Personal Data Processing Policy
Charge.az EV charger statons
Policy on processing of personal data
1 Basic notions
1.1 Personal data - any information relating to a directly or indirectly defined or identifiable individual (personal data subject).
1.2 Personal data operator (Operator) – CHARGE.AZ LLC
1.3 Operator's Website - the website located at the address: www.charge.az or wwwchargerforev.com and on their subdomains in the Internet.
1.4 User - a subject of personal data, who uses the Operator's Website (gets acquainted with its content and/or orders services offered on the Website).
1.5 Cookie files - is a small fragment of data, sent from a browsed website and stored on the User's computer, which the User's web-client or web-browser transfers to the web-server in HTTP-request every time when trying to open a page of the corresponding website, thus keeping the history of actions and settings User made on this website.
1.6 Processing of personal data - any action (operation) or set of actions (operations) with personal data, performed with or without the use of automation tools, including: collection, recording, systematization, accumulation, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction.
1.7. personal data information system - a set of personal data contained in databases of personal data and information technologies and technical means ensuring its processing.
1.8. "We Power" application - a program designed to register the User; to search for the map of machines, manage the settings and obtain the necessary information when using the charger ( Power Bank), which is available for downloading through the AppStore (itunes.apple.com) and / or Google Play (play.google.com)
2. general provisions
2.1 This Personal Data Processing Policy (hereinafter - the Policy) has been developed in order to meet the requirements of the Law of the Republic of Azerbaijan on Personal Data (hereinafter - the Personal Data Law) to ensure the protection of human and civil rights and freedoms in the processing of their personal data.
2.2 The Policy applies to all personal data processed by the Operator.
2.3. The Policy applies to the relations in the field of personal data processing, which arose with the Operator both before and after the approval of this Policy.
2.4. This Policy is published in free access on the information and telecommunications network Internet on the Operator's Website.
3. Legal Basis for Processing of Personal Data
3.1 The legal basis for processing of personal data is a set of normative legal acts, in execution of which and in accordance with which the Operator carries out processing of personal data, including:
- Constitution of the Republic of Azerbaijan;
- Civil Code of the Republic of Azerbaijan;
- Labor Code of the Republic of Azerbaijan;
- Tax Code of the Republic of Azerbaijan;
- Law of the Republic of Azerbaijan "On Accounting";
- The Law of the Republic of Azerbaijan "On Compulsory Pension Insurance in the Republic of Azerbaijan";
- Other normative legal acts regulating relations connected with the Operator's activities. 3.2.
3.2 The legal basis for processing of personal data shall also be
- contracts concluded between the Operator and the subjects of personal data, including employment contracts and contracts concluded by accepting the public offer posted on the Operator's website;
- The consent of the subjects of personal data to process their personal data, if it is required by applicable law, including by filling in special forms on the Operator's website, containing fields for entering personal data, putting a "tick" next to the statement of consent to the processing of personal data;
- The personal data subject's permission to process impersonal data on visiting the Operator's Website, expressed by providing appropriate browser settings (saving of cookies is enabled).
4. Purposes of processing, categories of subjects of personal data, types of processed personal data
4.1 Processing of personal data is limited to achieving specific, predetermined and legitimate purposes. Processing of personal data incompatible with the purposes of personal data collection is not permitted.
4.2 The content and scope of processed personal data must be consistent with the stated processing purposes. Processed personal data must not be excessive in relation to the stated processing purposes.
4.3 The operator does not process special categories of personal data concerning race, ethnicity, political views, religious or philosophical beliefs, health status, intimate life, except in cases stipulated by the legislation of the Republic of Azerbaijan.
4.4 The list of categories of personal data subjects, the types of personal data processed and the purposes of processing in respect of each subject of personal data are indicated in the table below
Category of the subject of personal data
Types of processed personal data
Aims of processing
Customers of the Operator
Surname, first name, patronymic.
Gender, date of birth
Phone number, e-mail address
Passport data
Mailing address
Bank account details
Information about ordered services
Conclusion and execution of the contract placed on the Operator's website and/or mobile applications, including
Client identification;
Creation of personal account on the Operator's website and/or mobile applications
Providing access to the website and/or mobile applications and services, services, information and materials offered on the website and/or mobile applications,
Communicating with the client for providing him/her with information, answers to his/her questions, applications and claims.
Informing client about Operator services and services, special offers, promo campaigns, discounts etc., including by sending e-mails to
Website users
Cookie files
Information about the User's actions on the Website
Date and time of the session of using the Site, including using
Yandex.Metrika metric programs,
Google Analytics
Amplitude
Information about the User's equipment (MAC-address, IP-address)
Settings made by the User on the Site and/or in mobile applications
Providing the User with maximum convenience when using the Site and/or mobile applications, including:
Recognizing the visitor and adjusting the content of the web pages on the Site and/or screens in the mobile applications to match the User's preferences;
Maintaining the User's session on the Website and/or mobile applications, so that it is not necessary to re-enter the login and password on each page of the Website and/or mobile application.
Improving the quality of the Website and/or mobile applications and the services and services provided, including by creating statistics that help understand exactly how Users use the Website and/or mobile applications.
Employees and former employees
Surname, first name, patronymic
Gender, date and place of birth
Phone number, email address
Passport data
Address of registration at the place of residence and actual address
Bank account details
Information about education
Data on marital status, family composition
Data from military registration documents
Employment history, previous jobs, income from previous jobs
TIN
Conclusion and execution of the employment contract
Keeping an employment record
Ensuring security of employees
Control over quantity and quality of work performed
Organization of the individual (personified) registration of employees in the mandatory pension insurance system
Filling in and submitting to the executive authorities and other authorized organizations the required reporting forms
Keeping accounting records
Carrying out access control.
Candidates for employment with the Operator
Surname, first name, patronymic
Gender, date and place of birth
Phone number, e-mail address
Academic background
Information about employment experience, previous places of work, income at previous places of work
Other information from curriculum vitae
Recruitment and selection of candidates for employment with the Operator
Identification of the subject of personal data in order to consider his/her application for
employment
Counterparties of the Operator - individuals and representatives (employees) of counterparties of the Operator - legal entities
Surname, first name, patronymic, sex
Phone number, e-mail address
Conclusion and execution of civil contracts
5. The order and conditions of processing of personal data
5.1 Processing of personal data is carried out with the consent of subjects of personal data to processing of their personal data, and without it in the cases stipulated by the legislation of the Republic of Azerbaijan.
5.2 The operator carries out both automated and non-automated processing of personal data.
5.3 The Operator's employees, whose duties include personal data processing or the performance of whose duties is impossible without processing of personal data, shall be allowed to process personal data.
5.4 Processing of personal data shall be carried out by:
- obtaining personal data orally and in writing directly from the subjects of personal data, including by telephone, through the Operator's website by filling out special forms by the subject of personal data;
- Obtaining personal data from publicly available sources;
- input of personal data into contracts, registers and information systems and databases of the Operator;
- Transfer to third parties, which are authorized to act on behalf of the Operator for the conclusion and/or execution of contracts with the subject of personal data, maintenance of personnel or accounting and reporting;
- Use of other methods of personal data processing.
5.5 Disclosure and distribution of personal data to third parties without the consent of the subject of personal data shall not be allowed.
5.6 Transfer of personal data to the bodies of inquiry and investigation, the tax service, the Pension Fund of the Republic of Azerbaijan, the Social Insurance Fund and other authorized executive authorities and organizations shall be carried out without the consent of the subject, in accordance with the requirements of the legislation of the Republic of Azerbaijan.
5.7 The Operator shall take necessary legal, organizational and technical measures to protect personal data from unauthorized or accidental access, destruction, modification, blocking, distribution and other unauthorized actions.
5.8 The operator shall store personal data in a form that makes it possible to identify the subject of personal data no longer than required by the purposes of personal data processing, unless the period of storage of personal data is established by federal law or by contract.
5.9 When collecting personal data, including via the information and telecommunications network of the Internet, the operator shall ensure recording, systematization, accumulation, storage, clarification (updating, modification), extraction of personal data of citizens of the Republic of Azerbaijan using databases located in the Republic of Azerbaijan
6. Main rights and responsibilities of the Operator
6.1 The operator has the right:
- independently determine the composition and list of measures necessary and sufficient for processing, protection and other actions when dealing with personal data;
- To entrust the processing of personal data to another person with the consent of the subject of personal data on the basis of a contract concluded with that person. Such contract should specify a list of actions (operations) with personal data to be performed by this person and the purpose of processing, should establish the obligation of such person to respect the confidentiality of personal data and ensure security of personal data during their processing, as well as specify requirements for the protection of processed personal data. Responsibility for the actions of such persons shall be borne by the Operator;
6.2. the Operator shall:
- organize the processing of personal data;
- Respond to requests and inquiries from personal data subjects and their legal representatives;
- Notify the authority responsible for the protection of the subjects of personal data on the request of such an authority, the necessary information within 30 days of receiving such a request.
7. Personal data subject's consent to the processing of personal data
7.1 The subject of personal data decides to provide his/her personal data and consents to their processing freely, willingly and in his/her own interest.
7.2 Consent to the processing of personal data on applicants for employment, employees and contractors of the Operator shall be expressed in writing.
7.3 Consent to the processing of personal data of the Operator's clients is expressed by filling in special forms on the Website and/or in mobile applications of the Operator, containing fields for entering personal data, ticking the box next to the statement of consent to the processing of personal data.
7.4 The consent to the use of cookies is expressed in the continuation of the use of the Website. Information about the need for such consent is brought to the User in a pop-up window when logging on to the Operator's Site. The disagreement with the use of cookies is expressed in setting the User's browser settings so that the support of cookies was switched off, or in discontinuing the use of the Site. At the same time the User is notified that by disabling the support of cookie files in his browser some functions of the Site can become unavailable for him.
8. Rights of the subject of personal data
8.1 The right to access personal data.
The subject of personal data has the right to request the following information from the operator:
- confirmation of the fact of processing of personal data by the Operator;
- The legal basis for the processing of personal data;
- The purposes and methods of personal data processing used by the operator;
- Name and location of the Operator, information about persons (except for the Operator's employees) who have access to personal data or to whom personal data may be disclosed based on a contract with the Operator or on the basis of federal law;
- Processed personal data pertaining to the respective personal data subject, the source of its obtaining, unless another procedure for presentation of such data is provided by law;
- terms of processing of personal data, including the terms of their storage;
- The procedure of exercising by the subject of personal data of the rights provided by the Law on personal data;
- information on the performed or supposed transborder data transfer;
- The name or surname, first name, patronymic and address of the person processing personal data on behalf of the operator, if the processing is assigned or will be assigned to such a person.
The personal data subject's request must contain the number of the main document certifying the personal data subject's identity or his/her representative, information regarding the date of issue of said document and the authority issuing it, information confirming the personal data subject's participation in relations with the operator (contract number, date of contract conclusion, other information), or information otherwise confirming the processing of personal data by the operator, the signature of the personal data subject or his/her representative. The request may be sent in the form of an electronic document and signed by electronic signature in accordance with the legislation of the Republic of Azerbaijan.
The operator is obliged, within 30 days of receiving the personal data subject's request, to provide a response or a reasoned refusal to provide the requested information, specifying the reasons for the refusal and citing legal provisions justifying such refusal.
8.2 The right to modify personal data.
The subject of personal data has the right to demand to correct and/or supplement his personal data in case of detection of inaccuracies in the composition of personal data, which are processed by the Operator.
The operator is obliged to make the necessary changes within 7 (seven) working days from the date of submission by the subject of personal data or his representative of information confirming that the personal data is incomplete, inaccurate or irrelevant, and to notify the subject of personal data about the changes made.
The operator shall notify the personal data subject or his representative of the changes made and the measures taken and shall take reasonable measures to notify the third parties to which the personal data subject's personal data was transmitted
8.3 The right to erasure of personal data.
The data subject has the right to demand the deletion of his or her personal data from the Operator's systems if the personal data was obtained illegally, is not necessary for the stated processing purposes, the consent on the basis of which the processing was performed has been withdrawn, and there is no other legal basis for the processing.
The operator shall destroy such personal data within seven (7) working days from the date of submission by the personal data subject or his/her representative of information confirming that such personal data is illegally obtained, is not necessary for the stated processing purposes or from the date of withdrawal of consent for processing, and notify the personal data subject accordingly.
8.4 The right to withdraw consent to the processing of personal data.
The data subject has the right to withdraw their consent to the processing of personal data at any time.
The operator has the right to continue processing the subject's personal data on the grounds stipulated by the legislation of the Republic of Azerbaijan.
The User of the Site may at any time withdraw their consent to the processing of analytical data by deleting the cookies stored on their computer using the settings of the Internet browser used.
8.5 The right to refuse promotional offers.
The subject has the right to request limiting the processing of his personal data for the purpose of the Operator's promotional offers.
8.6 Requests, inquiries, withdrawal of consent to processing and other requirements of the subject of personal data shall be sent to the Operator to the address(es) specified in the last section of this Policy.
9. Measures to protect personal data
9.1 The Operator implements the following legal measures to protect personal data
- develops and approves the Policy with respect to the processing of personal data;
- Develops and applies the texts of consent of subjects of personal data to the processing of their data.
- Familiarize employees, engaged in personal data processing, with the requirements of applicable personal data legislation and local acts on personal data processing
- includes conditions, aimed at protection of personal data, in contracts with third parties, to which the Operator entrusts the processing of personal data on behalf of the Operator.
9.2 The operator shall implement the following organizational measures to protect personal data:
- appoints persons responsible for ensuring the security of personal data in the structural units and information systems of the Operator;
- organizes accounting of documents containing personal data;
- Organizes work with information systems, in which personal data are processed.
9.3 When processing personal data using automation means, the Operator shall implement the following personal data protection measures:
- organizes the security regime of the premises in which the information system is located, preventing the possibility of uncontrolled penetration or stay in these premises of persons who do not have the right of access to these premises;
- Ensures security of personal data carriers;
- Approves the list of persons whose access to personal data processed in the information system is necessary for performance of their labor duties
- Use of information protection means, passed the procedure of conformity assessment to the legislation of the Republic of Azerbaijan in the field of information security, in the case when application of such means is necessary for neutralization of current threats.
9.4 Exchange of personal data in the course of its processing in the Operator's information systems shall be carried out via communication channels protected by technical means of information protection.
When processing personal data in the Operator's information systems, the following shall be ensured:
- carrying out measures aimed at preventing unauthorized access to personal data and (or) their transfer to persons not entitled to access such information (access to information systems containing personal data, as well as to the software and hardware means of their processing is carried out with a login and password);
- Timely detection of facts of unauthorized access to personal data;
- Implementation of anti-virus control, prevention of introduction of malicious programs (virus programs) into information systems
- Possibility to immediately restore personal data modified and destroyed as a result of unauthorized access to it;
- Continuous control of personal data security level.
9.6 When processing personal data without the use of automation means, the Operator shall implement the following personal data protection measures:
- determines places of storage for each category of personal data (tangible media);
- Establishes a list of persons processing personal data or having access to such data;
- provides separate storage of personal data (material media), which are processed for different purposes;
- shall store personal data in such a way, which excludes unauthorized access to such data.
9.7 Control over compliance with the requirements of this Policy shall be carried out by an authorized person responsible for organizing the processing of personal data at the Operator.
Addresses of the Operator for sending appeals of subjects of personal data: