Privacy Policy of LLC “Ensozen”
Regarding the Processing of Personal Data
1. General Provisions
1.1. This Privacy Policy of LLC “Ensozen” regarding the processing of personal data (hereinafter – the Policy) has been developed in accordance with the requirements of paragraph 2 of part 1 of Article 18.1 of the Federal Law of 27.07.2006 No. 152-FZ “On Personal Data” (hereinafter – the Personal Data Law) to ensure the protection of the rights and freedoms of individuals when processing their personal data, including protection of the right to privacy, personal and family secrecy.
1.2. The operator of personal data processing is:
LLC “Ensozen” (hereinafter – the Operator)
Email: love@axis.moscow
Phone: +7 (929) 659-27-85
INN: 9709103901
OGRN: 1237700921336
Legal address: 101000, Moscow, Pokrovka Street, 10, Building 1
1.3. In accordance with part 2 of Article 18.1 of the Personal Data Law, this Policy is published in open access on the Operator’s website at https://axis.moscow (hereinafter – the Website).
1.4. Key concepts used in the Policy:
Personal data – any information relating to an identified or identifiable natural person (personal data subject);
Personal data operator (operator) – a state authority, municipal authority, legal or natural person independently or jointly organizing and/or performing the processing of personal data, and determining the purposes of personal data processing, the composition of personal data to be processed, and the actions (operations) performed with personal data;
Personal data subject – a natural person who can be directly or indirectly identified using personal data;
Processing of personal data – any action (operation) or set of actions (operations) performed with personal data using automation tools or without them. Processing includes collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction;
Automated processing of personal data – processing of personal data using computing tools;
Distribution of personal data – actions aimed at disclosing personal data to an indefinite circle of persons;
Provision of personal data – actions aimed at disclosing personal data to a specific person or a specific group of persons;
Blocking of personal data – temporary cessation of personal data processing (except when processing is necessary for clarification);
Destruction of personal data – actions making it impossible to restore personal data content in the information system and/or resulting in destruction of physical carriers of personal data;
Anonymization of personal data – actions making it impossible to identify the personal data subject without additional information;
Information system of personal data – a set of databases containing personal data and information technologies and technical tools ensuring their processing.
1.5. Main rights and obligations of the Operator
1.5.1. The Operator is obliged to:
Process personal data exclusively for purposes indicated in the Policy, in accordance with the current legislation of the Russian Federation, and take measures necessary and sufficient to ensure compliance with the obligations established by the Personal Data Law and related regulations;
Not disclose personal data without the consent of the personal data subject (hereinafter – the User), unless otherwise provided by the current legislation of the Russian Federation;
Carry out personal data processing in accordance with principles and rules established by the Personal Data Law;
Organize protection of personal data in accordance with Russian legislation;
Consider User requests (or those of their legal representative) regarding personal data processing and provide reasoned responses;
Provide the User (or their legal representative) with free access to their personal data;
Take measures to clarify, block, destroy, or anonymize the User’s personal data in cases established by the Personal Data Law.
1.5.2. The Operator has the right to:
Independently determine the composition and list of measures necessary and sufficient to fulfill the obligations established by the Personal Data Law, unless otherwise provided by law;
Delegate personal data processing to another person with the User’s consent, unless otherwise provided by federal law, on the basis of a concluded contract, including state or municipal contracts, or by the adoption of a corresponding act by a state or municipal authority;
Continue processing personal data without the User’s consent if the User withdraws consent, provided grounds exist under the Personal Data Law;
Receive from the User reliable information and/or documents containing their personal data for the purposes specified in the Policy;
Require timely clarification of the provided personal data from the User.
1.6. Main rights and obligations of the personal data subject
1.6.1. The personal data subject is obliged to:
Ensure the accuracy of personal data provided to the Operator necessary for processing purposes stated in the Policy;
Provide information to the Operator, if necessary, to clarify (update, modify) the personal data provided.
1.6.2. The personal data subject has the right to:
Receive complete information regarding the processing of their personal data by the Operator, except as provided by Russian law;
Clarify, block, or destroy personal data if they are incomplete, outdated, inaccurate, illegally obtained, or unnecessary for the stated processing purpose;
Provide consent to personal data processing in a separate document;
Withdraw consent to personal data processing;
Take legal measures to protect their rights.
1.7. The Operator and Users have other rights and obligations as provided by Russian law.
1.8. The Operator must maintain confidentiality and not disclose personal data to third parties without legal grounds. For data protection, the Operator uses antivirus software, data encryption, access restriction, personal data processing logs, separate storage of personal data for different purposes, and other measures provided by Russian legislation.
1.9. Compliance with this Policy is controlled by an authorized person responsible for personal data processing at the Operator.
1.10. Responsibility for violation of Russian legislation and regulations on personal data processing and protection is determined in accordance with Russian law.
2. Purposes of Personal Data Processing
2.1. Personal data processing is limited to achieving specific, pre-defined, and lawful purposes. Processing of personal data incompatible with the purposes of collection is not allowed. Processed personal data must not be excessive in relation to the stated purposes.
2.2. The Operator processes personal data for the following purposes:
Conducting its activities in accordance with internal regulations, including entering into and executing contracts with counterparties for booking and accommodation services;
Delegating personal data processing powers to third parties in accordance with part 3 of Article 6 of the Personal Data Law;
Informing about the Website, monitoring, and improving service quality;
Establishing communication with the User, including sending notifications and requests;
Providing services properly, processing User requests and applications;
Providing effective client and technical support in case of problems;
Maintaining internal records of guests;
Web analytics, statistical, and research activities;
Marketing and advertising actions, including informational mailings, to establish and develop relations (with prior consent of the personal data subject);
Carrying out current economic activities (including, but not limited to, negotiations, legal disputes, claims, concluding business, financial, and entrepreneurial contracts, sending offers, commercial proposals);
Conclusion and regulation of labor relations and other directly related relations, ensuring compliance with labor, tax, insurance, and pension legislation of the Russian Federation;
Compliance with the requirements of Russian law.
2.3. The Operator does not process special categories of personal data related to racial, ethnic origin, political views, religious or philosophical beliefs, intimate life, or criminal records.
3. Legal Grounds for Processing Personal Data
Constitution of the Russian Federation;
Civil Code of the Russian Federation;
Federal Law of 27.07.2006 No. 152-FZ “On Personal Data”;
Federal Law of 27.07.2006 No. 149-FZ “On Information, Information Technologies, and Information Protection”;
Federal Law of 26.12.2008 No. 294-FZ “On Protection of the Rights of Legal Entities and Individual Entrepreneurs During the Implementation of State Control (Supervision) and Municipal Control”;
Decree of the President of the Russian Federation of 06.03.1997 No. 188 “On Approval of the List of Confidential Information”;
Resolution of the Government of the Russian Federation of 01.11.2012 No. 1119 “On Approval of Requirements for the Protection of Personal Data During Their Processing in Information Systems of Personal Data”;
Order of FSTEC Russia of 18.02.2013 No. 21 “On Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data During Their Processing in Information Systems of Personal Data”;
Consent of personal data subjects for processing personal data, executed separately from other consents of the personal data subject (in accordance with part 1 of Article 10.1 of the Personal Data Law);
Contracts concluded between the Operator and personal data subjects.
4. Scope and Categories of Processed Personal Data, Categories of Personal Data Subjects
4.1. Categories of personal data subjects:
Employees of the Operator who have concluded an employment contract with the Operator, including former employees and applicants;
Self-employed persons (NPD payers) providing services or performing work for the Operator; representatives of counterparties – natural persons who are employees, authorized representatives, or contact persons of organizations and individual entrepreneurs providing services or having concluded contracts with the Operator;
Guests – natural persons who have actually used accommodation and related services of the Operator;
Clients – natural persons who have concluded or intend to conclude a service agreement with the Operator, including persons who have submitted requests or made bookings but have not yet used the service; visitors (users) of the website;
Natural persons viewing the pages of https://axis.moscow on a computer and/or mobile device.
4.2. Personal data processed by the Operator includes:
Full name of the User;
Date and place of birth;
Gender, citizenship, age;
Registration and actual residence address;
Mobile phone number;
Email address;
Passport data: series, number, issuing authority, date of issue;
Birth certificate data;
Other or similar identity document information;
Information about accompanying persons;
For foreign citizens: visa and migration card data; contact phone numbers, email address, purpose of visit;
Data automatically transmitted to website services (via forms) during their use through the software installed on the User’s device, namely: IP address, cookie data, analytics trackers, information about the User’s browser (or other program used to access services), behavioral data.
4.3. The Operator ensures that the content and scope of processed personal data correspond to the purposes of processing stated in Section 2 of the Policy.
5. Procedure and Conditions for Processing and Storing Personal Data
5.1. Personal data processing by the Operator is carried out in accordance with the legislation of the Russian Federation using automation tools and transmission over the Internet.
5.2. Actions performed by the Operator with the User’s personal data for purposes stated in Section 2 of the Policy include: collection, recording, systematization, accumulation, storage, clarification (updating, modification), retrieval, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction.
5.3. Personal data processing is carried out by the Operator upon obtaining the User’s consent (hereinafter – Consent) in accordance with the requirements of Federal Law No. 152-FZ “On Personal Data,” except in cases provided by Russian law where processing may occur without such consent.
5.4. The User makes a voluntary decision to provide their personal data and gives consent freely, at their own will, and in their own interest.
5.5. The duration of personal data processing is determined by the achievement of the purposes for which the data were collected, unless a different period is established by the contract with the User or applicable law. Processing may cease upon achieving the purposes, loss of necessity, expiration of the Consent, withdrawal of Consent by the User, or identification of unlawful processing.
5.6. If the Operator has delegated the processing and storage of personal data to another person under a relevant agreement, the Operator is responsible to the User for the actions of that person. If the Operator has delegated processing and storage to a foreign legal entity, both the Operator and that entity are responsible to the User.
5.7. Consent may be withdrawn by the personal data subject by contacting the Operator via email: love@axis.moscow, with a request to cease the processing of personal data. Processing shall stop within 10 business days from the date of receipt of the request, except in cases provided by the Personal Data Law. This period may be extended by no more than five business days, provided the Operator sends a motivated notification to the personal data subject indicating the reasons for the extension.
5.8. The Operator disseminates personal data permitted by the User for disclosure, i.e., performs actions aimed at disclosure to an indefinite circle of persons, in compliance with the requirements, prohibitions, and conditions established in part 9 of Article 9 and Article 10.1 of Federal Law No. 152-FZ “On Personal Data.” Disclosure to third parties and dissemination of personal data without the User’s consent is not allowed unless otherwise provided by federal law. Consent for processing personal data authorized for dissemination by the User is executed separately from other consents and in accordance with the content requirements approved by Roskomnadzor.
Transfer of personal data to third parties is carried out by the Operator only on the basis of a corresponding agreement with the third party, the essential condition of which is the third party’s obligation to ensure confidentiality and security of personal data during processing. Transfer is performed only to the extent necessary to achieve the processing purposes and exclusively to persons who have an agreement with the Operator on confidentiality and protection of personal data.
5.9. In processing personal data, the Operator takes or ensures the necessary legal, organizational, and technical measures to protect personal data from unlawful or accidental access, destruction, alteration, blocking, copying, provision, dissemination, and other unlawful actions with respect to personal data.
5.10. Personal data is stored in a form that allows identification of the User for no longer than required to achieve the processing purposes, except in cases where the retention period is established by federal law, a contract, or where the User is a beneficiary or guarantor under the contract.
5.11. The Operator complies with the requirements of Article 18 of Federal Law No. 152-FZ “On Personal Data” during processing.
5.12. The Operator ceases personal data processing in the following cases:
The fact of unlawful processing is identified within the periods specified in Section 6 of the Policy;
The purpose of processing has been achieved;
The consent of the personal data subject has expired or been withdrawn, when processing is permitted only with consent under the Personal Data Law.
5.13. Collection, recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of Russian citizens using databases located outside the Russian Federation is not allowed, except as provided by the Personal Data Law.
6. Updating, Correction, Deletion, Destruction, and Anonymization of Personal Data; Responses to Requests for Access
6.1. In the event of unlawful processing of personal data identified upon a User’s (or their representative’s) request, or upon a request from an authorized body for the protection of personal data rights, the Operator shall block the unlawfully processed personal data related to the relevant User, or ensure its blocking, from the moment of such request for the duration of the verification.
If inaccurate personal data is identified upon a User’s (or their representative’s) request, or upon a request from an authorized body, the Operator shall block the personal data related to the User, or ensure its blocking from the moment of such request, for the duration of the verification, provided that the blocking does not violate the rights and lawful interests of the User or third parties.
6.2. Upon confirmation of inaccurate personal data, the Operator shall, based on information provided by the User (or their representative) or an authorized body, or other necessary documents, clarify the personal data or ensure its clarification within seven business days from the date of receipt of such information.
6.3. Upon identification of unlawful processing, the Operator shall cease the unlawful processing, or ensure its cessation, within no more than three business days from the date of detection. If ensuring lawful processing is not possible, the Operator shall destroy or ensure destruction of such personal data within no more than ten business days from the date of detection.
6.4. Upon achievement of the purpose of personal data processing, the Operator shall destroy or ensure destruction of personal data within no more than thirty days from the date the purpose is achieved, unless otherwise provided by a contract, agreement with the User, or if the Operator is not authorized to process personal data without the User’s consent under Federal Law No. 152-FZ or other federal laws.
6.5. If the User withdraws consent for processing their personal data and retention of the data is no longer required for processing purposes, the Operator shall destroy or ensure destruction of the personal data within thirty days from receipt of the withdrawal, unless otherwise provided by contract or applicable law.
6.6. Within seven business days from receipt of information from the User (or their representative) confirming that personal data has been unlawfully obtained or is unnecessary for the stated purpose, the Operator shall destroy such personal data.
6.7. If unlawful or accidental disclosure (provision, dissemination) of personal data is detected by the Operator, Roskomnadzor, or another interested party, resulting in violation of the rights of personal data subjects, the Operator shall:
Within 24 hours, notify Roskomnadzor of the incident, the presumed causes, the potential harm to the rights of the personal data subjects, and measures taken to mitigate the consequences; provide the contact details of the authorized person handling communication with Roskomnadzor regarding the incident.
Within 72 hours, notify Roskomnadzor of the results of the internal investigation and provide information on the individuals whose actions caused the incident (if applicable).
6.8. Methods for destroying personal data are determined in the Operator’s internal regulatory acts.
6.9. Processed data shall be destroyed or anonymized (including, but not limited to, by replacing certain information from Section 4 with an ID) upon achieving the processing purpose or if the purpose is no longer necessary. The procedure for anonymization is defined in the Operator’s internal regulatory acts.
6.10. Detailed procedures for preventing and identifying violations in personal data processing are established in the Operator’s internal regulatory acts.
7. Liability of the Parties
7.1. The Operator is liable for violations of Federal Law No. 152-FZ “On Personal Data” in accordance with the legislation of the Russian Federation.
7.2. The User has the right to claim compensation for damages and/or moral harm in court. Moral harm caused to the User due to violation of their rights, personal data processing rules, or requirements for protection of personal data, as established by Federal Law No. 152-FZ and this Policy, shall be compensated in accordance with Russian law. Compensation for moral harm is independent of compensation for property damages or losses incurred by the User.
8. Dispute Resolution
8.1. Disputes and/or disagreements arising between the User and the Operator shall be resolved in accordance with the applicable laws of the Russian Federation.
8.2. This Policy and relations between the User and the Operator are governed by the applicable laws of the Russian Federation.
9. Final Provisions
9.1. The Operator reserves the right to amend the Policy without the User’s consent.
9.2. The new version of the Policy comes into effect upon its publication on the Operator’s Website unless otherwise provided. The new version applies to relations arising after its entry into force. The current version of the Policy is always available on the Operator’s Website. When amendments are made, the Operator notifies Users by posting the updated Policy on the Website.