KL ENGINEER - PERSONAL DATA PROCESSING POLICY

ALMA Solution
Azure DevOps Experts
Clients
Awards
Contacts
Jobs

corp@klengineer.com

KL ENGINEER LLC

PERSONAL DATA PROCESSING POLICY V1.2.

Last Updated: March 02, 2026

CONTENTS
1. GENERAL PROVISIONS
2. MAIN TERMS USED IN THIS POLICY
3. LEGAL BASIS OF PERSONAL DATA PROCESSING
4. RIGHTS AND LIABILITIES OF THE OPERATOR AND THE PERSONAL DATA SUBJECTS
5. GOALS OF PERSONAL DATA PROCESSING
6. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING
7. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS
8. PERSONAL DATA COLLECTION, UPDATING AND PROTECTION, DPIA
9. PERSONAL DATA DESTRUCTION
10. FINAL PROVISIONS

1. GENERAL PROVISIONS

1.1. The Policy of KL Engineer LLC (hereinafter, the "Operator") related to personal data processing (hereinafter, the "Policy") shall define the main goals, principles, conditions, and means of personal data processing, lists of subjects and personal data, processed by the Operator, rights of personal data subjects and functions of the Operator at the personal data processing, and requirements to personal data protection, implemented by the Operator.
1.2. The Policy is aimed to protect rights and freedoms if natural entities at the processing of their personal data by the Operator, including the protection of privacy right, personal and family secret.
1.3. The Policy was developed in accordance with the Law No. ZR-49-N "ON PERSONAL DATA PROTECTION" dated June 13, 2015 (hereinafter, the "Law"), the Law dated October 22, 2003 "ON FREEDOM OF INFORMATION" No. ZR-11-N and the requirements of the Constitution of the Republic of Armenia, and other regulatory legal acts of the Republic of Armenia in the field of personal data, and in accordance with the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (CETS No. 108)
1.4. The provisions of this Policy shall form a basis for the development of in-house regulatory documents, regulating the Operator's issues and processes of processing personal data of its employees and other personal data subjects.
1.6 This Policy applies to all personal data of the subjects processed by the Operator with and without the use of automation devices.

2. MAIN TERMS USED IN THIS POLICY

2.1. In accordance with the Law, the following main terms are used in this Policy:

personal data means any fact related to a natural entity, that allows or may allow identifying a person, directly or indirectly;
Personal data processing Operator means a legal entity that, at its own account or jointly with the other entities, organizes and (or) performs processing of personal data, and determines the goals of personal data processing, the composition of personal data to be processed, actions (operations) performed with the personal data;
personal data processing means any action or a set of actions that are related to collection or recording, or input, or systematization, or formation, or storage, or use, or transformation, or restoration, or transfer, or correction, or blocking, or destruction of personal data, or performing other actions with them, without regard of the type and way of performance (including, with or without the use of any automation and technical means);
automated personal data processing means the personal data processing with computer equipment;
personal data transfer to the third parties means an action, aimed at personal data transfer to any number of specified or unspecified persons, or at familiarization of any number of specified or unspecified persons with them, including personal data disclosure in mass media, publication in information and telecommunications network or provision of access to personal data to the other person otherwise;
personal data use means an action, performed on the personal data, the direct or indirect goal of which may be making a decision or forming an opinion, or acquisition of rights, or provision of rights or benefits, or restriction or deprivation of rights, or implementation of other goals, that cause of may cause legal consequences for the data subject or the third parties, or otherwise relate to their rights and freedoms;
personal data blocking means temporary suspension of a possibility of collection or recording, or systematization, or transfer, or use of personal data;
personal data destruction means actions leading to an impossibility to restore the content of personal data in the information system and/or leading to destruction of personal data material media;
personal data depersonalization means actions causing the impossibility to determine the belonging of data to the specific data subject;
information system means the totality of information technologies or technical means, used for processing of personal data, included into the database, their processing by electronic or non-electronic means;
third party means any entity, authority, institution or organization, that are not data subjects, a personal data operator, or an authorized person, and rights or legal interests of which are or might be affected due to the personal data processing;
personal data trans-border transfer means personal data transfer to the foreign state territory, to the foreign state public authority, foreign natural entity or foreign legal entity.

2.2. For the purposes of this Policy, the following terms are used:

administrative and economic activities mean in-house processes aimed at the current provision of the Operator's activities with material assets (procurement of stationery, office equipment, expendables, household supplies, communications services, etc.); work flow organization (maintenance of the archive, libraries, databases); buildings, premises, territories operation organization (maintenance, cleaning, design and renovation); work process organization;
information means (messages, data) without regard of the form of their representation;
user means a person who uses the current automated system or network to perform the specific function and to solve the tasks faced by them;
personal data subjects mean a detemined or determinable natural entity, to which such personal data relate;
Operator's employee means a natural entity that concluded a labor agreement with the Operator;
close relatives mean persons who are ascendants and descendants (parents and children, grandparents, grandchildren), full- and half-blood (with one common parent) brothers and sisters;
candidate means a natural entity, applying for a vacant position, personal data of which were received by the Operator;
Operator's supplier is a term used at collective reference to a corporate counterparty, i.e., a legal entity, sole proprietor or natural entity, and a foreign legal entity, that concluded or

intends to conclude an agreement for supply of services or products, performance of work or provision of services with the Operator;

Operator's partners mean a legal entity, a sole entrepreneur, and a natural entity, carrying out business activities according to the procedure established by the laws of RA, who/that concluded or intends to conclude an agreement on provision of services or performance of works, provided of performed by the Operator, with the Operator;
partner's/supplier's representative means a natural entity, personal data of which were transferred to the Operator, and:
- acting on behalf of a partner, a supplier under the power of attorney or by virtue of labor duties;
- being an owner, founder, shareholder of participant of a partner, a supplier;
- included into the corporate bodies of a partner or a supplier;
Operator's counterparty means a party to this agreement with the Operator;
public personal data mean data that become known to any number of specified or unspecified persons at the data subject's consent or at performance of conscious actions, aimed at their accessibility, and data, stipulated by the law as public data;
biometric personal data mean data that characterize the person's physiological and biological features;
special categories of personal data mean data that relate to the person's racial and national affiliation, political views, religious or philosophical beliefs, health condition, private life;
access to personal data – familiarization of the respective persons (including the employees) with the personal data of the subjects, processed by the Operator, provided that these data are kept confidential;
personal data confidentiality means the obligation of persons who obtained access to personal data, not to disclose to the third parties and not to transfer the personal data without the personal data subject's consent, unless otherwise stipulated by the law.

3. LEGAL BASIS OF PERSONAL DATA PROCESSING

3.1. The legal basis of personal data processing is the totality of regulatory legal acts, in pursuance of which and in accordance with which the Operator shall perform the personal data processing, including:

Constitution of the Republic of Armenia;
Labor Code of the Republic of Armenia;
The Law No. ZR-49-N "ON PERSONAL DATA PROTECTION" dated June 13, 2015 and the Law No. ZR-11-N dated 20.10.2003 "ON FREEDOM OF INFORMATION";
Convention for the protection of individuals with regard to automatic processing of personal data (ETS N 108, adopted in Strasbourg on 28.01.1981);
Regulation (EU) 2016/679 of the European Parliament and of the Council "On the protection of natural persons with regard to the processing of personal data and on the free movement of such data", and repealing Directive 95/46/EC (General Data Protection Regulation) (adopted in Brussels on 27.04.2016).

3.2. With the purposes to implement the Policy provisions, the Operator shall develop the respective local regulatory acts and the other documents, including local regulatory acts and documents (orders, instructions, logs, notifications, etc.), governing and reflecting the Operator's issues of personal data processing and safety provision.

4. RIGHTS AND LIABILITIES OF THE OPERATOR AND THE PERSONAL DATA SUBJECTS

4.1. The Operator is entitled to:

process the personal data of the personal data subject in accordance with the goal set;
demand from the personal data subject to submit reliable personal data, required for the fulfillment of an agreement, service provision, identification of the personal data subject, and in other cases, stipulated by the laws оf personal data;
limit the personal data subject's access to its personal data in case if the personal data subject's access to its personal data infringes rights and legal interests the third parties, and in other cases, provided for by the laws of the Republic of Armenia;
process public personal data of natural entities;
with the purposes of in-house information provision of the Operator, create in-house reference materials, that, at the personal data subject's written consent, unless otherwise stipulated by the laws of the Republic of Armenia, may include their surname, name,

patronymic, place of work, position, year and place of birth, address, line number, e-mail address and other personal data, communicated by the personal data subject;

perform processing of personal data, subject to publication or obligatory disclosure in accordance with the laws of the Republic of Armenia;
entrust the personal data processing to the other person at the personal data subject's consent based on the agreement concluded with this person.

4.2. The Operator is obliged to:

process the personal data, obtained according to the procedure set by the current laws;
review appeals from the personal data subject (the personal data subject's legal representative) concerning the processing of their personal data, and give motivated answers;
perform operative and archive storage of the Operator's documents containing the personal data of the personal data subjects, in accordance with the requirements the laws of the Republic of Armenia.
at collection of personal data, inter alia, via Internet, the Operator is obliged to provide recording, systematization, accumulation, storage, clarification (update, amendment), mining of personal data of the citizens of the Republic of Armenia with the use of databases, located on the territory of the Republic of Armenia, except for cases, specified in clauses 8, 9, 10 of the Law.

4.3. The Personal data subjects shall be entitled to:

receive information, related to their personal data processing, according to the procedure, form and terms, established by the Personal data laws;
demand clarification of their personal data, their blocking or destruction in case when they are incomplete, obsolete, inexact, unreliable, illegally obtained, or are not necessary for the set processing goal, and, when used with the purposes, not set earlier at the provision of consent to personal data processing;
revoke their consent to personal data processing;
takes measures on protection of their rights and legal interests, provided by law;
with the purpose to implement their rights and legal interests, receive from the Operator information related to their personal data processing, at appealing to the Operator and

sending the request in person or through the representative, with the obligatory specification of the necessary data, provided for by the laws of the Republic of Armenia.
4.4. The personal data subjects are obliged to:

inform reliable information on themselves and submit documents, containing the personal data, the composition of which was determined by the laws of the Republic of Armenia and local regulatory documents of the Operator in the volume required for the processing goal;
inform the Operator on clarification (update, amendment) of their personal data.

5. GOALS OF PERSONAL DATA PROCESSING

5.1. The Operator shall collect, process and store only the required personal data.
5.2. The Operator shall perform the personal data processing with the following purposes:

provision of following the Constitution of the Republic of Armenia, laws and other regulatory legal acts of the Republic of Armenia, local regulatory acts of the Operator;
performance of functions, powers and obligations imposed on the Operator, including those on personal data transfer to tax and other government authorities, which need such data to exercise their legal powers;
regulation of labor relations with the Operator's employees (employment, training, control of quantity and quality of the work performed, property preservation provision, etc.);
maintenance of staff record management and personal files of the Operator's employees;
staff recruitment and selection;
conclusion of any agreements with the personal data subject and their further fulfillment;
preparation, conclusion, execution and termination of agreements with the counterparties;
informing and conduct of polls and studies by the Operator;
acceptance of partnership proposals and further negotiations;
provision to the Personal data subject of information on the service provided by the Operator, informing on offers and development of new product and services;
formation of statistical reporting, inter alia, for submission to tax and the other authorities;
provision of access mode to the Operator's premises;
preparation of reference materials for the in-house information provision of the Operator's activities;
performance of judicial acts, acts of other authorities or officials, subject to fulfillment in accordance with the by the execution proceeding laws of the Republic of Armenia;
execution of rights and legal interests by the Operator in terms of conducting administrative and economic activities;
regulation of labor relations and other relations directly connected with them;
provision of customer support and service by the partner;
with the purpose to achieve goals, provided for by the international agreement of the Republic of Armenia or the law, for execution and performance of functions, powers and duties, imposed by the laws of the Republic of Armenia on the Operator.

5.3. The Operator shall not check the authenticity of the personal information provided by the User and shall not perform the control of its relevance. The User shall bear all liability and potential consequences for submission of false or irrelevant personal information.

6. PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING

6.1. The Operator shall perform the personal data processing on the legal and fair basis with conformity to the following principles:

conformity of personal data processing to achievement of the specific goals, set earlier;
unacceptability of personal data processing, incompatible with personal data collection goals;
unacceptability of uniting databases, containing the personal data, the processing of which is performed with the mutually incompatible purposes;
performance of processing only of those personal data, that meet the processing goals;
conformity of content, scope, nature and method of the personal data processed to the specified processing goals;
unacceptability of redundancy of the personal data processed in relation to their processing goals, stated at the personal data collection;
provision, at the personal data processing, of their precision, adequacy and relevance in relation to the personal data processing goals;
provision and taking necessary measures on deletion or clarification of incomplete or inexact data;
personal data storage in the form allowing to determine the Personal data subject not longer, then demanded by their processing goals, if the personal data storage term was not

established by the laws of the RA, the agreement, the party, beneficiary party, or reference under it is the Personal data subject;

destruction, or depersonalization of personal data processed upon achieving the processing goals or in case to lose the need in achieving these goals, unless otherwise stipulated by the law;
provision of the personal data due safety, their confidentiality, and safety of the personal data processed.

6.2. Personal data processing is admitted in the following cases:

the personal data subject's consent to processing of their personal data;
transfer by the personal data subject (or at their request) of access to the personal data to the public;
the present need with the purpose to achieve goals, provided for by the international agreement of the Republic of Armenia or the law, for execution and performance of functions, powers and duties, imposed by the laws of the Republic of Armenia on the Operator;
the personal data subject's participation in constitutional, civil, administrative, criminal and arbitration proceedings, and for execution of judicial acts, subject to fulfillment in accordance with the laws of the Republic of Armenia;
fulfillment of the agreement, the party, beneficiary party, or reference under it will be the personal data subject, and at conclusion of the agreement under the personal data subject's initiative;
performance of processing of personal data, subject to publication or obligatory disclosure in accordance with the laws of the Republic of Armenia;
for execution of rights and legal interests of the Operator or the third parties.

7. SCOPE AND CATEGORIES OF PERSONAL DATA PROCESSED, CATEGORIES OF PERSONAL DATA SUBJECTS

7.1 Content and scope of the personal data processed should meet the set processing goals, stipulated by section 5 of this Policy. The personal data processed should not be redundant in relation to the set goals of their processing.
7.2. The Operator shall process the following categories of the personal data subjects.
7.2.1. Candidates for employment by the Operator, who are office seekers for open positions replacement, at the consent of the personal data subjects, in composition and in terms required by the Operator to make a decision on employment or refusal to employ, and for the skill pool formation.

surname, first name, patronymic;
gender;
citizenship;
date and place of birth;
contact information;
information on education, experience, qualification;
other personal data, communicated by candidates in CVs and covering letters.

7.2.2. The Operator's employees and former employees: for the purposes to meet labor laws of the Republic of Armenia in terms of labor relations and other relations directly related to them, and access mode execution. In composition and in terms required to achieve goals provided for by the laws of the Republic of Armenia, for performance of functions, powers and duties imposed on the Operator by the laws of the Republic of Armenia.

surname, first name, patronymic;
gender;
citizenship;
date and place of birth;
image (photo);
passport information;
address of registration at the place of residence;
address of actual residence;
contact information;
social security number;
information on education, training, professional training and further training;
family status, presence of children, family ties;
information on labor activities, including presence of motivations, rewards, and/or summary punishment;
information on marriage registration;
information on military registration;
information on disability;
information on maintenance deduction;
other personal data, provided by the employee in accordance with the requirements of the labor laws.

7.2.3. Family members of the Operator's employees - for the purposes to meet labor laws of the Republic of Armenia in terms of labor relations and other relations directly related to them:

surname, first name, patronymic;
relation degree;
year of birth;
other personal data, provided by the employee in accordance with the requirements of the labor laws.

7.2.4. Natural entities, performing works, rendering services, and/or performing supply of goods, that concluded a civil agreement with the Operator:

surname, first name, patronymic;
gender;
passport information;
contact information;
social security number;
other personal data, provided by natural entities in accordance with the requirements of the laws of the Republic of Armenia.

7.2.5. Natural entities, who are representatives of the existing and potential suppliers of the Operator, or who are representatives of the Operator's partners, at the consent of the personal data subjects, in composition and in terms required for interaction with the suppliers or partners.

surname, first name, patronymic;
passport information;
contact information;
position held;
other personal data, submitted by representatives (employees) of suppliers or partners, required for conclusion and fulfillment of agreements.

7.2.6. Natural entities, whose personal data were made public by them, and their processing does not infringe their rights and meets the requirements set by the Personal data laws;
7.2.7. Natural entities, that gave consent to processing of their personal data by the Operator, or natural entities, whose personal data must be processed by the Operator with the purpose to achieve goals, provided for by the international agreement of the Republic of Armenia or the law, for execution and performance of powers and duties, imposed on the Operator by the laws of the Republic of Armenia.
7.3. Processing of biometrical personal data by the Operator shall be performed in accordance with the by the laws of the Republic of Armenia.
7.4. The Operator shall not perform processing of personal data special categories concerning racial and national affiliation, political views, religious or philosophical beliefs, health condition, private life, except cases, provided for by the laws of the Republic of Armenia.

8. PERSONAL DATA COLLECTION, UPDATING AND PROTECTION, DPIA

8.1. The Operator shall process the personal data in legal and fair grounds, for the purpose to perform functions, powers and duties imposed on it by the laws, execution of rights and legal interests of the Operator, its employees or the third parties.
8.2. The Operator shall receive the personal data directly from the personal data subjects, process the subjects' personal data on their consent that may be also expressed by performance of implied actions on the Operator's Website, including, but not limited to, order placement, account registration, opt-in e-mails, in accordance with this Policy.
8.3. The Operator shall transfer the personal data to the government authorities in terms of their powers in accordance with the laws of the Republic of Armenia.
8.4. The Operator shall provide access to the personal data processed only to those employees who need it in connection with performance of their job duties and with conformity to the personal responsibility principles.
8.5. The Operator shall perform the personal data processing with the preservation of confidentiality that means the duty not to disclose to the third parties and not to transfer the personal data without the personal data subject's consent, unless otherwise stipulated by the laws of the Republic of Armenia.
8.6. The Operator shall provide the personal data confidentiality to the personal data subject from its side, from the side of its affiliated persons, from the side of its employees with an access to personal data of natural entities, and shall provide the use of personal data by the parties aforementioned solely for the purposes, conforming to the law, contract, or the other agreement concluded with the personal data subject.
8.7. The Operator shall process the personal data as follows:

non-automated personal data processing;
automated personal data processing with or without the transfer of received information via information and telecommunication network;
mixed personal data processing.

8.8. Actions on personal data processing include collection, recording, systematization, accumulation, storage, clarification (update, amendment, mining, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, and destruction.
8.9. In case of detecting inexact personal data at the appeal of the personal data subject or their representative, or at their request, or at a request from the supervisory body, the Operator shall block personal data, related to this personal data subject, since the time of such appeal or receipt of the specified request for the check period, if the personal data blocking does not infringe rights and legal interests of the personal data subject or the third parties.
In case if the personal data are confirmed to be inexact, the Operator, based on the data submitted by the personal data subject or their representative, or a supervisory body, or other necessary documents, shall clarify the personal data within seven business days since such data were submitted, and remove the personal data blocking.
8.10. In the case of revealing false personal data processing at the appeal (request) of the personal data subject or their representative, or at a request from the supervisory body, the Operator shall perform blocking of falsely processed personal data, related to this personal data subject, since the moment of such appeal or request receipt.
8.11. The Operator shall protect the User's personal information in accordance with the requirements, set to protection of such information, and shall be liable for the use of safe methods of such information protection.
8.12. The Operator shall be enabled to transfer the User's personal information (including to organizations that conduct recording, systematization, accumulation, clarification, storage, mining, directly conducting the transfer of special offers, information on new goods and sales promotions and processing of inquiries and appeals to the User, and conducting the personal information destruction) to the third parties.
8.13. With the purpose to protect the User's personal information, provide its due use and prevent unauthorized and/or accidental access to it, the Operator shall apply the required and sufficient technical and administrative measures. The personal information, provided by the User, shall be stored on servers with limited access, located in premises, the access of the third parties to which is also limited.
8.14. Safety measures, implemented by the Operator at personal data processing, shall include:

obtaining consent from personal data subjects to processing of their personal data, except for cases, provided for by laws of the Republic of Armenia;
appointment of officials in charge of organization of processing and personal data security provision in the Operator's subdivisions and information systems;
approval and performance of local regulatory acts and other documents, establishing and regulating the Operator's issues of personal data processing and safety provision;
provision of separated storage of the personal data and their material media, containing various categories of personal data and which are processed for different purposes;
organization of accounting of personal data carriers and information systems, in which the personal data are processed;
setting the restriction to the personal data transfer via public communications channels, data networks beyond the controlled zone and without the use of the Operator's measures for personal data safety provision (except for public and/or depersonalized personal data);
storage of personal data material media with conformity to conditions ensuring the personal data safety and excluding unauthorized access to them;
application of a set of legal, organizational and technical measures for provision of the personal data safety with the purpose to provide the personal data confidentiality and their protection from misconduct:
- provision of unlimited access to the Policy, by placing it on the Operator's official Internet Website;
- establishing the rules of access to the personal data, processed in the Operator's information system, and provision of their registration and recording of records with them;
- performance of assessment of damage that may be inflicted to the personal data subjects in the case of breaking the Law;
- determining threats to personal data security at their processing in the Operator's information system;
- application of organization and technical measures, and the use of information protection measures, required fr achieving the set level of personal data protection;
- provision of protection of documents, containing the personal data, in hard copy and on other material media, at their transfer to the third parties with the use of postage services;
- revealing the facts of unauthorized access to the personal data and taking response measures, including restoration of the personal data, modified or destroyed due to unauthorized access to them;
- performance of the internal control of conformity of the personal data processing to the requirements of the Personal data laws, including regulatory legal acts, adopted in accordance with it, to the requirements to the personal data protection, the Policy, the Regulation, and other local acts, including the control over the measures taken for provision of personal data safety and the level of their protection when processing in the Operator's information system;
- performance of other measures, provided for by laws of the Republic of Armenia in the field of personal data.

8.15 Safety provision of the personal data processed shall be performed by the Operator in terms of a single complex system or organization and technical and legal measures for information protection, with regard of requirements of the personal data laws and regulatory legal acts adopted in accordance with it.
8.16 The Operator's information safety system is continuously evolving and improved on the basis of requirements of international and national information safety standards, and the best global practices.
8.17 The Security Specialist is designated as the person responsible for data protection. Responsibilities include:

- Monitoring compliance with data protection laws
Responding to requests from data subjects
Cooperating with supervisory authorities
Maintaining documentation of processing activities
Reporting to top management on data protection status

Based on the size and nature of the Company's processing activities, the appointment of a dedicated Data Protection Officer is not mandatory under Art. 37 GDPR. The Security Specialist performs this function as part of their duties, with access to specialist literature and regular professional training.
When a processing activity meets the criteria for high-risk processing under Art. 35 GDPR, the Security Specialist shall conduct a DPIA. The DPIA shall include:

Systematic description of the processing activities and purposes
Assessment of necessity and proportionality
Assessment of risks to the rights and freedoms of data subjects
Proposed measures to mitigate identified risks
Consultation with data subjects or their representatives where appropriate

The DPIA shall be documented and approved by the Director. For processing activities involving external service providers, the DPIA shall consider the provider's security measures and segregation controls.
Criteria for requiring a DPIA:

Systematic and extensive evaluation of personal aspects based on automated processing (profiling)
Processing on a large scale of special categories of personal data (Art. 9 GDPR)
Systematic monitoring of publicly accessible areas on a large scale
Processing that involves new technologies

The Security Specialist shall maintain a list of processing activities requiring DPIA and review it annually.
8.18 Transfers of personal data to third countries (outside the EEA and RA) shall only be conducted if:

The European Commission has issued an adequacy decision for the country (Art. 45 GDPR); or
Appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) adopted by the European Commission (Art. 46 GDPR); or
Derogations apply, including explicit consent of the data subject (Art. 49 GDPR).

For transfers based on SCCs, a Transfer Impact Assessment (TIA) shall be conducted.
Where explicit consent of the data subject is required, the consent shall be:

Obtained in writing or electronically with clear affirmative action
Informing the data subject of the risks of transfers to countries without adequacy decisions
Documented and revocable at any time

The Security Specialist shall maintain a list of all transfers to third countries in the Register of Processing Activities (ROPA) and review it annually.
8.19 Data subject requests.
Procedure:
1. Any employee receiving a request from a data subject shall immediately forward it to the Security Specialist without responding directly.
2. The Security Specialist shall verify the identity of the requester using appropriate means (e.g., confirmation of personal information, official identification documents).
3. The request shall be processed within 30 days of receipt. This period may be extended by up to 60 days if necessary, considering the complexity and number of requests. The data subject shall be informed of any such extension within the initial 30-day period.
4. If the request is denied (in whole or in part), the Security Specialist shall provide a written explanation of the reasons and inform the data subject of their right to lodge a complaint with the supervisory authority.
5. All requests and responses shall be documented in a dedicated register (Annex 1), including: date of receipt, nature of request, identity verification method, response provided, date of response, and any refusal with reasons.
The register shall be retained for at least 3 years and be available for internal and external audits

9. PERSONAL DATA DESTRUCTION

9.1. Terms and time of the personal data destruction by the Operator:

achieving the personal data processing goal or loss of the need to achieve this goal: within 30 days;
reaching the maximal terms of keeping the documents, containing the personal data: within 30 days;
provision by the personal data subject (their representative) of a confirmation that the personal data were obtained illegally or are not necessary for the specified processing goal, - within seven business days;
revocation by the personal data subject of the consent to their personal data processing, if no preservation of these data is needed for their processing: within 30 days

9.2. Upon achievement of the personal data processing goal, and in the case of revocation of the personal data subject's consent to their processing, the personal data shall be subject to destruction:

unless otherwise stipulated by the agreement, the agreement, the party, beneficiary party, or reference under it will be the personal data subject;
the Operator is entitled to perform processing without the personal data subjects consent on the grounds provided for by the Personal Data law or other laws of the RA;
unless otherwise stipulated by the other agreement between the Operator and the personal data subject.

9.3. Personal data destruction shall be performed by a committee, formed by the order of the Operator's director.
9.4. The personal data destruction methods shall be established in the Operator's local regulatory acts.

10. FINAL PROVISIONS

10.1. This Policy is a public document and is subject for placement of the Operator's main Website.
10.2. The Policy shall be updated in case of amending legislative acts and regulatory acts on personal data processing and protection.The Policy also shall be reviewed by the Security Specialist and approved by the Director at least annually and updated as necessary to reflect changes in legislation and business processes.
10.3. Familiarization of the employees with terms and conditions of this Policy shall be performed against personal signature.
10.4. The terms and conditions of this Policy are obligatory for fulfillment by all the employees to whom the Operator granted access to personal data, and/or participating in organization of the processes of the personal data processing and safety provision.
10.5. Liability for violation of the requirements of the laws of the Republic of Armenia and the Operator's regulatory acts on personal data processing and protection, shall be determined in accordance with the current laws of the Republic of Armenia.

HOW TO CONTACT US
If you have any questions about KL ENGINEER’s privacy practices or use of your personal data, please feel free to contact us at corp@klengineer.com or by mail at:
KL Engineer LLC
Pirumyanneri 14/12, 0054 Yerevan, Armenia
corp@klengineer.com
klengineer.com

Company name:

KL ENGINEER LLC

E-Mail:

corp@klengineer.com

Phone:

+49 30 417 38 6 38

Legal:

Legal documents

Let's get acquainted

Name *

Company

Email *

Date

Your Message

I agree to the processing of my personal data

Let's get acquainted

Name

Company

Phone number *

Email

Date

I agree to the processing of my personal data

Thank you
for writing to us

We will contact you

Data Reuse & Scalability Management

Manage Product Variations: Visualize product variables through extensions such as a matrix and colorful real-time development status at each stage, accommodating adjustments for different markets, engine variables, or car models.
Increase Development Speed: Accelerate development cycles by reusing data and managing product variations efficiently, enabling faster time-to-market.
Reduce Complexity with Advanced Tools: Utilize advanced and ALM functionalities to manage product variations effectively, avoiding operational inefficiencies, potential errors, and increased quality assurance costs.
Enhance Portfolio Diversity: Offer a more diverse product portfolio that better meets customer demands, crucial for revenue growth in a competitive global market.

Automated Car Flashing

Automate the flashing of car software to Achieve end-to-end traceability and seamless integration from business processes to car binaries. By automating this process, we can achieve a 10 x reduction in manual weekly labor.

End-to-End Traceability: Achieve complete traceability from business processes to the final binaries on the car through the automated flashing process. This ensures all changes and configurations are documented and traceable.
Azure Integration with Artifact Storage System: Leverage the power of Azure integrated with Artifact Storage System, such as JFrog (other analog artifact storage control systems) to connect our business processes directly to car configurations. This integration facilitates a seamless flow of data and ensures accuracy in the flashing process.
Efficiency and Speed: Significantly reduce the time and effort required for car flashing. Initiate the car flashing process with a single click in the system. By automating the process, we eliminate repetitive manual tasks and accelerate the overall workflow, which leads to a a tenfold reduction in manual weekly labor.
Enhanced Accuracy: Minimize human error with automated processes that ensure precise execution of flashing tasks. This leads to more reliable and consistent results.
Centralized Data Model: Centralize the management of car configurations and flashing processes within a single platform. This simplifies oversight and enhances control over the entire integration lifecycle.

Data Reuse & Scalability Management

Optimize product line development by managing product variability and efficient data reuse. Reduce rework, shorten release cycles, and lower verification costs.

Product Management Platform: Leverage our product management platform and unique real-world experience in managing a multidimensional analysis space for all product variations.
Efficient Data Reuse: Why test the same function separately for different car models or markets? Why not leverage existing data efficiently? Save time and optimize your development process by reusing data from parallel products or projects. This approach simplifies planning and shortens the development lifecycle.

Manage Product Variations: Visualize product variables through extensions such as a matrix and colorful real-time development status at each stage, accommodating adjustments for different markets, engine variables, or car models.
Increase Development Speed: Accelerate development cycles by reusing data and managing product variations efficiently, enabling faster time-to-market.
Reduce Complexity with Advanced Tools: Utilize advanced and ALM functionalities to manage product variations effectively, avoiding operational inefficiencies, potential errors, and increased quality assurance costs.
Enhance Portfolio Diversity: Offer a more diverse product portfolio that better meets customer demands, crucial for revenue growth in a competitive global market.

Traceability and real-time Collaboration

Ensure full traceability across the entire car development lifecycle (V-Model) by connecting actual and plan status, as well as all project data from Requirements to Hardware information in one common data model. Enable real-time communication and collaboration among all teams, including Engineers, Test Managers, Configuration Management Teams and more.

Complete the full V-Model design and testing cycle: Seamlessly connect the design and testing phases, ensuring that both sides of the V-Model are fully integrated and aligned.

Security and Compliance: We adhere to industry standards such as TISAX and CDSA, ensuring the highest level of security and compliance. By using our tool, you can simplify your processes to meet standards like Automotive SPICE, ISO 26262, and CMMI, making it easier to achieve and maintain compliance.
Automate routine processes: By connecting all project data into a common data model, optimization points and bottlenecks become visible. This enables the automation of routine processes such as synchronizing and eliminating duplicates, maintaining daily data quality, and keeping everyone informed through deep analytics. This reduces manual tasks and enhances overall efficiency.
Ensure synchronicity and provide full browser-based access to all project data: Effortlessly access project data from any location, ensuring that all team members are consistently updated.
Facilitate real-time communication among Engineers, Configuration and Test Management teams: By utilizing a common data model, you can maintain common business objects and ensure continuous and clear communication through shared work items, wikis, notifications, and other collaborative tools.
Comprehensive Project Management: Our solution provides a holistic view of the project, from business requirements to Software and Hardware technical implementation, facilitating better decision-making and project outcomes.

Agile Project Management

We develop and support projects from idea to release using the Scaled Agile Framework. We will help you to adapt your Agile techniques with flexible customization options and pre-configured patterns. Our team comprises certified specialists in agile methodologies, ensuring that we follow and organize our processes effectively.

Certified Specialists: Our team of certified agile specialists is using Scalable Agile Framework, ensuring that our team follows and organize processes with full transparency.
Azure DevOps Leadership: Azure DevOps leads the way in managing agile and hybrid project formats, offering templates, how-tos, and a range of additional features to streamline your workflow. And enjoy a user-friendly interface that makes it easy to manage and track project progress, even for those new to agile methodologies.
Transparency and Traceability: Achieve full transparency and traceability across all project activities, with detailed records of changes and approvals.
Cross-Functional Collaboration: Foster cross-functional collaboration with integrated tools that allow team members from different departments to work seamlessly together.
Continuous Improvement: Embrace a culture of continuous improvement with tools and processes designed to adapt and evolve with your project needs.

Trace Data Analysis

Leverage comprehensive trace data analysis to enhance system integration testing and ensure product quality. Utilize a centralized toolchain for automated analysis, transforming raw data into actionable insights. And transition to a new modern format of data-driven testing process automation using the power of artificial intelligence (AI) tools.Simple text

Visualization and Actionable Insights: Transform raw trace data into visual representations that highlight key insights and utilize AI tools for in-depth analysis. This combination of visualization and AI-driven automation helps identify and address errors early in the development process, significantly reducing the risk of issues in final production.
Centralized Data Collection: Gather measurement logs from various cars and testing fields into a unified data pool. This centralized approach ensures that all trace data is accessible for analysis, streamlining the testing process.
Scalable Analysis: Manage and scale the analysis process to accommodate varying volumes of trace data. The toolchain and centralized storage are designed to handle large datasets and complex analysis requirements.
Cross-Department Collaboration: Facilitate collaboration between departments by providing a shared platform for trace data analysis. Different teams can contribute their expertise, leading to more comprehensive and thorough testing.
Integration with Azure: Upload trace data to Azure for enhanced integration testing. The data is linked with Metadata such as Sprint, Configuration, or car number, enabling detailed and organized analysis.

Release Management

Optimize your release management with our comprehensive solution, designed to support various methodologies. Achieve traceable releases every sprint by tracking actual status and comparing it with the plan, ensuring seamless delivery.

Release Planning Transparency: Address the challenge of managing numerous software development teams and disparate systems by ensuring transparency in release planning for both software and hardware deliveries, whether internal or by partners.
Single source of truth: Ensure transparency for every software component and version delivery for each ECU, with planning and delivery managed in a single tool – providing a single source of truth. With the two-sided linking process, we synchronize the plan and actual status with the Business Objects used by responsible parties. This allows us to track both states and plan efficiently.
Enhanced Visibility: Gain enhanced visibility into the release process, enabling proactive management and swift resolution of issues. Spot potential bottlenecks before they occur through live, real-time reports on delays and workloads.
Automated Processes for Enhanced Efficiency: Boost efficiency and minimize manual efforts by automating key aspects of the release management process, such as tracking deliveries, automatically linking them to the current release, or mail notifications of test failures. Additionally, by utilizing a digital twin of a prototype car with all updated information in the system, we ensure that every aspect of the car's development is accurately reflected and up-to-date.

Test Management

Centralize and manage all testing activities, Reduce quality assurance costs and meet product quality goals. Streamline your testing activities by connecting Test Plans and Test Cases with Releases, Requirements and further Business values in the system.

Centralized Test Management: Manage all testing activities from a single platform, ensuring a holistic view of your testing processes. Create test cases and easily link them to corresponding business data objects such as Requirements, Bug Tickets, Prototype Car and Releases to maintain traceability.
Connecting Requirements and Testing (V-Model): Our primary advantage is that we seamlessly connect the worlds of requirements and testing using the V-Model. This integration ensures efficient and consistent traceability from requirements to test results.
Unified System Integration with Business Values: We integrate all relevant data into a single system by linking test plans and test cases with business values such as sprint, car status, and number. This comprehensive integration provides a clear overview and enhances the control and tracking of the entire development process.
Integration and Standardization: Integrate with existing company tools and set up the structure of test plans, suites, and test cases, including standardized installation cases for every software delivery.
Automated Bug Reporting: Automatically generate bug reports and tasks for developers based on test failures to accelerate the resolution process.
Improved Collaboration: Facilitate better collaboration among testing, development, and operations teams with integrated workflows and tools.

Configuration Management

Maintain consistency and traceability of product configurations. Manage and control configuration items and their relationships across the project lifecycle.
Integrate software and hardware configurations with business values in a unified system. Utilize the digital twin feature to accurately describe prototype cars and consistently test them within these configurations.

Manage Product Variations: Handle modifications of a master product, such as different configurations or features, throughout the entire product lifecycle. For every prototype car, there is the capability to create a Digital Twin within the system. This Digital Twin includes all linkages to tests, software/hardware information, responsible persona, the latest status updates and more.
Configuration Item Relationships: Manage and control the relationships between configuration items, ensuring that changes in one item are reflected throughout the project. This helps in maintaining consistency and avoiding conflicts. Automated pipelines ensure data synchronization and reflection of changes based on relevant connections. Additionally, responsible parties are notified via email, ensuring seamless communication and coordination.
Linked Test Car Configurations: Create a comprehensive picture of the state of the products being developed by linking the status of each test car to various configurations, including variant management and even specific parking spaces. This detailed tracking ensures all test conditions are accounted for and accurately documented.

Failure and Risk Management

Track, analyze, and document potential and reported failures. Plan and mitigate risks to enhance product safety and reliability.

Improved Safety and Reliability: Enhance product safety and reliability by proactively managing potential risks and failures throughout the development lifecycle.
Comprehensive Failure Tracking: Automatically track issues on any test failure, whether manual or automated, performed within our platform or via third-party tools, ensuring immediate issue identification for all activities.
Ensure the Resolution: Automatically assign Bug Tickets based on classifications such as Car Model, Prototype Car number, Responsible and Bug Area to streamline the resolution process.
Risk Identification: Identify potential failures, risks, and hazards, and plan and assign tasks to mitigate these risks. Reduce the risk of critical bugs going untested before being released into the field.
Advanced Reporting and Analytics: Generate detailed reports and comprehensive graphs/statistics of the status of any Business Object at any time. Customize and filter reports by various parameters, including the responsible team member, current state, testing area, and more.

Change Management

Manage and track changes effectively to understand the who, what, when, and why of any modifications. Ensure all changes are controlled and documented.

Comprehensive Change Tracking: Gain a complete understanding of who made changes, what changes were made, when they occurred, and why they were implemented, ensuring full traceability and accountability.
Enhanced Process Control: Maintain control over the change management process by ensuring that all modifications are documented and tracked, reducing the risk of unauthorized changes and improving overall project transparency.
Customization and Flexibility: Customize the change management process to fit the specific needs of your organization, ensuring that changes are managed effectively and efficiently.
Change Management as an integral part of development: Implement a ticket structure to manage changes for functions, providing a traceable overview of software and requirement changes. This is an integral part of incremental development.
Regulatory Compliance: Meet regulatory requirements and industry standards by maintaining thorough documentation and traceability of all changes, ensuring your projects remain compliant.

Requirement Management

Efficiently gather, author, approve, and manage requirements throughout the entire project lifecycle. Ensure traceability and alignment with project goals. Possibility to import all requirements from existing company systems.

Visibility and Traceability: Our system ensures all requirements are visible, traceable, and connected. Track their development based on different parameters, providing a comprehensive view of progress and dependencies.
Integration with Existing Tools: Integrate seamlessly with existing tools in your company, synchronizing with standard processes to ensure a smooth workflow.
Collaborative Editing: Requirements are visible and editable by different responsibilities, allowing for collaborative input and modifications by various stakeholders.
Instant Exposure for Review and Approval: Instantly expose all requirement specification documents to all ALM stakeholders for review, approval, or development.
Scalable Solution: Our platform is scalable to meet the needs of projects of all sizes, from small teams to large enterprises, ensuring consistent performance and reliability.

Business Analytics with Power BI

Utilize advanced analytics to visualize, predict, and manage key tasks. Create customized dashboards for data-driven decision-making in car development, leveraging our team's expertise in Power BI.

Single Centralized Data Model: Build a comprehensive suite of reports using Power BI. These reports cover all aspects of the project, from business values to actual testing data, providing a holistic view of project health.
Advanced Visualization: Harness the power of Power BI to create detailed and interactive visualizations. These visuals help in understanding complex data sets and provide a clear picture of project status and progress.
Customized Dashboards: Develop tailored dashboards that cater to specific roles and responsibilities within the team. This customization ensures that every team member has access to the most relevant data for their needs.
Real-Time Data Integration: Integrate real-time data from various sources, providing up-to-date insights and enabling timely decision-making. Track real-time project statuses, plan versus actual progress, and other critical metrics.
Data Integration: Seamlessly integrate Power BI with existing tools and processes within the company. Combine business values with technical data from testing and hardware to provide a complete view of the project. For example, track the status of prototype cars by comparing planned versus actual statuses.

Connectors and Integrators

Seamlessly integrate with popular and internal company tools and platforms to enhance workflow efficiency and reduce hidden costs associated with third-party services.

Custom Connectors: Utilize our expertise to create integrations with complementary internal or third-party solutions. Use the platform's built-in extension functionality to expand capabilities yourself and cover new business processes.
Single Source of Truth: By connecting and synchronizing with various tools, we establish a single source of truth, reducing costs and enhancing data accuracy across the board. We integrate these disparate sources into one single data model, providing a clearer picture of project status and progress.
Connectors with popular tools: Ensure all your project management, development, and testing tools work in harmony. Our cloud technologies include Azure DevOps, Azure Databricks, Azure Functions, Azure Synapse Analytics, and Azure Data Factory. For back-end development, we use .Net Core, C#, and Node.js, while our extensions are built with TypeScript. The front-end is powered by React JS.. The front-end is powered by Power BI.
Comprehensive Data Migration and User Integration: Our integrations have enabled the seamless migration of data from various platforms already in use within projects. This capability has successfully transitioned over 5,000 users from zero into a single, unified platform.
Cost Reduction: By eliminating the need for managing multiple third-party services, our seamless integration approach reduces hidden costs and streamlines project management efforts.
Real-Time Data Synchronization: Ensure real-time synchronization of data across various tools, keeping information up-to-date and facilitating reporting and informed decision-making.

Thank you
for writing to us

We will contact you

Let's get acquainted

Name *

Company

Email *

Your Message

I agree to the processing of my personal data