Policy of ARENA LLC in Respect of Personal Data Processing
Location address of ARENA LLC: 197110, Saint Petersburg, Futbolnaya Alleya, 8

1. Purpose and Scope of the Document
1.1. The policy of ARENA LLC (hereinafter referred to as the Company) with respect to personal data processing (hereinafter referred to as the Policy) determines the procedure, conditions and position of the Company with regard to the personal data processing, establishes the procedures aimed at preventing and revealing any violations of the legislation of the Russian Federation, eliminating the consequences of such violations connected with the personal data processing, for the purpose of observing and protecting human rights and freedoms and, in particular, the right to privacy, personal and family secrets, protection of one's honour and good reputation.
1.2. The Policy shall be strictly adhered to by all employees of ARENA LLC.
1.3. The Policy applies to all personal data of the involved entities, being processed by the Company with the use of automation tools and without using them.
1.4. Any personal data subject has access to this Policy.

2. Definitions
2.1. Personal data means any information relating to a natural person (personal data subject) identified directly or indirectly. Such information may include in particular: surname, name, patronymic; year, month, date and place of birth, address, contact telephone number, e-mail address, information about the family, social, property status, information on education, profession, income, health, as well as other information.
2.2. Personal data processing means any action (operation) or a set of actions (operations) with the personal data, performed with the use of automation tools or without using them. Such actions (operations) include: collecting, receiving, recording, systemizing, accumulating, storing, updating (renewing, changing), extracting, using, transferring (distributing, providing, accessing), depersonalizing, blocking, deleting, destroying the personal data. 

3. Personal Data Subjects
ARENA LLC processes personal data of the following persons:
- employees of ARENA LLC;
- subjects with which civil-law agreements are concluded;
- candidates for filling vacancies in ARENA LLC;
- guests of ARENA LLC, when providing hotel services;
- guests, when booking hotel rooms on the website of ARENA LLC;
- registered users on the website of ARENA LLC;
- suppliers (self-employed entrepreneurs). 

4. Principles and Terms of Personal Data Processing
4.1. The security of personal data is treated by ARENA LLC as protection of the personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination thereof, as well as other illegal actions in relation to the personal data, and it takes necessary legal, organizational and technical measures to protect the personal data.
4.2. Processing and securitization of personal data is effected by ARENA LLC in accordance with the provisions of the Constitution of the Russian Federation, Federal Law No. 152-ФЗ On Personal Data dated 27.07.2006, by-laws, other federal laws of the Russian Federation covering the cases and peculiarities of the personal data processing, guidelines and methodological documents of the Federal Service for Technical and Export Control of the Russian Federation and the Federal Security Service of the Russian Federation.
4.3. When processing personal data, ARENA LLC adheres to the following principles:
- legality and fair basis;
- restrictions on personal data processing through achievement of specific, pre-defined and legitimate purposes;
- preventing personal data processing that might be incompatible with the purposes of personal data collection;
- prevention of unification of databases containing personal data processed for purposes incompatible with each other;
- personal data processing meeting the objectives of the processing.
4.4. The Company processes personal data only if at least one of the following conditions exists:
- personal data processing is carried out with the consent of the personal data subject to the processing of his/her personal data;
- personal data processing is necessary to achieve the purposes provided for by law, for implementation and performance of functions, powers and duties imposed by the legislation of the Russian Federation on the operator;
- personal data processing is necessary for performance of an agreement where the personal data subject is a party, or a beneficiary, or a guarantor, as well as for conclusion of an agreement on the initiative of the personal data subject, or an agreement whereby the personal data subject will be a beneficiary or a guarantor;
- personal data processing is necessary for the exercise of the Company's or third parties' rights and legitimate interests, or for achievement of socially significant purposes, provided that the rights and freedoms of the personal data subject are not thereby violated;
- processing of personal data with access of unlimited number of persons to them, if permitted by the personal data subject or at his/her request;
- processing of personal data subject to publication or mandatory disclosure in accordance with federal law.
4.5. ARENA LLC has the right to entrust processing of personal data of individuals to third parties, on the basis of an agreement concluded with these persons. The persons engaged in personal data processing on behalf of ARENA LLC commit themselves to comply with the principles and rules for processing and protection of the personal data, as provided for by Federal Law No. 152-ФЗ On Personal Data of 27.07.2006. A list of actions (operations) with personal data will be specified for every person, to be performed by a legal entity processing the personal data; the purpose of processing, with specification of a duty of such legal entity to observe confidentiality and security of the personal data during their processing, as well as the requirements for protection of the processed personal data.
4.6. In cases established by the legislation of the Russian Federation, ARENA LLC has the right to transfer personal data of individuals.
4.7. For the purposes of information support, the Company may compile publicly available sources of the employees' personal data, including directories and address books. The following may be included in the public sources of the personal data, with the consent of the employee: his/her surname, name, patronymic, date and place of birth, position, contact phone numbers, e-mail address. The information about the employee must be excluded at any time from the publicly available sources of the personal data at his/her request or by decision of the court or other authorized government agencies.
4.8. The Company shall destroy or depersonalize personal data upon achievement of the processing objectives or in the event of loss of the need to effect processing. 

5. Rights of the Personal Data Subject
An individual whose personal data are processed by ARENA LLC, is entitled to receive from ARENA LLC:

- confirmation of the fact of personal data processing by ARENA LLC;
- legal grounds and purposes of personal data processing;
- information about the methods of personal data processing used by ARENA LLC;
- information on persons having access to personal data or those who may gain official access to the personal data on the basis of an agreement with ARENA LLC or on the basis of the federal law;
- a list of processed personal data relating to an individual who has served a relevant request, and the source of these data, unless another procedure for providing such data is provided for by the federal law;
- information on the timing of personal data processing, including on the period of their storage;
- information on the procedure for the individual's exercise of the rights provided for by Federal Law No. 152-ФЗ On Personal Data dated 27.07.2006;
- information about effected or expected transboundary transfer of personal data;
- name and address of a person engaged in personal data processing on behalf of ARENA LLC;
- other information provided for by the Federal Law No. 152-ФЗ On Personal Data dated 27.07.2006 or other federal laws;
- to demand specification of his/her personal data, their blocking or destruction in the event that the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing;
- to withdraw his consent to personal data processing;
- to demand repair of illegal actions of ARENA LLC in respect of his personal data;
- to appeal to the Federal Service for Supervision in the Sphere of Communications, Information Technology, and Mass Media (Roskomnadzor) or to court against the actions or inactivity of ARENA LLC if the individual believes that ARENA LLC carries out processing of his/her personal data with violation of the requirements of Federal Law No. 152-ФЗ On Personal Data dated 27.07.2006 or otherwise infringes his/her rights and freedoms;
- to protect his/her rights and legitimate interests, including to claim compensation for damages and/or compensation of moral harm in court.

 6. Liability
In the event of non-compliance with the provisions of this Policy, ARENA LLC is liable in accordance with the current legislation of the Russian Federation.
You may receive clarification on the issues regarding processing of your personal data, by applying to ARENA LLC personally or by sending a written request to the mailing address: 197110, Saint Petersburg, Futbolnaya Alleya, 8, or to e-mail: reception@hotelarena.ru (when sending a request in the form of electronic document).
When sending a written request to ARENA LLC, you need to specify the following in the text of the request:

- surname, name, patronymic;
- number of the principal identity document of the personal data subject or his/her representative, information on the date of issue of the said document and the issuing authority;
- information confirming your involvement in official relations with ARENA LLC, or information otherwise confirming the fact of personal data processing by ARENA LLC;
- signature of the individual (or his/her legal representative); if the request is sent electronically it must be executed as an electronic document and signed by electronic signature in accordance with the legislation of the Russian Federation.
The current version of the Policy of ARENA LLC with respect to personal data processing is published in the website www.hotelarena.ru. 

Information on Requirements Being Implemented to Personal Data Protection

ARENA LLC, when processing personal data, takes the necessary legal, organizational and technical measures to protect the personal data from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, dissemination, as well as from other illegal actions regarding the personal data.

Such measures, in accordance with Federal Law 152-ФЗ On Personal Data dated 27.07.2006, include:

- identification of threat to security of personal data during their processing in personal data information systems;
- application of organizational and technical measures to ensure security of personal data in the course of their processing in personal data information systems, necessary to meet the requirements for personal data protection aimed to comply with the assigned levels of the personal data protection, established by the Government of the Russian Federation;
- assessment of efficiency of measures taken to ensure personal data protection prior to commissioning of the personal data information system;
- detection of facts of unauthorized access to personal data and taking due measures;
- retrieval of personal data modified or destroyed following the unauthorized access to them;
- establishment of rules for accessing personal data being processed in the personal data information system, as well as providing registration and recording of all actions performed with personal data in the personal data information system;
- control over applied measures aimed to ensure personal data safety and due level of security of personal data information systems;
- registration of personal-data machine-readable media;
- placement of technical means for processing personal data within the protected area;
- maintenance of technical means of protection and alarm systems in the state of instant readiness;
- monitoring of user actions, investigation in case of violation of the requirements to personal data protection.

In order to coordinate the actions aimed to ensure due security of personal data, due officials have been appointed by ARENA LLC, responsible for ensuring safety of the personal data.