Agreement on the processing of personal data of users of the Easternairlines.aero Website

1. General provisions

PRIVACY POLICY

REGARDING THE PROCESSING OF PERSONAL DATA

Publication date: "10" December 2017

1. General provisions
   1. This Privacy Policy regarding the processing of personal data (hereinafter referred to as the “Policy”) is drawn up in accordance with the requirements of the Federal Law of July 27, 2006 No. 152-FZ “On Personal Data” and determines the procedure for processing personal data and measures to ensure the security of personal data on the part of the easternairlines.aero website.
   2. The operator sets as its most important goal and condition for carrying out its activities the observance of the rights and freedoms of man and citizen when processing his personal data, including the protection of the rights to privacy, personal and family secrets.
   3. This Operator's policy regarding the processing of personal data applies to all information that the Operator may receive about Users of the website  https://easternairlines.aero and its subdomains.
   4. By using the website https://easternairlines.aero and its subdomains and providing his personal data to the Operator, the User consents to the processing of personal data in in accordance with this Policy, confirms that he has read all the clauses of this Policy and accepts them without exceptions or reservations.
   5. The User expresses his full agreement with the terms of the Policy by clicking special buttons on the website pages when filling out forms. In case of disagreement with any of the clauses of the Policy, the User has no right to use the website. Also, the User is prohibited from using the website if he has not reached the legal age when he has the right to enter into agreements with the website.

1. Basic concepts used in the Policy
   1. Website – website and its subdomains located at the network address https://easternairlines.aero  and administered by the Operator (online service).
   2. Processing of personal data – any action (operation) or set of actions (operations) performed using automation tools or without the use of such means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, changing), extraction, use, transfer ( distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
   3. Operator easternairlines.aero, independently or jointly with other persons (employees) organizes and (or) carries out the processing of personal data, as well as determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data data.
   4. Personal data – any information relating directly or indirectly to a specific or identifiable User of the website. The user provides personal data about himself independently when registering on the website or when logging in using social networks, as well as in the process of further use of the website.
   5. User – an individual website visitor who has full legal capacity, has his own email address on the Internet, a PC and/or mobile device, who wishes to use and/or uses the Operator’s Services.
   6. Partner is an airline carrier, online travel agency, on whose websites the direct sale and booking of air tickets and other travel services to Users is carried out. The Partner is responsible for properly executed reservation, purchase, transportation, accommodation and other provision of services to the User.
   7. Services – information and intermediary services for searching for airline tickets, hotels, insurance and other travel services provided by the Operator to Users through the website. The Operatordoes not directly sell or book airline tickets and other travel services to Users. The final reservation and purchase is carried out by the User independently on the Partner’s website. The Operator’s services include, inter alia, assistance by the Operator in interacting with the Partner.
   8. Cookie file - a file that is saved on the User’s computer or mobile device, which the web client or web browser sends to the web server every time in an http request when trying to open a page of the corresponding site.

1. Personal data of the User, which

processed by Operator

1. The Operator processes personal information that the User provides about himself independently in the process of using the website, including the User’s personal data. The Operator receives and processes the following User data sent by him through the forms indicated on the website:
   1. User's full name;
   2. User’s phone number;
   3. User email address;
   4. other information that the User sends in messages when filling out forms located on the website.
2. Required information is marked with a special sign “*”. Other information is provided by the User at his discretion.
3. The website collects and processes anonymized data about visitors (including “cookie” files, the User’s IP address). This data is used to personalize content, customize and measure advertising, ensure the safety of the website and its Users, and improve and simplify the website experience. The Operator processes anonymized data about the User if this is allowed in the User’s browser settings (saving of “cookie” files and the use of JavaScript technology is enabled). The operator does not use cookies. to store personal information or disclose information to third parties. Disabling cookies may result in the inability to access parts of the website that require authorization. Statistics about the User's IP address are used to identify and solve technical problems, to monitor the legality of ongoing operations.
4. The Operator uses Google Analytics and Yandex.Metrica to analyze website traffic. Google Analytics and Yandex.Metrica generate statistical and other information about the website using cookies that are stored on the User’s computers. This information is used to compile reports about the use of the website. The received data is stored in Google and Yandex.
5. The Operator does not process special category personal data, including data on political, religious and other beliefs, membership in public associations and trade union activities, and the User’s private and intimate life.
6. In general, the Operator does not verify the accuracy of the personal information provided by the User and does not exercise control over their legal capacity. However, the Operator assumes that the User provides reliable and sufficient personal information specified in the request forms and keeps this information up to date.
7. This Policy applies only to website services. The Operator does not control and is not responsible for the websites of Partners, which the User can access through links available on the website.

1. Purposes of processing personal data
   1. The Operator collects and stores only those personal data that are necessary to provide Services to Users.
   2. Purposes of processing the User’s personal data:
      1. Identification of the party within the framework of the use of website services.
      2. Provision of Services to Users and the possibility of using the website by Users.
      3. Targeting of advertising materials.
      4. Providing the User with access to information contained on the website.
      5. Improving the quality of the website, ease of use, developing new services.
      6. Advertising and promotion of services sold by the Operator through the website.
      7. Establishing feedback with the User if necessary, processing applications from the User.
      8. Conducting statistical and other research based on anonymized data.

1. Legal grounds for processing personal data.

User Consent.

1. The Operator processes the User’s personal data only if it is filled out and/or sent by the User independently through special forms located on the website.
2. By voluntarily filling out the appropriate forms and/or sending his personal data to the Operator, the User expresses his consent to this Policy. The User's consent to the processing of personal data is specific, informed and conscious. This consent of the User is recognized as executed in simple written form.
3. The user as a subject of personal data has the right to receive information regarding the processing of his personal data, including containing:
   1. confirmation of the fact of processing of personal data;
   2. legal grounds and purposes of processing personal data;
   3. purposes and methods of processing personal data used by the operator;
   4. name and location of the operator, information about persons (except for the operator’s employees) who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the operator or on the basis of federal law;
   5. processed personal data related to the relevant subject of personal data, the source of their receipt, unless a different procedure for the presentation of such data is provided for by Federal Law;
   6. terms for processing personal data, including storage periods;
   7. the procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law;
   8. information about completed or intended cross-border data transfers;
   9. name or surname, first name, patronymic and address of the person processing personal data on behalf of the Operator, if the processing has been or will be assigned to such a person;
   10. other information provided for by the Federal Law or other federal laws.

1. Security, procedure and conditions for the collection, storage, transfer and other types of processing of personal data
   1. The security of personal data processed by the Operator is ensured by implementing legal, organizational and technical measures necessary to fully comply with the requirements of current legislation in the field of personal data protection.
   2. The processing of the User’s personal data is carried out in any legal way, including in personal data information systems using or without the use of automation tools.
   3. Confidentiality of the User's personal information is maintained. The operator ensures the safety of personal data and takes all possible measures to prevent access to personal data by unauthorized persons.
   4. The User’s personal data will never, under any circumstances, be transferred to third parties, except for the following cases:
      1. The user has expressed his consent to such actions.
      2. The transfer is necessary as part of the User’s use of the website or to provide Services to the User.
      3. The transfer is provided for by Russian or other applicable legislation within the framework of the procedure established by law.
      4. To protect the rights and legitimate interests of the Operator in connection with violation of agreements concluded with the User.
      5. Such a transfer occurs as part of the sale or other transfer of a business (in whole or in part), and all obligations to comply with the terms of this Policy in relation to the personal information received by him are transferred to the acquirer.
   5. Only authorized employees and Partners of the Operator have access to personal data.  All employees of the Operator and Partners who have access to personal data must adhere to the Policy. In order to ensure the confidentiality of information and the protection of personal data, the Operator takes all measures necessary to prevent unauthorized access.
   6. The User agrees that the Operator has the right to transfer personal data to Partners solely for the purpose of providing Services to the User.
   7. If personal data is lost or disclosed, the Operator informs the User about the loss or disclosure of personal data.
   8. If inaccuracies in personal data are identified, the User can update (change, update, supplement) them independently by sending the Operator a notification letter to the Operator's e-mail address support @easternairlines.aero marked “Updating/changing personal data.”
   9. The period for processing personal data is unlimited. The User may at any time withdraw his consent to the processing of personal data by sending a notification letter to the Operator via email to the Operator's email address [email protected] marked “Withdrawal of consent to the processing of personal data.”
   10. Notification letters specified in clause 6.8. - 6.9. Policies can also be sent on paper by the User to the following addresses: 129323, Moscow, Rusanova proezd, 5 or 196244, St. Petersburg, Kosmonavtov Avenue, 14.
   11. Deletion, destruction of personal data is carried out in the manner prescribed by current legislation and regulations of the Operator. Removal and destruction of personal data is carried out by the responsible persons:
       1. in cases provided for by law;
       2. at the request of the User, government agency or court;
       3. after expiration of storage period;
       4. after the need expires.

1. Responsibility
   1. The Privacy Policy does not regulate and the Operator is not responsible for the receipt, storage, processing, use and disclosure of the User’s personal data by third parties not owned or controlled by the Operator, and individuals who are not employees/Partners of the Operator, even if The user has accessed the websites of these persons' products or services through the website or mailing list.
   2. The User acknowledges that if the User neglects the security and protection of his personal data and authorization data, third parties may gain unauthorized access to the User’s account, personal and other data. In this case, the Operator is not responsible for losses caused to the User and/or third parties by such access.
   3. In the event of loss or disclosure of confidential information, the Operator is not responsible if this information:
      1. became public domain until it was lost or disclosed;
      2. was received from a third party prior to its receipt by the Operator;
      3. was disclosed with the consent of the User.
   4. The Operator is not responsible for damage or loss incurred by the User and/or third parties as a result of erroneous understanding or misunderstanding of the terms of the Policy, instructions or instructions on the procedure for using the website, regarding the procedure for posting data and other technical issues.

1. Final provisions
   1. The User can receive any clarification on issues of interest regarding the processing of his personal data by contacting the Operator at  email [email protected].
   2. The Operator has the right to make changes to this Policy at any time and at its own discretion. When changes are made to the current edition, the date of the last update is indicated. The new version of the Policy comes into force from the moment it is posted on the website, unless otherwise provided by the new version of the Policy.
   3. The current version of the Policy is located on the website page https://easternairlines.aero/.
   4. This Policy applies only to the website.
   5. The Policy applies to the User from the moment when, while using the website, he agreed with the terms of the Policy when transferring his personal data, and is valid as long as the Operator stores any information about the User, including personal data.
   6. If any provision of the Policy, including any sentence, clause or part thereof, is found to be contrary to law or invalid, this will not affect the remaining provisions that do not contradict the law, they remain in full force and effect, and any invalid provision or provision that cannot be enforced without further action by the Parties shall be deemed modified, corrected to the extent necessary to ensure its validity and enforceability.
   7. The Operator does not accept proposals from Users regarding changes to this Policy.
   8. All disputes between the parties are resolved through negotiations. The claim procedure for resolving disputes is mandatory, the period for responding to a claim is 10 (ten) working days.
   9. If it is impossible to reach an agreement through negotiations, disputes are resolved in court at the location of the Operator.