This Personal data processing and confidentiality policy (hereinafter referred to as the “Policy”) applies to all information that the website on the Internet at https://belukhavillage.ru/ (hereinafter referred to as the “Website”) may obtain about the User.

1.1. Personal Data (hereinafter referred to as “PD”) – any information relating directly or indirectly to a specific or identifiable individual (the Subject of the Personal Data), which is confidential information with limited access and does not constitute a state secret.

1.2. The Subject of the Personal Data (hereinafter referred to as the “Subject”) – an individual, the bearer of PD, whose personal data is transferred to the Operator for processing.

1.3. Personal Data Operator (hereinafter referred to as the “Operator”) – Individual Entrepreneur Andrey Borisovich Lukashkin, INN 772852253190, OGRNIP 321774600099702, address: 592, Building 2, 29 Golubinskaya Street, Moscow, 117463, Russia, email: ecoturism@dolinaltai.ru.

1.4. Processing of Personal Data – any action (operation) or a set of actions (operations) performed with or without the use of automation tools with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision, access), depersonalization, blocking, deletion, and destruction of personal data.

1.5. Website – the Operator's website on the Internet information and telecommunications network (address: https://belukhavillage.ru/), where this Policy is publicly available.

1.6. User – an individual who has access to the Website and uses it for their own purposes.

1.7. Cookies – a small piece of data sent by a web server and stored on the User's computer, which the web client or web browser sends to the web server each time in an attempt to open a page of the corresponding site.

2.1. Purpose
The Policy shall determine:
2.1.1. the Operator's actions in relation to the processing of Users' PD;
2.1.2. the procedure and conditions for the processing of Users' PD;
2.1.3. procedures aimed at preventing violations of the Russian legislation;
2.1.4. eliminating the consequences of violations related to the processing of PD.

2.2. The Policy does not apply to relations arising from the processing of PD of the Operator's employees, relatives of employees, former employees, applicants for vacant positions with the Operator.

2.3. Scope of Application
The Policy shall apply in particular but is not limited to the following:
2.3.1. During navigation on the Website;
2.3.2. When using the services offered on the Website;
2.3.3. During any other use of the Website.

2.4. Regulatory Framework
This Policy has been developed and is applied by the Operator on the basis of the following:
2.4.1. Federal law No.152 dated 27.07.2006 “On Personal Data” (hereinafter referred to as “FL-152”);
2.4.2. Decree of the Government of the Russian Federation No. 1119 dated 01.11.2012 “On Approval of Requirements for the Protection of Personal Data during Their Processing in Personal Data Information Systems”;
2.4.3. Decree of the Government of the Russian Federation No. 687 dated 15.09.2008 “On Approval of the Regulations on the Specifics of Processing Personal Data Carried Out Without the Use of Automation Means”;
2.4.4. Order of the Federal Service for Technical and Export Control No. 21 dated 18.02.2013 “On Approval of the Composition and Content of Organizational Measures for Ensuring the Security of Personal Data during Their Processing in Personal Data Information Systems”, and other regulatory and non-regulatory legal acts governing the processing of personal data.

2.5. Legal Basis for Personal Data Processing
2.5.1. The Civil Code of the Russian Federation (Chapter 39 of the RF CC);
2.5.2. The Tax Code of the Russian Federation;
2.5.3. A contract to which the Subject of Personal Data is a party, a beneficiary, or a guarantor; as well as a contract concluded at the initiative of the Subject of Personal Data or a contract under which the Subject of Personal Data will be a beneficiary or a guarantor;
2.5.4. The Subject's Consent to the processing of personal data.

The Operator is guided by specific, predefined purposes for processing personal data (PD), in accordance with which the PD were provided by the Subject:

ОThe processing and storage of personal data shall be carried out in an automated manner.
The terms of processing and storage of personal data: until the purpose is achieved; upon withdrawal of consent for processing; or within the period established by the legislation of the Russian Federation.
The procedure for the destruction of personal data: by erasure or by other means that preclude the possibility of recovery.

4.1. The Subject has the right to:
4.1.1. Provide their PD and consent to their processing;
4.1.2. Receive information regarding the processing of their PD;
4.1.3. Require the Operator to clarify their PD, block or destroy them if the PD is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, and also take measures provided by law to protect their rights;
4.1.4. Revoke their consent to the processing of PD;
4.1.5. Other rights provided for by the current legislation of the Russian Federation.

4.2. The PD Subject is obliged to:
4.2.1 Provide the Operator with reliable information;
4.2.2. Notify the Operator of changes to their PD (if this is provided for by the existing legal relationship of the parties and is applicable to them);
4.2.3. Obtain consent from third parties whose PD is provided to the Operator;
4.2.4. Perform other duties stipulated by the legislation of the Russian Federation.

4.3. The Operator has the right to:
4.3.1. Process the Subject's PD in accordance with the stated purposes;
4.3.2. In the event of withdrawal of consent to the processing of PD, continue processing the Subject's PD if there are other legal grounds;
4.3.3. With the consent of the subject of PD, assign the processing of his / her PD to another person;
4.3.4. Require the Subject of PD to provide reliable PD;
4.3.5. Other rights provided by law.

4.4. The Operator is obliged to:
4.4.1. Ensure the confidentiality of PD. The Operator and other persons who have access to PD are obliged not to disclose to third parties or distribute PD without the consent of the PD Subject, unless otherwise provided by law;
4.4.2. Publish or otherwise provide unlimited access to the document defining its policy regarding the processing of PD, information on the implemented requirements for the protection of PD;
4.4.3. Take the necessary legal, organizational and technical measures or ensure their adoption to protect PD from unauthorized or accidental access to them, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other illegal actions in relation to PD;
4.4.4. Provide responses to requests and appeals of PD Subjects, their representatives and the authorized body for the protection of the rights of personal data subjects;
4.4.5. Bear other obligations provided for by law.

5.1. The Operator processes the Personal Data (PD) of Subjects by performing any action (operation) or a set of actions (operations) carried out with or without the use of automation means, including the following: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (provision), depersonalization, blocking, deletion, destruction, using databases located on the territory of the Russian Federation.
5.2. The Operator ensures the accuracy, sufficiency, and relevance of the PD in relation to the processing purposes and takes necessary measures to delete or clarify incomplete or inaccurate PD.
5.3. The Operator shall obtain PD through:
5.3.1. Personal provision by the Subject of PD when entering data on the Website;
5.3.2. Personal provision by the Subject within the framework of civil-law relations;
5.3.3. From third parties (clients, contractors).
5.4. The Operator obtains and begins processing the Subject's Personal Data (PD) from the moment of receiving their consent.
5.5. Consent to the processing of PD may be given by the Subject in any form that allows confirmation of its receipt, unless otherwise established by federal law: in written, electronic, or another form provided for by current legislation.
In particular, consent to the processing of PD is considered to be provided by the Subject by placing a special mark—a “checkmark” or “web beacon”—in a designated field on the Operator's Website.
5.6. The Operator's receipt of PD from other persons, as well as the commissioning of PD processing, is carried out on the basis of a contract containing terms regarding the procedure for processing and maintaining the confidentiality of the received PD.
5.7. The Operator does not process publicly available categories of PD of the Subjects.
5.8. The Operator does not process special categories of PD relating to race and ethnicity, political views, religious and philosophical beliefs, intimate life, or criminal records of the PD Subject, nor does it process biometric PD.
5.9. The Operator does not distribute the Subject's PD without their prior separate consent for the processing of PD that the Subject has authorized for distribution.
5.10. The Operator does not carry out cross-border transfer of Subjects' PD.
5.11. The list of persons authorized to process PD is determined by the Operator's order and internal local regulatory acts of the Operator.
5.12. If the Operator entrusts the processing of PD to third parties who are not its employees, on the basis of concluded contracts (or other grounds) that require them to have access to the PD of the Website users, the relevant data is provided by the Operator only after signing a corresponding agreement with the persons processing the PD on behalf of the Operator. This agreement must specify:
The list of actions (operations) with PD that will be performed by the person processing them;
The purposes of the processing;
The obligation of such person to maintain the confidentiality of PD and ensure the security of PD during their processing;
The requirements for the protection of the processed PD in accordance with Article 19 of the Federal Law “On Personal Data.”
5.13. For convenient use of the Website and to ensure its continuous improvement, the Website uses cookies. These files are stored in the browser of a computer, mobile phone, or other device after visiting most Internet resources. Cookies are necessary to maintain the Website's operation, development, and to collect analytical data.
The User may disable cookies; however, the Website administration does not guarantee the normal functioning of the Website in such cases.

6.1. Cessation of Processing
The Operator shall cease the processing of Personal Data (PD) in the following cases:
6.1.1. Achievement of the purpose of PD processing — within thirty days, unless otherwise provided for by a contract to which the PD Subject is a party, a beneficiary, or a guarantor;
6.1.2. Expiration of the PD Subject's consent — within thirty days;
6.1.3. Identification of unlawful processing of PD — within three days from the date of identification;
6.1.4. Inability to ensure the lawfulness of personal data processing — within ten working days;
6.1.5. Withdrawal of the PD Subject's consent, if the retention of PD is no longer necessary for the purposes of PD processing — within 30 days;
6.1.6. Provision by the User of information confirming that the PD was unlawfully obtained or is not necessary for the stated processing purpose — within 7 working days from the date such information is provided;
6.1.7. Upon the expiration of the established statutory retention periods.
6.1.8. Upon the termination of the Operator's business activities.

6.2. Withdrawal of Consent to Personal Data Processing
6.2.1. The Subject of Personal Data may at any time withdraw their consent to the processing of their Personal Data (PD), provided that such a procedure does not violate the requirements of the legislation of the Russian Federation. In the event that the Subject withdraws consent to the processing of PD, the Operator has the right to continue processing the PD without the Subject's consent only if there are grounds specified in Federal Law No. 152-FL (“FL-152”).
6.2.2. To withdraw consent to the processing of PD, it is necessary to submit a corresponding application in written form to the Operator's address specified in clause 1.3 of this Policy, or in electronic form by sending it to the Operator's email address: ecoturism@dolinaltai.ru.
6.2.3. In the event that the Subject withdraws consent to the processing of their PD, the Operator shall cease their processing or ensure the cessation of such processing (if the processing is carried out by another person acting on behalf of the Operator). Furthermore, if the retention of PD is no longer necessary for the purposes of their processing, the Operator shall destroy the PD or ensure their destruction (if the processing is carried out by another person acting on behalf of the Operator) within a period not exceeding 30 (thirty) days from the date of receipt of the said withdrawal, unless otherwise provided for by a contract to which the Subject of PD is a party, a beneficiary, or a guarantor, another agreement between the Operator and the Subject, or unless the Operator is not entitled to process PD without the Subject's consent on the grounds provided for by FL-152 or other federal laws.

7.1. When processing Personal Data (PD), the Operator shall apply legal, organizational, and technical measures and ensure their implementation to protect PD from unlawful or accidental access, destruction, modification, blocking, copying, provision, distribution of PD, as well as from other unlawful actions. These measures are implemented in accordance with the requirements for ensuring the security of PD during their processing in personal data information systems, requirements for physical storage media of PD, and technologies for storing such data outside personal data information systems, as established by the Government of the Russian Federation
7.2. Measures for the protection of Personal Data (PD) are defined by the Regulations, Orders, Instructions, and other internal/local regulatory acts of the Operator.
7.3. The Operator takes measures that are necessary and sufficient to ensure the fulfillment of the obligations stipulated by the laws of the Russian Federation and the regulatory legal acts adopted in accordance with them.
7.4. The Operator independently determines the composition and list of measures necessary and sufficient to ensure the fulfillment of the obligations provided for by the Federal Law “On Personal Data” and the regulatory legal acts adopted in accordance with it, unless otherwise provided by the said law or other federal laws.
These measures include, but are not limited to appointing a person responsible for organizing the processing of PD; issuing a document defining the Operator's policy regarding the processing of PD, and internal/local acts on the processing of PD; familiarizing the Operator's employees who directly process PD with the provisions of the Russian legislation on PD, including the requirements for the protection of PD, documents defining the Operator's policy regarding the processing of PD, internal/local acts on the processing of PD, and/or training the said employees; other measures to ensure the security of PD applied by the Operator.

8.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7 of Article 14 of Federal Law No. 152-FL, shall be provided by the Operator to the personal data subject or their authorized representative upon application or upon receipt of a request from the personal data subject or their representative.
The information provided shall not include personal data relating to other personal data subjects, except in cases where there are lawful grounds for the disclosure of such personal data.
8.2.1. The request shall contain: the number of the primary identity document of the personal data subject or their representative, information on the date of issue of the said document and the issuing authority; information confirming the participation of the personal data subject in relations with the Operator (contract number, date of contract conclusion, conventional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator; the signature of the personal data subject or their representative.
8.2.2. The request may be submitted:
in written form to the Operator's address: 592, Building 2, 29 Golubinskaya Street, Moscow, 117463, Russia; in electronic form to the Operator's email address: ecoturism@dolinaltai.ru.
If the application (request) of the personal data subject does not contain all the necessary information as required by the Law on Personal Data, or if the subject does not have the right to access the requested information, a motivated refusal will be sent to them.
8.3. The right of the personal data subject to access their personal data may be restricted in accordance with Part 8 of Article 14 of Federal Law No. 152-FL, including cases where the access of the personal data subject to their personal data violates the rights and legitimate interests of third parties.
8.4. The Operator undertakes to review and send a response to the received request within 10 (ten) business days from the date of receipt of the application.

9.1. The Operator shall be liable for the intentional disclosure of the User's Personal Data in accordance with applicable legislation.
9.2. The Operator shall not be held liable in the event of loss or disclosure of Personal Data if such confidential information:
9.2.1. Became public knowledge before its loss or disclosure.
9.2.2. Was obtained from a third party before it was received by the Operator.
9.2.3. Was obtained by third parties through unauthorized access to the Website's files.
9.2.4. Was disclosed with the User's consent.
9.3. The User shall be responsible for the lawfulness, accuracy, and truthfulness of the provided Personal Data in accordance with applicable legislation.

10.1. Prior to filing a lawsuit in court regarding disputes arising from the relationship between the Website User and the Operator, it is mandatory to submit a claim (a written proposal for the voluntary settlement of the dispute).
10.2. The recipient of the claim shall, within 30 calendar days from the date of receiving the claim, notify the claimant in writing about the results of the claim's review.
10.3. If an agreement is not reached, the dispute shall be referred to a court for resolution in accordance with the legislation of the Russian Federation.
10.4. The legislation of the Russian Federation shall apply to this Policy and the relationships between the User and the Operator.

11.1. This Policy and any amendments thereto shall be approved by the Operator, are binding on all employees with access to the Subjects' Personal Data, and enter into force on the day of their approval.
11.2. The Operator has the right to amend this Policy without the consent of the Subject.
11.3. The Operator ensures publication or otherwise provides unrestricted access to this Policy defining the Operator's policy regarding the processing of Personal Data, including but not limited to, publishing it on the official website at: https://belukhavillage.ru/.
11.4. The new version of the Policy enters into force from the moment of its publication.
11.5. All issues related to the processing of Personal Data not regulated by this Policy shall be resolved in accordance with the current legislation of the Russian Federation in the field of personal data, as well as other internal regulatory acts adopted by the Operator in this field.

Individual Entrepreneur Andrey Borisovich Lukashkin
INN 772852253190, OGRNIP 321774600099702
address: Building 2, 29 Golubinskaya Street, Moscow, 117463, Russia
ecoturism@dolinaltai.ru