Privacy Policy

1. General Provisions

1.1. This Policy regarding the processing of personal data (hereinafter referred to as the Policy) determines the activities of Powerly LLC, registered at the address: RUSSIAN FEDERATION, 125438, MOSCOW, ext. ter. municipal district Koptevo, st. Mikhalkovskaya, 63B/building 4, room 2/5 (hereinafter referred to as the Company or Operator), regarding the processing of personal data.

1.2. This Policy was developed in pursuance of the law of July 27, 2006. RF No. 149-FZ “On information, information technologies and information protection”, Federal Law of the Russian Federation dated July 27, 2006. No. 152-FZ “On Personal Data” and other regulatory legal acts (hereinafter referred to as the Law).

1.3. Terms used in this document:

• o biometric personal data - information characterizing the physiological and biological characteristics of a person, which is used for his unique identification (fingerprints, palms, iris, facial characteristics and his image, etc.);
• o blocking of personal data - termination of access to personal data without deleting it;
• o depersonalization of personal data - actions as a result of which it becomes impossible, without the use of additional information, to determine the ownership of personal data to a specific subject of personal data;
• o processing of personal data - any action or set of actions performed with personal data, including collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion of personal data;
• o publicly available personal data - personal data distributed by the subject of personal data himself or with his consent or distributed in accordance with the requirements of legislative acts;
• o operator - a company that independently or jointly with other persons organizes and (or) carries out the processing of personal data;
• o personal data - any information relating to an identified individual or an identifiable individual;
• o provision of personal data - actions aimed at familiarizing with the personal data of a certain person or group of persons;
• o dissemination of personal data - actions aimed at familiarizing an indefinite number of persons with personal data;
• o special personal data - personal data relating to race or nationality, political views, membership in trade unions, religious or other beliefs, health or sexuality, exposure to administrative or criminal liability, as well as biometric and genetic personal data;
• o subject - an individual in respect of whom personal data is processed;
• o cross-border transfer of personal data - transfer of personal data to the territory of a foreign state;
• o deletion of personal data - actions as a result of which it becomes impossible to restore personal data in information resources (systems) containing personal data, and (or) as a result of which material media of personal data are destroyed;
• o authorized person - a government body, a legal entity of the Russian Federation, another organization, an individual who, in accordance with an act of legislation, a decision of a government body that is an operator, or on the basis of an agreement with the Company, processes personal data on behalf of the Company or in its interests ;
• o an individual who can be identified - an individual who can be directly or indirectly identified, in particular through his last name, first name, patronymic, date of birth, identification number or through one or more signs characteristic of his physical, psychological , mental, economic, cultural or social identity.

1.4. The following terms are used in this Policy:

Services are any services, products, programs, events, services of the Company (including, but not limited to Bitrix, iSpring, etc.). Sites - https://power-li.ru/ and other sites owned by the Company, subdomains of these sites, as well as other services with which the company works.

1.5. This Policy applies to all operations performed by the Operator with personal data using or without the use of automation tools.

1.6. This Policy comes into force from the moment of its approval.

2. Categories of personal data subjects and the volume of personal data processed.

2.1. The operator processes personal data that can be received from the following personal data subjects:

• o participants of the Company and affiliates of the Company;
• o Company employees, former employees, candidates for vacant positions;
• o counterparties and clients of the Company who are individuals; representatives and/or employees of the Company's counterparties and clients who are legal entities or individual entrepreneurs; visitors to the Company’s Sites and Services;
• o persons who provided the Company with personal data by subscribing to the newsletter, when sending reviews, requests, by filling out questionnaires during advertising and other events held by the Company;
• o persons who provided personal data to the Company in another way.

2.2. The operator processes the following personal data of the subject of personal data:

• o last name, first name, patronymic;
• o floor;
• o date of birth;
• o email address;
• o telephone number;
• o place of residence;
• o occupation (specialty, area of ​​professional knowledge);
• o place of work;
• o history of requests and views on the Company’s Sites and Services;
• o data contained in the identity document;
• o data contained in the military registration document;
• o data contained in the education document;
• o data contained in the work book;
• o data contained in the autobiography and characteristics from previous places of work;
• o data received to create a personal file;
• o data contained in the insurance certificate and other documents confirming circumstances related to work, the presentation of which is provided for by legislative acts;
• o other information (this list may be shortened or expanded depending on the specific case and purposes of processing).

2.3. To analyze the operation of the Sites and Services, the Operator processes data such as:

• o IP address;
• o information about the browser;
• o data from cookies;
• o addresses of the requested pages;
• o access time.

2.4. The operator ensures that the content and volume of processed personal data corresponds to the stated purposes of processing and, if necessary, takes measures to eliminate their redundancy in relation to the stated purposes of processing.

2.5. The operator processes personal data, incl. biometric only subject to the consent of the subject of personal data or without consent in other cases provided for by the legislation of the Russian Federation.

2.6. The operator does not process special personal data relating to race, nationality, political views, membership in trade unions, religious and other beliefs, health, sexuality, administrative or criminal liability, except in cases where the subject of personal data independently provided such data to the Operator, or they became known to the Operator in accordance with the legislation of the Russian Federation.

2.7. The operator, if necessary, to achieve the purposes of processing has the right to transfer personal data to third parties in compliance with the requirements of the legislation of the Russian Federation.

3. Purposes of collecting personal data.

3.1. The operator processes personal data for the following purposes:

• o communication with subjects of personal data;
• o carrying out various transactions with subjects of personal data, their subsequent execution, and, if necessary, modification and termination (termination);
• o providing subjects of personal data with the Company’s Services;
• o providing personal data subjects with information about the Company’s activities, about the Company’s development of new Sites and Services;
• o sending notifications, commercial offers, advertising and informational messages to subjects of personal data;
• o the Company’s holding of promotions, surveys, interviews, testing on the Company’s Sites and Services;
• o assessment and analysis of the work of the Company Services, control and improvement of the quality of the Company Services;
• o informing about the operation of the Company’s Websites;
• o registration and maintenance of accounts on the Websites and Services of the Company;
• o processing requests and requests received from personal data subjects;
• o attracting candidates to fill vacant positions in the Company;
• o conducting personnel work, carrying out work in the field of labor protection, ecology, organizing records of the Company’s employees, in accordance with the law and/or local documents;
• o conducting contractual work, including when concluding civil law contracts with individuals for the performance of work (provision of services), rent, loan, hiring, loans, etc.;
• o calculation and accrual of wages, bonuses, allowances, bonuses and other payments made in accordance with legislation, contracts and/or local documents;
• o implementation of access and intra-facility regimes, implementation of video surveillance, both for security and technological purposes;
• o implementation of administrative procedures;
• o generation of statistical and other reporting, conducting research;
• o carrying out economic activities;
• o exercise other powers and duties assigned to the Operator by the legislation of the Russian Federation, as well as in accordance with local documents, instructions and orders of government authorities.

4. Basic rights and obligations of the operator and subject of personal data.

4.1. The operator has the right:

• o receive from the subject of personal data reliable information and/or documents containing personal data;
• o request from the subject of personal data information about the relevance and reliability of the personal data provided;
• o refuse to satisfy the personal data subject’s requests to stop processing his personal data and/or delete them if there are grounds for processing provided for by the legislation of the Russian Federation, including if they are necessary for the stated purposes of their processing.

4.2. The operator is obliged:

• o explain to the Subject his rights related to the processing of personal data;
• o obtain the consent of the Subject, except for cases provided for by legislative acts;
• o process personal data in the manner established by the legislation of the Russian Federation;
• o ensure the protection of personal data during their processing;
• o take measures to ensure the accuracy of the personal data processed by him, make changes to personal data that are incomplete, outdated or inaccurate;
• o consider statements of personal data subjects regarding the processing of personal data and give reasoned answers to them;
• o provide the subject of personal data with information about his personal data, about their provision to third parties;
• o make changes to personal data that are incomplete, outdated or inaccurate, except in cases where a different procedure for making changes to personal data is established by legislative acts or if the purposes of processing personal data do not imply subsequent changes to such data;
• o change, block or delete unreliable or illegally obtained personal data of the Subject at the request of the authorized body for the protection of the rights of personal data subjects, unless a different procedure for making changes to personal data, blocking or deleting them is not established by legislative acts;
• o stop processing personal data, as well as delete or block it if there are no grounds for processing it, as well as at the request of the subject of personal data; perform other duties provided for by the legislation of the Russian Federation.

4.3. The subject of personal data has the right:

• o to receive information regarding the processing of his personal data by the Operator;
• o to make changes to your personal data if the personal data is incomplete, outdated or inaccurate;
• o to withdraw your consent to the processing of personal data;
• o to receive information about providing your personal data to third parties;
• o to stop processing your personal data, including their deletion, if there are no grounds for their processing;
• o to appeal the actions/inactions and decisions of the Operator related to the processing of his personal data to the authorized body for the protection of the rights of personal data subjects in the manner prescribed by law;
• o to exercise other rights provided for by the legislation of the Russian Federation.

4.4. The subject of personal data is obliged to:

• o provide the Operator with only reliable information about yourself;
• o if necessary, provide the Operator with documents containing personal data to the extent necessary for the purpose of their processing;
• o inform the Operator about changes in your personal data.

4.5. A person who provides the Operator with incomplete, outdated, false information about himself, or information about another subject of personal data without the latter’s consent, is liable in accordance with the legislation of the Russian Federation.

5. Consent of the subject of personal data.

Procedure and conditions for processing personal data.

5.1. The basis for the processing of personal data is the consent of the subject of the personal data, with the exception of cases established by the legislation of the Russian Federation, when the processing of personal data is carried out without obtaining such consent.

5.2. The consent of the subject of personal data is a free, unambiguous, informed expression of his will, through which he authorizes the processing of his personal data.

The Subject's consent may be obtained in writing, in the form of an electronic document or in another electronic form. In another electronic form, the Subject’s consent can be obtained by:

• o indication (selection) by the subject of personal data of certain information (code) after receiving a CMC message, a message to an email address;
• o putting the corresponding mark on the Internet resource by the subject of personal data;
• o other ways to establish the fact of obtaining the consent of the subject of personal data.

5.3. Before obtaining the consent of the subject of personal data, the Company in written or electronic form corresponding to the form of expression of such consent is obliged to provide the subject of personal data with information containing:

• o name and location of the Company;
• o the purpose of processing personal data;
• o list of personal data for the processing of which the consent of the subject of personal data is given;
• o the period for which the Subject’s consent is given;
• o information about authorized persons in the event that the processing of personal data will be carried out by such persons;
• o a list of actions with personal data to which the Subject’s consent is given, a general description of the methods of processing personal data used by the Company;
• o other information necessary to ensure transparency of the processing of personal data.

Before obtaining the Subject's consent, the Company is obliged to explain to the Subject in simple and clear language his rights related to the processing of personal data, the mechanism for exercising such rights, as well as the consequences of giving the Subject's consent or refusing to give such consent. This information must be provided by the Subject's Company in written or electronic form, corresponding to the form of expression of his consent, separately from other information provided to him.

5.4. When giving his consent to the Company, the subject indicates his last name, first name, patronymic (if any), date of birth, identification number, and in the absence of such a number, the number of his identity document, except for the case provided for in part two of this paragraph.

If the purposes of processing personal data do not require the processing of information specified in part one of this paragraph, this information is not subject to processing by the Company upon receipt of the consent of the Subject.

5.5. The burden of proving receipt of the Subject's consent rests with the Operator. Refusal to give consent to the processing of personal data gives the Operator the right to refuse to provide the subject of personal data with access to the Sites and Services of the Company.

5.6. The processing of personal data by the Operator includes the following actions with personal data: collection, systematization, storage, modification, use, depersonalization, blocking, distribution, provision, deletion, other actions, in accordance with the legislation of the Russian Federation.

5.7. Methods for processing personal data by the Operator:

• o non-automated processing of personal data;
• o automated processing of personal data with or without transfer of received information via information and telecommunication networks;
• o mixed processing of personal data.

5.8. The storage of personal data is carried out in a form that makes it possible to identify the subject of personal data for a period no longer than required by the purposes of processing personal data, except in cases where the storage period for personal data is established by the legislation of the Russian Federation, an agreement concluded (to be concluded) with the subject of personal data , in order to carry out the actions established by this agreement.

5.9. The condition for terminating the processing of personal data may be the achievement of the goals of processing personal data, the expiration of the period for processing personal data, the withdrawal of the consent of the subject of personal data to the processing of his personal data, as well as the identification of unlawful processing of personal data.

5.10. When processing personal data, the Operator takes the necessary legal, organizational and technical measures to ensure the protection of personal data from unauthorized or accidental access to it, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other unlawful actions in relation to personal data .

5.11 The Company processes special personal data solely for the purposes specified in clause 3.1. of this Policy. The Company may also process biometric personal data for the purposes specified in clause 3.1. of this Policy.

5.12. Processing of special, including biometric personal data is permitted only if a set of measures are taken aimed at preventing risks that may arise during the processing of such personal data for the rights and freedoms of personal data subjects.

5.13. The Company does not carry out cross-border transfer of personal data if the appropriate level of protection of the rights of personal data subjects is not ensured on the territory of a foreign state, except in cases established by law.

6. Mechanism for exercising the rights of the subject of personal data.

6.1. The subject of personal data has the right to withdraw his consent to the processing of personal data by submitting an application to the Operator in writing, sent by registered mail, or in the form of an electronic document. The application must contain:

• o last name, first name, patronymic of the subject of personal data;
• o address of residence (place of stay);
• o date of birth;
• o identification number (if indicated when giving consent or the processing of personal data is carried out without the consent of the subject of personal data);
• o statement of the essence of the requirement;
• o personal signature or electronic digital signature.

The operator, within 15 days after receiving the application, stops processing personal data (if there are no grounds for processing according to law), deletes it, and if there is no technical possibility of deletion, takes measures to prevent further processing of personal data, including blocking it, and notifies about this subject of personal data within the same period.

6.2. The subject of personal data has the right to obtain from the Operator information regarding the processing of his personal data by submitting an application to the Operator in the manner provided for in clause 6.1 of these Rules. The operator, within 5 working days after receiving the application, provides the personal data subject with the relevant information or notifies him of the reasons for refusal to provide such information.

6.3. The subject of personal data has the right to demand from the Operator to make changes to his personal data if they are incomplete, outdated or inaccurate, by submitting an application to the Operator in the manner provided for in clause 6.1 of these rules, with the attachment of documents (duly certified copies), confirming the need to make such changes. The operator, within 15 days after receiving the application, makes changes to the personal data and notifies the subject of personal data about this or notifies the reasons for refusing to make changes.

6.4. The subject of personal data has the right to receive from the Operator information about the provision of his personal data to third parties once a calendar year free of charge, by submitting an application to the Operator in the manner provided for in clause 6.1 of these Rules. The operator, within 15 days after receiving the application, provides the subject of personal data with information about what personal data of this subject and to whom were provided during the year preceding the date of filing the application, or notifies him of the reasons for the refusal to provide such information.

6.5. The subject of personal data has the right to demand that the Operator stop processing his personal data, including its deletion, in the absence of grounds for processing, by submitting an application to the Operator in the manner provided for in clause 6.1 of these Rules. The operator, within 15 days after receiving the application, stops processing personal data (if there are no grounds for processing according to law), deletes it, and if there is no technical possibility of deletion, takes measures to prevent further processing of personal data, including blocking it, and notifies about this subject of personal data within the same period.

7. Measures to ensure the protection of personal data

7.1. The Company is obliged to take legal, organizational and technical measures to ensure the protection of personal data from unauthorized or accidental access, modification, blocking, copying, distribution, provision, deletion of personal data, as well as from other unlawful actions in relation to personal data.

7.2. To protect personal data, the Company takes the following measures:

• o appointment of structural units or persons responsible for internal control over the processing of personal data;
• o maintaining processing registers;
• o development and communication to all interested parties of this Policy and other documents of the Company regarding the processing of personal data;
• o familiarization of the Company’s employees and other persons directly involved in the processing of personal data with the provisions of the legislation on personal data, including the requirements for the protection of personal data, this Policy and other documents of the Company regarding the processing of personal data, as well as training of these employees and other persons in the manner prescribed by law;
• o establishing the procedure for access to personal data, including those processed in the information resource (system);
• o implementation of technical and cryptographic protection of personal data.

7.3. The Company is obliged to provide unlimited access, including using the global computer network Internet, to documents defining the Company's policy regarding the processing of personal data, before such processing begins.

7.4. The classification of information resources (systems) containing personal data, in order to determine the requirements for technical and cryptographic protection of personal data, is established by the authorized body for the protection of the rights of personal data subjects.

8. Final provisions

8.1. Issues related to the processing of personal data that are not covered in this Policy are regulated by the legislation of the Russian Federation.

8.2. In the event that any provision of the Policy is found to be contrary to law, the remaining provisions that comply with the law will remain in full force and effect and any invalid provision will be deemed to be deleted/modified to the extent necessary to ensure compliance with the law.

8.3. The operator has the right, at its discretion, to change and (or) supplement the terms of this Policy without prior and (or) subsequent notification of the subjects of personal data. The current version of the Policy is constantly available at: https://power-li.ru/politika-konfidencialnosti.

8.4. The subject of personal data can receive any clarification on issues of interest regarding the processing of his personal data by contacting the Site Administration via email plant@power-li.ru.

Documentation