to publication or mandatory disclosure in accordance with the legislation of the Russian Federation is processed.
3. Principles and conditions for processing personal data
2. General concepts in the field of personal data
1) personal data — any information relating directly or indirectly to a specific or identifiable individual (subject of personal data);
2) operator — a state body, municipal body, legal entity or individual who, independently or jointly with other persons, organises and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;
3) processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data;
4) automated processing of personal data means the processing of personal data using computer technology;
5) dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons;
6) provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;
7) blocking of personal data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data);
8) destruction of personal data — actions that make it impossible to restore the content of personal data in the personal data information system and/or that destroy the physical media containing personal data;
9) depersonalization of personal data — actions that make it impossible to determine the ownership of personal data by a specific subject of personal data without using additional information;
10) personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
11) cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
2) operator — a state body, municipal body, legal entity or individual who, independently or jointly with other persons, organises and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;
3) processing of personal data — any action (operation) or set of actions (operations) performed with or without the use of automation tools on personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction of personal data;
4) automated processing of personal data means the processing of personal data using computer technology;
5) dissemination of personal data — actions aimed at disclosing personal data to an indefinite circle of persons;
6) provision of personal data — actions aimed at disclosing personal data to a specific person or a specific group of persons;
7) blocking of personal data — temporary suspension of the processing of personal data (except in cases where processing is necessary to clarify personal data);
8) destruction of personal data — actions that make it impossible to restore the content of personal data in the personal data information system and/or that destroy the physical media containing personal data;
9) depersonalization of personal data — actions that make it impossible to determine the ownership of personal data by a specific subject of personal data without using additional information;
10) personal data information system — a set of personal data contained in databases and information technologies and technical means ensuring their processing;
11) cross-border transfer of personal data — transfer of personal data to the territory of a foreign state to an authority of a foreign state, a foreign individual or a foreign legal entity.
1.1. The policy regarding the processing of personal data by Hero League Travel LLC has been developed in accordance with the requirements of Part 2 of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006, «On Personal Data», and is intended to provide unlimited access to information regarding the processing of personal data, as well as information on the requirements for the protection of personal data. No. 152-FZ «On Personal Data» and is intended to provide unrestricted access to information regarding the processing of personal data, as well as information on the requirements for the protection of personal data implemented by Hero League Travel LLC.
1.2. This Policy describes the procedure for processing and protecting the personal data of individuals in connection with the implementation of labor relations, the conclusion of contracts and the fulfillment of contractual obligations of Hero League Travel LLC, and the implementation of the organization’s statutory activities.
1.3. Personal data is classified as confidential information and is protected from unauthorized access, including accidental access.
1.2. This Policy describes the procedure for processing and protecting the personal data of individuals in connection with the implementation of labor relations, the conclusion of contracts and the fulfillment of contractual obligations of Hero League Travel LLC, and the implementation of the organization’s statutory activities.
1.3. Personal data is classified as confidential information and is protected from unauthorized access, including accidental access.
1. General statements
Data processing policy