Home

Personal Data Processing & Protection Policy

Утверждена приказом
No 12 от «25» октября 2016 года

www.itravelspb.com User Personal Data Processing & Protection Policy Pursued by

«I Travel SPb» Limited Liability Company

  1. GENERAL PROVISIONS

1.1. This document, www.itravelspb.com User Personal Data Processing and Protecting
Policy Pursued by «I Travel SPb» Limited Liability Company, hereinafter referred to
as the Policy, was developed under Article 18.1 of Federal Law dated July 27, 2006
No. 152-FZ On personal data and shall be an internal document of «I Travel SPb»
Limited Liability Company regulating its activity in processing and protecting personal
data operated by the Company.
1.2. The policy was designed to implement the requirements of the Russian
Federation legislation in personal data processing and protecting and provide protection
of human rights and civil liberties in processing personal data by «I Travel SPb» Limited
Liability Company, including protection of rights to privacy and personal and family
secrets.
1.3. The Policy shall stipulate the main principles, objectives, conditions and
methods of processing information, lists of subjects and the personal data processed by
the Company, as well as the requirements to personal-data protection implemented in the
Company.
1.4. This Policy shall cover any information on the user received by the Company
both before and after the Policy was approved.
1.5. The Policy shall cover all the information on the www.itravelspb.com user
provided by the latter to the Company while using the website, the software and the
products integrated therein.
1.6. Visiting and using the Website shall mean that the user unconditionally agrees
to:
• processing his / her personal data specified in Article 2 of this Policy;
• conditions of processing his / her personal data stipulated by this Policy.
1.7. In case of disagreement with personal-data processing conditions of the
Company, the user should stop using the Website.
1.8. This Policy shall only apply to www.itravelspb.com. The Company shall not
control or be liable for collecting and processing personal data by third parties whose
websites a user can go to using links provided at www.itravelspb.com.
1.9. The Company shall not validate the personal data given by a user.

  1. BASIC TERMS AND DEFINITIONS

2.1. The Company shall be “I Travel SPb” Limited Liability Company, located at
192029, St Petersburg, Bolshoi Smolenskii pr. 2.
2.2. Website shall be a corpus of web pages united by a single address space of
www.itravelspb.com. The Website starting page providing access to all other webpages
of the Website is placed in the Internet at www.itravelspb.com.

2.3. Website administration shall be the associates authorised to manage the
Website on behalf of “I Travel SPb” Limited Liability Company, who process and / or
have personal data processed, as well as stipulate the purposes of processing personal
data, the scope of personal data to be processed, actions / operations to be conducted on
personal data.
2.4. Personal data shall be any information relating to explicitly or implicitly
identified or identifiable physical person, i. e. the personal-data subject.
2.5. Personal-data processing shall be any action / operation or a series of actions
/ operations conducted on personal data with or without application of automated aids,
including collection, recording, systematisation, accumulation, storage, refinement, i. e.
updating, amendment; extraction, usage, disclosure, i.e. distribution, provision, access;
anonymisation, blocking, deletion, destruction of personal data.
2.6. User shall be a person having access to the Website on the Internet and using
www.itravelspb.com.
2.7. Service shall be a tourist product, an object of placement, guide services /
offers, actions, events, excursions, tickets for concerts, festivals and other actions placed
on www.itravelspb.com.
2.8. Cookies shall be a small piece of data sent by a web server and kept on a
user’s computer, which the web user or the web browser sends to the web server in a
HTTP query when attempting to open a Website page.
2.9. IP address shall be a unique web address of a node in a computer network
built upon the IP protocol.

  1. COMPOSITION OF RECEIVED AND PROCESSED PERSONAL

DATA

2.1. The user data received and processed under this Policy shall come to the
Company in the following ways, viz.
2.1.1. The user shall provide the data by him / herself on the Website when filling
in contact forms and booking forms. The latter usually include the following information,
viz.

• user name;
• user contact phone number;
• user e-mail;
2.1.2. The software installed on the user device shall automatically deliver it to the
Company when the user visits and uses the Website. In this way, the Company finds out
his / her IP address, information from cookies, information of the user browser or another
program providing access to the Website, access time, requested page address, referrer,
i. e. previous page address.

  1. OBJECTIVES OF COLLECTING AND PROCESSING PERSONAL

DATA

3.1. The Company shall collect and process user personal data for the following
purposes, viz.
3.1.1. Conclusion and execution of contracts for Services to the user on behalf of
the Company and / or its Partners.
3.1.2. Communication with the user if and when necessary, including notification,
request forwarding and information transfer connected with Website use, booking and
rendering Services, as well as processing user’s requests and queries;

3.1.3. Efficient customer and technical support of the user in case of problems
connected with use of the Website;
3.1.4. Improving the Website in terms of quality and convenience for use;
3.1.5. Provided the user agrees, making him / her special offers, supplying with
price information and news and other data on behalf of the Company and / or its partners;
3.1.6. Advertising with consent of the user;
3.1.7. Statistical and other research on the basis of depersonalised data.
3.2. The personal data shall not be processed for the purposes different from those
stipulated by this article.

  1. GRANTING ACCESS TO PERSONAL DATA
    4.1. The Company shall provide safety of user personal data.
    4.2. The Company shall destroy or depersonalise personal data processed after
    the processing purposes have been accomplished or defeated, as well as if the user has
    withdrawn his / her consent to processing personal data.
    4.3. A user shall have a right to withdraw his / her consent to processing
    personal data by giving a written notice to the Company registered office at 192029, St
    Petersburg, Bolshoi Smolenskii Prospekt 2, marked Withdrawal of consent to processing
    personal data. Withdrawal of the user consent to processing personal data shall entail
    destruction of the records containing the personal data in the Company personal-data
    processing systems.
    4.4. Any user personal data shall be subject to confidentiality, except for the
    cases established in Article 4.5 of this Policy.
    4.5. The Company shall have a right to disclose user personal data to third
    parties in the following cases, viz.
    4.5.1. The user has explicitly expressed his / her consent to disclosure of his / her
    personal data;
    4.5.2. A disclosure of personal data is necessary for the Company or Company
    partners to render a certain service to the user. In this case, the personal information shall
    be kept confidential, and the user shall be notified of such a disclosure. The partners
    having contractual relations with the Company shall undertake to provide confidentiality
    of the information and guarantee its protection, as well as to use the information received
    only for the purposes of rendering the Services.
    4.5.3. A disclosure is stipulated by the Russian or another applicable legislation
    within the framework of an established procedure, viz. on the basis of a court decision,
    where required by law enforcement bodies etc.;
    4.5.4. A disclosure takes place within the framework of sale or another transfer of
    business, either in full or in part. In this case, the purchaser dealing with the personal
    information it has received shall assume all obligations to adhere to this Policy;
    4.5.5. With a view of protection of rights and legitimate interests of the Company.
    4.6. Should the personal data be lost or disclosed, the Company shall inform the
    user thereof.
  2. PROTECTION OF USER PERSONAL DATA
    5.1. The Company shall guarantee that the level of security of user personal data
    meets the Russian Federation Government Order dated November 01, 2012 No. 1119 On

approval of requirements to protection of personal data processed in personal-data
information systems.
5.2. The Company shall take necessary organizational and technical measures to
protect user personal data against wrongful or accidental access, destruction, amendment,
blocking, copying, distribution, as well as other wrongful actions of third parties in
compliance with the Federal Service for Technical and Export Control of Russia Order
dated February 18, 2013 No. 21 On approval of the list and the contents of
organizational and technical measures providing security of personal data processed in
personal-data information systems.
5.3. The Website of www.itravelspb.com shall have an SSL security certificate
enabling user – operator upload of the information coded to prevent its eavesdropping and
/ or abusing during the upload.

  1. RESPONSIBILITY

6.1. In case of failure to perform its obligations, the Company shall be liable for
the damage suffered by the user through wrongful usage of his / her / its personal data in
compliance with the legislation of the Russian Federation, except for the cases stipulated
by Article 6.2 of this Policy.
6.2. In case of loss or disclosure of the user personal data, the Company shall not
be liable if this information has come to the public domain before its loss or disclosure, or
was disclosed by the user or with the user consent.

  1. FINAL PROVISIONS

7.1. The Company shall have a right to amend and supplement this Policy. A
revised Policy shall come into force upon its publication at www.itravelspb.com, unless
otherwise stipulated by the revised Policy.
7.2. The relations arising in personal data processing and protecting and falling
out of the scope of this Policy shall be settled as prescribed by the current legislation of
the Russian Federation.
7.3. All suggestions or questions connected with processing and protecting
personal data by the Company shall be e-mailed toinfo@itravelspb.com.
7.4. Bank details of the personal data operator, viz.
«I Travel SPb» Limited Liability Company
Taxpayer’s Identification Number (INN): 7811471490
Tax Registration Reason (KPP): 781101001
All-Russian State Registration Number (OGRN): 1107847282146
Tour Operator Register No.: 013246
Address: 192029, St Petersburg, Bolshoi Smolenskii pr. 2
Tel.: (812) 931-87-27, (812) 936-44-89;
Fax: (812) 386-20-81

I Travel SPb