Privacy policy

1. General provisions

1.1. This Policy of the Autonomous Energy Systems Limited Liability Company (hereinafter referred to as Autonomous Energy Systems LLC or the Operator) regarding the processing of personal data (hereinafter referred to as the Policy) has been developed in compliance with the requirements of clause 2, Part 1, Article 18.1 of Federal Law No. 152–FZ of 27.07.2006 “On Personal Data” (hereinafter referred to as the Policy). – The Law on Personal Data).

1.2. The Policy applies to all personal data processed by Autonomous Energy Systems LLC.

1.3. The purpose of this Policy is to ensure the constitutional rights of employees of Autonomous Energy Systems LLC and other individuals whose personal data processing is necessary for Autonomous Energy Systems LLC to carry out its activities.

2. Principles of personal data processing

2.1. The processing of personal data by the Operator is carried out in accordance with the following basic principles:

– legality and fairness of personal data processing;

– limiting the processing of personal data to the achievement of specific, predetermined and legitimate goals;

– processing only those personal data that meet the purposes of processing;

– compliance of the content and volume of personal data processed with the stated purposes of processing;

– accuracy, sufficiency and relevance of personal data in relation to the purposes of processing;

– compliance of personal data storage periods with the purposes of processing;

– prevention of personal data leakage;

– prevention of unauthorized access to personal data, their destruction, modification, blocking, copying, provision, distribution, as well as other illegal actions during the processing of personal data in information systems.

3. Purposes of personal data collection

3.1. The processing of personal data is limited to achieving specific, predetermined and legitimate goals. Processing of personal data incompatible with the purposes of personal data collection is not allowed.

3.2. Only personal data that meets the purposes of their processing is subject to processing.

3.3. The processing of personal data by the Operator is carried out for the following purposes::

ensuring compliance with the Constitution of the Russian Federation, federal laws and other regulatory legal acts of the Russian Federation;
carrying out its activities in accordance with the Charter of Autonomous Energy Systems LLC;
conducting personnel records management;
assistance to employees in finding employment;
recruitment and selection of candidates to work for the Operator;
organization of individual (personalized) employee registration in the compulsory pension insurance system;
filling in and submitting required reporting forms to the executive authorities and other authorized organizations;
implementation of civil law relations;
maintaining accounting records;
implementation of access control.

3.4. The processing of personal data of employees may be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.

4. Content and scope of personal data processed, categories of personal data subjects

4.1. The content and volume of personal data processed must comply with the stated purposes of processing provided for in Section 3 of this Policy. The personal data being processed should not be redundant in relation to the stated purposes of their processing.

4.2. The Operator may process personal data of candidates for employment, employees, former employees, family members, clients and contractors of the Operator (individuals), as well as representatives of these persons.

4.3. Depending on the purposes of personal data collection provided for in Section 3 of this Policy, the content and scope of personal data may include:

last name, first name, patronymic;
floor;
citizenship;
date and place of birth;
image (photo);
passport data;
address of registration at the place of residence;
actual address of residence;
contact information;
taxpayer’s individual number;
insurance number of an individual personal account (SNILS);
information about education, qualifications, professional training and professional development;
marital status, children, family ties;
information about employment, including the availability of incentives, awards and (or) disciplinary penalties;
marriage registration data;
information about military registration;
disability information;
information about withholding alimony;
information about income from a previous job;
degree of kinship;
current account number;
current position;
other personal data provided by the personal data subjects specified in clause 4.2, in accordance with the requirements of the law, as well as necessary for the conclusion and execution of contracts.

5. Procedure and conditions of personal data processing

5.1. The processing of personal data is carried out by the Operator in accordance with the requirements of the legislation of the Russian Federation.

5.2. The processing of personal data is carried out with the consent of the subjects of personal data to the processing of their personal data, as well as without it in cases provided for by the legislation of the Russian Federation.

5.3. The Operator performs both automated and non-automated processing of personal data.

5.4. The Operator’s employees, whose job responsibilities include processing personal data, are allowed to process personal data.

5.5. Personal data is processed by:

receiving personal data in oral and written form directly from personal data subjects;
obtaining personal data from publicly available sources;
entering personal data into the logs, registers and information systems of the Operator;
using other methods of personal data processing.

5.6. Disclosure and dissemination of personal data to third parties is prohibited without the consent of the personal data subject, unless otherwise provided by federal law. Consent to the processing of personal data authorized by the personal data subject for dissemination is issued separately from other consents of the personal data subject to the processing of his personal data.

5.7. The Operator takes the necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions, including:

appoints persons responsible for ensuring the security of personal data in the structural divisions and information systems of the Operator;
creates the necessary conditions for working with personal data;
organizes accounting of documents containing personal data;
organizes work with information systems in which personal data is processed;
stores personal data in conditions that ensure their safety and prevent unauthorized access to them.;
organizes the training of the Operator’s employees who process personal data.

5.8. The Operator stores personal data in a form that allows determining the subject of personal data for no longer than the purposes of personal data processing require, unless the period of personal data storage is established by federal law or contract.

6. Updating, correction, deletion and destruction of personal data, responding to requests from subjects for access to personal data

6.1. The personal data subject has the right to receive information regarding the processing of his personal data, which is provided by the Operator to the personal data subject or his representative when contacting or receiving a request from the personal data subject or his representative.

The information provided does not include personal data related to other subjects of personal data, except in cases where there are legitimate grounds for the disclosure of such personal data.

The request must contain:

the number of the main identity document of the personal data subject or his representative, information about the date of issue of the specified document and the issuing authority;
information confirming the personal data subject’s participation in the relationship with the Operator (contract number, date of conclusion of the contract, conditional designation and (or) other information), or information otherwise confirming the fact of personal data processing by the Operator;
signature of the personal data subject or his representative.

If the request of the personal data subject does not reflect all the necessary information in accordance with the requirements of the Law on Personal Data, or the subject does not have access rights to the requested information, a reasoned refusal is sent to him.

The right of a personal data subject to access his/her personal data may be restricted in accordance with legislation.

6.2. The personal data subject has the right to require the Operator to clarify his personal data, block or destroy them if the personal data is incomplete, outdated, inaccurate, illegally obtained or is not necessary for the stated purpose of processing, as well as to take legal measures to protect their rights.

6.3. Upon achievement of the purposes of personal data processing, as well as in the case of revocation by the personal data subject of consent to their processing, personal data is subject to destruction if:

nothing else is provided for in the contract to which the personal data subject is a party;
The operator does not have the right to process personal data without the consent of the personal data subject on the grounds provided for by the Law on Personal Data or other federal laws.;
no other agreement is provided for between the Operator and the personal data subject.

7. Information about the implemented requirements for personal data protection

7.1. The personal data protection system includes organizational and/or technical measures defined taking into account current threats to the security of personal data and information technology.

7.2. The security of personal data in Autonomous Energy Systems LLC is ensured, inter alia, by:

– organization of a security regime for premises in which technical means of information systems are located, as well as personal data carriers are stored, preventing the possibility of uncontrolled entry or stay in these premises of persons who do not have the right to access these premises;

– ensuring the safety of personal data carriers;

– determining the list of persons who are allowed access to personal data and their processing necessary for the performance of their official (labor) duties;

– appointment of an official responsible for ensuring the security of personal data.