Privacy Policy for Personal Data Processing
1. General Provisions
This Personal Data Processing Policy (hereinafter referred to as the "Policy") is drafted in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and outlines the procedures and measures for processing and securing personal data by PT.KOSTA FAMILY VILLAS (hereinafter referred to as the "Operator").
1.1. The Operator considers the protection of individual rights and freedoms during personal data processing—including the right to privacy, personal and family confidentiality—a top priority.
1.2. This Policy applies to all personal data the Operator may collect from visitors of the website https://brookbali.com/.
2. Key Definitions
Automated processing – use of computer technology to process personal data.
Blocking of personal data – temporary suspension of processing, except when clarification is needed.
Website – all graphic and information materials, software, and databases available at https://brookbali.com/.
Personal data information system – the database system used to store and process personal data.
Depersonalization – actions that make it impossible to identify the subject without additional information.
Personal data processing – any operations involving personal data: collection, recording, organization, storage, updating, usage, transfer, anonymization, blocking, deletion, or destruction.
Operator – a person or entity organizing and/or carrying out personal data processing.
Personal data – any information related directly or indirectly to an identified or identifiable user.
Publicly available personal data – data the subject has made accessible to the public by giving explicit consent.
User – any visitor of https://brookbali.com/.
Provision – disclosing personal data to a specific person or group.
Dissemination – making personal data known to the general public.
Cross-border transfer – transferring personal data to a foreign country or foreign entity.
Destruction – irreversible removal of personal data making recovery impossible.
3. Operator’s Rights and Obligations
3.1. The Operator may:
Request accurate personal data and/or supporting documents from the data subject.
Continue processing personal data even after consent withdrawal, if allowed by law.
Independently determine the scope of measures to ensure compliance with the Law.
3.2. The Operator must:
Provide the data subject with processing information upon request.
Organize data processing in compliance with Russian law.
Respond to requests from data subjects and regulatory authorities.
Ensure unrestricted access to this Policy.
Implement legal, organizational, and technical measures to protect data.
Cease data processing and destroy data under lawful conditions.
4. Data Subject’s Rights and Obligations
4.1. Data subjects may:
Request information on their data processing (except as restricted by law).
Demand correction, blocking, or deletion of inaccurate or unlawfully obtained data.
Require prior consent for data use in marketing.
Withdraw consent and demand data processing stop.
Appeal unlawful actions or inactions of the Operator.
4.2. Data subjects must:
Provide accurate personal data.
Notify the Operator of any updates to their data.
4.3. Those who provide false or unauthorized data may face legal consequences.
5. Principles of Personal Data Processing
Processing must be lawful and fair.
Processing must pursue specific, lawful purposes.
Data with incompatible purposes must not be combined.
Only relevant data should be processed.
The data scope must match the processing goals.
Accuracy and relevancy of data must be maintained.
Data must not be stored longer than necessary.
6. Purpose of Data Processing
Purpose:
Sending email updates to the user.
Personal Data Involved:
Full name
Email address
Phone number
Legal Basis:
Operator’s organizational documents
Types of Processing:
Collection, recording, organization, storage, destruction, anonymization
7. Conditions for Data Processing
With the user’s consent
To fulfill legal obligations or contracts
In the public interest or to exercise legal rights
If made publicly accessible by the data subject
8. Data Collection, Storage, and Transfer
The Operator uses all legal, organizational, and technical safeguards to protect personal data.
Personal data will not be shared with third parties unless legally required or with the user’s consent.
Users may update their data by emailing restaurantbrook@gmail.com with the subject "Update Personal Data".
Users can withdraw consent at any time by emailing the same address with the subject "Withdraw Consent".
Third-party services (e.g., payment systems) manage data under their own policies. The Operator is not responsible for their practices.
Public interest data transfers may override user restrictions.
Personal data will only be stored as long as necessary for processing goals.
9. Operator’s Data Processing Actions
The Operator performs collection, recording, organization, storage, updating, usage, transfer, anonymization, blocking, deletion, and destruction.
Both automated and manual processing methods may be used.
10. Cross-Border Transfers
The Operator must notify authorities before transferring data abroad.
It must verify the recipient’s compliance with data protection laws.
11. Data Confidentiality
The Operator and any other parties with access to data must not disclose it without user consent unless legally required.
12. Final Provisions
Users may contact the Operator for clarification via email: restaurantbrook@gmail.com.
Any updates to this Policy will be reflected in this document.
The Policy remains valid until replaced with a new version.
The latest version is available online at: https://brookbali.com/policy
This Personal Data Processing Policy (hereinafter referred to as the "Policy") is drafted in accordance with Federal Law No. 152-FZ of July 27, 2006 "On Personal Data" and outlines the procedures and measures for processing and securing personal data by PT.KOSTA FAMILY VILLAS (hereinafter referred to as the "Operator").
1.1. The Operator considers the protection of individual rights and freedoms during personal data processing—including the right to privacy, personal and family confidentiality—a top priority.
1.2. This Policy applies to all personal data the Operator may collect from visitors of the website https://brookbali.com/.
2. Key Definitions
Automated processing – use of computer technology to process personal data.
Blocking of personal data – temporary suspension of processing, except when clarification is needed.
Website – all graphic and information materials, software, and databases available at https://brookbali.com/.
Personal data information system – the database system used to store and process personal data.
Depersonalization – actions that make it impossible to identify the subject without additional information.
Personal data processing – any operations involving personal data: collection, recording, organization, storage, updating, usage, transfer, anonymization, blocking, deletion, or destruction.
Operator – a person or entity organizing and/or carrying out personal data processing.
Personal data – any information related directly or indirectly to an identified or identifiable user.
Publicly available personal data – data the subject has made accessible to the public by giving explicit consent.
User – any visitor of https://brookbali.com/.
Provision – disclosing personal data to a specific person or group.
Dissemination – making personal data known to the general public.
Cross-border transfer – transferring personal data to a foreign country or foreign entity.
Destruction – irreversible removal of personal data making recovery impossible.
3. Operator’s Rights and Obligations
3.1. The Operator may:
Request accurate personal data and/or supporting documents from the data subject.
Continue processing personal data even after consent withdrawal, if allowed by law.
Independently determine the scope of measures to ensure compliance with the Law.
3.2. The Operator must:
Provide the data subject with processing information upon request.
Organize data processing in compliance with Russian law.
Respond to requests from data subjects and regulatory authorities.
Ensure unrestricted access to this Policy.
Implement legal, organizational, and technical measures to protect data.
Cease data processing and destroy data under lawful conditions.
4. Data Subject’s Rights and Obligations
4.1. Data subjects may:
Request information on their data processing (except as restricted by law).
Demand correction, blocking, or deletion of inaccurate or unlawfully obtained data.
Require prior consent for data use in marketing.
Withdraw consent and demand data processing stop.
Appeal unlawful actions or inactions of the Operator.
4.2. Data subjects must:
Provide accurate personal data.
Notify the Operator of any updates to their data.
4.3. Those who provide false or unauthorized data may face legal consequences.
5. Principles of Personal Data Processing
Processing must be lawful and fair.
Processing must pursue specific, lawful purposes.
Data with incompatible purposes must not be combined.
Only relevant data should be processed.
The data scope must match the processing goals.
Accuracy and relevancy of data must be maintained.
Data must not be stored longer than necessary.
6. Purpose of Data Processing
Purpose:
Sending email updates to the user.
Personal Data Involved:
Full name
Email address
Phone number
Legal Basis:
Operator’s organizational documents
Types of Processing:
Collection, recording, organization, storage, destruction, anonymization
7. Conditions for Data Processing
With the user’s consent
To fulfill legal obligations or contracts
In the public interest or to exercise legal rights
If made publicly accessible by the data subject
8. Data Collection, Storage, and Transfer
The Operator uses all legal, organizational, and technical safeguards to protect personal data.
Personal data will not be shared with third parties unless legally required or with the user’s consent.
Users may update their data by emailing restaurantbrook@gmail.com with the subject "Update Personal Data".
Users can withdraw consent at any time by emailing the same address with the subject "Withdraw Consent".
Third-party services (e.g., payment systems) manage data under their own policies. The Operator is not responsible for their practices.
Public interest data transfers may override user restrictions.
Personal data will only be stored as long as necessary for processing goals.
9. Operator’s Data Processing Actions
The Operator performs collection, recording, organization, storage, updating, usage, transfer, anonymization, blocking, deletion, and destruction.
Both automated and manual processing methods may be used.
10. Cross-Border Transfers
The Operator must notify authorities before transferring data abroad.
It must verify the recipient’s compliance with data protection laws.
11. Data Confidentiality
The Operator and any other parties with access to data must not disclose it without user consent unless legally required.
12. Final Provisions
Users may contact the Operator for clarification via email: restaurantbrook@gmail.com.
Any updates to this Policy will be reflected in this document.
The Policy remains valid until replaced with a new version.
The latest version is available online at: https://brookbali.com/policy