• Main
•  Privacy Policy

Privacy policy for personal data of website users

1. General provisions

1.1. This Privacy policy for personal data of website users (hereinafter referred to as the Policy) has been developed in compliance with the requirements of Article 18.1 of Federal Law No. 152-FZ of July 27, 2006, On Personal Data, as well as other regulatory legal acts of the Russian Federation in the field of personal data protection and processing.

1.2. BUSINESS TOUR LLC (hereinafter referred to as the Operator) ensures the protection of processed personal data from unauthorized access and disclosure, unlawful use, or loss in accordance with the requirements of Federal Law of July 27, 2006, No. 152-FZ On Personal Data.

1.3. The policy is a publicly available document that applies only to the website located on the Internet at the address: https://premiumdubai.ae/ (hereinafter referred to as the Site). 

1.4. The Policy does not apply to third-party websites that a personal data subject may access through the Site.

1.5. The Policy establishes mandatory general requirements and rules for the Operator's employees involved in the processing of personal data for working with all types of storage media containing personal data of personal data subjects using the Site.

1.6. The Policy does not apply to issues of ensuring the security of personal data classified as information constituting a state secret of the Russian Federation.

1.7. The main objectives of the Policy are:

• ensuring the protection of human and civil rights and freedoms when processing personal data, including the protection of the rights to privacy, personal, and family secrets;
• exclusion of unauthorized actions by the Operator's employees and third parties to collect, systematize, accumulate, store, clarify (update, change) personal data, and other forms of illegal interference in the Operator's information resources and local area network;
• ensuring the legal and regulatory regime of confidentiality of undocumented information of the Site Users;
• protection of the citizens' constitutional rights to privacy, confidentiality of personal data, and prevention of potential threats to the security of Site Users.

1.8. Key concepts used in the Policy:

website is a set of software and hardware for computers that ensures the publication for public viewing of information and data united by a common purpose, through technical means used for communication between computers on the Internet;

User is a personal data subject who has access to the Internet and uses the capabilities of the website;

personal data is any information relating to a directly or indirectly identified or identifiable individual (personal data subject);

Manager is the sole executive body of the Operator;

processing of personal data means any action (operation) or set of actions (operations) with personal data, performed with or without the use of automation tools. The processing of personal data includes, among other things:

• collection;
• recording;
• systematization;
• accumulation;
• storage;
• clarification (update, change);
• extraction;
• usage;
• transfer (distribution, provision, access);
• depersonalization;
• blocking;
• deletion;
• destruction;

automated processing of personal data means processing of personal data using computer technology;

dissemination of personal data means the actions aimed at disclosing personal data to an indefinite number of persons;

provision of personal data means the actions aimed at disclosing personal data to a specific person or a specific group of persons;

cross-border transfer of personal data is the transfer of personal data to the territory of a foreign state to a government body of a foreign state, a foreign individual, or a foreign legal entity;

blocking of personal data is a temporary cessation of processing of personal data (except in cases where processing is necessary to clarify personal data);

destruction of personal data means the actions as a result of which it becomes impossible to restore the content of personal data in the personal data information system and/or as a result of which the material carriers of personal data are destroyed;

depersonalization of personal data means the actions as a result of which it becomes impossible to determine the ownership of personal data by a specific subject of personal data without the use of additional information;

personal data information system (hereinafter referred to as PDIS) is a set of personal data contained in databases and the information technologies and technical means that ensure their processing.

2. Processing principles

2.1. The Operator's employees are guided by the following principles of processing personal data:

• the processing of personal data is carried out on a lawful and fair basis;
• processing of personal data must be limited to the achievement of specific, predetermined, and legitimate purposes. Processing of personal data that is incompatible with the purposes of collecting personal data is not permitted;
• it is not permitted to combine databases containing personal data, the processing of which is carried out for purposes incompatible with each other;
• content and volume of processed personal data must correspond to the stated purposes of processing. The personal data processed must not be excessive in relation to the purposes of their processing;
• when processing personal data, the accuracy and sufficiency of personal data must be ensured;
• storage of personal data must be carried out no longer than required by the purposes of processing the personal data, unless the storage period of personal data is established by Federal Law or an agreement with the User;
• processed personal data are subject to destruction or anonymization upon achievement of the processing purposes or in the event of loss of the need to achieve these purposes, unless otherwise provided by legal requirements.

2.2. Terms of personal data processing:

• processing of personal data of the Site Users is carried out in accordance with the requirements of applicable personal data protection laws;
• processing of personal data on the Site is carried out in compliance with the principles and rules stipulated by the Policy and the legislation of the Russian Federation.

2.3. The processing of personal data of the Site Users is carried out solely for the purposes of:

• preventing the creation of multiple accounts by Users;
• authorization of the User on the Site;
• providing the User with the opportunity to leave comments and messages on the Site, with the subsequent possibility of viewing them.

2.5. Personal data used on the Site is provided by the User independently by entering it into the appropriate form when registering an account. It is considered confidential information and is processed using automated tools.

3. User rights

3.1. The user has the right:

• to receive information about the Operator, its location, the availability of personal data related to the User with the Operator, as well as to become familiar with such personal data, except in cases expressly provided for by law;
• to receive from the Operator the following information regarding the processing of his/her personal data:
• confirmation of the fact of processing of personal data by the Operator, as well as the purpose of such processing;
• legal grounds and purposes of processing personal data;
• the purposes and methods of processing personal data used by the Operator;
• name and location of the Operator, information about persons who have access to personal data or to whom personal data may be disclosed on the basis of an agreement with the Operator or on the basis of current legislation;
• processed personal data relating to the relevant User, the source of their receipt;
• terms of processing personal data, including the terms of their storage;
• procedure for the exercise by the subject of personal data of the rights provided for by the Federal Law;
• information on completed or intended cross-border data transfer;
• name or surname, first name, patronymic, and address of the person processing personal data on behalf of the Operator, if the processing is or will be entrusted to such person;
• other information provided for by the current legislation of the Russian Federation;
• demand changes, clarifications, or destruction of information about oneself;
• appeal against unlawful actions or inactions regarding the processing of personal data and demand appropriate compensation in court;
• designate representatives to protect their personal data;
• require the Operator to notify of all changes made to them or exceptions from them;
• appeal to the authorized body for the protection of the rights of personal data subjects or in court against the actions or inactions of the Operator if he/she believes that the latter is processing his/her personal data in violation of the requirements of the Federal Law of July 27, 2006, No. 152-FZ On Personal Data or otherwise violates his/her rights and freedoms;
• to protect his/her rights and legitimate interests, including compensation for losses or moral damages in court.

4. Operator's obligations

4.1. In the event of receiving a written request from the User, the Operator is obliged to process it and provide a response to it, in the manner prescribed by the Rules for considering requests from personal data subjects and the current legislation of the Russian Federation.

4.2. In the event of receiving a request from an authorized body for the protection of the rights of personal data subjects to provide information necessary for the implementation of the activities of the said body, the Operator is obliged to provide such information within the timeframes established by law.

4.3. In the event of the detection of unlawful processing of personal data, the Operator is obliged to block the unlawfully processed personal data related to the User from the moment such fact is established.

4.4. If the purpose of processing personal data is achieved, the Operator is obliged to cease processing personal data and destroy personal data in accordance with the procedure provided for by the Regulation on the procedure for the destruction of personal data and the current legislation of the Russian Federation.

4.5. The operator is prohibited from making decisions based solely on automated processing of personal data that generate legal consequences in relation to the subject of personal data or otherwise affect his/her rights and legitimate interests.

5. Confidentiality of personal data

5.1. The Operator ensures the confidentiality and security of personal data during its processing in accordance with the requirements of the Operator's local regulations and the requirements of current legislation.

5.2. The Operator does not disclose to third parties or distribute personal data without the consent of the User, unless otherwise provided for by the requirements of the current legislation of the Russian Federation.

6. Processing of personal data

6.1. All personal data should be obtained from the User himself. In the event of obtaining consent to the processing of personal data from a User's representative, his authority must be confirmed in accordance with the procedure established by law.

6.2. The list of persons entitled to access personal data is determined in accordance with the Operator's local regulations and approved by order of the Operator's Head.

6.2. The Operator shall store the personal data of Users from the moment they are provided until the moment of withdrawal of consent to the processing of personal data, the achievement of the processing purposes, or the expiration of the period for which the consent was provided, as well as in other cases expressly provided for by the current legislation of the Russian Federation.

6.3. The Operator does not process the Users' personal data on paper media.

6.4. The operator does not transfer personal data to third parties, including for processing purposes. Personal data of Users is processed exclusively by the Operator’s employees.

6.5. Blocking and deletion of personal data on the Site is carried out on the basis of a written request from the User or an authorized body.

6.6. Destruction of personal data is carried out by erasing information using certified software.

7. Protection of personal data

7.1. When processing personal data, the Operator takes the necessary legal, organizational, and technical measures or ensures their adoption to protect personal data from unauthorized or accidental access, destruction, modification, blocking, copying, provision, and distribution of personal data, as well as from other illegal actions in relation to personal data.

7.2. The security of personal data is achieved in the following ways:

• identification of threats to the security of personal data when processing them in personal data information systems;
• application of organizational and technical measures to ensure the security of personal data when processing them in personal data information systems, necessary to meet the requirements for the protection of personal data;
• taking into account machine-readable media of personal data;
• detection of facts of unauthorized access to personal data and taking measures;
• restoration of personal data modified or destroyed due to unauthorized access;
• establishing rules for access to personal data processed in the personal data information system, as well as ensuring the registration and accounting of all actions performed with personal data in the personal data information system;
• control over the measures taken to ensure the security of personal data and the level of protection of personal data information systems;
• appointment of a person responsible for the processing of personal data;
• establishing individual passwords for employee access to the information system in accordance with their job responsibilities;
• using certified antivirus software;
• training the Operator's employees directly involved in the processing of personal data in the provisions of personal data laws of the Russian Federation, including the requirements for the protection of personal data.

7.3. Protected information about the User on the Site includes data that allows the User to be identified or to obtain additional information about him/her as provided for by laws and the Policy.

7.4. Protected personal data objects include:

• information technology objects and technical means for automated processing of information containing personal data;
• information resources containing information about information and telecommunications systems that use personal data, events that have occurred with managed objects, about plans to ensure uninterrupted operation and procedures for switching to management in emergency modes;
• communication channels that are used to transfer personal data in the form of informative electrical signals and physical fields;
• alienable machine-readable information carriers on magnetic, magneto-optical, and other bases, used for processing personal data.

7.5. Technological information about information systems and elements of the personal data protection system subject to protection includes:

• information about the access control system for the information technology facilities where personal data is processed;
• control information;
• technological information of means of access to control systems;
• characteristics of communication channels that are used to transmit personal data in the form of informative electrical signals and physical fields;
• information on the means of protecting personal data, their composition and structure, principles and technical solutions for protection;
• service data that appears during the operation of software, messages, and internetwork protocols as a result of the processing of personal data.

7.6. The personal data protection system complies with the requirements of the RF Government Resolution of November 1, 2012, No. 1119 On approval of requirements for the protection of personal data when processing them in personal data information systems and ensures:

• timely detection and prevention of unauthorized access to personal data or its transfer to persons who do not have the right to access to such information;
• preventing any impact on technical means of automated processing of personal data, which may result in disruption of their functioning;
• ability to immediately restore personal data modified or destroyed due to unauthorized access;
• continuous monitoring of the level of protection of personal data.

8. Responsibility

8.1. All employees of the Operator who process personal data are obliged to maintain the confidentiality of information containing personal data.

8.2. Persons found guilty of violating personal data processing requirements are liable in accordance with the current Russian legislation.

8.3. The Operator's employees responsible for processing personal data are responsible for compliance with the personal data protection regime in relation to personal data stored in the Site's databases.

9. Final provisions

9.1. The Policy was approved by Order of the Head of the Operator No. 1/25-PDn dated September 1, 2025, and is valid indefinitely until the new version of the Policy comes into force.

9.2. In case of changes in personal data protection laws of the Russian Federation, the Operator accepts the new version of the Policy, taking into account the changes. Until this moment, the Policy shall apply to the extent that it does not contradict the current legislation of the Russian Federation.

9.3. The following contact information may be used to contact the Operator:

Tel.: 8 (800)333-01-68

E-mail: info@premiumdubai.ae

Mailing address: 31 Michurinsky Ave., office 7, room 20/28, Moscow, 119607