This Privacy Policy (hereinafter referred to as "Policy"):
- Applies to RAKETA LLC (hereinafter referred to as RAKETA), which is a data controller (within the meaning of this term as set forth in the General Data Protection Regulation 2016/679 EC), an operator (within the meaning of this term as set forth in the Federal Law of the Russian Federation No. 152-FZ "On Personal Data") or a base operator (within the meaning of this term as set forth in the Law of the Republic of Kazakhstan dated May 21, 2013 No. 94-V "On Personal Data and their Protection") registered at the address: 620028, Sverdlovsk region, Ekaterinburg city district, Ekaterinburg, Tatishcheva St., bldg. 20/2, office 4;
- Determines what information about the User (hereinafter referred to as "User's Personal Data") is collected by RAKETA and for what purposes RAKETA uses this information;
- Applies to all Contracts concluded between RAKETA and the Client/Agency;
- Defines the principles of processing of the User's Personal Data.
RAKETA considers confidentiality of information (personal data) as a fundamental principle of business conduct. Data protection policies and practices focus on the processing, transfer and storage of personal data in an appropriate and lawful manner to ensure its confidentiality, integrity and availability.
RAKETA collects, stores and processes Users' Personal Data on the territory of the Russian Federation, EU and Kazakhstan, depending on the location of the Client/Agent.
RAKETA website and mobile application comply with the requirements of Federal Law No. 152-FZ "On Personal Data", General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), Law of the Republic of Kazakhstan No. 94-V "On Personal Data and their Protection", which are binding legislative acts in the Russian Federation, EU and Kazakhstan, respectively.
The person responsible for ensuring the security of RAKETA's personal data shall continuously ensure compliance with the principles of this Policy and shall consider all issues related to the protection of personal data. The contact details of the Personal Data Security Officer to which the Passenger may send questions and complaints related to the processing of his/her Personal Data are as follows:
security@raketa.travel 1. RAKETA’S GUIDING PRINCIPLES IN THE PROCESSING OF PERSONAL DATARAKETA's privacy policy is based on the following principles:
- Personal Data is collected only for specific, clear and legitimate purposes and does not provide for further processing of the data that is incompatible with those purposes (purpose limitation);
- Processing of Personal Data is carried out in a lawful, fair and open manner (lawfulness, fairness and openness);
- The collection of Personal Data is limited to information necessary for the purposes for which the data is collected (data minimization);
- Personal data is accurate and will be deleted or corrected without delay if necessary (accuracy);
- Personal data is stored in a form that allows the identification of the data subject for the time necessary for the purposes for which the data was collected (storage limitation);
- Processing of Personal Data shall be carried out in a manner that ensures appropriate security of Personal Data, including protection against unauthorized or unlawful processing, as well as against accidental loss, damage or destruction, using appropriate technical and organizational measures (integrity and confidentiality).
- Data subjects have the right to access, modify or delete their Personal Data, to restrict processing, to object to it, and the right to data transfer.
2. PERSONAL DATA COLLECTIONRAKETA collects the following User’s Personal Data, as well as other data related to the provision of travel services to the user, when using the website, mobile site and mobile applications of RAKETA:
- Last name;
- Name;
- Patronymic;
- E-mail address;
- Contact number;
- Gender;
- Date of birth;
- Citizenship;
- Place of birth;
- Number and series of the citizen's passport;
- Copy of the passport of a citizen of the Russian Federation;
- Copy of the travel passport of a citizen of the Russian Federation;
- Copy of the passport of another country;
- Copy of the birth certificate;
- SNILS number.
Some pages of RAKETA's website, mobile site and mobile application use cookies. For more information, you can read our Cookie Policy.
3. PURPOSES OF USING USERS' PERSONAL DATARAKETA uses the information received from Users for the purposes of:
- Identification of the user when the Operator communicates with the User of the website.
- Marketing research and providing information on products and services.
- Hotel reservations;
- Buying Aeroexpress tickets;
- Buying airplane tickets;
- Buying train tickets;
- Organization of transfers;
- Other services.
Additionally, Personal Data can be transferred (including within the framework of transboundary transfer of Personal Data) by RAKETA company to partner organizations for the purpose of hotel booking, air and train tickets registration.
4. PROCESSING OF PERSONAL DATARAKETA performs the following actions (operations) with personal data: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data, with the use of automation tools, including in information and telecommunication networks, or without the use of such tools, if the processing of personal data without the use of such tools corresponds to the nature of actions (operations) performed with personal data with the use of automation, i.e. it allows to carry out, in accordance with a given algorithm, the search of personal data recorded on a tangible medium and contained in card indexes or other systematized collections of personal data, and/or access to such personal data.
Personal Data shall not be transferred to third parties, except in cases where such transfer is necessary for the fulfillment of obligations under the Agreements. RAKETA does not disclose Personal Data to third parties in order to provide an opportunity to advertise their products and services to RAKETA customers.
RAKETA may provide Personal Data in response to lawful requests by public authorities in order to comply with requirements set forth in applicable law, including, but not limited to, in compliance with court orders or other legal procedures initiated by authorized public authorities.
Terms of processing and storage of personal data of a User of RAKETA:
- shall be 3 years from the date of termination of the contract.
RAKETA may continue to process the personal data of the counterparty if there are grounds provided for by applicable law.
5. DESTRUCTION OF PERSONAL DATADestruction of personal data by RAKETA upon achievement of the purposes of personal data processing or upon occurrence of other legal grounds is carried out in compliance with the internal regulations.
In case of detection of unlawful processing of personal data, at the User's request RAKETA blocks the unlawfully processed personal data related to this User from the moment of such request for the period of verification.
In case of revealing inaccurate personal data, at the User's request RAKETA blocks personal data related to this User from the moment of such request for the period of verification, if the blocking of personal data does not violate the rights and legitimate interests of the User or third parties.
If the fact of inaccuracy of personal data is confirmed, RAKETA, based on the information submitted by the User or other necessary documents, clarifies the personal data within seven working days from the date of submission of such information and removes the blocking of personal data.
In case of detection of unlawful processing of personal data, RAKETA shall stop unlawful processing of personal data within a period not exceeding three working days from the date of such detection.
If it is impossible to ensure the lawfulness of personal data processing, RAKETA shall destroy such personal data within a period not exceeding ten working days from the date of detection of unlawful processing of personal data.
RAKETA notifies the User about elimination of the committed violations or destruction of personal data.
In case the fact of unlawful or accidental transfer (provision, distribution, access) of personal data resulting in violation of the User's rights is established, RAKETA shall notify the authorized body for the protection of the rights of personal data subjects or other interested person from the moment of detection of such incident:
- Within twenty-four hours, about the incident that occurred, about the alleged causes that led to the violation of the User's rights and the alleged harm caused to the User's rights, about the measures taken to eliminate the consequences of the incident, as well as provides information about the person authorized by RAKETA to interact with the authorized body for the protection of the rights of personal data subjects on issues related to the identified incident;
- Within seventy-two hours, on the results of the internal investigation of the identified incident, as well as provide information on the persons whose actions caused the identified incident (if any).
In case the purpose of personal data processing is achieved, RAKETA stops processing personal data and destroys personal data within a period not exceeding thirty days from the date when the purpose of personal data processing is achieved.
If the User revokes his/her consent to the processing of his/her personal data, RAKETA stops processing the personal data and, if the personal data retention is no longer required for the purposes of personal data processing, destroys the personal data within a period not exceeding thirty days from the date of receipt of the said revocation.
In case of User's request to RAKETA to stop processing of personal data, RAKETA shall stop their processing within a period not exceeding ten working days from the date of receipt of the corresponding request, except for the cases stipulated by the Law on Personal Data.
The specified term can be extended, but not more than for five working days in case RAKETA sends a motivated notification to the User, indicating the reasons for extending the term of providing the requested information.
If it is not possible to destroy personal data within the period specified above, RAKETA shall block such personal data and ensure the destruction of personal data within a period not exceeding six months, unless another period is established by federal laws.
After expiration of the normative storage period of the documents containing the User's personal data or upon occurrence of other legal grounds, the documents shall be destroyed.
RAKETA shall, for these purposes, assemble an expert commission and conduct an expert examination of the value of documents.
According to the results of the examination, the documents containing the User's personal data and subject to destruction:
- On paper, shall be destroyed by shredding in a shredder;
- In electronic form, shall be erased from information carriers or the carriers themselves on which the information is stored shall be physically destroyed.
6. TRANSFER OF PERSONAL DATAPersonal data is not transferred to third parties, except in cases in which such transfer is necessary for the fulfillment of obligations under the Agreement on provision of tourist services to the user. RAKETA does not disclose Personal Data to third parties in order to provide an opportunity to advertise their products and services to RAKETA customers.
RAKETA may provide Client Personal Data in response to lawful requests by governmental authorities to comply with applicable legal requirements, including, but not limited to, in compliance with court orders or other legal procedures initiated by authorized governmental authorities.
7. DATA PROCESSING SECURITYRAKETA securely processes Users' Personal Data, applying appropriate technical and organizational measures to protect Personal Data from accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access, in particular if the processing involves data transmission over a network, as well as protection against other forms of unlawful use. Questions about the security of personal data can be sent to the above contact details.
RAKETA carries out internal control and (or) audit of compliance of personal data processing with the Law on Personal Data, requirements to personal data protection, Company's policy regarding personal data processing, and this policy.
RAKETA ensures the security of the User's personal data in the following ways:
- Determination of threats to the security of personal data during their processing in personal data information systems;
- Application of organizational and technical measures to ensure security of personal data during their processing in personal data information systems, necessary to meet the requirements to personal data protection, the execution of which ensures the levels of personal data protection established by the Legislation;
- Assessment of the effectiveness of the measures taken to ensure personal data security before the personal data information system is put into operation;
- Registration of machine-readable personal data carriers;
- Detecting facts of unauthorized access to personal data and taking measures;
- Recovery of personal data modified or destroyed due to unauthorized access to them;
- Establishing the rules of access to personal data processed in the personal data information system, as well as ensuring the registration and recording of all actions performed with personal data in the personal data information system;
- Control over the measures taken to ensure personal data security and the level of protection of personal data information systems.
8. ACCESS, MODIFICATION OR DELETION OF PERSONAL DATARAKETA users have the right to request access to their Personal Data, as well as its modification or deletion, in cases where it is required by law.
In order to ensure the accuracy (relevance and reliability) of Personal Data, RAKETA encourages Users to inform us of any changes or inconsistencies in their Personal Data.
If you have any questions related to:
- Viewing and/or modifying Personal Data;
- Access to Personal Data;
- Retention periods for Personal Data;
- Processing of Personal Data in the interests of a third party;
- and other issues related to the processing of Personal Data, please contact us at the above contact details.
9. LIABILITYRAKETA shall ensure compliance with the requirements of applicable law and the principles set out in this Policy and may demonstrate this at any time. RAKETA maintains records of data processing activities, including the required information, and is ready to provide data to supervisory authorities upon request, if necessary.
Any questions regarding this Policy can be directed to the above contact details.
10. SYSTEM USER RESPONSIBILITYThe procedure of providing information security while working in RAKETA is determined by the head of the organization connecting to RAKETA, based on the recommendations on organizational and technical protection measures set forth in the document "Rules for providing information security at the workplace", as well as the effective Russian legislation in the field of information protection.
11. COMPLAINTSUsers have the right to file a complaint regarding the processing of their Personal Data. All complaints and inquiries are dealt with in a timely manner and in accordance with internal procedures.
Complaints can be directed to the above contact details.
12. AMENDING THE POLICYRAKETA reserves the right to amend the Terms from time to time, and hereby cautions the User that (and the User hereby accepts and agrees that) with each new transaction, the Passenger must review these Terms for any changes made to them.