Privacy Policy

Privacy Policy of “SOLAR PORTAL” Limited Liability Company

This Privacy Policy (hereinafter referred to as the “Privacy Policy”) has been developed in accordance with the legislation of the Republic of Armenia regarding personal data and is adopted by “SOLAR PORTAL” LLC (State registration number: 273.110.1380667, Taxpayer Identification Number: 02907694; hereinafter referred to as “SOLAR PORTAL” or “Operator”).
It applies to all information that “SOLAR PORTAL” LLC may collect and/or receive about a personal data subject who visits and/or uses the Website (https://solarportal.am) or interacts with “SOLAR PORTAL” LLC through digital or non-digital means.
Additionally, this Privacy Policy applies to information that, in certain cases, “SOLAR PORTAL” LLC is entitled to obtain from public, accessible sources and/or from third parties, as well as to information that may be obtained through the direct processing of existing data.
This Privacy Policy reflects the strategy of “SOLAR PORTAL” LLC as a data controller and/or processor in terms of the collection, storage, and protection of personal data.
It defines the purposes, scope, and method of collection, the security measures for protection, and the mechanisms for identifying and preventing violations of Armenian personal data laws by “SOLAR PORTAL” LLC.
The Privacy Policy extends to all websites, domains, subdomains, applications, services, products, and subscriptions owned by “SOLAR PORTAL” LLC.

1. TERMS AND DEFINITIONS

1.1. Within the scope and for the purposes of this Privacy Policy, in addition to terms directly related to the processing and protection of personal data as defined in this section, the terms and definitions provided in the User Agreement of “SOLAR PORTAL” LLC shall also apply.
The User Agreement is publicly available online at https://solarportal.am (hereinafter – “User Agreement”).
Where capitalized terms and definitions are used without explanation in the text or its appendices, their interpretation shall be based on the logic and meaning of this Privacy Policy.

1.2. For the purposes of implementing this Privacy Policy, the following indirect terms related to personal data processing and protection shall also be applied:

  • 1.2.1. Automated processing of personal data – Processing using computing technology.
  • 1.2.2. Blocking of personal data – Temporary suspension of processing (except in cases required for data correction).
  • 1.2.3. Personal Data Legislation of the Republic of Armenia – The Law of RA “On Protection of Personal Data” dated 18.05.2015 and other normative legal acts.
  • 1.2.4. Information system of personal data – A set of databases and IT tools for processing personal data.
  • 1.2.5. Depersonalization of personal data – Actions making it impossible to identify the data subject without additional information.
  • 1.2.6. Processing of personal data – Any operation or set of operations performed on personal data, with or without automation.
  • 1.2.7. Operator – “SOLAR PORTAL” LLC, a legal entity established under RA law, registered at Yerevan, Bashinjaghyan St., 165/2, which determines the purposes, categories, and procedures of processing personal data.
  • 1.2.8. Personal data – Any information relating to a directly or indirectly identifiable natural person.
  • 1.2.9. Provision of personal data – Disclosure to a specific person or group.
  • 1.2.10. Dissemination of personal data – Disclosure to an indefinite range of persons.
  • 1.2.11. Cookies – Small text files sent to a subject’s browser and stored on their device, including identifiers such as IP/MAC address, device type, browser version, OS details, screen resolution, etc., as well as behavioral data collected via tools like Google Analytics, PowerBI, and myBI.
  • 1.2.12. Destruction of personal data – Irreversible deletion from information systems or physical media.

2. PRINCIPLES AND LEGAL BASES OF PERSONAL DATA PROCESSING

2.1. The Operator processes personal data in accordance with the following principles:

  • 2.1.1. Lawfulness and fairness.
  • 2.1.2. Specific and lawful purposes only.
  • 2.1.3. Incompatibility of combined databases with differing purposes is not allowed.
  • 2.1.4. Relevance to processing objectives.
  • 2.1.5. Non-excessiveness relative to purpose.
  • 2.1.6. Accuracy and sufficiency of data; ensuring outdated/inaccurate data is corrected or deleted.
  • 2.1.7. Data retention should allow identification of subjects only as long as needed, unless otherwise required by law.

2.2. Processing is allowed if the Operator has at least one of the following legal grounds:

  • 2.2.1. Consent from the subject.
  • 2.2.2. Execution of a contract involving the subject.
  • 2.2.3. Legal obligations under RA law (e.g., Civil Code, Tax Code, laws on digital signatures and cash registers).
  • 2.2.4. Legitimate interests of the Operator or third parties.

3. CATEGORIES OF PERSONAL DATA SUBJECTS

According to this Privacy Policy, personal data are collected and/or processed for the following subject categories:

  • 3.1. Website users;
  • 3.2. Representatives of users;
  • 3.3. Website visitors;
  • 3.4. Representatives of visitors;
  • 3.5. Any person accessing the website and completing registration.

4. PURPOSES OF PERSONAL DATA COLLECTION, RECEIPT, AND PROCESSING

The collection, receipt, and processing of personal data specified in Section 5 of this Privacy Policy are carried out for the following purposes:

  • 4.1. Execution of activities defined by the Operator’s charter (provision of paid and free services, registry management and updates, market research of current and future products/services, etc.).
  • 4.2. Ensuring access to the Website and/or monitoring its functionality for personal data subjects.
  • 4.3. Registration, identification, authentication, and authorization of personal data subjects on the Website.
  • 4.4. Conclusion, execution, and termination of civil-law contracts with the data subject or other persons under RA law and/or the Operator’s charter.
  • 4.5. Communication with data subjects when needed, including sending notices, updates, and processing inquiries.
  • 4.6. Fulfillment of legal obligations imposed on the Operator.
  • 4.7. Execution of rights and obligations under contracts, including those where the data subject is a party, beneficiary, or guarantor.
  • 4.8. Protection of the rights and legitimate interests of the Operator or third parties.
  • 4.9. Monitoring the use of services and products offered on the Website.
  • 4.10. Improvement of Website operation, its functionality, and the quality of services provided by the Operator.
  • 4.11. Identification of personal preferences of the data subject.
  • 4.12. Calculation and settlements with personal data subjects.
  • 4.13. Providing targeted information about services offered by the Operator and its partners.
  • 4.14. Targeting of advertising materials and campaigns.
  • 4.15. Ensuring website security and fraud prevention.
  • 4.16. Direct communication with data subjects for marketing purposes.
  • 4.17. Conducting statistical and other research using anonymized personal data.

5. CATEGORIES OF COLLECTED, RECEIVED, AND PROCESSED PERSONAL DATA

5.1. For the purposes outlined in Section 4, the Operator collects, receives, and processes the following categories of personal data related to the subjects specified in Section 3:

  • 5.1.1. Last name, first name, and patronymic (including previous names)
  • 5.1.2. Date of birth (day, month, year)
  • 5.1.3. Place of birth
  • 5.1.4. Address of residence (registration) or current location
  • 5.1.5. Date of registration at the residence or location
  • 5.1.6. Citizenship
  • 5.1.7. Type, series, and number of identity document; issuing authority and code; date of issue
  • 5.1.8. Scanned copies of passport or identity document pages
  • 5.1.9. Contact phone number
  • 5.1.10. Email address
  • 5.1.11. Information about ordered, canceled, paid, or unpaid services (via the Website or its features)
  • 5.1.12. Payment details for services (amount, method, date, currency, refunds, etc.)
  • 5.1.13. Cookies and similar technology data

6. PROCEDURE FOR COLLECTION, RECEIPT, AND PROCESSING OF PERSONAL DATA; DATA SECURITY

6.1. Personal data is collected, received, and processed strictly under this Privacy Policy and Armenian legislation.

6.2. Collecting inquiries from subjects or third parties, and processing data outside the conditions outlined in this policy and applicable law, is prohibited.

6.3. For subject categories listed in Section 3, the following actions are carried out:

  • Collection
  • Registration
  • Organization
  • Accumulation
  • Storage
  • Clarification (update, modification)
  • Retrieval
  • Use
  • Transfer (distribution, provision, access)
  • Depersonalization
  • Blocking
  • Deletion
  • Destruction

6.5. Collection of personal data listed in clause 5.1.13 is performed using cookies or similar technologies by the Operator.

6.6. Data from third parties may only be received if such party provides evidence of legal grounds for transfer under the RA Law on Personal Data Protection (2015).

6.7. The processing of these personal data categories is performed only for the purposes specified in Section 4 and only when at least one legal ground from Section 2 or RA law is present.

6.8. Data collected through cookies or similar technology is processed under the following terms:

  • 6.8.1. When visiting or using the Website, the Operator collects information about:
    • Access to the Website
    • IP and MAC addresses
    • Browser ID
    • Client ID
    • Browser version
    • Geolocation data
    • Device type and OS
    • Screen resolution and interface language
    • Website visit date and time
    • User behavior on the site (clicks, visited URLs, impressions, pageviews)
    • Segment data via analytics tools like Google Analytics, PowerBI, and myBI
  • 6.8.2. This information is processed for:
    • Monitoring use of services and products on the Website
    • Improving Website performance and service quality
    • Identifying user preferences
    • Targeting advertisements
    • Ensuring Website security and preventing fraud
    • Conducting statistical and other studies based on anonymized data
  • 6.8.3. Users can control cookies via their browser settings. Session cookies are deleted upon exit. Cookies do not harm devices or contain viruses.
  • 6.8.4. If a subject does not wish to provide this information, they must disable cookies via their browser or stop using the Website. Certain features may be unavailable or function incorrectly without cookies.

6.9. The Operator reserves the right to verify submitted data and ensure compliance with its business requirements, including transaction legitimacy.

6.10. The Operator may provide access to or transfer personal data to third parties under Armenian law, this Privacy Policy, or its internal legal acts, especially for legitimate processing purposes or to partners. Third parties must comply with Armenian data protection law and maintain confidentiality and security.

6.11. With subject consent (unless otherwise provided by law), the Operator may assign processing to another party. The Operator remains responsible for any such processing.

6.12. The Operator guarantees the protection of personal data and undertakes to:

  • 6.12.1. Develop and publish this publicly accessible Privacy Policy
  • 6.12.2. Adopt internal legal acts to prevent and mitigate violations
  • 6.12.3. Appoint a responsible data processing officer
  • 6.12.4. Conduct internal audits of compliance
  • 6.12.5. Assess potential harm in case of breaches
  • 6.12.6. Ensure staff are familiar with data protection laws and internal policies
  • 6.12.7. Apply legal, organizational, and technical safeguards including:
    • Differentiated access
    • Prevention of malware and unauthorized software
    • Use of firewalls and filtering systems
    • Network obfuscation
    • Security audits and approved information security tools
    • Logging and tracking all data access and changes

6.13. The Operator promptly rectifies violations of the data processing procedure.

6.14. RA citizens’ data collected online is stored and processed in databases located within the Republic of Armenia.

6.15. The Operator does not perform cross-border transfers of personal data.

7. TERMS FOR PROCESSING AND RETENTION OF PERSONAL DATA

7.1. Personal data may be processed and retained in an identifiable format by the Operator only for as long as it is necessary to achieve the purposes described in Section 4 of this Privacy Policy. At the same time, in cases explicitly defined by the legislation of the Republic of Armenia, this Privacy Policy, or internal legal acts adopted within the framework of this Policy, or agreements where the personal data subject is a party, beneficiary, or guarantor, the Operator may be entitled to continue processing and retaining personal data in an identifiable format.

7.2. Once the purpose of data processing is achieved, the Operator discontinues processing the personal data.

7.3. If the data subject withdraws their consent for personal data processing, the Operator shall cease processing within no more than thirty (30) days from the date of receipt of such withdrawal—unless the Operator has legal grounds to continue processing without consent as per the RA Law on Personal Data Protection (18.05.2015).

7.3.1. Once the purpose is achieved, the necessity for processing ends, consent expires, or processing is found to be unlawful, personal data shall be destroyed unless otherwise required by Armenian law, this Privacy Policy, internal legal acts of the Operator, or agreements in which the subject is a party, beneficiary, or guarantor.

7.3.2. The Operator shall systematically review and identify categories of data to be destroyed due to the absence of legal grounds for their continued processing or retention.

7.3.3. The method and process of data destruction shall be determined by the Operator in accordance with RA law and its internal legal acts adopted under this Policy.

8. OPERATOR’S RIGHTS AND OBLIGATIONS

8.1. The Operator undertakes to:

  • 8.1.1. Organize the processing of personal data in accordance with RA law.
  • 8.1.2. Ensure confidentiality of personal data and not disclose or share it with third parties without the data subject’s consent, unless required by law.
  • 8.1.3. Protect processed personal data from misuse or loss.
  • 8.1.4. Upon request and in accordance with the law, inform the subject or their representative about the existence of personal data concerning them and allow access to it.
  • 8.1.5. Respond to applications and inquiries from data subjects or their legal representatives in a timely manner, in accordance with RA law.
  • 8.1.6. If an inquiry is denied, provide a written justification citing the relevant legal basis.
  • 8.1.7. If disclosure of personal data is mandatory under RA law, inform the subject of the legal consequences of refusing to provide the data.
  • 8.1.8. Allow the subject or their representative free access to their personal data, and upon request, make necessary changes or deletions if the data is no longer required, and notify any third parties with whom the data was shared.
  • 8.1.9. Submit required reports to the competent authority for the protection of personal data rights within 30 days of receiving such a request.
  • 8.1.10. Immediately terminate personal data processing upon the subject’s request if it is for direct marketing or product/service promotion via communication methods.
  • 8.1.11. Eliminate any legal violations in the data processing process.
  • 8.1.12. Correct, block, or destroy personal data in cases prescribed by law.
  • 8.1.13. Fulfill all other obligations under this Policy and Armenian law.

8.2. The Operator has the right to:

  • 8.2.1. Adopt internal legal acts for implementation of this Privacy Policy.
  • 8.2.2. Request consent from the data subject to process their data.
  • 8.2.3. Refuse to disclose personal data where permitted by law.
  • 8.2.4. Apply disciplinary measures to employees for violating data protection rules.
  • 8.2.5. Exercise any other rights granted under this Policy and Armenian law.

9. RIGHTS OF PERSONAL DATA SUBJECTS

9.1. In accordance with Armenian law, data subjects have the right to request information about how the Operator processes their data, including the sources of such data.

9.2. Request the blocking or destruction of incomplete, outdated, unlawfully obtained, or unnecessary data.

9.3. File complaints regarding the Operator’s actions or inactions with the authorized data protection body or court if they believe their rights have been violated.

9.4. Grant consent to the Operator for the processing of their personal data.

9.5. Withdraw consent at any time, by:

  • 9.5.1. Sending a written notice to the Operator at: Yerevan, Bashinjaghyan St., 165/2. The notice must include:
    • Full name
    • Address
    • ID document number, issuance date, and issuing authority
    • Signature of the subject
  • 9.5.2. Using technical means on the Website, if such functionality exists.

9.6. Provide consent for marketing-related processing involving direct contact via communication tools.

9.7. Request the termination of marketing-related processing via the same methods as in 9.5.

9.8. Defend their rights and legitimate interests in court, including claims for compensation of actual damages.

9.9. Exercise any other rights prescribed under this Privacy Policy and Armenian legislation.

10. INQUIRIES FROM PERSONAL DATA SUBJECTS

10.1. Data subjects may request the following, under RA law:

  • 10.1.1. Confirmation that their data is being processed
  • 10.1.2. Legal basis and purpose of processing
  • 10.1.3. Methods used in processing
  • 10.1.4. Operator’s name, address, and parties with access to the data
  • 10.1.5. The actual personal data and its sources
  • 10.1.6. Conditions of data processing and retention
  • 10.1.7. Means for exercising rights under RA law
  • 10.1.8. Information on completed or intended cross-border transfers
  • 10.1.9. Details of any third-party processors (name, address, etc.)
  • 10.1.10. Any other information prescribed by law

10.2. Subjects may request clarification, blocking, or destruction of incomplete, outdated, incorrect, unlawfully obtained, or unnecessary data.

10.3. The information listed in 10.1.1–10.1.10 shall be provided in a form accessible to the subject and shall not include third-party personal data unless legally required.

10.4. The request must include:

  • 10.4.1. ID details of the data subject or their representative
  • 10.4.2. Confirmation of relationship with the Operator or other proof of data processing
  • Signature of the data subject or representative

10.5. If the subject has already received the data, repeat requests for access or review may only be made no earlier than thirty (30) days after the initial response, unless a shorter period is mandated by law.

10.6. If the previous request was not fully satisfied, the subject may repeat the request before the 30-day period ends, but must justify it.

10.7. The Operator may reject repeated requests that do not meet the criteria in 10.5 or 10.6, with a valid explanation.

10.8. Access may be restricted under RA law, particularly if disclosure would violate the rights of third parties.

11. FINAL PROVISIONS

11.1. This document defines the personal data processing policy of “SOLAR PORTAL” LLC in relation to the data subject categories listed in Section 3 and is part of the internal legal framework of the Operator.

11.2. This Privacy Policy is a public document. The latest version is always available online for reading, printing, or downloading on the Website under “Privacy Policy” (https://solarportal.am).

11.3. This Policy is approved by the Operator and is binding for all employees with access to personal data.

11.4. The Policy may be amended due to changes in legislation or the Operator’s requirements. The Operator will take reasonable steps to notify data subjects of such changes.

11.5. Personal data on the Website is not publicly accessible. The Operator and Website are not sources of public disclosure.

11.6. By registering and/or using the Website and its services, the subject acknowledges they are providing their personal data (as defined in Section 5), and confirms the Operator’s right to process that data, even without further consent where legally allowed.

11.7. If the Operator needs to use personal data for purposes not described in this Policy, it will do so only with the subject’s explicit consent or under another legal basis permitted by law.

11.8. If the subject refuses to provide required personal data during Website usage, the Operator may be unable to grant full access to the Website or its services due to insufficient data.

11.9. After reading this Policy:

  • 11.9.1. If any provisions are unclear, the subject may contact the Operator via any method listed in the “Contacts” section of the Website.
  • 11.9.2. If the subject disagrees with any part of this Policy and does not want to share their data, they must leave the Website without performing any actions (e.g., registering or using services).

11.10. All provisions of this Privacy Policy are clear and unchallenged by the data subject.

11.13. The subject accepts all provisions of this Policy and acknowledges the legal consequences outlined.

11.14. Oversight of this Policy’s implementation is carried out by the person responsible for organizing personal data processing at the Operator.

11.15. This Policy is written in Armenian and may be provided in other languages for review. In case of discrepancies, the Armenian version prevails.

Scroll to Top