1. INTRODUCTION
1.1. The most important condition for the implementation of the goals of the Contractor – “Grand hotel Mimino” is to ensure the necessary and sufficient level of security of information, which, includes personal data.
1.2. The policy regarding the processing of personal data of the Contractor defines the procedure for the collection, storage, transfer and other types of processing of personal data from the Contractor, as well as information on the requirements for the protection of personal data.
1.3. The policy is developed in accordance with the current legislation of Georgia.
2. THE SRUCTURE OF PERSONAL DATA
2.1. Information constituting personal data is any information relating directly or indirectly to a particular individual (the subject of personal data).
2.2. All processed personal data is confidential, strictly protected information in accordance with the legislation of Georgia.
3. PURPOSE OF PROCESSING PERSONAL DATA
3.1. Personal data is processed by the Contractor for the purpose of execution of laborand other contractual relations. personnel, accounting, tax accounting, and also for the purpose of organizing and conducting (including with the involvement of a third party) loyalty programs, marketing and/or advertising campaigns, research, surveys, and other events; performance by the Contractor of obligations under contracts of rendering of services (assistance in the framework of the insurance relationship, expert services, evacuation, repair of vehicles, retail sale of goods, etc.); provision of other services to the subjects of personal data; promotion of services and/or products of the Contractor and/or partners of the Contractor on the market through direct contacts with customers through various means of communication, including, without limitation, by phone, e-mail, mailing, Internet, etc.; for other purposes, if the actions do not contradict the current legislation of Georgia.
3.2. In order to properly perform its duties, the Contractor processes the following personal data necessary for the proper execution of contractual obligations:
- Personal data of employees in an employment relationship with the Contractor;
- personal data of other individuals, including, but not limited to, consisting in contractual, student, civil relations with the Contractor, including, but not limited to: buyers, regular customers, insurers, persons wishing to enter into insurance contracts.
4. THE PROCEDURE FOR COLLECTION, STORAGE, TRANSFER AND OTHER PROCESSING OF PERSONAL DATA
4.1. Processing of personal data, carried out without the use of automation, is carried out in such a way that in respect of each category of personal data it was possible to determine the place of storage of personal data (tangible media). The contractor has established a list of persons engaged in the processing of personal data or having access to them. Separate storage of personal data (material carriers) is provided, the processing of which is carried out for various purposes. The contractor shall ensure the safety of personal data and take measures to prevent unauthorized access to personal data.
4.2. Processing of personal data carried out with the use of automation is subject to the following actions: the Contractor carries out technical measures aimed at preventing unauthorized access to personal data and (or) transfer them to persons who do not have the right to access such information; protective tools are configured to timely detection of unauthorized access to personal data; technical means of automated processing of personal data is isolated to prevent exposure to them, which may violate their operation; executes data backup in order to have the ability for immediate recovery of personal data, modified or destroyed due to unauthorized access; monitors security levels of protection of personaldata.
5. INFORMATION ABOUT ONGOING REQUIREMENTS FOR PROTECTION OF PERSONAL DATA.
5.1. The contractor carries out the following activities: defines threats to the security of personal data during their processing, forms on their basis a threat model; develops on the basis of the threat model of the personal data protection system, which ensures the neutralization of the alleged threats using the methods and methods of personal data protection provided for the relevant class of information systems; forms a plan for conducting inspections of the readiness of new means of information protection for use with the preparation of conclusions about the possibility of their operation; carries out installation and commissioning of information security tools in accordance with operational and technical documentation; conducts training of persons using information security tools used in information systems, rules of work with them; carries out accounting of applied information security tools, operational and technical documentation to them, personal data carriers; carries out accounting of persons admitted to work with personal data in the information system; monitors compliance with the terms of use of information security tools provided for operational and technical documentation; has the right to initiate proceedings and draw conclusions on the facts of non-compliance with the conditions of storage of personal data carriers, the use of information security tools that may lead to a violation of the confidentiality of personal data or other violations that lead to a decrease in the level of protection of personal data, the development and adoption of measures to prevent possible dangerous consequences of such violations; it has a description of the system of personal data protection.
5.2. For the development and implementation of specific measures to ensure the security of personal data during their processing in the information system, the Contractor shall appoint a responsible person in the information technology division of the Contractor.
6. THE RIGHTS AND OBLIGATIONS OF THE CONTRACTOR
6.1. The contractor has the right:
- Defend their interests in court;
- Provide personal data of subjects to the third parties if it is provided by the current legislation (tax, law enforcement agencies, etc.).);
- Refuse to provide personal data in cases stipulated by the legislation;
- Use personal data of the subject without his consent, in cases provided by law
7. THE RIGHTS AND OBLIGATIONS OF PERSONAL DATA SUBJECTS
7.1. The subject of personal data has the right:
- require clarification of their personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained or are not necessary for the stated purpose of processing, as well as to take measures provided by law to protect their rights;
- Require a list of your personal data processed by the Operator and the source of their receipt;
- Receive information about the terms of processing of your personal data, including the terms of their storage;
- Require notification of all persons who have previously been informed of incorrect or incomplete personal data about all exceptions, corrections or additions made to them;
- Appeal to the authorized body for the protection of the rights of subjects of personal data or in court illegal actions or omissions in the processing of his personal data;
- On protection of the rights and legitimate interests, including on compensation of losses and (or) compensation of moral harm in a judicial order.
8. FINAL PROVISION
8.1. This Policy is subject to change, addition in case of new legislation and special regulations on the processing and protection of personal data.
8.2. Requisites for the direction of notifications, requirements, statements, refusals of the subject of personal data: e-mail info@hotelmimino.com, postal address Georgia, 0100, Tbilisi, 3 Khivi Turn, contact phone: +995 322 77 00 17; +995 595 78 66 88