The personal data processing policy (hereinafter referred to as the Policy) in Linder Group Limited Liability Company, Shakhtyor Hotel (hereinafter referred to as the Enterprise) has been developed in accordance with the legislation of the Republic of Belarus and defines the procedure for processing personal data and measures to ensure the security of personal data.The purpose of the Policy is to comply with the requirements of the legislation of the Republic of Belarus on personal data and protect the interests of personal data subjects.The provisions of this Policy are the basis for organizing work on processing personal data at the Enterprise, including for the development of local regulatory legal acts governing the process of processing personal data at the Enterprise.The requirements of this Policy are mandatory for all employees of the Enterprise.BASIC TERMS AND DEFINITIONS
Personal data – any information related to an identified individual or an individual who can be identified.Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons.Distribution of personal data – actions aimed at familiarizing an indefinite group of persons with personal data.Protection of personal data – a set of measures (organizational, administrative, technical, legal) aimed at protecting against unauthorized or accidental access to personal data, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.Processing of personal data – any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion of personal data.Publicly available personal data – personal data disseminated by the Subject of personal data themselves or with their consent or disseminated in accordance with the requirements of legislative acts.Depersonalization of personal data – actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data.Cross-border data transfer – transfer of personal data to the territory of a foreign state.Deletion of personal data – actions as a result of which it becomes impossible to restore personal data in information resources (systems) containing personal data and (or) as a result of which tangible carriers of personal data are destroyed.Enterprise – a person who independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data subject to processing, actions (operations) performed with personal data.Subject of personal data – an individual, including an individual entrepreneur, who is directly or indirectly determined using personal data.Employee of the Enterprise, employee – an individual who has concluded an employment agreement (contract) with Linder Group LLC, Shakhtyor Hotel;Website – a set of graphic and information materials, texts, designs, video materials and other results of intellectual activity of the Enterprise, as well as computer programs that ensure their availability on the Internet at the network address soligorsk-hotel.byUser – Subject of personal data processing, including an employee of the Enterprise and a visitor to the website soligorsk-hotel.byPROCESSING AND STORAGE OF PERSONAL DATA
The enterprise processes personal data using automation tools and without using such tools, as well as in a mixed manner for the following purposes:User identification;implementation of enterprise activities in accordance with the Charter;maintenance of personnel records;assistance to employees in employment, education and career advancement, ensuring personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property;formation of reference materials for internal information support of the enterprise's activities;attraction and selection of job candidates;organization of registration of employees for individual (personalized) accounting in the compulsory pension insurance system;completion and submission to executive authorities and other authorized organizations of the required reporting forms;implementation of civil law relations;accounting;implementation of access control.The enterprise undertakes and obliges other persons who have gained access to personal data not to disclose them to third parties and not to distribute them without the consent of the subject of personal data, unless otherwise provided by the legislation of the Republic of Belarus.CLASSIFICATION OF PERSONAL DATA AND PERSONAL DATA SUBJECTS
Personal data includes any information related to a directly or indirectly identified or determinable individual (Personal Data Subject), processed by the Enterprise to achieve the purposes specified in paragraph 1.The Enterprise does not process special categories of personal data related to racial, political views, religious or other beliefs, or sexual life.Processed personal data - data reflecting the last name, first name, and patronymic; identification number; date, month, year of birth; telephone number; email; address; photo; biographical data; other information that is required from the User - an individual.Also, the Enterprise's website soligorsk-hotel.by collects and processes anonymized data about visitors using Internet statistics services (Yandex.Metrica, Google Analytics, etc.).The Enterprise processes personal data of the following categories of Personal Data Subjects:candidates for vacant positions;employees of the Enterprise;counterparties-individuals;visitors of the Enterprise;persons who sent an appeal to the Enterprise;visitors of the website of the Enterprise; METHODS AND TERMS OF PERSONAL DATA PROCESSING
The Company processes personal data using automation tools and without using such tools, as well as in a mixed manner for the purposes specified in the Policy.Personal data are stored:on paper;in the form of computer files;in specialized information systems of the Company that ensure the processing and storage of information.The processing of personal data is terminated upon the occurrence of one or more of the following events:the User withdraws his/her consent to the processing of his/her personal data;the purposes of their processing are achieved;the subject's consent has expired or he/she has withdrawn his/her consent to the processing of personal data;illegal processing of personal data is detected;the Company's activities are terminated.PROCEDURE FOR OBTAINING CONSENT FROM THE PERSONAL DATA SUBJECT AND THE FORM OF OBTAINING IT
The processing of personal data of the Personal Data Subject is carried out with his consent, as well as without such consent, if the processing of personal data is necessary for the performance of an agreement to which the Personal Data Subject is a party (for the conclusion of such an agreement) or in other cases stipulated by the legislation on personal data.Consent may be obtained in writing, in the form of an electronic document or in another electronic form.Consent is given once upon employment for employees of the Enterprise, when considering candidates for work at the Enterprise.BASIC RIGHTS OF PERSONAL DATA SUBJECTS AND RESPONSIBILITIES OF THE ENTERPRISE
The personal data subject has the right to:receive information concerning the processing of his personal data in the manner, form and timeframes established by the legislation on personal data;demand clarification of his personal data, their blocking or destruction if the personal data are incomplete, outdated, inaccurate, illegally obtained, are not necessary for the stated purpose of processing or are used for purposes not previously declared when the personal data subject provided consent to the processing of personal data;take measures provided by law to protect his rights;revoke his consent to the processing of personal data;exercise other rights provided by law.The enterprise, within five working days after receiving the application, provides the applicant with information in an accessible form concerning the processing of his personal data;The Company, within fifteen days of receiving the application:to terminate the processing of personal data, deletes them and notifies the applicant thereof. If it is not technically possible to delete personal data, the Company shall take measures to prevent further processing of personal data, including blocking them, and notifies the applicant thereof within the same period;to make changes to personal data, makes changes and notifies the applicant thereof or notifies of the reasons for refusing to make such changes;provides the applicant with information on what personal data and to whom were provided during the year preceding the date of filing the application, or notifies the applicant of the reasons for refusing to provide such information.The Company, within five working days of receiving the application, shall provide the applicant with information in an accessible form concerning the processing of his personal data;The Company, within fifteen days of receiving the application:to terminate the processing of personal data, deletes them and notifies the applicant thereof. If it is not technically possible to delete personal data, the Company shall take measures to prevent further processing of personal data, including blocking them, and notifies the applicant thereof within the same period;to make changes to personal data, makes changes and notifies the applicant thereof or notifies of the reasons for refusing to make such changes;provides the applicant with information on what personal data and to whom were provided during the year preceding the date of filing the application, or notifies the applicant of the reasons for refusing to provide such information.The Company shall be obliged to comply with other requirements of the authorized body for the protection of the rights of personal data subjects to eliminate violations of the legislation on personal data, and to fulfill other obligations stipulated by the legislation on the protection of personal data and other legislative acts. ORGANIZATION OF A PERSONAL DATA PROCESSING MANAGEMENT SYSTEM
The Company transfers personal data to state and other bodies (organizations), other persons within the scope of their powers in accordance with the legislation of the Republic of Belarus.Access to the processed personal data is provided only to those employees of the Company who need it in connection with the performance of their official duties and in compliance with the principles of personal responsibility.The processing of personal data is terminated upon achieving the goals of such processing, as well as upon expiration of the period stipulated by the legislation on personal data, the agreement, or the consent of the Subject of personal data to the processing of his personal data.The processing of personal data is carried out in compliance with confidentiality, which is understood as the obligation not to disclose personal data to third parties without the consent of the Subject of personal data, unless otherwise provided by the legislation on personal data.The Company takes the necessary and sufficient legal, organizational and technical measures to protect the personal data of Users from unauthorized or accidental access to them, destruction, modification, blocking, copying, distribution, as well as from other illegal actions.The processing and storage of personal data is carried out in accordance with the legislation and the internal rules and regulations of the Enterprise.FINAL PROVISIONS
For violation of the requirements of this Policy (other local regulatory legal acts of the Enterprise adopted in development of its provisions), including those related to non-compliance with the principles and conditions for processing personal data of individuals, as well as for disclosure or illegal use of personal data, the Enterprise and Employees bear civil, administrative and other liability in accordance with the legislation of the Republic of Belarus. The current version of the Policy is freely available on the Internet at soligorsk-hotel.byIf necessary, the Company unilaterally makes the appropriate changes to the Policy and then posts them on the website. The subjects independently receive information about the changes on the website.Video Surveillance Polic:(approved by order of the director of Linder Group LLC, Shakhtyor Hotel dated 02.04.2025 No. 17)1. The video surveillance policy has been developed in accordance with the Regulation on video surveillance at Linder Group LLC, Shakhtyor Hotel (hereinafter referred to as the Hotel), in order to explain to the subjects of personal data the purposes of processing their images. Captured by the Hotel's video surveillance cameras and reflects the rights that the subjects of personal data have in this regard and the mechanism for implementing them.2. Video surveillance at the Hotel is carried out for the following purposes:- compliance with the requirements of the legislation on equipping the Hotel with video surveillance systems to monitor the state of public safety as an object subject to mandatory equipment with such means;- ensuring industrial, technological, executive and labor discipline.3. Video surveillance at the Hotel:- is carried out using open-type cameras;- in some places it is carried out with sound recording;- is carried out around the clock and continuously;- is carried out in accordance with Decree No. 527, paragraph twenty of Article 6 of the Law of the Republic of Belarus dated 07.05.2021 No. 99-Z "On the Protection of Personal Data", Resolution No. 1164.Video surveillance is permitted at the workplaces of those employees whose work is associated with hazardous working conditions, material assets (money), with continuous customer service.4. Video surveillance is not used:- to record the time actually worked by Hotel employees;- for unique identification of persons depicted in the video recording. Video recordings are not used in a manner inconsistent with the stated purposes. Video recordings are not used for personal or other purposes not related to professional activities and are not subject to modification, use, distribution or provision, except in cases stipulated by legislative acts. Video surveillance is not aimed at collecting personal information about a specific person.Video surveillance systems are not installed in places and premises intended for personal needs (rooms, utility rooms, rest rooms and dining rooms, restrooms, etc.). Installation of devices intended for covert receipt of video information (hidden cameras, listening devices) is not carried out and is prohibited.Video surveillance at workplaces of employees whose work is not related to hazardous working conditions, material assets (money), or continuous customer service is not carried out and is prohibited. Selective video surveillance at workplaces of individual employees is prohibited.5. The video surveillance system includes a number of devices: open video surveillance cameras, monitors, recording devices.Video surveillance cameras cover the following space:- the area adjacent to the Hotel (perimeter);- the entrance group (inside the hotel);- the lobby of the Hotel on the first floor;- the reception area (with sound recording);- elevator;- elevator halls and corridors of the Hotel from the 2nd to the 5th floor;- the courtyard of the Hotel;- parking spaces.Employees and visitors of the Hotel are prohibited from blocking, covering cameras or in any other way interfering with video surveillance. 6. The storage period for video recordings is 30 calendar days. After this period, video recordings are automatically deleted. If information is received about a possible recording by video surveillance cameras of a situation that has signs of a disciplinary offense, administrative offense, or criminal offense, upon oral instructions from the hotel director (the person acting in his/her capacity), the storage period for such video recordings may be extended for the duration of the relevant events.7. Transfer of video surveillance recordings to a third party is permitted only in exceptional cases (at the request of competent government agencies).The issue of transferring recordings to third parties is decided by the Hotel director (the person acting in his/her capacity).8. The personal data subject has the right:8.1. to receive information regarding the processing of their personal data at the Hotel, containing information about the location of the Hotel, confirmation of the fact of processing the personal data of the applicant at the Hotel, their personal data and the source of their receipt, the legal grounds and purposes of processing personal data, and other information provided for by law;8.2. to receive information from the Hotel about the provision of their personal data processed at the Hotel to third parties. This right can be exercised once per calendar year, and the provision of the relevant information is free of charge; 8.3. to appeal the actions (inactions) and decisions of the Hotel that violate their rights when processing personal data, in court in the manner prescribed by civil procedural legislation. 8.4. To exercise their rights related to the processing of the image of the personal data subject recorded by the Hotel's CCTV cameras, the personal data subject submits a written application to the Operator to the Operator's postal address: st. K. Zaslonova, 34-1, 223710, Soligorsk or in the form of an electronic document to the e-mail address: ooo.lindergroup@mail.ru.The application of the personal data subject must contain: the last name, first name, patronymic (if any) of the personal data subject, the address of the place of residence (place of stay) of the personal data subject, the date of birth of the personal data subject, a statement of the essence of the personal data subject's requirements, a personal signature (for an application in writing) or an electronic digital signature (for an application in the form of an electronic document) of the personal data subject.Due to the fact that the Hotel does not use video surveillance for the unique identification of persons depicted in the video recording, and the storage period of video recordings is 30 days (unless otherwise specified by this Regulation), the statement of the essence of the personal data subject's requirements must contain the date and time period of recording the image of the personal data subject. The time period is determined within an hourly interval. The response to the application of the personal data subject is sent to him/her in the form corresponding to the application form, unless otherwise specified in the application itself.9. In order to ensure the principle of transparency of video surveillance: employees and visitors of the Hotel are informed about video surveillance using special information signs (plates) placed at the entrance to the Hotel and in common areas; The video surveillance policy is posted at the reception and on the official website of the Hotel soligorsk-hotel.by.10. For assistance in exercising rights related to the processing of personal data in the Hotel, the personal data subject may contact the person responsible for the implementation of internal control over the processing of personal data of the Operator by sending a message to the e-mail address: ooolindergroup@mail.ru.PROCESSING OF PERSONAL DATA
Based on the concluded agreements, Linder Group LLC entrusts the processing of personal data of Linder Group LLC clients purchasing goods on the website www.romashka.by to the following authorized persons (hereinafter referred to as AP):Name AP, PIN | Location of AP | Purpose of processing personal data | List of personal data processed | List of actions of the UL for processing personal data | Processing time |
LLC "IKomCharge" PIN 191670289 | Republic of Belarus, Minsk, Dzerzhinsky Ave., 104, office 1801 | Providing technical capability for making payments using bank plastic cards | Cardholder's first and last name, bank card number, CVC/CVV, email address, order ID | Collection, systematization, storage, use, provision, deletion of personal data | 5 years from the date of payment |
After payment, IComCharge LLC sends a card check to the e-mail address specified during payment.
When specifying a telephone number when generating a payment through the AIS "Calculation", LLC "IKomCharge" sends a registration SMS message stating that a payment request has been generated in the AIS "Calculation".