1. Sertificate of PCI DSS Compliance v3.2


This Regulation on personal data processing (hereinafter referred to as the "Regulations"): defines the principles of Personal Data processing in Sirena-Travel CJSC (hereinafter referred to as the  “Company”) and the personal data content to be processed, the purpose of use of personal data, the requirements for the transfer of personal data, the procedure for ensuring the security of personal data, procedures on access to personal data.

In the terminology of General Data Protection Regulation (EU) 2016/679 (GDPR) the company acts as a processor of data in relation to the personal data of the clients (hereinafter referred to as the Data) and as a controller for the processing of personal data of its employees.

In the terminology of the Federal Law of the Russian Federation from July 27, 2006 No. 152-FL "On Personal Data" acts as the operator of personal data.

In its data processing activities, the Company strictly adheres to the data protection principles as one of the fundamental principle of providing services to customers.

Data protection policies and methods are focused on processing, transmission and storage of Data in an appropriate and legitimate way, in order to ensure the fundamental security characteristics of information: confidentiality, integrity and accessibility.

The Company's website, as well as (www.myairlines.ru ) comply with the requirements of the Federal Law from July 27, 2006 No. 152-FL "On Personal Data" and the General Data Protection Regulation (EU) 2016/679 (GDPR).

The responsible person for ensuring the safety of the Company's personal data ensures compliance with this Regulation and is responsible for the consideration of issues related to the protection of personal data. Contact information of the Responsible for security:  + 7 (495) 967-12-87

  1. Principles of Data Processing by the Company

The Company guided by the following principles when processing data:

  •       Data collection is carried out only for specific, clear and legitimate purposes and does not provide for further processing of data incompatible with these purposes (target limitation);
  •       Data processing is carried out in a lawful, fair and transparent way (lawfulness, fairness and transparency);
  •       Data collection is limited only by the information which is needed to achieve its processing purposes  (data minimisation);
  •       Data of employees and Clients are accurate and, if necessary, erased or rectified without delay (accuracy), unless otherwise regulated by legislative acts;
  •       The data is stored in a form that allows the data subject to be identified within the time required for the purposes in which the data was collected (storage limitation);
  •      Data processing is carried out in a manner that ensures that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. (integrity and confidentiality).
  •       Employees and Clients have the right to access their Data, to modify or delete them, to restrict processing, to object to it, and to transfer data, unless otherwise regulated by legislative acts.
  1. Content of the Data being processed

The Company performs processing of Data on behalf of its customers necessary for the latter to perform contracts for Passengers transportation, as well as for the verification by passengers of data of their route receipts on the Company's website. The list of the data necessary for the contract performance for the passenger’s transportation is contained legislative acts on transport security

  1. Purposes of Data Processing

The Company uses the Data received from customers for the purposes of performance of air carriage contract, including:

  • aviation security and safety assurance;
  • providing feedback to consumers of air transportation services;
  • additional information for passengers on the changes in the departure parameters and the receipt of additional services;
  •  ensuring compliance with laws and other regulatory legal acts.

The Company carries out a cross-border transfer of Data, which complies with legislative acts and intergovernmental agreements on aviation security in extents required for this.

  1. Data transfer

Customer data is not transferred to third parties, except in cases where such transfer is necessary to fulfill obligations under the Contract of transportation. The Company does not disclose the Data to third parties in order to provide an opportunity to advertise their products and services.

The Company may provide Customer Data to legitimate requests of state authorities to comply with the requirements set forth in the applicable law, including but not limited to execution of court orders or other legal procedures initiated by authorized state bodies.

  1. Security of data processing

When processing Data, the Company applies appropriate technical and organizational measures to protect information from accidental or deliberate destruction, loss, modification, unauthorized access. Questions about the safety of processing Data can be sent to the above contact information.

6.Organization of data access

Customers have the right to request access to their Data, as well as their modification or deletion, in cases where this is provided by law.

If you have any questions about:

  • viewing and / or modifying Data;
  •  data access;
  • data retention periods;
  • processing and transferring Data by a third party;

and other issues related to the processing of Data, you can contact the contacts listed above.

  1. Age restrictions

The Company does not render services to non-adults. If the non-adult decides to use the services of the Company and this fact becomes known, the Company will refuse to provide this service to a person unless the parents (or other legal representatives) of the minor do not provide letter of consent  for processing it / her personal data.

To provide letter of consent from parents (other legal representatives), you can contact the above contact information.

  1. Responsibility

The Company strictly monitors the implementation of the requirements of the Russian and international (in particular, the General Regulation on the Data Protection 2016/679 EU (GDPR)) legislative acts in the field of personal data protection and has the opportunity to confirm this fact. The Company is implementing a full range of measures for organizational and technical ensuring the process of protecting personal data.

For any questions related to this Regulation, you can contact the above contact information.

  1. Complaints

Customers have the right to file a complaint regarding the processing of their Data, which the Company considers in accordance with internal regulations.

Complaints can be sent to the above contact information.

  1. Amendments to the Regulation.

The Company reserves the right to amend the Regulations in connection with the amendments to the legislative acts.

Cookies.

Sirena-Travel CJSC (hereinafter referred to as the Company) undertakes to fully ensure the security of the protection of the personal data of its customers that they provide when they visit the Internet sites belonging to the Company (in particular www.myairlines.ru, etc.).

When visiting the sites of the Company, the user accepts the fact that he has read and fully realized these rules without any limitations and reservations, and agrees with these provisions on the use of cookies.

The websites of the company use cookies to provide users with maximum convenience. Cookies are small text files located on the user's device and designed to provide ease of use of the site and save time. Cookies collected by the Company do not contain information that can serve to identify individuals.

The company does not use cookies for marketing purposes.

Cookies do not pose a threat to your device, since they are simply text files, not executable programs.

The client has the right to configure the browser used to receive cookies, or to use the sites of the Company without these functionality, which entails the inability to save the text information that he enters for future use when visiting the Company's sites.

The client has the option to delete cookies on his own, for this he must use the instructions to the browser used, which are usually found on the websites of the software companies of these software products.

This Regulation can be updated in connection with the amendments to the current legislation.