Automated processing of personal data - processing of personal data using computing equipment.

Blocking of personal data - temporary suspension of personal data processing (except when processing is necessary to clarify personal data).

Information system of personal data - a set of personal data contained in databases and information technologies and technical means that ensure their processing.

Depersonalization of personal data - actions that result in it being impossible to determine, without the use of additional information, the affiliation of personal data to a particular subject of personal data.

Processing of personal data - any action (operation) or a set of actions (operations) performed with or without automation means with personal data, including collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.

Operator - a state body, municipal body, legal or natural person, independently or jointly with others, organizing and/or performing the processing of personal data, as well as determining the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data.

Personal data - any information relating to a directly or indirectly identified or identifiable natural person (subject of personal data).

Provision of personal data - actions aimed at disclosure of personal data to a specific person or a specific circle of persons.

Dissemination of personal data - actions aimed at disclosure of personal data to an indefinite circle of persons.

Cross-border transmission of personal data - transfer of personal data to the territory of a foreign state to a government body of a foreign state, a foreign natural or legal person.

Destruction of personal data - actions as a result of which the content of personal data in the personal data information system becomes unrecoverable and/or tangible media of personal data are destroyed.

Cookies - a small fragment of data sent by a web server and stored on the personal data subject's (user's) computer, which is sent to the web server by the web client or web browser in an HTTP request each time the site page is opened.

IP address - a unique network address of a node in a computer network built on the IP protocol.

This document defines the policy of LLC "AstonInnovations" (hereinafter -- Operator) regarding personal data processing and discloses information on measures implemented by the Operator to ensure the security of personal data for the protection of human and citizen rights and freedoms during the processing of their personal data, including rights to privacy and family confidentiality.

This document on personal data processing (hereinafter -- Policy) is developed per the Constitution of the Russian Federation, Federal Law No. 160-FZ "On Ratification of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data", Labor Code of the Russian Federation No. 197-FZ, Federal Law No. 152-FZ "On Personal Data" (hereinafter -- FL-152), other federal laws and regulations of the Russian Federation defining the cases and specifics for processing and ensuring security and confidentiality of such information.

The provisions of this Policy are mandatory for all Operator's employees engaged in personal data processing, including those working in branches and separate subdivisions.

Provisions of this Policy are the basis for organizing work on personal data processing at the Operator, including development of internal regulatory documents governing personal data processing and protection.

If separate provisions of this Policy conflict with the current personal data legislation, the provisions of current legislation apply.

Requests from personal data subjects regarding their personal data processing by the Operator are accepted at: 140055, Moscow region, Kotelniki city district, Kotelniki city, Dzerzhinskoye sh., 2

Personal data subjects may also send a request, signed according to the electronic signature legislation, to: info@recruiter-ai.ru.

The consideration period for applications does not exceed 30 (thirty) calendar days from the date of application.

This Policy is a document with unlimited access.

Personal data processing by the Operator is carried out based on the following principles:

The Operator processes personal data under at least one of the following conditions:

The Operator and other persons who have gained access to personal data do not disclose or disseminate personal data to third parties without the consent of the personal data subject.

The Operator does not create public sources of personal data.

Access to personal data for an unlimited number of persons is granted by the personal data subject by giving separate consent for processing data authorized for distribution.

Consent for distribution may include:

The Operator may not refuse the subject in setting such prohibitions and restrictions. Within 3 working days of obtaining the subject's consent, the Operator publishes information on processing conditions, restrictions, and prohibitions regarding personal data authorized for distribution.

If the consent does not specify any prohibitions or restrictions, or does not include categories and lists of personal data for which restrictions and prohibitions apply, the data is processed by the Operator without transfer (distribution, provision, access) or performing other actions to an unlimited circle of persons.

Consent is given directly by the subject or using the system of the Federal Service for Supervision of Communications, Information Technology and Mass Communications. Silence or inaction is not deemed as consent for personal data processing.

If personal data is disclosed to an indefinite circle due to an offense, crime, or force majeure, the Operator processing such data (including further distribution) must provide evidence of the legality of such processing.

Consent for dissemination ceases upon receipt of a demand from the subject to stop such processing.

For personal data published on the Operator's website, the following rules and restrictions apply:

The Operator processes Users' biometric personal data with their consent.

The Operator does not process special categories of User personal data.

The Operator has the right to assign personal data processing to another person, with the consent of the data subject, unless otherwise provided by federal law, based on a contract with that person. The person processing personal data on behalf of the Operator must comply with the principles and rules of personal data processing provided by FL-152 and this Policy.

The Operator ensures collection, recording, systematization, accumulation, storage, clarification (updating, modification), and extraction of Russian citizens' personal data using databases located on the territory of the Russian Federation, except as stipulated in paragraphs 2, 3, 4, and 8 of Article 6, Part 1 of FL-152.

The Operator verifies that the foreign state intended for the personal data transfer provides adequate protection for personal data subjects' rights, prior to the transfer.

Cross-border transfer to foreign states not providing adequate protection may be performed in the following cases:

Within personal data processing, the following rights are determined for the Operator and personal data subjects.

Personal data subject has the right to:

The Operator has the right to:

Personal data processing is carried out by the Operator in compliance with the principles and rules provided by Russian legislation concerning personal data processing and protection, with the subject's consent for processing their personal data, and when such processing is necessary:

The Operator collects and further processes personal data of the following categories of personal data subjects:

Applicants - candidates for vacancies.

Employees - persons employed in the Company or its affiliates.

Former employees - persons who worked in the Company.

Individuals, representatives of legal entities, sole proprietors - individuals who are employees of legal entities and sole proprietors, as well as sole proprietors who have been, are, or will be in contractual relations with the Company.

Clients - representatives of legal entities and individuals who are customers or end-users of the Company's services.

Interns - individuals undergoing internship.

Users / website visitors - individuals visiting and/or using the Company's website.

Interested parties - individuals not included in other categories, but with whom the Operator may interact if such persons are:

The security of personal data processed by the Operator is ensured by implementing legal, organizational, and technical measures necessary to comply with federal requirements for personal data protection.

For prevention of unauthorized access, the Operator applies the following organizational and technical measures:

Other rights and obligations of the Operator as a personal data Operator are defined by Russian Federation legislation on personal data.

Responsible officials of the Operator who violate the norms regulating personal data processing and protection bear material, disciplinary, administrative, civil, or criminal liability as stipulated by federal law.

The Operator has the right to amend this Personal Data Processing Policy without the subject's consent.

A new version of the Personal Data Processing Policy becomes effective upon its publication on the Operator's website unless another, later date is provided.