ПУТВЕРЖДАЮ
Генеральный директор
ООО «Груп Атлантик Теплолюкс»
С.А. Лебедев
01 сентября 2022 г.Политика Общества с ограниченной ответственностью «Груп Атлантик Теплолюкс»
в отношении обработки персональных данных
Форма запроса/обращения субъекта персональных данных
(его представителя) по вопросу доступа к персональным данным
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(дата)
(подпись)
(Фамилия И.О.)
Форма запроса/обращения субъекта персональных данных (его представителя)
по вопросу правомерности обработки персональных данных
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(дата)
(подпись)
(Фамилия И.О.)
Форма запроса/обращения субъекта персональных данных (его представителя)
об уточнении персональных данных
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(документ(ы) на основании которого(ых) Оператор обязан уточнить персональные данные)
(дата)
(подпись)
(Фамилия И.О.)
Форма запроса/обращения субъекта персональных данных (его представителя)
по вопросу отзыва согласия на обработку персональных данных
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(цели обработки персональных данных, в отношении которых отзывается согласие)
по причине(указать причину отзыва согласия)
(дата)
(подпись)
(Фамилия И.О.)
AAPPROVED
General Director
LLC “Group Atlantic Teplolux”
S.A. Lebedev
September 1, 2022
### Policy of Limited Liability Company “Group Atlantic Teplolux” Regarding the Processing of Personal Data
#### 1. General Provisions
1.1. This Policy of Limited Liability Company “Group Atlantic Teplolux” regarding the processing of personal data (hereinafter referred to as the “Policy”) has been developed in accordance with Clause 2, Part 1, Article 18.1 of the Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006 (hereinafter referred to as the “Personal Data Law”) to ensure the protection of human and civil rights and freedoms during the processing of personal data, including the protection of the right to privacy, personal and family confidentiality.
1.2. The Policy applies to all personal data processed by Limited Liability Company “Group Atlantic Teplolux” (hereinafter referred to as the “Operator” or LLC “Group Atlantic Teplolux”).
1.3. The Policy covers personal data processing relations that have arisen both before and after the approval of this Policy.
1.4. Pursuant to Part 2, Article 18.1 of the Personal Data Law, this Policy is published in open access on the Internet on the Operator's website.
1.5. Basic terms used in the Policy:
- personal data – any information related directly or indirectly to an identified or identifiable natural person (personal data subject);
- personal data operator (Operator) – a legal entity that independently or jointly with other persons organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data. The Operator is LLC “Group Atlantic Teplolux”, INN 5029015168, address: 141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7, contact phone: +7 (495) 728-80-80;
- personal data processing – any action (operation) or a set of actions (operations) performed with personal data, with or without the use of automated means. Personal data processing includes, but is not limited to:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (updating, modification);
- retrieval;
- use;
- transfer (distribution, provision, access);
- depersonalization;
- blocking;
- deletion;
- destruction;
- automated processing of personal data – processing of personal data using computer technology;
- dissemination of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
- provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons;
- blocking of personal data – temporary cessation of personal data processing (except in cases where processing is necessary to clarify personal data);
- destruction of personal data – actions resulting in the impossibility to restore the content of personal data in the personal data information system and/or the destruction of tangible carriers of personal data;
- depersonalization of personal data – actions resulting in the impossibility to determine the identity of personal data without the use of additional information;
- personal data information system – a set of personal data contained in databases and ensuring their processing through information technologies and technical means.
1.6. Main rights and obligations of the Operator.
1.6.1. The Operator has the right to:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws;
2) entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with that person. The person processing personal data on behalf of the Operator must adhere to the principles and rules of personal data processing stipulated by the Personal Data Law, maintain the confidentiality of personal data, and take the necessary measures to ensure the fulfillment of obligations stipulated by the Personal Data Law;
3) in the event of the personal data subject’s withdrawal of consent for the processing of personal data, the Operator has the right to continue processing personal data without the subject’s consent if there are grounds specified in the Personal Data Law.
1.6.2. The Operator is obligated to:
1) organize the processing of personal data in accordance with the requirements of the Personal Data Law;
2) respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
3) report to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) at the request of this body, providing the necessary information within 10 business days from the date of receipt of such a request. This period may be extended, but not more than five business days. For this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the term for providing the requested information;
4) in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detecting, preventing, and eliminating the consequences of computer attacks on the information resources of the Russian Federation, including informing about computer incidents that led to unlawful transfer (provision, dissemination, access) of personal data.
1.7. Main rights of the personal data subject. The personal data subject has the right to:
1) obtain information related to the processing of their personal data, except in cases provided for by federal laws. Information is provided to the personal data subject by the Operator in an accessible form, and should not contain personal data relating to other personal data subjects, except in cases where there are legitimate grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
2) demand from the Operator the clarification of their personal data, blocking or destruction of their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or is not necessary for the declared purpose of processing, as well as take legal measures to protect their rights;
3) give prior consent to the processing of personal data for the purpose of promoting goods, works, and services in the market;
4) file complaints with Roskomnadzor or seek judicial recourse regarding unlawful actions or omissions by the Operator in processing their personal data.
1.8. Control over compliance with this Policy is carried out by the person responsible for organizing the processing of personal data at the Operator.
1.9. Responsibility for violating the requirements of the legislation of the Russian Federation and the regulatory acts of LLC “Group Atlantic Teplolux” in the field of personal data processing and protection is determined in accordance with the legislation of the Russian Federation.
#### 2. Purposes of Collecting Personal Data
2.1. Personal data processing is limited to achieving specific, predetermined, and lawful purposes. Personal data processing incompatible with the purposes of personal data collection is not allowed.
2.2. Only personal data that meet the purposes of their processing are subject to processing.
2.3. The Operator processes personal data for the following purposes:
- carrying out activities in accordance with the charter of LLC “Group Atlantic Teplolux”, including the conclusion and execution of contracts with counterparties, including individuals and legal entities;
- compliance with labor legislation in the framework of labor and other directly related relations, including: assisting employees in finding employment, obtaining education, and career advancement, attracting and selecting candidates for work at the Operator, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, maintaining personnel and accounting records, filling out and submitting required forms to authorized bodies, organizing the registration of employees in the mandatory pension insurance system;
- implementation of access control.
2.4. Processing of employees' personal data can be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
#### 3. Legal Grounds for Processing Personal Data
3.1. The legal grounds for processing personal data are the set of regulatory legal acts under which and in accordance with which the Operator processes personal data, including:
- the Constitution of the Russian Federation;
- the Civil Code of the Russian Federation;
- the Labor Code of the Russian Federation;
- the Tax Code of the Russian Federation;
- Federal Law No. 14-FZ "On Limited Liability Companies" dated February 8, 1998;
- Federal Law No. 402-FZ "On Accounting" dated December 6, 2011;
- Federal Law No. 167-FZ "On Compulsory Pension Insurance in the Russian Federation" dated December 15, 2001;
- other regulatory legal acts governing relations related to the Operator's activities.
3.2. The legal grounds for processing personal data are also:
- the charter of LLC “Group Atlantic Teplolux”;
- contracts concluded between the Operator and personal data subjects;
- contracts concluded between the Operator and counterparties – legal entities;
- consent of personal data subjects to the processing of their personal data.
#### 4. Scope and Categories of Personal Data Processed, Categories of Personal Data Subjects
4.1. The content and volume of processed personal data should correspond to the declared purposes of processing specified in Section 2 of this Policy. The processed personal data should not be excessive in relation to the declared purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects:
4.2.1. Candidates for employment at the Operator – for the purpose of complying with labor legislation within the framework of labor and other directly related relations, implementing access control:
- last name, first name, patronymic;
- gender;
- citizenship;
- date and place of birth;
- contact details;
- information on education, work experience, qualifications;
- other personal data provided by candidates in resumes and cover letters.
4.2.2. Employees and former employees of the Operator – for the purpose of complying with labor legislation within the framework of labor and other directly related relations, providing a social package, paying salaries, implementing access control:
- last name, first name, patronymic;
- gender;
- citizenship;
- date and place of birth;
- passport details;
- address of residence registration;
- actual residence address;
- contact details;
- individual taxpayer number (INN);
- insurance number of an individual personal account (SNILS);
- information on education, qualifications, professional training and retraining;
- marital status, presence of children, family ties;
- information on employment activities, including the presence of rewards, awards and/or disciplinary sanctions;
- data on marriage registration;
- information on military registration;
- information on disability;
- information on alimony withholding;
- information on income from the previous place of work;
- other personal data provided by employees in accordance with labor law requirements.
4.2.3. Family members of the Operator's employees – for the purpose of complying with labor legislation within the framework of labor and other directly related relations:
- last name, first name, patronymic;
- degree of relationship;
- year of birth;
- other personal data provided by employees in accordance with labor law requirements.
4.2.4. Clients and counterparties of the Operator (individuals) – for the purpose of carrying out activities in accordance with the charter of LLC “Group Atlantic Teplolux”, registering clients on the Operator's website, using a personal account, conducting transactions, implementing advertising campaigns, implementing access control:
- last name, first name, patronymic;
- date and place of birth;
- passport details;
- address of residence registration;
- actual residence address;
- contact details;
- position held;
- individual taxpayer number (INN);
- bank account number;
- cookie files;
- other personal data provided by clients and counterparties (individuals) necessary for the conclusion and execution of contracts.
4.2.5. Representatives (employees) of the Operator's clients and counterparties (legal entities) – for the purpose of carrying out activities in accordance with the charter of LLC “Group Atlantic Teplolux”, implementing access control:
- last name, first name, patronymic;
- passport details;
- contact details;
- position held;
- other personal data provided by representatives (employees) of clients and counterparties necessary for the conclusion and execution of contracts.
4.3. The processing of biometric personal data (data characterizing the physiological and biological features of a person, based on which the person’s identity can be established) is carried out by the Operator in accordance with the legislation of the Russian Federation.
4.4. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases provided by Russian law.
#### 5. Procedure and Conditions for Processing Personal Data
5.1. Personal data processing is carried out by the Operator in accordance with the legislation of the Russian Federation.
5.2. Personal data processing is carried out with the consent of the personal data subjects for the processing of their personal data, as well as without such consent in cases provided by the legislation of the Russian Federation.
5.3. The Operator processes personal data for each purpose of their processing using the following methods:
- non-automated personal data processing;
- automated personal data processing with the transfer of received information via information and telecommunication networks or without such transfer;
- mixed personal data processing.
5.4. Employees of the Operator, whose job duties include the processing of personal data, are allowed to process personal data.
5.5. Personal data processing for each purpose of processing specified in Clause 2.3 of the Policy is carried out by:
- obtaining personal data in oral and written form directly from personal data subjects;
- entering personal data into the Operator's logs, registries, and information systems;
- using other methods of personal data processing.
5.6. It is not allowed to disclose personal data to third parties and distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the personal data subject for dissemination is issued separately from other consents of the personal data subject to the processing of their personal data.
Requirements for the content of consent to the processing of personal data permitted by the personal data subject for dissemination are approved by Roskomnadzor Order No. 18 dated February 24, 2021.
5.7. Transfer of personal data to investigative and inquiry bodies, the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund, and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, dissemination, and other unauthorized actions, including:
- identifying personal data security threats during their processing;
- adopting local regulations and other documents governing relations in the field of personal data processing and protection;
- appointing persons responsible for ensuring the security of personal data in the Operator's structural divisions and information systems;
- creating the necessary conditions for working with personal data;
- organizing the accounting of documents containing personal data;
- organizing work with information systems in which personal data is processed;
- storing personal data under conditions that ensure their safety and exclude unauthorized access to them;
- organizing training for the Operator's employees involved in personal data processing.
5.9. The Operator stores personal data in a form that allows identifying the personal data subject no longer than is required for each purpose of personal data processing, unless the storage period for personal data is established by federal law or contract.
5.9.1. Personal data on paper is stored at LLC “Group Atlantic Teplolux” during the storage periods of documents established by the legislation on archival affairs in the Russian Federation (Federal Law No. 125-FZ "On Archival Affairs in the Russian Federation" dated October 22, 2004, List of typical management archival documents formed in the activities of state bodies, local government bodies, and organizations, with an indication of their storage periods (approved by Rosarkhiv Order No. 236 dated December 20, 2019)).
5.9.2. The storage period for personal data processed in personal data information systems corresponds to the storage period for personal data on paper.
5.10. The Operator terminates personal data processing in the following cases:
- the fact of their unlawful processing is revealed. Term – within three business days from the date of detection;
- the purpose of their processing has been achieved;
- the validity period or the personal data subject's consent to the processing of these data has expired or been withdrawn, when the processing of these data is permitted only with consent under the Personal Data Law.
5.11. Upon achieving the purposes of personal data processing, as well as in the event of withdrawal of consent to the processing of personal data by the personal data subject, the Operator terminates the processing of these data, unless:
- otherwise provided by the contract, to which the personal data subject is a party, beneficiary, or guarantor;
- the Operator is not entitled to process personal data without the personal data subject's consent on the grounds specified in the Personal Data Law or other federal laws;
- otherwise provided by another agreement between the Operator and the personal data subject.
5.12. Upon the personal data subject’s request to the Operator to cease processing personal data, the processing of personal data is terminated within 10 business days from the date of receipt of the corresponding request by the Operator, except in cases provided by the Personal Data Law. This period may be extended, but not more than five business days. To do this, the Operator must send the personal data subject a reasoned notification indicating the reasons for the extension.
5.13. When collecting personal data, including via the information and telecommunication network Internet, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except in cases specified in the Personal Data Law.
#### 6. Updating, Correction, Deletion, Destruction of Personal Data, Responses to Requests from Personal Data Subjects for Access to Personal Data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7, Article 14 of the Personal Data Law, are provided by the Operator to the personal data subject or their representative within 10 business days from the date of the request from the personal data subject or their representative. This period may be extended, but not more than five business days. For this, the Operator must send the personal data subject a reasoned notification indicating the reasons for extending the term for providing the requested information.
The request must include:
- the number of the main identity document of the personal data subject or their representative, information about the date of issue of this document and the issuing authority;
- information confirming the participation of the personal data subject in relations with the Operator (contract number, date of contract conclusion, conditional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;
- the signature of the personal data subject or their representative.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
The Operator provides the information specified in Part 7, Article 14 of the Personal Data Law to the personal data subject or their representative in the form in which the corresponding request was sent, unless otherwise specified in the request.
If the request of the personal data subject does not reflect all the necessary information as required by the Personal Data Law, or if the subject does not have the right to access the requested information, a reasoned refusal is sent to them.
The right of the personal data subject to access their personal data may be restricted in accordance with Part 8, Article 14 of the Personal Data Law, including if the personal data subject's access to their personal data violates the rights and legitimate interests of third parties.
The forms of requests (applications) from personal data subjects and their representatives are provided in Appendices No. 1 - 4 to this Policy.
6.2. If inaccurate personal data is identified upon the request of the personal data subject or their representative or upon their request or the request of Roskomnadzor, the Operator blocks the personal data related to this personal data subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the personal data subject or their representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven business days from the date of submission of such information and removes the blocking of personal data.
6.3. If unlawful processing of personal data is identified upon the request of the personal data subject or their representative or Roskomnadzor, the Operator blocks the unlawfully processed personal data related to this personal data subject from the moment of such request or receipt of the request.
6.4. If the fact of unlawful or accidental transfer (provision, dissemination) of personal data (access to personal data) resulting in a violation of the rights of personal data subjects is identified by the Operator, Roskomnadzor, or another interested party, the Operator shall:
- within 24 hours, notify Roskomnadzor of the incident, the alleged causes that led to the violation of the rights of personal data subjects, the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, as well as provide information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;
- within 72 hours, notify Roskomnadzor of the results of the internal investigation of the identified incident and provide information about the persons whose actions caused it (if available).
6.5. The procedure for the destruction of personal data by the Operator.
6.5.1. Conditions and terms for the destruction of personal data by the Operator:
- achieving the purpose of personal data processing or losing the necessity to achieve this purpose – within 30 days;
- reaching the maximum storage periods of documents containing personal data – within 30 days;
- providing by the personal data subject (their representative) confirmation that the personal data was obtained unlawfully or is not necessary for the declared purpose of processing – within seven business days;
- withdrawal by the personal data subject of consent to the processing of their personal data, if its retention for the purpose of processing is no longer required – within 30 days.
6.5.2. When the purpose of personal data processing is achieved, as well as in the event of withdrawal of consent to the processing of personal data by the personal data subject, personal data is subject to destruction unless:
- otherwise provided by the contract, to which the personal data subject is a party, beneficiary, or guarantor;
- the Operator is not entitled to process personal data without the personal data subject's consent on the grounds specified in the Personal Data Law or other federal laws;
- otherwise provided by another agreement between the Operator and the personal data subject.
6.5.3. The destruction of personal data is carried out by a commission established by the order of the General Director of LLC “Group Atlantic Teplolux”.
6.5.4. Methods of personal data destruction are established in the Operator's local regulatory acts.
---
### Appendix No. 1
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding Access to Personal Data
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with the provisions of Part 7, Article 14 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I request the following information regarding the processing of my personal data:
- confirmation of the fact of processing of personal data by LLC "Group Atlantic Teplolux";
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing used by LLC "Group Atlantic Teplolux";
- name and location of LLC "Group Atlantic Teplolux", information about persons who have access to personal data or to whom personal data may be disclosed on the basis of a contract with LLC "Group Atlantic Teplolux" or on the basis of federal law;
- processed personal data, source of their receipt;
- duration of personal data processing, including storage periods;
- procedure for exercising my rights provided by Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006;
- information on the performed or expected cross-border data transfer;
- name or full name and address of the person processing personal data on behalf of LLC "Group Atlantic Teplolux" if the processing is entrusted or will be entrusted to such person.
Please send the requested information to:
- on paper to the address:
(enter address)
- to the email address:
(enter email address)
(date)
(signature)
(Full Name)
---
### Appendix No. 2
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding the Lawfulness of Personal Data Processing
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with the provisions of Article 21 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I request to provide information on the legal grounds for processing my personal data in LLC "Group Atlantic Teplolux".
In case LLC "Group Atlantic Teplolux" confirms the fact of unlawful processing of my personal data, I request to stop processing the personal data within three business days.
Information on ensuring the legality of processing my personal data or the destruction of personal data by LLC "Group Atlantic Teplolux" in case of their unlawful processing, please send to:
- on paper to the address:
(enter address)
- to the email address:
(enter email address)
(date)
(signature)
(Full Name)
---
### Appendix No. 3
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding the Clarification of Personal Data
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with the provisions of Article 21 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, and based on the following document(s):
(document(s) based on which the Operator must clarify personal data)
I request to clarify my personal data or ensure their clarification (if personal data processing is carried out by another person acting on behalf of LLC "Group Atlantic Teplolux") in accordance with the provided documents.
Please send the notification of changes made:
- on paper to the address:
(enter address)
- to the email address:
(enter email address)
(date)
(signature)
(Full Name)
---
### Appendix No. 4
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding the Withdrawal of Consent to Personal Data Processing
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region
, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with Part 2, Article 9 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I request to stop processing my personal data carried out for the following purposes:
(purposes of personal data processing for which consent is being withdrawn)
Due to:
(state the reason for withdrawing consent)
LLC "Group Atlantic Teplolux" is entitled to continue processing my personal data if there are grounds specified in paragraphs 2–11, Part 1, Article 6, Part 2, Article 10, and Part 2, Article 11 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006.
(date)
(signature)
(Full Name)
ПУТВЕРЖДАЮ
Генеральный директор
ООО «Груп Атлантик Теплолюкс»
С.А. Лебедев
01 сентября 2022 г.Политика Общества с ограниченной ответственностью «Груп Атлантик Теплолюкс»
в отношении обработки персональных данных
Форма запроса/обращения субъекта персональных данных
(его представителя) по вопросу доступа к персональным данным
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(дата)
(подпись)
(Фамилия И.О.)
Форма запроса/обращения субъекта персональных данных (его представителя)
по вопросу правомерности обработки персональных данных
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(дата)
(подпись)
(Фамилия И.О.)
Форма запроса/обращения субъекта персональных данных (его представителя)
об уточнении персональных данных
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(документ(ы) на основании которого(ых) Оператор обязан уточнить персональные данные)
(дата)
(подпись)
(Фамилия И.О.)
Форма запроса/обращения субъекта персональных данных (его представителя)
по вопросу отзыва согласия на обработку персональных данных
В ООО
«Груп Атлантик Теплолюкс»ОГРН
1025003531662ИНН
5029015168Адрес:
141008, Московская область, г. Мытищи, Проектируемый проезд 5274, стр.7(фамилия, имя, отчество)
паспортвыданный
(серия, номер)
(дата выдачи)
(место выдачи паспорта)
Адрес регистрации:(цели обработки персональных данных, в отношении которых отзывается согласие)
по причине(указать причину отзыва согласия)
(дата)
(подпись)
(Фамилия И.О.)
AAPPROVED
General Director
LLC “Group Atlantic Teplolux”
S.A. Lebedev
September 1, 2022
### Policy of Limited Liability Company “Group Atlantic Teplolux” Regarding the Processing of Personal Data
#### 1. General Provisions
1.1. This Policy of Limited Liability Company “Group Atlantic Teplolux” regarding the processing of personal data (hereinafter referred to as the “Policy”) has been developed in accordance with Clause 2, Part 1, Article 18.1 of the Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006 (hereinafter referred to as the “Personal Data Law”) to ensure the protection of human and civil rights and freedoms during the processing of personal data, including the protection of the right to privacy, personal and family confidentiality.
1.2. The Policy applies to all personal data processed by Limited Liability Company “Group Atlantic Teplolux” (hereinafter referred to as the “Operator” or LLC “Group Atlantic Teplolux”).
1.3. The Policy covers personal data processing relations that have arisen both before and after the approval of this Policy.
1.4. Pursuant to Part 2, Article 18.1 of the Personal Data Law, this Policy is published in open access on the Internet on the Operator's website.
1.5. Basic terms used in the Policy:
- personal data – any information related directly or indirectly to an identified or identifiable natural person (personal data subject);
- personal data operator (Operator) – a legal entity that independently or jointly with other persons organizes and/or carries out the processing of personal data, as well as determines the purposes of personal data processing, the composition of personal data to be processed, and actions (operations) performed with personal data. The Operator is LLC “Group Atlantic Teplolux”, INN 5029015168, address: 141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7, contact phone: +7 (495) 728-80-80;
- personal data processing – any action (operation) or a set of actions (operations) performed with personal data, with or without the use of automated means. Personal data processing includes, but is not limited to:
- collection;
- recording;
- systematization;
- accumulation;
- storage;
- clarification (updating, modification);
- retrieval;
- use;
- transfer (distribution, provision, access);
- depersonalization;
- blocking;
- deletion;
- destruction;
- automated processing of personal data – processing of personal data using computer technology;
- dissemination of personal data – actions aimed at disclosing personal data to an indefinite number of persons;
- provision of personal data – actions aimed at disclosing personal data to a specific person or a specific circle of persons;
- blocking of personal data – temporary cessation of personal data processing (except in cases where processing is necessary to clarify personal data);
- destruction of personal data – actions resulting in the impossibility to restore the content of personal data in the personal data information system and/or the destruction of tangible carriers of personal data;
- depersonalization of personal data – actions resulting in the impossibility to determine the identity of personal data without the use of additional information;
- personal data information system – a set of personal data contained in databases and ensuring their processing through information technologies and technical means.
1.6. Main rights and obligations of the Operator.
1.6.1. The Operator has the right to:
1) independently determine the composition and list of measures necessary and sufficient to ensure the fulfillment of obligations stipulated by the Personal Data Law and regulatory legal acts adopted in accordance with it, unless otherwise provided by the Personal Data Law or other federal laws;
2) entrust the processing of personal data to another person with the consent of the personal data subject, unless otherwise provided by federal law, on the basis of a contract concluded with that person. The person processing personal data on behalf of the Operator must adhere to the principles and rules of personal data processing stipulated by the Personal Data Law, maintain the confidentiality of personal data, and take the necessary measures to ensure the fulfillment of obligations stipulated by the Personal Data Law;
3) in the event of the personal data subject’s withdrawal of consent for the processing of personal data, the Operator has the right to continue processing personal data without the subject’s consent if there are grounds specified in the Personal Data Law.
1.6.2. The Operator is obligated to:
1) organize the processing of personal data in accordance with the requirements of the Personal Data Law;
2) respond to requests and inquiries from personal data subjects and their legal representatives in accordance with the requirements of the Personal Data Law;
3) report to the authorized body for the protection of the rights of personal data subjects (Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor)) at the request of this body, providing the necessary information within 10 business days from the date of receipt of such a request. This period may be extended, but not more than five business days. For this, the Operator must send a reasoned notification to Roskomnadzor indicating the reasons for extending the term for providing the requested information;
4) in the manner determined by the federal executive body authorized in the field of security, ensure interaction with the state system for detecting, preventing, and eliminating the consequences of computer attacks on the information resources of the Russian Federation, including informing about computer incidents that led to unlawful transfer (provision, dissemination, access) of personal data.
1.7. Main rights of the personal data subject. The personal data subject has the right to:
1) obtain information related to the processing of their personal data, except in cases provided for by federal laws. Information is provided to the personal data subject by the Operator in an accessible form, and should not contain personal data relating to other personal data subjects, except in cases where there are legitimate grounds for disclosing such personal data. The list of information and the procedure for obtaining it are established by the Personal Data Law;
2) demand from the Operator the clarification of their personal data, blocking or destruction of their personal data if the data is incomplete, outdated, inaccurate, unlawfully obtained, or is not necessary for the declared purpose of processing, as well as take legal measures to protect their rights;
3) give prior consent to the processing of personal data for the purpose of promoting goods, works, and services in the market;
4) file complaints with Roskomnadzor or seek judicial recourse regarding unlawful actions or omissions by the Operator in processing their personal data.
1.8. Control over compliance with this Policy is carried out by the person responsible for organizing the processing of personal data at the Operator.
1.9. Responsibility for violating the requirements of the legislation of the Russian Federation and the regulatory acts of LLC “Group Atlantic Teplolux” in the field of personal data processing and protection is determined in accordance with the legislation of the Russian Federation.
#### 2. Purposes of Collecting Personal Data
2.1. Personal data processing is limited to achieving specific, predetermined, and lawful purposes. Personal data processing incompatible with the purposes of personal data collection is not allowed.
2.2. Only personal data that meet the purposes of their processing are subject to processing.
2.3. The Operator processes personal data for the following purposes:
- carrying out activities in accordance with the charter of LLC “Group Atlantic Teplolux”, including the conclusion and execution of contracts with counterparties, including individuals and legal entities;
- compliance with labor legislation in the framework of labor and other directly related relations, including: assisting employees in finding employment, obtaining education, and career advancement, attracting and selecting candidates for work at the Operator, ensuring the personal safety of employees, monitoring the quantity and quality of work performed, ensuring the safety of property, maintaining personnel and accounting records, filling out and submitting required forms to authorized bodies, organizing the registration of employees in the mandatory pension insurance system;
- implementation of access control.
2.4. Processing of employees' personal data can be carried out solely for the purpose of ensuring compliance with laws and other regulatory legal acts.
#### 3. Legal Grounds for Processing Personal Data
3.1. The legal grounds for processing personal data are the set of regulatory legal acts under which and in accordance with which the Operator processes personal data, including:
- the Constitution of the Russian Federation;
- the Civil Code of the Russian Federation;
- the Labor Code of the Russian Federation;
- the Tax Code of the Russian Federation;
- Federal Law No. 14-FZ "On Limited Liability Companies" dated February 8, 1998;
- Federal Law No. 402-FZ "On Accounting" dated December 6, 2011;
- Federal Law No. 167-FZ "On Compulsory Pension Insurance in the Russian Federation" dated December 15, 2001;
- other regulatory legal acts governing relations related to the Operator's activities.
3.2. The legal grounds for processing personal data are also:
- the charter of LLC “Group Atlantic Teplolux”;
- contracts concluded between the Operator and personal data subjects;
- contracts concluded between the Operator and counterparties – legal entities;
- consent of personal data subjects to the processing of their personal data.
#### 4. Scope and Categories of Personal Data Processed, Categories of Personal Data Subjects
4.1. The content and volume of processed personal data should correspond to the declared purposes of processing specified in Section 2 of this Policy. The processed personal data should not be excessive in relation to the declared purposes of their processing.
4.2. The Operator may process personal data of the following categories of personal data subjects:
4.2.1. Candidates for employment at the Operator – for the purpose of complying with labor legislation within the framework of labor and other directly related relations, implementing access control:
- last name, first name, patronymic;
- gender;
- citizenship;
- date and place of birth;
- contact details;
- information on education, work experience, qualifications;
- other personal data provided by candidates in resumes and cover letters.
4.2.2. Employees and former employees of the Operator – for the purpose of complying with labor legislation within the framework of labor and other directly related relations, providing a social package, paying salaries, implementing access control:
- last name, first name, patronymic;
- gender;
- citizenship;
- date and place of birth;
- passport details;
- address of residence registration;
- actual residence address;
- contact details;
- individual taxpayer number (INN);
- insurance number of an individual personal account (SNILS);
- information on education, qualifications, professional training and retraining;
- marital status, presence of children, family ties;
- information on employment activities, including the presence of rewards, awards and/or disciplinary sanctions;
- data on marriage registration;
- information on military registration;
- information on disability;
- information on alimony withholding;
- information on income from the previous place of work;
- other personal data provided by employees in accordance with labor law requirements.
4.2.3. Family members of the Operator's employees – for the purpose of complying with labor legislation within the framework of labor and other directly related relations:
- last name, first name, patronymic;
- degree of relationship;
- year of birth;
- other personal data provided by employees in accordance with labor law requirements.
4.2.4. Clients and counterparties of the Operator (individuals) – for the purpose of carrying out activities in accordance with the charter of LLC “Group Atlantic Teplolux”, registering clients on the Operator's website, using a personal account, conducting transactions, implementing advertising campaigns, implementing access control:
- last name, first name, patronymic;
- date and place of birth;
- passport details;
- address of residence registration;
- actual residence address;
- contact details;
- position held;
- individual taxpayer number (INN);
- bank account number;
- cookie files;
- other personal data provided by clients and counterparties (individuals) necessary for the conclusion and execution of contracts.
4.2.5. Representatives (employees) of the Operator's clients and counterparties (legal entities) – for the purpose of carrying out activities in accordance with the charter of LLC “Group Atlantic Teplolux”, implementing access control:
- last name, first name, patronymic;
- passport details;
- contact details;
- position held;
- other personal data provided by representatives (employees) of clients and counterparties necessary for the conclusion and execution of contracts.
4.3. The processing of biometric personal data (data characterizing the physiological and biological features of a person, based on which the person’s identity can be established) is carried out by the Operator in accordance with the legislation of the Russian Federation.
4.4. The Operator does not process special categories of personal data related to race, nationality, political views, religious or philosophical beliefs, health status, intimate life, except in cases provided by Russian law.
#### 5. Procedure and Conditions for Processing Personal Data
5.1. Personal data processing is carried out by the Operator in accordance with the legislation of the Russian Federation.
5.2. Personal data processing is carried out with the consent of the personal data subjects for the processing of their personal data, as well as without such consent in cases provided by the legislation of the Russian Federation.
5.3. The Operator processes personal data for each purpose of their processing using the following methods:
- non-automated personal data processing;
- automated personal data processing with the transfer of received information via information and telecommunication networks or without such transfer;
- mixed personal data processing.
5.4. Employees of the Operator, whose job duties include the processing of personal data, are allowed to process personal data.
5.5. Personal data processing for each purpose of processing specified in Clause 2.3 of the Policy is carried out by:
- obtaining personal data in oral and written form directly from personal data subjects;
- entering personal data into the Operator's logs, registries, and information systems;
- using other methods of personal data processing.
5.6. It is not allowed to disclose personal data to third parties and distribute personal data without the consent of the personal data subject, unless otherwise provided by federal law. Consent to the processing of personal data permitted by the personal data subject for dissemination is issued separately from other consents of the personal data subject to the processing of their personal data.
Requirements for the content of consent to the processing of personal data permitted by the personal data subject for dissemination are approved by Roskomnadzor Order No. 18 dated February 24, 2021.
5.7. Transfer of personal data to investigative and inquiry bodies, the Federal Tax Service, the Pension Fund of the Russian Federation, the Social Insurance Fund, and other authorized executive authorities and organizations is carried out in accordance with the requirements of the legislation of the Russian Federation.
5.8. The Operator takes the necessary legal, organizational, and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, dissemination, and other unauthorized actions, including:
- identifying personal data security threats during their processing;
- adopting local regulations and other documents governing relations in the field of personal data processing and protection;
- appointing persons responsible for ensuring the security of personal data in the Operator's structural divisions and information systems;
- creating the necessary conditions for working with personal data;
- organizing the accounting of documents containing personal data;
- organizing work with information systems in which personal data is processed;
- storing personal data under conditions that ensure their safety and exclude unauthorized access to them;
- organizing training for the Operator's employees involved in personal data processing.
5.9. The Operator stores personal data in a form that allows identifying the personal data subject no longer than is required for each purpose of personal data processing, unless the storage period for personal data is established by federal law or contract.
5.9.1. Personal data on paper is stored at LLC “Group Atlantic Teplolux” during the storage periods of documents established by the legislation on archival affairs in the Russian Federation (Federal Law No. 125-FZ "On Archival Affairs in the Russian Federation" dated October 22, 2004, List of typical management archival documents formed in the activities of state bodies, local government bodies, and organizations, with an indication of their storage periods (approved by Rosarkhiv Order No. 236 dated December 20, 2019)).
5.9.2. The storage period for personal data processed in personal data information systems corresponds to the storage period for personal data on paper.
5.10. The Operator terminates personal data processing in the following cases:
- the fact of their unlawful processing is revealed. Term – within three business days from the date of detection;
- the purpose of their processing has been achieved;
- the validity period or the personal data subject's consent to the processing of these data has expired or been withdrawn, when the processing of these data is permitted only with consent under the Personal Data Law.
5.11. Upon achieving the purposes of personal data processing, as well as in the event of withdrawal of consent to the processing of personal data by the personal data subject, the Operator terminates the processing of these data, unless:
- otherwise provided by the contract, to which the personal data subject is a party, beneficiary, or guarantor;
- the Operator is not entitled to process personal data without the personal data subject's consent on the grounds specified in the Personal Data Law or other federal laws;
- otherwise provided by another agreement between the Operator and the personal data subject.
5.12. Upon the personal data subject’s request to the Operator to cease processing personal data, the processing of personal data is terminated within 10 business days from the date of receipt of the corresponding request by the Operator, except in cases provided by the Personal Data Law. This period may be extended, but not more than five business days. To do this, the Operator must send the personal data subject a reasoned notification indicating the reasons for the extension.
5.13. When collecting personal data, including via the information and telecommunication network Internet, the Operator ensures the recording, systematization, accumulation, storage, clarification (updating, modification), and retrieval of personal data of citizens of the Russian Federation using databases located on the territory of the Russian Federation, except in cases specified in the Personal Data Law.
#### 6. Updating, Correction, Deletion, Destruction of Personal Data, Responses to Requests from Personal Data Subjects for Access to Personal Data
6.1. Confirmation of the fact of personal data processing by the Operator, the legal grounds and purposes of personal data processing, as well as other information specified in Part 7, Article 14 of the Personal Data Law, are provided by the Operator to the personal data subject or their representative within 10 business days from the date of the request from the personal data subject or their representative. This period may be extended, but not more than five business days. For this, the Operator must send the personal data subject a reasoned notification indicating the reasons for extending the term for providing the requested information.
The request must include:
- the number of the main identity document of the personal data subject or their representative, information about the date of issue of this document and the issuing authority;
- information confirming the participation of the personal data subject in relations with the Operator (contract number, date of contract conclusion, conditional verbal designation and/or other information), or information otherwise confirming the fact of personal data processing by the Operator;
- the signature of the personal data subject or their representative.
The request may be sent in the form of an electronic document and signed with an electronic signature in accordance with the legislation of the Russian Federation.
The Operator provides the information specified in Part 7, Article 14 of the Personal Data Law to the personal data subject or their representative in the form in which the corresponding request was sent, unless otherwise specified in the request.
If the request of the personal data subject does not reflect all the necessary information as required by the Personal Data Law, or if the subject does not have the right to access the requested information, a reasoned refusal is sent to them.
The right of the personal data subject to access their personal data may be restricted in accordance with Part 8, Article 14 of the Personal Data Law, including if the personal data subject's access to their personal data violates the rights and legitimate interests of third parties.
The forms of requests (applications) from personal data subjects and their representatives are provided in Appendices No. 1 - 4 to this Policy.
6.2. If inaccurate personal data is identified upon the request of the personal data subject or their representative or upon their request or the request of Roskomnadzor, the Operator blocks the personal data related to this personal data subject from the moment of such request or receipt of the specified request for the verification period, if blocking personal data does not violate the rights and legitimate interests of the personal data subject or third parties.
If the fact of inaccuracy of personal data is confirmed, the Operator, based on the information provided by the personal data subject or their representative or Roskomnadzor, or other necessary documents, clarifies the personal data within seven business days from the date of submission of such information and removes the blocking of personal data.
6.3. If unlawful processing of personal data is identified upon the request of the personal data subject or their representative or Roskomnadzor, the Operator blocks the unlawfully processed personal data related to this personal data subject from the moment of such request or receipt of the request.
6.4. If the fact of unlawful or accidental transfer (provision, dissemination) of personal data (access to personal data) resulting in a violation of the rights of personal data subjects is identified by the Operator, Roskomnadzor, or another interested party, the Operator shall:
- within 24 hours, notify Roskomnadzor of the incident, the alleged causes that led to the violation of the rights of personal data subjects, the alleged harm caused to the rights of personal data subjects, and the measures taken to eliminate the consequences of the incident, as well as provide information about the person authorized by the Operator to interact with Roskomnadzor on issues related to the incident;
- within 72 hours, notify Roskomnadzor of the results of the internal investigation of the identified incident and provide information about the persons whose actions caused it (if available).
6.5. The procedure for the destruction of personal data by the Operator.
6.5.1. Conditions and terms for the destruction of personal data by the Operator:
- achieving the purpose of personal data processing or losing the necessity to achieve this purpose – within 30 days;
- reaching the maximum storage periods of documents containing personal data – within 30 days;
- providing by the personal data subject (their representative) confirmation that the personal data was obtained unlawfully or is not necessary for the declared purpose of processing – within seven business days;
- withdrawal by the personal data subject of consent to the processing of their personal data, if its retention for the purpose of processing is no longer required – within 30 days.
6.5.2. When the purpose of personal data processing is achieved, as well as in the event of withdrawal of consent to the processing of personal data by the personal data subject, personal data is subject to destruction unless:
- otherwise provided by the contract, to which the personal data subject is a party, beneficiary, or guarantor;
- the Operator is not entitled to process personal data without the personal data subject's consent on the grounds specified in the Personal Data Law or other federal laws;
- otherwise provided by another agreement between the Operator and the personal data subject.
6.5.3. The destruction of personal data is carried out by a commission established by the order of the General Director of LLC “Group Atlantic Teplolux”.
6.5.4. Methods of personal data destruction are established in the Operator's local regulatory acts.
---
### Appendix No. 1
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding Access to Personal Data
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with the provisions of Part 7, Article 14 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I request the following information regarding the processing of my personal data:
- confirmation of the fact of processing of personal data by LLC "Group Atlantic Teplolux";
- legal grounds and purposes of personal data processing;
- purposes and methods of personal data processing used by LLC "Group Atlantic Teplolux";
- name and location of LLC "Group Atlantic Teplolux", information about persons who have access to personal data or to whom personal data may be disclosed on the basis of a contract with LLC "Group Atlantic Teplolux" or on the basis of federal law;
- processed personal data, source of their receipt;
- duration of personal data processing, including storage periods;
- procedure for exercising my rights provided by Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006;
- information on the performed or expected cross-border data transfer;
- name or full name and address of the person processing personal data on behalf of LLC "Group Atlantic Teplolux" if the processing is entrusted or will be entrusted to such person.
Please send the requested information to:
- on paper to the address:
(enter address)
- to the email address:
(enter email address)
(date)
(signature)
(Full Name)
---
### Appendix No. 2
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding the Lawfulness of Personal Data Processing
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with the provisions of Article 21 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I request to provide information on the legal grounds for processing my personal data in LLC "Group Atlantic Teplolux".
In case LLC "Group Atlantic Teplolux" confirms the fact of unlawful processing of my personal data, I request to stop processing the personal data within three business days.
Information on ensuring the legality of processing my personal data or the destruction of personal data by LLC "Group Atlantic Teplolux" in case of their unlawful processing, please send to:
- on paper to the address:
(enter address)
- to the email address:
(enter email address)
(date)
(signature)
(Full Name)
---
### Appendix No. 3
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding the Clarification of Personal Data
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with the provisions of Article 21 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, and based on the following document(s):
(document(s) based on which the Operator must clarify personal data)
I request to clarify my personal data or ensure their clarification (if personal data processing is carried out by another person acting on behalf of LLC "Group Atlantic Teplolux") in accordance with the provided documents.
Please send the notification of changes made:
- on paper to the address:
(enter address)
- to the email address:
(enter email address)
(date)
(signature)
(Full Name)
---
### Appendix No. 4
Form of Request/Application from the Personal Data Subject (or their Representative) Regarding the Withdrawal of Consent to Personal Data Processing
To:
LLC "Group Atlantic Teplolux"
OGRN 1025003531662
INN 5029015168
Address:
141008, Moscow Region
, Mytishchi, Proektirovanny Proezd 5274, bldg. 7
From:
(full name)
passport
issued by
(series, number)
(date of issue)
(place of issue of the passport)
Address of registration:
(enter address)
Actual address of residence:
(enter address)
In accordance with Part 2, Article 9 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006, I request to stop processing my personal data carried out for the following purposes:
(purposes of personal data processing for which consent is being withdrawn)
Due to:
(state the reason for withdrawing consent)
LLC "Group Atlantic Teplolux" is entitled to continue processing my personal data if there are grounds specified in paragraphs 2–11, Part 1, Article 6, Part 2, Article 10, and Part 2, Article 11 of Federal Law No. 152-FZ "On Personal Data" dated July 27, 2006.
(date)
(signature)
(Full Name)