Privacy Policy

This Personal Data Processing Policy (hereinafter – the Privacy Policy) is developed in accordance with Federal Law dated 27 July 2006 No.152-FZ “On Personal Data” (hereinafter – FZ “On Personal Data”) and it is intended to determine the rules for personal data processing and measures to ensure the security of personal data about individuals to be received by Gosha Limited Liability Company (PSRN 1197746363792) (hereinafter referred to as the Operator).

1 General definitions

1.1 Personal data - any information related directly or indirectly to an identified or identifiable Personal Data Subject.

1.2 Website - a set of graphic and information materials, as well as computer programs and databases, ensuring their availability on the Internet site at: https://gosha.travel/en/ and on all subdomains created on its basis.

1.3 Mobile application – “goSha” mobile application, which is a software designed to work on smartphones, tablets and other mobile devices, developed for iOS and Android platforms.

1.4 Personal data processing - any action (operation) or a combination of actions (operations) performed using automation tools or without using such tools with personal data, including:

1.5 Automated personal data processing - personal data processing using computer technologies.

1.6 Distribution of personal data - actions aimed at the disclosure of personal data to an indefinite group of persons.

1.7 Providing personal data - actions to disclosure of personal data to a certain person or a certain group of persons.

1.8 Personal data blocking - temporary termination of personal data processing (unless the processing is necessary to clarify personal data).

1.9 Destruction of personal data - actions, as a result of which it becomes impossible to restore the content of personal data in the personal data information system and (or) as a result of which material carriers of personal data are destroyed.

1.10 Anonymization of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the ownership of personal data to a particular Personal Data Subject.

1.11 Anonymization of personal data - actions, as a result of which it becomes impossible without the use of additional information to determine the ownership of personal data to a particular Personal Data Subject.

1.12 Cross-border personal data transfer - personal data transfer to the territory of a foreign state to a foreign government authority, a foreign individual or a foreign legal entity.

1.13 Personal data operator - a legal entity that independently or jointly with other persons organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

1.14 Personal Data Subject - an individual to whom the relevant personal data relates.

1.15 User - an individual to whom the relevant personal data relates, viewing the contents of the Site, Mobile Application and / or using the functionality of the Site, Mobile Application under the terms of Operator’s User Agreement. The terms and conditions of User Agreement are posted on https://gosha.travel/en/user-agreement/ (hereinafter - the Agreement).

1.16 Client - any legal entity or individual entrepreneur who shall provide hotel services and accepts the terms of the Operator's offer. The terms and conditions of the offer are posted on https://gosha.travel/offer/.

1.17 Subdomain - pages or a collection of pages located on third-level domains belonging to the site https://gosha.travel/en/, as well as other temporary pages, at the bottom of which the contact information of the Operator is indicated.

1.18 Cookies - a small piece of data sent by a web service and stored on the PC of Personal Data Subject, which the browser sends to the web server each time in an HTTP request while attempting to open the page of the corresponding site.

1.19 IP-address - a unique network address of a node in a computer network through which the Personal Data Subject gets access to the Site.

2 General Terms

2.1 Information about the Operator:

2.1.1 The Operator is Gosha Limited Liability Company (PSRN 1197746363792).

2.1.2 The Operator conducts its activities at the address: Apt. 126, 10, Rimsky-Korsakov street, Moscow, 127566, Russia.

2.2 The current version of this Privacy Policy is available on the Operator’s website at: https://gosha.travel/privacy-policy/ . All categories of Personal Data Subjects provided for in this Privacy Policy shall familiarize themselves with the text of this Privacy Policy.

2.3 The transfer of personal information by Personal Data Subject means the unconditional consent of the Personal Data Subject with the terms of the Privacy Policy and the conditions for his personal data processing specified herein. In case of disagreement with the terms of the Privacy Policy, the Personal Data Subject shall refrain from transmitting personal information to the Operator.

2.4 The Privacy Policy (including any of its parts) may be changed by the Operator without any special notice and without payment of any compensation in connection with this. The new version of the Privacy Policy comes into force from the moment it is posted on the Operator's website.

2.5 Accepting the terms of the Privacy Policy, the Personal Data Subject expresses his personal data processing consent by the Operator relating to the Personal Data Subject for the purposes provided for in the Privacy Policy.

2.6 Using the Site and its services subject to a web browser that accepts data from cookies means expressing the consent of the Personal Data Subject that the Operator is entitled to collect and process data from cookies in order to improve the Site, its content, its functionality. Disabling and / or blocking by the Personal Data Subject of the option of a web browser for receiving data from cookies means that the Subject's use of personal data of the Site shall be limited, in particular, of some of its functions.

2.7 The Operator shall not verify the accuracy of the personal information provided by the Personal Data Subject.

3 The purpose of processing and the composition of information about Users that the Operator shall receive and process

3.1 This Privacy Policy applies to the following types of personal information:

3.1.1 Personal information shall be posted by the Users. Personal information obtained in this way includes:

3.1.2 Data automatically transferred to the Mobile application, to the Site in the process of their use subject to the software installed on the User’s device, including IP address, individual network number of the device (MAC address, device ID), electronic serial number (IMEI, MEID), data from cookies, information about the browser, operating system, access time, user search queries.

3.2 The Operator shall collect and process only that information about Users, including their personal data, which is related to the achievement of the following goals:

3.2.1 Registration of the User in the Mobile application, on the Site, as well as recovery of the User password required for authorization of the User in the services of the Mobile application, Site;

3.2.2 execution of email marketing and newsletters;

3.2.3 personalized appeal to the User upon receipt of messages from the User and / or sending messages to the User’s address;

3.2.4 for administration and protection of the Mobile application, Site, including troubleshooting, data analysis, testing, system maintenance, support, reporting and data placement.

3.3 The Operator shall request the User’s consent to such actions to use as needed personal information about Users for purposes not provided for in the Privacy Policy.

4 The purpose of processing and the composition of information about Customers and their representatives, which the Operator shall receive and process

4.1 This Privacy Policy applies to the following types of personal information:

4.1.1 Personal information shall be posted by the Customer. Personal information obtained in this way includes:

It is prohibited to provide by the Customer with personal data of third parties without permission from third parties to such distribution, or if such personal data of third parties has not been received by the Customer from publicly available sources of information.

4.1.2 Data automatically transferred to the Mobile application, the Site in the process of their use subject to the software installed on the Client’s device, including IP address, individual network number of the device (MAC address, device ID), electronic serial number (IMEI, MEID), data from cookies, information about the browser, operating system, access time, search queries of the Client

4.1.3 Data additionally provided by Customers on the Operator’s request for the fulfillment of the Operator’s obligations to Customers regarding the use of the services of the Mobile Application, the Site.

4.2 The Operator shall collect and process only that information about Customers, including their personal data, which is related to the achievement of the following goals:

4.2.1 fulfillment the obligations which arise out or shall arise out with the Operator in the course of fulfillment the contract with the Customer, including for the implementation by the Operator and / or his authorized representatives of contacts with the Customer;

4.2.2 execution of email marketing and newsletters;

4.2.3 for administration and protection of the Mobile application, Site, including troubleshooting, data analysis, testing, system maintenance, support, reporting and data placement.

4.3 The Operator shall request the Customers’ consent to such actions to use as needed personal information about Users for purposes not provided for in the Privacy Policy.

5 The purposes of processing and the composition of information on counterparties - individuals, employees of counterparties of individual entrepreneurs and legal entities (hereinafter - counterparties), which the Operator shall receive and process

5.1 This Privacy Policy applies to the following types of personal information:

5.1.1 Personal information provided by counterparties. Personal information obtained in this way includes:

It is prohibited to provide by the counterparty with personal data of third parties without permission from third parties to such distribution, or if such personal data of third parties has not been received by the counterparty from publicly available sources of information.

5.1.2 Other information about counterparties, collection and / or processing of which is established by the contract.

5.2 The Operator shall collect and process only that information about employees, including their personal data, which is related to the achievement of the following goals:

5.2.1 conclusion of contracts and fulfillment of contractual obligations;

5.2.2 fulfillment of requests of state bodies.

6 Legal authority for personal data processing

6.1 The Privacy Policy is developed in accordance with item 2, part 1, clause 18.1 of FZ “On Personal Data”.

6.2 The Privacy Policy contains information subject to disclosure in accordance with part 1, clause 14 of FZ “On Personal Data”, and is a public document.

6.3 Legal authority for personal data processing is:

6.4 The Operator shall process personal information, including personal data only if:

6.4.1 processing is necessary for the fulfillment of contractual obligations by the Operator to the Personal Data Subjects.

6.4.2 processing is necessary to comply with legal obligations.

6.4.3 when stipulated by applicable law, processing is necessary to ensure the legitimate interests of the Operator if such processing does not significantly affect the interests, fundamental rights and freedoms of the Personal Data Subject. Under processing personal information on this basis, the Operator shall always strive to maintain a balance between its legitimate interests and the protection of the confidentiality of the Personal Data Subject.

7 Personal data processing of Personal Data Subjects

7.1 In most cases, personal data is processed automatically without access by the Operator. If such access is needed, then it shall be granted only to those people who need it to perform their tasks. In order to protect and ensure the confidentiality of data, all persons shall comply with internal rules and procedures regarding the personal data processing. They shall also follow all technical and organizational security measures in place to protect personal data.

7.2 Personal data of Russian Personal Data Subjects is stored in the Russian Federation. The Operator shall record, systematize, accumulate, store, clarify (update, change), extract personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.

7.3 The Operator has implemented sufficient technical and organizational measures to protect personal data from unauthorized, accidental or illegal destruction, loss, alteration, unfair use, disclosure or access, as well as other illegal forms of processing. These security measures were implemented in terms of the current level of technology, the cost of their implementation, the risks associated with the processing and nature of personal data, including the following measures:

7.4 The Operator shall store personal data for as long as necessary to achieve the purpose for which they were collected, or to comply with legal requirements and regulatory enactments.

7.5 The Operator shall transfer personal data to other third parties in the event that the Personal Data Subject agreed to such actions or the transfer is provided for by the legislation of the Russian Federation.

7.6 The Personal Data Subject is hereby notified and agrees that the Operator is entitled to receive personal data of third parties to be provided by the Personal Data Subject upon using the Site, Mobile Application and use them to implement certain functions of the Site, Mobile Application, provided that the Personal Data Subject guarantees the consent of third parties whose data is provided by the Personal Data Subject upon using the Site, the Mobile Application for processing by the Operator, in order to, provided for by the Privacy Policy, as well as the transfer of such data in cases listed in the Privacy Policy.

7.7 The Personal Data Subject is hereby notified and agrees that the Operator is entitled to receive statistical anonymized (without reference to the Personal Data Subject) data on the actions of the Personal Data Subject upon using the Site, Mobile Application.

7.8 The Personal Data Subject is entitled upon request, to receive information from the Operator regarding their personal data processing.

8 The rules for withdrawing consent to the processing of personal data, updating and correction of personal data, answers to requests for access to personal data

8.1 The Personal Data Subject is entitled to revoke the consent and permission to process personal data at any time, as well as refuse to inform and send, by sending a message to the e-mail reject@gosha.travel.

8.2 The Personal Data Subject is entitled to demand removal, correction, updating of personal data, to demand restriction of the processing of personal data or to object to the processing of personal data when provided for by applicable law. The Operator shall respond to these requests in accordance with applicable law.

8.3 In case of confirmation of the inaccuracy of personal data or the illegality of their processing, personal data shall be updated by the Operator, and processing shall be stopped.

8.4 The Operator shall inform the Personal Data Subject or his representative about the processing of his personal data by the Operator upon request.

8.5 Upon reaching the goals of processing personal data, as well as in the event that the User withdraws consent to their processing, personal data shall be destroyed if:

The rules for responding to requests / appeals of personal data subjects and their representatives, authorized bodies.

9.1 The Subject is entitled to send a request both in writing and in electronic form.

9.2 The written requests of the Personal Data Subjects include any written requests of the Personal Data Subjects sent to the Operator, including appeals sent through post offices.

9.3 The electronic requests of Personal Data Subjects include requests sent by e-mail. In this case, the request is signed subject to the Digital Signature of the Personal Data Subject in accordance with the legislation of the Russian Federation. The Operator shall not process requests related to the transfer or disclosure of Personal data received by phone or fax, due to the inability to ascertain the identity of the Personal Data Subject.

9.4 ПThe rules for considering requests and appeals from the Personal Data Subjects. A written answer to the Personal Data Subject shall be sent by the Operator, regardless of the request form of the Personal Data Subject (written or electronic) and the results of the consideration of the request or appeal. Preparation of answers to the Personal Data Subject is carried out by the Operator. Requests and appeals of Personal Data Subjects are checked for:

9.5 If necessary, the Operator shall request additional information of the Personal Data Subject.

9.6 The deadline for providing an answer to the Personal Data Subject shall not exceed thirty (30) business days from the date of receipt of the appeal. The information provided to the Personal Data Subject in an accessible form shall not contain personal data relating to other Personal Data Subjects.

10 Miscellaneous

10.1 The Privacy Policy, the relationship between the Personal Data Subject and the Operator arising in connection with the application of the Privacy Policy, as well as issues not regulated by the Privacy Policy, are governed by the current legislation of the Russian Federation.

10.2 For Russian Personal Data Subjects, the Operator shall record, systematize, accumulate, store, clarify (update, change), extract personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation.

10.3 For users of Personal Data Subjects from the European Economic Area, the Operator shall take measures to ensure that such transfer of personal data is carried out in accordance with the applicable data protection rules of the European Union.

10.4 If the Personal Data Subject is located on the territory where the consent of the Personal Data Subject is required for the transfer of personal information to another jurisdiction, then using the Site, the Mobile Application, the Personal Data Subject gives the Operator his explicit and unambiguous consent to such transfer or storage, and / or processing of information in other specified jurisdictions, including Russia.

10.5 Personal Data Subjects are entitled to send to the Operator requests, suggestions or questions regarding this Privacy Policy by e-mail info@gosha.travel.

10.6 This Privacy Policy is executed on Russian and English languages. In case of any discrepancies, the Russian version shall prevail.