Privacy Policy

1. Terminology

Automated processing of personal data is the processing of personal data by means of computer technology.

Blocking of personal data – temporary suspension of processing of personal data (unless the processing is necessary to clarify personal data).

Access to information is the possibility to obtain information and use it.

Protected information is information that is the subject of ownership and must be protected in accordance with the requirements of legal documents or requirements established by the owner of the information.

Identification is assigning an identifier to subjects and objects of access and/or comparing the presented identifier with the List of Assigned Identifiers.

Information  – data (messages, records) irrespective of their form of presentation.

Information system of personal data  is an aggregate of personal data contained in databases and information technologies and technical means ensuring processing of personal data.

Information technologies – processes, methods of searching, collecting, storing, processing, providing, distributing information and ways of implementing such processes and methods.

Information and telecommunication network is a technological system designed to transmit information by means of communication lines, access to which is performed using computer facilities.

Unauthorized access (unauthorized actions)is access to information or actions with information that violate access delimitation rules using regular means provided by personal data information systems.

Processing of personal data is any action (operation) or a set of actions (operations), performed with or without the use of automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, change), extraction, use, transfer (distribution, provision, access), anonymization, blocking, removal, destruction of personal data.

Operator is a state body, municipal authority, legal entity or individual, alone or with others, arranging and/or implementing the processing of personal data, as well as determining the purpose of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Тechnical means of personal data information system are computer equipment, information-computer complexes and networks, means and systems of data transmission, reception and processing of personal data (means and systems of sound recording, audio amplification, sound reproduction, intercom and television devices, means of document production, duplication and other technical means of processing of speech, graphic, video and alphanumeric information), software (operating systems, database management systems, etc.), means of information protection.

Cross-border transfer of personal data is transfer of personal data to the territory of a foreign state to a foreign state authority, a foreign individual or a foreign legal entity.

Personal data (PD) is any information related to a directly or indirectly defined or identifiable individual (personal data subject).

Access differentiation rules are a set of rules regulating access rights of access subjects to objects of access.

Provision of personal data is actions aimed at disclosure of personal data to a certain person or a certain circle of persons.

Dissemination of personal data is actions aimed at disclosure of personal data to an indefinite number of persons.

Destruction of personal data – actions, as a result of which it becomes impossible to restore the content of personal data in the information system of personal data and/or as a result of which tangible carriers of personal data are destroyed.

2. Purpose and scope of application

2.1. This Policy describes the principles and approaches of Red Wings JSC to the processing and security of personal data, duties and responsibilities of Red Wings JSC in relation to such processing.

2.2. This Policy has been developed in accordance with the laws and regulations of the Russian Federation:

  • Federal Law of 27.07.2006 No. 149-FZ «On Information, Information Technologies and Information Protection»
  • Federal Law of the Russian Federation of 27.07.2006 No. 152-FZ «On Personal Data»
  • Decree of the Government of the Russian Federation of 01.11.2012 No. 1119 «On Approval of Requirements for Protection of Personal Data in Processing of Personal Data in Personal Data Information Systems»
  • Decree of the Government of the Russian Federation of 15.09.2008 No. 687 «On Approval of the Regulations on Specifics of Processing of Personal Data Performed without the Use of Automation Means».

2.3. Red Wings JSC shall fully ensure observance of rights and freedoms of citizens when processing personal data, including protection of rights to privacy, personal and family secrets.

2.4. When processing personal data in Red Wings JSC, the following principles shall be strictly observed:

2.4.1 Processing of personal data that is incompatible with the purposes of personal data collection shall not be permitted.

2.4.2 Processing of personal data which is inconsistent with the purposes of processing shall not be permitted. The content and composition of personal data processed at Red Wings JSC shall comply with the stated purposes of processing.

2.4.3 Processing of personal data shall ensure the accuracy, adequacy and, where necessary, relevance of personal data.

2.4.4 Personal data shall not be stored for longer than required by the purposes of personal data processing, as well as federal laws and contracts to which the personal data subject is a party, beneficiary or guarantor.

2.5 Processing of personal data shall be carried out in compliance with the principles and rules stipulated by the legislation of the Russian Federation.

2.6. Prior to processing of personal data, the subjects of personal data, composition of processed personal data and specific purposes of processing of personal data shall be determined, which shall be documented by the List of Processed Personal Data and approved by the Managing Director of Red Wings JSC.

2.7. Access to personal data shall be restricted in accordance with the requirements of the legislation and internal regulatory documents of Red Wings JSC.

2.8. Red Wings JSC shall not disclose personal data obtained as a result of its professional activities, except as required by the laws of the Russian Federation.

2.9. Red Wings JSC employees granted access to personal data shall undertake to ensure confidentiality of processed personal data.

2.10. Red Wings JSC shall take appropriate technical and organisational information security measures to protect personal data against unauthorised access, alteration, disclosure or destruction, by internal reviews of data collection, storage and processing processes and security measures, and by implementing physical data security measures to prevent unauthorised access to systems where Red Wings JSC processes personal data.

3. Use of the website

3.1. Red Wings JSC shall process Personal Data of the users of the flyredwings.com website.

3.2. Red Wings JSC uses cookies, including processing data about website users, necessary for correct operation of the website, as well as for the purpose of attendance and user activity analysis, website optimization and website users comfort.

3.3 Some of the functionalities of the website can be used without providing personal data. However, in order to use the special functions of the website, it is necessary to submit user data, including personal data. By ticking a box or clicking a button in the electronic confirmation form provided by the website, the data subject expresses their consent to the processing of their personal data by Red Wings JSC on the terms provided for in this Policy. A data subject shall not use the Red Wings JSC Website and shall not provide Red Wings JSC with their personal data if they do not agree with the provisions of this section of this Policy.

3.4. Red Wings JSC shall process Personal Data using the website on the terms and conditions set out in Table.

Table 1. Terms and conditions for processing personal data using website flyredwings.com

Data subject Purpose of personal data processing Composition of personal data Method of processing personal data Terms of handling personal data
Website users Activity analysis, website optimization and website users comfort.
  • The IP address of the user
  • Date and time of the visit to the website
  • Types of browser and operating system
  • Type and model of mobile device
  • The source of access to the site
  • Information about the user's behavior on the website (including the number and name of pages viewed)
  • Age, gender, interests, geographical location of the user
  • Other technical data (cookies, flash, java, etc.)
Mixed processing (both with and without the use of automation) Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymisation, blocking, deletion, destruction of personal data
Passengers
  • Concluding and executing the air transport contract
  • Purchasing and booking tickets
  • Flight registration
  • e-mail address (e-mail)
  • Flight date
  • Flight (itinerary)
  • Date of birth
  • Flight ticket changes
  • Number of seats
  • Contact phone number
  • Flight itinerary
  • Ticket number
  • Identification document details
  • Flight number
  • Reason for refund
  • Surname, first name, patronymic (full name)
Mixed processing (both with and without the use of automation) Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymisation, blocking, deletion, destruction of personal data
Website users Subscribe for news
  • Email address (e-mail)
  • Surname, first name, patronymic (full name)
Mixed processing (both with and without the use of automation) Collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymisation, blocking, deletion, destruction of personal data
Applicants for requests Processing request
  • Email address (e-mail)
  • City of departure (on the return section)
  • City of arrival (on the return section)
  • Date of departure (on the return leg)
  • Date of the described event or discovery of the threat
  • Additional information (weather conditions day/night, aircraft number, stage of work, location, etc.)
  • Contact telephone number
  • Ticket number
  • Reservation number
  • Description of the threat or event
  • Proposed corrective measures
  • The cause of the threat or event
  • Account details for sending the money
  • Message.
  • Surname, first name, patronymic (full name)
Mixed processing (both with and without the use of automation) Collection, recording, systematisation, accumulation, storage, clarification (updating, modification), extraction, use, transfer (provision, access), anonymisation, blocking, deletion, destruction of personal data

4. Rights and obligations

4.1. The subject of personal data has the right:

4.1.1. To receive information relating to the processing of their personal data, including containing:

  • Confirmation of the fact of processing of personal data
  • The legal basis and purpose for processing personal data
  • Purposes and methods of processing of personal data
  • The full name and location of Red Wings JSC, information about persons (other than Red Wings JSC employees) who have access to personal data or to whom personal data may be disclosed on the basis of a contract with Red Wings JSC or on the basis of the laws of the Russian Federation
  • Processed personal data pertaining to the respective personal data subject, the source of its obtaining, unless other procedure for submission of such data is provided for by the legislation of the Russian Federation
  • Terms of processing of personal data, including terms of its storage
  • The procedure for exercising by the subject of personal data the rights provided by the legislation of the Russian Federation
  • Information on the cross-border transfer of personal data that has taken place or is expected to take place
  • The name or surname, first name, patronymic and address of the person processing personal data on behalf of Red Wings JSC, if processing is or will be assigned to such person
  • Other information as required by the laws of the Russian Federation.

4.1.2. Demand correction of incorrect, inaccurate, outdated personal data, exclusion from processing of personal data in case of unlawful processing of his personal data.

4.1.3. To withdraw consent to personal data processing.

4.1.4. To challenge in court any unlawful acts or omissions of Red Wings JSC in processing and protecting his personal data.

4.2. Personal data subjects shall be responsible for providing accurate information and for updating the provided data in a timely manner in the event of any changes.

4.3. Red Wings JSC shall take reasonable steps to maintain the accuracy and relevance of available personal data and to delete personal data in cases where it is out of date, inaccurate or unnecessary, or where the purposes of its processing have been achieved.

4.4. Red Wings JSC:

  • Processes personal data in compliance with the requirements and principles established by the legislation of the Russian Federation
  • Implements measures to ensure the security of personal data during its processing

4.5. Red Wings JSC employees who are guilty of violating the requirements of this Policy and regulatory legal acts governing the processing and protection of personal data shall bear disciplinary, administrative, civil or criminal liability in accordance with the laws of the Russian Federation.