Confidentiality and data protection policy
In order to support business reputation and guaranteed compliance with the norms of the current legislation of Ukraine in the field of personal data protection, as well as the requirements of the EU Data Protection Regulation 2016/679 (hereinafter - GDPR) in full, the State Enterprise “National Nuclear Energy Generating Company “Energoatom” considers one of its most important tasks to comply with the principles of legality, fairness and confidentiality in the processing of personal data, as well as the security of their processing.
Within the framework of its activities, Energoatom carries out the processing of personal data and determines the purposes of processing personal data, the composition of personal data to be processed, actions (operations) performed with personal data based on the requirements of the current legislation of Ukraine, as well as the goals of the activities, tasks and functions of the Company.
The processing of personal data in the Company is limited to the achievement of specific, predetermined goals:
- Implementation of foreign economic activity, support and expansion of cooperation with international organizations, partner enterprises, representing the interests of the Company in the territory of the European Union and other countries;
- Organization of the reception of foreign delegations, including working visits, meetings, technical visits, etc.;
- Providing visa support for foreign citizens to enter Ukraine;
- Provision of permit for the performance of special works, as well as the provision of the access (including with issuing passes) to the Company's facilities;
- Formation of internal sources of personal data containing contact and other commercial information;
- Implementation of training, education and retraining programs;
- Providing business correspondence, communications with counterparties and their representatives in carrying out business activities, including the receipt by the Company of goods, works and services;
- Organization of professional events, including presentations, conferences, forums and other public events;
- Ensuring the rights and legitimate interests of the Company and stakeholders;
- Other activities not contradicting the laws of Ukraine and the European Union and their requirements regarding personal data.
Personal data are processed in the Company only if one of the conditions is met, including:
- The data subject has given his written consent to the processing of personal data;
- Processing is necessary in order to conclude and/or fulfill the contract;
- Such processing is required by the current legislation of Ukraine or the laws of the countries with residents of which the Company cooperates.
The Company does not process information about the racial or ethnic origin of data subjects, political beliefs, religious or philosophical beliefs, or membership in trade unions, political parties, accusations of a crime or conviction of criminal punishment, as well as data relating to health or sexual activity, except for such cases:
- The data subject has given his written consent to the processing of the specified personal data;
- When the need to process this information is provided for by the current legislation of Ukraine, particularly when filling out an application of an individual to obtain a permit to perform special work at the Company's facilities.
Storage of personal data in the Company is carried out in a form that allows identifying a data subject no more than this is required by the purpose of their processing, if the storage period for personal data is not established by the current legislation of Ukraine, an agreement to which the data subject is a party.
When processing personal data, the Company takes all necessary organizational and technical measures to ensure the appropriate level of security for their protection. Assessing the level of security, the Company takes into account the risks associated with processing, in particular those that arise as a result of accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data that is transferred, stored or otherwise processed.
The company limits the number of persons who directly process personal data. Access to personal data is provided only to those employees who need it to fulfill their job duties. Employees of the Company who are allowed to work with personal data commit themselves in written form to non-disclosure of confidential information.
Data subjects must be sure that their personal data is confidential information that is not subject to disclosure to third parties and is not distributed without the consent of the data subject, with the exception of cases provided for by the legislation of Ukraine and the EU Regulation.
SE “NNEGC “Energoatom” guarantees the confidentiality of the processing of personal data.
Each data subject, whose personal data is processed by the Company, has the right to receive information regarding the processing of personal data in accordance with the current legislation of Ukraine and the EU Regulation.
The obligations of the Company to process appeals and requests of data subjects are implemented in accordance with the requirements of the legislation of Ukraine and the EU Regulation, by processing such appeals and requests sent to the mailing address of the Company: 3 Nazarivska st., Kiev 01032, or to the representative office of the State Enterprise “NNEGC “Energoatom” in Brussels (Kingdom of Belgium): 429, Avenue de Tervuren, 1150 Brussels, Belgium, or to the email address of the Data Protection Officer: Volodymyr Burlakov, phone: +38(044)-206-97-55, email: email@example.com.
The Company provides the interested parties with the opportunity to use the rights of access, rectification, objection and erasure of personal data, as well as other rights provided for by the provisions of the EU Regulation, to prepare such requests you can use the forms below.
The company reserves the right to refuse to provide the data subject with information about the availability of personal data of the relevant data subject or information about the personal data itself, in cases provided for by the current legislation of Ukraine and the EU Regulation: