Manage your cookies

To continue using the website, please select the cookies you want to allow and click "SAVE PREFERENCES" or choose "ACCEPT ALL". For more detailed information about each type of cookie, explore the descriptions provided. To learn more, please read our Cookie Policy.

  • STRICTLY NECESSARY

    These cookies are necessary for the website to operate properly and cannot be disabled. They support core functionalities, such as making bookings and ensuring secure login. These cookies do not store personal data or allow user identification.

  • PERFORMANCE

    These cookies allow us to track visits and traffic sources to measure and improve website performance. They help us understand which pages are the most and least popular and how visitors navigate the site. All information collected by these cookies is aggregated and remains anonymous.

  • FUNCTIONAL

    These cookies allow the website to remember your preferences and personalize your experience. For example, they can help you navigate the site more easily by remembering your language settings.

  • MARKETING

    These cookies enable us to deliver personalized ads and marketing content. They do not store personal information. Instead, they rely on the unique identification of your browser and device.

Политика конфиденциальности сайта отеля «Сочи Галерея Парк» в Сочи

  • Information image

    Privacy Policy


    1. Destruction of personal data — any actions resulting in the irreversible destruction of personal data with no possibility of restoring their content in the personal data information system and/or destruction of tangible media containing personal data.

    2. Operator’s Rights and Obligations


     


    3.1. The Operator has the right to:



    • Request accurate information and/or documents containing personal data from the data subject;

    • Continue processing personal data without the consent of the data subject in the event of withdrawal of consent, provided there are legal grounds specified in the Personal Data Law;

    • Independently determine the composition and list of measures necessary and sufficient to fulfill the obligations stipulated by the Personal Data Law and applicable regulatory legal acts, unless otherwise provided by federal law.


     


    3.2. The Operator is obliged to:



    • Provide the data subject, upon request, with information regarding the processing of their personal data;

    • Organize the processing of personal data in accordance with the legislation of the Russian Federation;

    • Respond to requests and inquiries from data subjects and their legal representatives in accordance with the Personal Data Law;

    • Submit required information to the authorized body for the protection of personal data subjects’ rights within 30 days from the date of request;

    • Publish or otherwise ensure unrestricted access to this Policy on the processing of personal data;

    • Take legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, as well as from other unlawful actions;

    • Terminate the transfer (distribution, provision, access) of personal data, cease processing, and destroy personal data in the manner and cases prescribed by the Personal Data Law;

    • Fulfill other obligations stipulated by the Personal Data Law.



    1. Rights and Obligations of Personal Data Subjects


     


    4.1. Personal data subjects have the right to:



    • Receive information regarding the processing of their personal data, except in cases stipulated by federal laws. The information must be provided in an accessible form and must not contain personal data related to other individuals, except when there are legal grounds for such disclosure. The list of information and the procedure for obtaining it are defined by the Personal Data Law;

    • Request the Operator to clarify, block, or delete their personal data if it is incomplete, outdated, inaccurate, unlawfully obtained, or not necessary for the stated purpose of processing, as well as to take legally provided measures to protect their rights;

    • Set a condition for prior consent when processing personal data for the purposes of promoting goods, works, or services on the market;

    • Withdraw consent to the processing of their personal data;

    • Lodge a complaint with the authorized body for the protection of personal data subjects’ rights or appeal in court against unlawful actions or inaction by the Operator when processing their personal data;

    • Exercise other rights provided by the legislation of the Russian Federation.


     


    4.2. Personal data subjects are obliged to:



    • Provide the Operator with accurate information about themselves;

    • Notify the Operator of updates or changes to their personal data.


     


    **4.3. Individuals who provide the Operator with false information about themselves, or information about another data subject without that person’s consent, bear liability in accordance with the legislation of the Russian Federation.



    1. Personal Data the Operator May Process


     


    5.1. Last name, first name, patronymic.


    5.2. Email address.


    5.3. Phone numbers.


    5.4. The website also collects and processes anonymized data about visitors (including cookies) using internet analytics services (e.g., Yandex.Metrica, Google Analytics, and others).


    5.5. The above data are hereinafter collectively referred to as Personal Data.


    5.6. The Operator does not process special categories of personal data relating to race, nationality, political opinions, religious or philosophical beliefs, or intimate life.


    5.7. Processing of special categories of personal data that are authorized for dissemination, as listed in Article 10, Part 1 of the Personal Data Law, is allowed if restrictions and conditions under Article 10.1 are met.


    5.8. User consent for processing personal data authorized for dissemination must be provided separately from other types of consent and must comply with the specific requirements outlined in Article 10.1 of the Personal Data Law. These requirements are determined by the authorized body for the protection of personal data subjects’ rights.


     


    5.8.1. Consent for the processing of personal data authorized for dissemination must be given directly to the Operator by the User.


    5.8.2. Within three business days from receiving such consent, the Operator is obligated to publish information about the terms of processing, including any restrictions or conditions applicable to the dissemination of personal data to the general public.


    5.8.3. The dissemination (transfer, provision, or access) of personal data authorized by the subject for public access must cease at any time upon the subject’s request. This request must include the full name, contact information (phone number, email, or postal address), and a list of personal data that should no longer be processed. These data may only be processed by the Operator to whom the request was submitted.


    5.8.4. The consent to process personal data authorized for dissemination becomes invalid upon receipt of the request described in clause 5.8.3.



    1. Principles of Personal Data Processing


     


    6.1. Personal data processing shall be lawful and fair.


    6.2. Processing must be limited to achieving specific, pre-defined, and lawful purposes. Processing that is incompatible with the purposes of collecting personal data is not allowed.


    6.3. It is prohibited to combine databases containing personal data that are processed for incompatible purposes.


    6.4. Only personal data relevant to the purposes of their processing may be processed.


    6.5. The scope and content of processed personal data must correspond to the declared processing purposes. Excessive personal data collection is not permitted.


    6.6. The Operator ensures the accuracy, sufficiency, and, if necessary, relevance of personal data with respect to the purposes of processing. Measures shall be taken to delete or update incomplete or inaccurate data.


    6.7. Personal data shall be stored in a form that allows identification of the data subject no longer than is required for the purposes of processing, unless a longer retention period is required by federal law or contract. Processed personal data shall be destroyed or anonymized upon achieving the processing purposes or when the need for processing no longer exists, unless otherwise stipulated by law.



    1. Purposes of Personal Data Processing


     


    7.1. The purposes for which the User’s personal data are processed include:



    • Informing the User by sending emails;

    • Entering into, executing, and terminating civil law agreements;

    • Providing the User with access to services, information, and/or content available on the website https://sochigallerypark.ru;

    • Providing Users with information about hotel services.


     


    7.2. The Operator also has the right to send the User notifications about new products and services, special offers, and various events.


    The User may opt out of receiving informational messages at any time by sending an email to galleryparksochi@gmail.com with the subject “Unsubscribe from service and special offer notifications.”


     


    7.3. Anonymized data collected through internet analytics services is used to gather information about User activity on the website and to improve the site’s content and usability.



    1. Legal Grounds for Personal Data Processing


     


    8.1. The legal grounds for processing personal data by the Operator include:



    • Guest registration cards;

    • The Operator’s corporate documents;

    • Contracts entered into between the Operator and the personal data subject;

    • Federal laws and other regulatory legal acts in the field of personal data protection;

    • Consent provided by Users for the processing of their personal data, including consent to process data authorized for dissemination.


     


    8.2. The Operator processes the User’s personal data only if it is submitted by the User voluntarily via special forms on the website https://sochigallerypark.ru or sent by email. By filling out the respective forms and/or sending personal data, the User agrees to this Policy.


     


    8.3. The Operator processes anonymized data about the User if this is permitted in the User’s browser settings (including the use of cookies and JavaScript).


     


    8.4. The personal data subject makes the decision to provide their data and consents to its processing freely, by their own will, and in their own interest.



    1. Conditions for Processing Personal Data


     


    9.1. Personal data is processed based on the consent of the personal data subject.


     


    9.2. Personal data processing is necessary to achieve objectives provided for by international agreements of the Russian Federation or legislation, or to carry out the Operator’s legal duties and functions.


     


    9.3. Personal data processing is required for administering justice, executing court rulings, or implementing orders of authorities or officials under enforcement legislation.


     


    9.4. Personal data processing is required to fulfill a contract to which the data subject is a party, beneficiary, or guarantor, or to enter into such a contract at the subject’s initiative.


     


    9.5. Personal data processing is necessary for the protection of the Operator’s or third parties’ legitimate interests or to achieve socially significant purposes, provided this does not violate the rights and freedoms of the personal data subject.


     


    9.6. Processing of personal data that has been made publicly available by the personal data subject or at their request is permitted (hereinafter referred to as “publicly available personal data”).


     


    9.7. Personal data that must be disclosed or published under federal law may be processed accordingly.



    1. Procedure for Collection, Storage, Transfer, and Other Types of Personal Data Processing


     


    10.1. The security of personal data processed by the Operator is ensured through the implementation of legal, organizational, and technical measures necessary to fully comply with current legislation on personal data protection.


     


    10.2. The Operator ensures the confidentiality and protection of personal data and takes all reasonable measures to prevent unauthorized access.


     


    10.3. The User’s personal data will never be transferred to third parties, except where required by applicable law or where the User has consented to such transfer for the purpose of fulfilling civil obligations.


     


    10.4. If inaccuracies in personal data are discovered, the User may independently update them by sending an email to the Operator at galleryparksochi@gmail.com with the subject line: “Update of personal data.”


     


    10.4 (continued). The duration of personal data processing is determined by the purpose for which the data was collected unless otherwise established by contract or law.


    The User may withdraw consent to the processing of personal data at any time by sending a message to galleryparksochi@gmail.com with the subject line: “Withdrawal of consent to personal data processing.”


     


    10.5. Any information collected by third-party services, including payment systems, communication tools, or other service providers, is stored and processed in accordance with their own User Agreements and Privacy Policies.


    The User is solely responsible for reviewing such documents. The Operator is not responsible for the actions of third parties mentioned in this clause.


     


    10.6. Restrictions imposed by the User on the transfer (except access), processing, or conditions of processing of personal data authorized for dissemination do not apply when such data is processed for public, governmental, or socially significant purposes as defined by Russian law.


     


    10.7. The Operator maintains the confidentiality of personal data during processing.


     


    10.8. The Operator stores personal data in a form that allows identification of the data subject no longer than necessary for processing purposes unless a longer period is provided by law or contract involving the data subject as a party, beneficiary, or guarantor.


     


    10.9. The processing of personal data may be terminated upon achievement of its purposes, the expiration of consent, withdrawal of consent by the subject, or discovery of unlawful processing.



    1. List of Actions Performed with Personal Data


     


    11.1. The Operator performs the following actions: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, and destruction of personal data.


     


    11.2. The Operator may carry out automated processing of personal data with or without the transmission of the resulting information via telecommunication networks.



    1. Confidentiality of Personal Data


     


    12.1. The Operator and any other parties granted access to personal data must not disclose or distribute personal data to third parties without the data subject’s consent, unless required by federal law.



    1. Final Provisions


     


    13.1. The User may obtain any clarification regarding the processing of their personal data by contacting the Operator via email at: galleryparksochi@gmail.com.


     


    13.2. Any changes to this Policy will be reflected in this document. The Policy is valid indefinitely until replaced by a new version.


     


    13.3. The current version of the Policy is publicly available at:


    https://sochigallerypark.ru