Personal Data Processing and Protection Policy
APPROVED
by General Director
of AMT Engineering LLC
V.E. Titova
Order dated January 15, 2025, No. 1
by General Director
of AMT Engineering LLC
V.E. Titova
Order dated January 15, 2025, No. 1
1. General Provisions
1.1. The Personal Data Processing and Protection Policy (hereinafter referred to as the Policy) is issued and implemented by AMT Engineering LLC (hereinafter referred to as the Operator) in accordance with Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."
1.2. For the purposes of this Policy, the User's personal information means:
1.2.1. Personal information that the User provides about themselves upon registration (creating an account) or while using the Services, including the User's personal data. Information required for the provision of the Services is marked as such.
1.2.2. Data that is automatically transferred to the Website's services during their use by the software installed on the User's device, including IP address, cookie data, information about the User's browser (or other program used to access the services), technical specifications of the hardware and software used by the User, the date and time of access to the services, the addresses of the requested pages, and other similar information.
1.2.3. This Privacy Policy applies only to the Website www.amt-e.ru. The Website www.amt-e.ru does not control and is not responsible for third-party websites to which the User may access links available on the Website www.amt-e.ru.
1.3. This Policy defines the Operator's policies, procedures, and conditions regarding the processing and protection of personal data, and establishes procedures aimed at preventing and identifying violations of Russian Federation legislation and eliminating the consequences of such violations related to the processing and protection of personal data. All issues related to the processing and protection of personal data not regulated by this Policy shall be resolved in accordance with the current legislation of the Russian Federation in the field of personal data.
1.4. The purpose of processing personal data is:
— to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of the right to privacy, personal and family secrets;
— to promote the Operator's goods, works, and services on the market through direct contact with potential consumers via communication means (permitted in the manner provided for in paragraph 3.5 of these Regulations);
1.5. This Policy does not apply to relations arising from:
1) organizing the storage, acquisition, accounting, and use of documents containing personal data in the Archival Fund of the Russian Federation and other archival funds in accordance with the legislation on archival affairs in the Russian Federation;
2) the processing of personal data classified in the established manner as information constituting a state secret.
1.6. Personal data is processed in compliance with the principles and rules set forth in Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" and this Policy.
The Operator organizes processing based on the following principles:
— the legality of the purposes and methods of personal data processing, good faith, and fairness in the Operator's activities;
— limiting the processing of personal data to the achievement of specific, predetermined, and legitimate purposes;
— the accuracy of personal data, its sufficiency for the processing purposes, and the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting the personal data;
— processing only personal data that is relevant to the purposes for which they are processed. Processing personal data incompatible with the purposes of collecting the personal data is inadmissible;
— compliance of the content and volume of processed personal data with the stated purposes of processing. The processed personal data must not be excessive in relation to the stated purposes of their processing;
— inadmissibility of combining databases containing personal data processed for incompatible purposes;
— ensuring the accuracy of personal data, its sufficiency, and, where necessary, its relevance in relation to the purposes of personal data processing. The Operator takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data;
— storing personal data in a form that allows identification of the personal data subject for no longer than required for the purposes of personal data processing, unless the personal data storage period is established by federal law, an agreement to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data are subject to destruction or anonymization upon achieving the processing purposes or when the need to achieve these purposes is no longer necessary, unless otherwise provided by federal law.
1.7. Personal data processing methods:
— mixed; with transfer via the legal entity's internal network; without transfer via the Internet.
1.8. The Operator's information systems process publicly available personal data.
1.9. In accordance with the stated goals and objectives, the Operator appoints a person responsible for organizing the processing of personal data, hereinafter referred to as the "PD Curator," prior to commencing the processing of personal data.
1.10. This Policy and amendments thereto shall be approved by order of the Operator's manager.
1.11. The Operator's employees directly involved in the processing of personal data must, prior to commencing work, be familiar with the provisions of Russian Federation legislation on personal data, including personal data protection requirements, documents defining the Operator's policy regarding the processing of personal data, internal regulations on personal data processing, this Policy and amendments thereto.
1.12. When processing personal data, the Operator applies legal, organizational, and technical measures to ensure the security of personal data in accordance with Article 19 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
1.13. The Operator ensures the confidentiality of personal data in accordance with the Privacy Policy.
1.14. Monitoring of the Operator's employees' compliance with the requirements of Russian Federation legislation and the provisions of the Operator's internal regulations is organized in accordance with the Operator's Internal Control Policy when processing personal data. Monitoring consists of verifying compliance with the requirements of regulatory documents on information security, as well as assessing the validity and effectiveness of the measures taken. It may be carried out.
1.15. An Operator collecting personal data using information and telecommunications networks is obligated to publish this Policy on the relevant information and telecommunications network, including on the pages of the Operator's website on the Internet through which personal data is collected, and to ensure access to this Policy using the means of the relevant information and telecommunications network.
1.16. Terms of personal data processing by the Operator:
1) personal data is processed with the consent of the personal data subject to the processing of their personal data;
2) The processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party, beneficiary, or guarantor, as well as for the conclusion of an agreement initiated by the personal data subject or an agreement.
1.17. The Operator may, under an agreement, entrust the processing of personal data to a third party. An essential condition of such an agreement is that the third party has the right to process the personal data, the obligation to comply with the principles and rules for processing personal data stipulated by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data," to maintain the confidentiality of the personal data, and to take the necessary measures to ensure the fulfillment of the obligations stipulated by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data."
1.18. Personal data is stored in accordance with the procedure set forth in the Operator's Personal Data Storage Policy.
2. Structural divisions of the Operator for processing personal data.
2.1. The Operator's manager organizes the processing of personal data.
2.2. The Operator's manager:
1) informs the Operator's employees of the provisions of Russian Federation legislation on personal data, local regulations on personal data processing, and personal data protection requirements;
2) organizes the processing of personal data;
3) organizes the receipt and processing of inquiries and requests from personal data subjects or their representatives.
2.4. The Operator's manager is responsible for monitoring the Operator's employees' compliance with the requirements of Russian Federation legislation and the provisions of the Operator's local regulations when processing personal data.
2.5. Personal data is also processed:
— Yandex.Metrica (server: `mc.yandex.ru`);
— stored in the CRM.
2.6. Ensuring the security of personal data processed in the Operator's information systems is achieved by preventing unauthorized, including accidental, access to personal data, and by taking the following security measures:
— identifying current threats to the security of personal data and information technologies used in information systems;
— implementing organizational and technical measures to ensure the security of personal data during its processing in the Operator's information systems, as necessary to meet personal data protection requirements;
— assessing the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the information system;
— accounting for personal data storage media;
— ensuring the proper functioning of computer equipment containing personal data in accordance with the operating and technical documentation of the computer equipment and taking into account the technical requirements of information systems and information security tools;
— detecting and recording instances of unauthorized access to personal data, unauthorized duplicate or additional recording of information after its retrieval from the personal data information system, and taking appropriate measures;
— restoring personal data that has been modified, deleted, or destroyed due to unauthorized access;
— monitoring the measures taken to ensure the security of personal data and the security levels of information systems.
2.7. The Operator's Manager shall ensure:
— timely detection of unauthorized access to personal data;
— prevention of interference with technical means for automated processing of personal data that could result in disruption of their functioning;
— recovery of personal data modified or destroyed due to unauthorized access;
— continuous monitoring of the level of security of personal data;
— compliance with the terms of use of information security tools stipulated by the operating and technical documentation;
— accounting of the information security tools used, their operating and technical documentation, and personal data storage media;
— upon detection of violations of the procedure for providing personal data, immediate suspension of the provision of personal data to users of the information system until the causes of the violations are identified and eliminated;
— investigating and drawing up conclusions regarding violations of the storage conditions for personal data storage media, the use of information security tools, which may lead to a breach of personal data confidentiality or other violations that reduce the level of personal data security, and developing and implementing measures to prevent the potentially dangerous consequences of such violations.
2.8. The Operator's Manager takes all necessary measures to restore personal data that has been modified, deleted, or destroyed due to unauthorized access.
2.9. The exchange of personal data during its processing in the Operator's information systems is carried out via communication channels, the protection of which is ensured by the implementation of appropriate organizational measures and the use of software and hardware.
2.10. Access by the Operator's employees to personal data located in the Operator's information systems requires mandatory identification and authentication.
2.11. In the event of detection of violations of the personal data processing procedure in the Operator's information systems, the Operator's manager will immediately take measures to establish the causes of the violations and eliminate them.
3. Procedure for ensuring the rights of the subject of personal data by the Operator
3.1. Subjects of personal data or their representatives have the rights provided for by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and other regulatory legal acts governing the processing of personal data.
3.2. The Operator ensures the rights of subjects of personal data in accordance with the procedure established by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
3.3. The information specified in Part 7 of Art. 14 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," shall be provided to the personal data subject by the Operator's manager in an accessible form, excluding personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data, in electronic form. At the request of the personal data subject, such personal data may be duplicated on paper. The accessible form shall be certified by the Operator's manager.
3.4. The information specified in Part 7 of Article 14 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" shall be provided to the personal data subject or their representative by the Operator's manager within 10 (ten) business days of the request or receipt by the Operator of the personal data subject's or their representative's request.
This period may be extended, but by no more than 5 (five) business days, if the Operator sends the personal data subject a reasoned notice stating the reasons for the extension. 3.5. The processing of personal data for the purpose of promoting goods, works, and services on the market through direct contact with potential consumers via communication tools, as well as for political campaigning purposes, is permitted only with the prior consent of the personal data subject. This consent may be oral or written.
3.5.1. Individual oral communication with potential consumers or campaign participants is conducted via a dedicated telephone line operated by the Operator. The workstation of the Operator's employee assigned to this communication is equipped with technical means that allow for the automated recording of telephone calls and (with the consent of the personal data subject) audio recording of conversations. In this situation, an audio recording of the received oral consent is sufficient.
3.5.2. For written consent, a simple written form is sufficient.
The specified processing of personal data is deemed to be carried out without the prior consent of the personal data subject unless the Operator proves that such consent was obtained.
3.6. The Operator is obliged, at the request of the personal data subject, to immediately cease the processing of their personal data specified in Article 15 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."
3.7. The operator is obligated to consider the objection specified in Article 16 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" within 30 (thirty) days of its receipt and notify the personal data subject of the results of the objection review.
3.8. The operator is obligated to provide the personal data subject or their representative with the opportunity to review the personal data relating to that personal data subject free of charge at the operator's location during business hours.
3.9. The operator, within 20 (twenty) days of the correction or destruction of personal data, at the request of the personal data subject or their representative, is obligated to notify them of the changes made and the measures taken and to take reasonable measures to notify third parties to whom the personal data of that data subject was transferred. 4. Personal Data Processing Procedure
4.1. The purpose of personal data processing is determined by the Operator's manager. The purpose of personal data processing is approved by the Operator's order.
4.2. Based on the stated goal, the Operator's manager determines the tasks, deadlines, methods, and conditions for processing personal data, as well as the list of persons involved and responsible.
4.3. Operator's Responsibilities:
— Organize the adoption of organizational and technical measures to ensure the protection of personal data processed by the Operator from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
— Implement internal control over the compliance of its subordinates with the requirements of the legislation of the Russian Federation in the field of personal data, including requirements for the protection of personal data;
— Disseminate to the Operator's employees the provisions of the legislation of the Russian Federation in the field of personal data, local regulations on the processing of personal data, and requirements for the protection of personal data;
— Organize the receipt and processing of requests and inquiries from personal data subjects or their representatives, and monitor the receipt and processing of such requests and inquiries;
— in the event of a violation of personal data protection requirements, take the necessary measures to restore the violated rights of personal data subjects.
4.4. In accordance with the stated goals and objectives, the extraction, use, transfer (distribution, provision, access) of personal data shall be carried out exclusively by the Operator.
4.5. Anonymization, blocking, deletion, and destruction of personal data shall be carried out exclusively by the Operator in accordance with the following procedure:
4.5.1. The Operator annually conducts an assessment of the value of files (documents) containing personal data, including their permanent and temporary storage periods. Based on the results of the assessment of the document value, inventories of files for permanent and temporary (over 10 (ten) years) storage (including inventories of electronic documents for permanent storage) (hereinafter referred to as file inventories) are compiled, as well as acts on the allocation for destruction of documents (files) not subject to storage (including acts on the allocation of electronic documents).
4.5.2. Documents (files) not subject to storage and included in these acts are destroyed in the presence of a special commission created specifically for document destruction.
4.5.3. Destruction of selected paper documents is carried out using a paper shredder by shredding the documents into pieces that ensure the text cannot be recovered.
Destruction at the end of the processing period of personal data on electronic media is carried out by mechanically disrupting the integrity of the media, preventing the reading or recovery of personal data, or by deleting them from electronic media using methods and means that guarantee the removal of residual information.
5. Monitoring and Liability for Violation
or Failure to Comply with the Policy
5.1. Monitoring compliance with the Policy is assigned to the Operator's manager.
5.2. Persons violating or failing to comply with the requirements of the Policy are subject to disciplinary, administrative, or criminal liability in accordance with the current legislation of the Russian Federation.
1.1. The Personal Data Processing and Protection Policy (hereinafter referred to as the Policy) is issued and implemented by AMT Engineering LLC (hereinafter referred to as the Operator) in accordance with Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."
1.2. For the purposes of this Policy, the User's personal information means:
1.2.1. Personal information that the User provides about themselves upon registration (creating an account) or while using the Services, including the User's personal data. Information required for the provision of the Services is marked as such.
1.2.2. Data that is automatically transferred to the Website's services during their use by the software installed on the User's device, including IP address, cookie data, information about the User's browser (or other program used to access the services), technical specifications of the hardware and software used by the User, the date and time of access to the services, the addresses of the requested pages, and other similar information.
1.2.3. This Privacy Policy applies only to the Website www.amt-e.ru. The Website www.amt-e.ru does not control and is not responsible for third-party websites to which the User may access links available on the Website www.amt-e.ru.
1.3. This Policy defines the Operator's policies, procedures, and conditions regarding the processing and protection of personal data, and establishes procedures aimed at preventing and identifying violations of Russian Federation legislation and eliminating the consequences of such violations related to the processing and protection of personal data. All issues related to the processing and protection of personal data not regulated by this Policy shall be resolved in accordance with the current legislation of the Russian Federation in the field of personal data.
1.4. The purpose of processing personal data is:
— to ensure the protection of human and civil rights and freedoms during the processing of their personal data, including the protection of the right to privacy, personal and family secrets;
— to promote the Operator's goods, works, and services on the market through direct contact with potential consumers via communication means (permitted in the manner provided for in paragraph 3.5 of these Regulations);
1.5. This Policy does not apply to relations arising from:
1) organizing the storage, acquisition, accounting, and use of documents containing personal data in the Archival Fund of the Russian Federation and other archival funds in accordance with the legislation on archival affairs in the Russian Federation;
2) the processing of personal data classified in the established manner as information constituting a state secret.
1.6. Personal data is processed in compliance with the principles and rules set forth in Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" and this Policy.
The Operator organizes processing based on the following principles:
— the legality of the purposes and methods of personal data processing, good faith, and fairness in the Operator's activities;
— limiting the processing of personal data to the achievement of specific, predetermined, and legitimate purposes;
— the accuracy of personal data, its sufficiency for the processing purposes, and the inadmissibility of processing personal data that is excessive in relation to the purposes stated when collecting the personal data;
— processing only personal data that is relevant to the purposes for which they are processed. Processing personal data incompatible with the purposes of collecting the personal data is inadmissible;
— compliance of the content and volume of processed personal data with the stated purposes of processing. The processed personal data must not be excessive in relation to the stated purposes of their processing;
— inadmissibility of combining databases containing personal data processed for incompatible purposes;
— ensuring the accuracy of personal data, its sufficiency, and, where necessary, its relevance in relation to the purposes of personal data processing. The Operator takes the necessary measures or ensures that they are taken to delete or clarify incomplete or inaccurate data;
— storing personal data in a form that allows identification of the personal data subject for no longer than required for the purposes of personal data processing, unless the personal data storage period is established by federal law, an agreement to which the personal data subject is a party, beneficiary, or guarantor. Processed personal data are subject to destruction or anonymization upon achieving the processing purposes or when the need to achieve these purposes is no longer necessary, unless otherwise provided by federal law.
1.7. Personal data processing methods:
— mixed; with transfer via the legal entity's internal network; without transfer via the Internet.
1.8. The Operator's information systems process publicly available personal data.
1.9. In accordance with the stated goals and objectives, the Operator appoints a person responsible for organizing the processing of personal data, hereinafter referred to as the "PD Curator," prior to commencing the processing of personal data.
1.10. This Policy and amendments thereto shall be approved by order of the Operator's manager.
1.11. The Operator's employees directly involved in the processing of personal data must, prior to commencing work, be familiar with the provisions of Russian Federation legislation on personal data, including personal data protection requirements, documents defining the Operator's policy regarding the processing of personal data, internal regulations on personal data processing, this Policy and amendments thereto.
1.12. When processing personal data, the Operator applies legal, organizational, and technical measures to ensure the security of personal data in accordance with Article 19 of Federal Law No. 152-FZ "On Personal Data" of July 27, 2006.
1.13. The Operator ensures the confidentiality of personal data in accordance with the Privacy Policy.
1.14. Monitoring of the Operator's employees' compliance with the requirements of Russian Federation legislation and the provisions of the Operator's internal regulations is organized in accordance with the Operator's Internal Control Policy when processing personal data. Monitoring consists of verifying compliance with the requirements of regulatory documents on information security, as well as assessing the validity and effectiveness of the measures taken. It may be carried out.
1.15. An Operator collecting personal data using information and telecommunications networks is obligated to publish this Policy on the relevant information and telecommunications network, including on the pages of the Operator's website on the Internet through which personal data is collected, and to ensure access to this Policy using the means of the relevant information and telecommunications network.
1.16. Terms of personal data processing by the Operator:
1) personal data is processed with the consent of the personal data subject to the processing of their personal data;
2) The processing of personal data is necessary for the performance of an agreement to which the personal data subject is a party, beneficiary, or guarantor, as well as for the conclusion of an agreement initiated by the personal data subject or an agreement.
1.17. The Operator may, under an agreement, entrust the processing of personal data to a third party. An essential condition of such an agreement is that the third party has the right to process the personal data, the obligation to comply with the principles and rules for processing personal data stipulated by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data," to maintain the confidentiality of the personal data, and to take the necessary measures to ensure the fulfillment of the obligations stipulated by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data."
1.18. Personal data is stored in accordance with the procedure set forth in the Operator's Personal Data Storage Policy.
2. Structural divisions of the Operator for processing personal data.
2.1. The Operator's manager organizes the processing of personal data.
2.2. The Operator's manager:
1) informs the Operator's employees of the provisions of Russian Federation legislation on personal data, local regulations on personal data processing, and personal data protection requirements;
2) organizes the processing of personal data;
3) organizes the receipt and processing of inquiries and requests from personal data subjects or their representatives.
2.4. The Operator's manager is responsible for monitoring the Operator's employees' compliance with the requirements of Russian Federation legislation and the provisions of the Operator's local regulations when processing personal data.
2.5. Personal data is also processed:
— Yandex.Metrica (server: `mc.yandex.ru`);
— stored in the CRM.
2.6. Ensuring the security of personal data processed in the Operator's information systems is achieved by preventing unauthorized, including accidental, access to personal data, and by taking the following security measures:
— identifying current threats to the security of personal data and information technologies used in information systems;
— implementing organizational and technical measures to ensure the security of personal data during its processing in the Operator's information systems, as necessary to meet personal data protection requirements;
— assessing the effectiveness of measures taken to ensure the security of personal data prior to the commissioning of the information system;
— accounting for personal data storage media;
— ensuring the proper functioning of computer equipment containing personal data in accordance with the operating and technical documentation of the computer equipment and taking into account the technical requirements of information systems and information security tools;
— detecting and recording instances of unauthorized access to personal data, unauthorized duplicate or additional recording of information after its retrieval from the personal data information system, and taking appropriate measures;
— restoring personal data that has been modified, deleted, or destroyed due to unauthorized access;
— monitoring the measures taken to ensure the security of personal data and the security levels of information systems.
2.7. The Operator's Manager shall ensure:
— timely detection of unauthorized access to personal data;
— prevention of interference with technical means for automated processing of personal data that could result in disruption of their functioning;
— recovery of personal data modified or destroyed due to unauthorized access;
— continuous monitoring of the level of security of personal data;
— compliance with the terms of use of information security tools stipulated by the operating and technical documentation;
— accounting of the information security tools used, their operating and technical documentation, and personal data storage media;
— upon detection of violations of the procedure for providing personal data, immediate suspension of the provision of personal data to users of the information system until the causes of the violations are identified and eliminated;
— investigating and drawing up conclusions regarding violations of the storage conditions for personal data storage media, the use of information security tools, which may lead to a breach of personal data confidentiality or other violations that reduce the level of personal data security, and developing and implementing measures to prevent the potentially dangerous consequences of such violations.
2.8. The Operator's Manager takes all necessary measures to restore personal data that has been modified, deleted, or destroyed due to unauthorized access.
2.9. The exchange of personal data during its processing in the Operator's information systems is carried out via communication channels, the protection of which is ensured by the implementation of appropriate organizational measures and the use of software and hardware.
2.10. Access by the Operator's employees to personal data located in the Operator's information systems requires mandatory identification and authentication.
2.11. In the event of detection of violations of the personal data processing procedure in the Operator's information systems, the Operator's manager will immediately take measures to establish the causes of the violations and eliminate them.
3. Procedure for ensuring the rights of the subject of personal data by the Operator
3.1. Subjects of personal data or their representatives have the rights provided for by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data" and other regulatory legal acts governing the processing of personal data.
3.2. The Operator ensures the rights of subjects of personal data in accordance with the procedure established by Federal Law No. 152-FZ of 27.07.2006 "On Personal Data".
3.3. The information specified in Part 7 of Art. 14 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data," shall be provided to the personal data subject by the Operator's manager in an accessible form, excluding personal data relating to other personal data subjects, except in cases where there are legal grounds for disclosing such personal data, in electronic form. At the request of the personal data subject, such personal data may be duplicated on paper. The accessible form shall be certified by the Operator's manager.
3.4. The information specified in Part 7 of Article 14 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" shall be provided to the personal data subject or their representative by the Operator's manager within 10 (ten) business days of the request or receipt by the Operator of the personal data subject's or their representative's request.
This period may be extended, but by no more than 5 (five) business days, if the Operator sends the personal data subject a reasoned notice stating the reasons for the extension. 3.5. The processing of personal data for the purpose of promoting goods, works, and services on the market through direct contact with potential consumers via communication tools, as well as for political campaigning purposes, is permitted only with the prior consent of the personal data subject. This consent may be oral or written.
3.5.1. Individual oral communication with potential consumers or campaign participants is conducted via a dedicated telephone line operated by the Operator. The workstation of the Operator's employee assigned to this communication is equipped with technical means that allow for the automated recording of telephone calls and (with the consent of the personal data subject) audio recording of conversations. In this situation, an audio recording of the received oral consent is sufficient.
3.5.2. For written consent, a simple written form is sufficient.
The specified processing of personal data is deemed to be carried out without the prior consent of the personal data subject unless the Operator proves that such consent was obtained.
3.6. The Operator is obliged, at the request of the personal data subject, to immediately cease the processing of their personal data specified in Article 15 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data."
3.7. The operator is obligated to consider the objection specified in Article 16 of Federal Law No. 152-FZ of July 27, 2006, "On Personal Data" within 30 (thirty) days of its receipt and notify the personal data subject of the results of the objection review.
3.8. The operator is obligated to provide the personal data subject or their representative with the opportunity to review the personal data relating to that personal data subject free of charge at the operator's location during business hours.
3.9. The operator, within 20 (twenty) days of the correction or destruction of personal data, at the request of the personal data subject or their representative, is obligated to notify them of the changes made and the measures taken and to take reasonable measures to notify third parties to whom the personal data of that data subject was transferred. 4. Personal Data Processing Procedure
4.1. The purpose of personal data processing is determined by the Operator's manager. The purpose of personal data processing is approved by the Operator's order.
4.2. Based on the stated goal, the Operator's manager determines the tasks, deadlines, methods, and conditions for processing personal data, as well as the list of persons involved and responsible.
4.3. Operator's Responsibilities:
— Organize the adoption of organizational and technical measures to ensure the protection of personal data processed by the Operator from unauthorized or accidental access, destruction, modification, blocking, copying, provision, distribution of personal data, as well as from other illegal actions in relation to personal data;
— Implement internal control over the compliance of its subordinates with the requirements of the legislation of the Russian Federation in the field of personal data, including requirements for the protection of personal data;
— Disseminate to the Operator's employees the provisions of the legislation of the Russian Federation in the field of personal data, local regulations on the processing of personal data, and requirements for the protection of personal data;
— Organize the receipt and processing of requests and inquiries from personal data subjects or their representatives, and monitor the receipt and processing of such requests and inquiries;
— in the event of a violation of personal data protection requirements, take the necessary measures to restore the violated rights of personal data subjects.
4.4. In accordance with the stated goals and objectives, the extraction, use, transfer (distribution, provision, access) of personal data shall be carried out exclusively by the Operator.
4.5. Anonymization, blocking, deletion, and destruction of personal data shall be carried out exclusively by the Operator in accordance with the following procedure:
4.5.1. The Operator annually conducts an assessment of the value of files (documents) containing personal data, including their permanent and temporary storage periods. Based on the results of the assessment of the document value, inventories of files for permanent and temporary (over 10 (ten) years) storage (including inventories of electronic documents for permanent storage) (hereinafter referred to as file inventories) are compiled, as well as acts on the allocation for destruction of documents (files) not subject to storage (including acts on the allocation of electronic documents).
4.5.2. Documents (files) not subject to storage and included in these acts are destroyed in the presence of a special commission created specifically for document destruction.
4.5.3. Destruction of selected paper documents is carried out using a paper shredder by shredding the documents into pieces that ensure the text cannot be recovered.
Destruction at the end of the processing period of personal data on electronic media is carried out by mechanically disrupting the integrity of the media, preventing the reading or recovery of personal data, or by deleting them from electronic media using methods and means that guarantee the removal of residual information.
5. Monitoring and Liability for Violation
or Failure to Comply with the Policy
5.1. Monitoring compliance with the Policy is assigned to the Operator's manager.
5.2. Persons violating or failing to comply with the requirements of the Policy are subject to disciplinary, administrative, or criminal liability in accordance with the current legislation of the Russian Federation.
Moscow, January 15, 2025
Personal Data Processing and Protection Policy
Implementation of projects with the introduction of high-efficiency equipment in the form of technologically finished solutions. As well as supply of equipment in block version, which used in the construction, reconstruction or modernization of production facilities.
© 2025 All rights reserved
INN 9717086047
OGRN 1197746543422
129085, Moscow, Zvyozdny Boulevard, 21, Building 1, Floor 4, Room 1, Suite 11g
INN 9717086047
OGRN 1197746543422
129085, Moscow, Zvyozdny Boulevard, 21, Building 1, Floor 4, Room 1, Suite 11g
AMT Engineering LLC is registered with Roskomnadzor in the register of operators who process personal data based on Order No. 222 dated 22.08.2024. Registration number: 77-24-162583
Monday
Tuesday
Wednesday
Thursday
Friday
Saturday
Sunday
9:00-18:00
9:00-18:00
9:00-18:00
9:00-18:00
9:00-18:00
Weekend
Weekend
Privacy policy
Website visitor's consent to the processing of personal data
Personal Data Processing and Protection Policy
Visitors' consent to the collection of cookies
Website visitor's consent to the processing of personal data
Personal Data Processing and Protection Policy
Visitors' consent to the collection of cookies
21, building 1, Zvyozdniy Bulvar, Moscow, Russia ,129085
Site map
Working hours
Поиск по сайту
