Privacy Policy of Pruffme LTD

Approved by the Order of the CEO of Pruffme LTD 2016-01 from January, 1, 2016

The permanent address of the document publication: https://pruffme.com/pages/privacy/

Privacy Policy of Pruffme Ltd

1. General provisions

The current Privacy Policy (hereinafter Policy) is accepted by Pruffme Ltd. in order to ensure the implementation of the requirements of the current legislation of the Russian Federation. Terms and definitions: the Company – Pruffme LTD is a legal entity registered in accordance with the current legislation of the Russian Federation ( the legal address: 192029, 70, building 2, Obukhovskoy Oborony prospect, St. Petersburg, Russian Federation, TIN 7811177643, KPP (Reason code of registration) on the location address 781101001 , PSRN 1157847085285, the address for the correspondence: 197022, 3, building A, Medikov prospect, St. Petersburg, Russian Federation) and processing the personal data of personal data subjects. Personal data subject is a physical entity identifiable by the personal data. Personal data is any information that directly or indirectly refers to a particular/specific person. Processing of personal data is an action performed by the Company using means of automatization or without them including collection, recording, systematization, accumulation, storage, clarification (update, change), extraction, use, transfer (distribution, granting, access), depersonalization, blocking, deletion, destruction of personal data. Automated processing of personal data is the processing of personal data by the means of computing machinery (computer).Information system of personal data is the Company database containing personal data, information technologies and technical means allowing to carry out processing of personal data using means of automation or without such. Protection of personal data is a set of actions of organizational and technical nature on the part of the Company to protect personal data. Blocking of personal data is a temporary cessation of personal data processing (except cases when the processing is necessary for the improvement of personal data).Depersonalization of personal data is actions, which becomes impossible without additional information to determine the identity of personal data of the specific personal data subject. Provision of personal data is actions aimed at revealing personal data to a certain person or group of persons. Determination of personal data is actions aimed at revealing personal data to an indefinite circle of persons. Confidentiality of personal data is a mandatory requirement for the Company or other person who has access to personal data to prohibit the disclosure of personal data to the third parties, their distribution without the consent of the data subject or the presence of other legal grounds. Storage of the personal data is the direct content of personal data in personal data information system of the Company. Destruction of personal data is actions as a result of which it becomes impossible to restore the contents of personal data in the information system of personal data and (or) the material carriers of personal data are destroyed.

2. The basic principles and purposes of personal data processing

2.1. The principles of personal data processing-processing of personal data is performed on the legal and fair basis;-processing of personal data contradicting to the main purpose of collection of the personal data is not allowed;-processing of personal data is limited to the achievement of certain legitimate purposes;-processing of personal data is permitted only with the consent of the data subject;-processing of personal data that meet the purposes of processing specified in paragraph 2.2. of this section can be performed;-processing of personal data that do not meet the purposes of such processing is not permitted;-personal data will be stored in the form enabling to identify the data subject within the term that corresponds to the personal data processing purposes, if such period is not set by the Federal law or contract, the party of which is the subject of personal data or in which a beneficiary or a guarantor is the subject of personal data;

2.2. The purposes of personal data processing-execution of the provisions of the current legislation of the Russian Federation;-proper maintenance of personnel records of employees of the Company, accrual of wages, health insurance and payment for services of persons under contracts of civil nature;-provision of the services and execution of contracts and agreements concluded by the Company with physical persons;-any other purposes for which the Company requires the processing of personal data in accordance with the current legislation of the Russian Federation.

3. Subjects of personal data

The following persons are the subjects of personal data:

3.1.in the field of labor relations - employees working for the Company on the basis of labor contracts concluded;-applicants for vacant positions of the Company.

3.2.in the field of civil relations: any legally capable individuals with whom the Company concludes civil law agreements character; any capable individuals who are going to conclude or have already concluded contracts with the Company and act as a party, beneficiary or guarantor under such agreements.

3.3.in other (related) areas: visitors to the Company's office; representatives (employees) of the Company's counterparties; other persons whose processing of personal data may be required by the Company in accordance with requirements (on the basis of) the current legislation of the Russian Federation.

4. Rights of personal data subjects

4.1. The subject of personal data has the right to receive information relating to the processing of its personal data in accordance with applicable law.

4.2 In order to exercise their rights and legitimate interests, the subject of personal data may apply to the Company for providing information relating to the processing and protection of personal data. Company considers appeals of personal data subjects, gives explanations and takes measures to protect personal data. In the case of claims and complaints by personal data subjects, the Company accepts all necessary measures to eliminate possible violations, identify the perpetrators and resolve disputed situations in pretrial order.

4.3. The right of the subject of personal data to access his personal data may be limited in cases established by the current legislation of the Russian Federation.

4.4. Other rights determined by the Federal Law “On Personal Data”

5. Categories of personal data to be processed and sources of their receipt in the personal data information system, the Company processes the following categories of personal data.

5.1.In accordance with paragraph 3.1.Section 3 of the Policy: For Company employees-Full Name;-passport details;-date and place of birth;-registration address;-marital status;-education;-profession;- TIN data;-bank account details;-data of the pension insurance certificate;-data of medical policies; information about the birth of children and the conclusion or dissolution of marriage;-data on military registration;-place of work;-position;-information about labor activity (employment record); -phone. For relatives of the Company employees:-surname, name, patronymic;-date of birth;-the degree of kinship.

5.2.In accordance with paragraph 3.2.Section 3 Policies :For individuals with whom the Company enters into contracts of a civil nature-surname, name, patronymic;-passport details;-date and place of birth;-registration address;-TIN data;-data of the pension insurance certificate;-bank details;-phone .For individuals who are users of the Company’s software or are going to conclude (already concluded) contracts with the Company and act as a party, beneficiary or guarantor on such contracts:-surname, name, patronymic;-e-mail address (e-mail)-contact phone;-country and city of residence;-address of registration;-place of work, position-other information that may relate to physical dataindividuals.5.3.In accordance with clause 3.3.Section 3 Policies:-Full Name;-passport details;-telephone;-other information that may relate to these individuals.5.4.Sources of personal data include :For labor relations and personnel records of employees of the Company, as well as for persons with whom the Company concludes contracts of a civil nature and other persons whose processing of personal data may be required for the Company:-documents and information provided personally by the employees and individuals with whom they are concluded treaties of a civil nature. For individuals who are going to conclude or have already concluded contracts with the Company, beneficiary or guarantor under such agreements-information provided personally by such citizens when registering and creating accounts for the use of the software and the Company's websites and filling in relevant electronic forms. Mandatory information is marked in a special way. Any other information is provided by individuals at their discretion.

6. Confidentiality of personal data

6.1. All information relating to personal data that became known to the Company in connection with the implementation of the processing of such data are confidential information and protected by the legislation of the Russian Federation. The company is taking appropriate measures to protect such information.

6.2. Employees of the Company and other persons who have access to the personal data being processed must sign an agreement on non-disclosure of confidential information and warned about possible disciplinary, administrative, civil and criminal liability in case of violation provisions of the current legislation of the Russian Federation in the field of personal data processing and protection.

7. Measures to ensure the security of personal data during their processing

7.1.When processing personal data, the company accepts all the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, changes, blocking, copying, providing, distributing personal data, as well as from other misconduct in relation to personal data.7.2.The main measures aimed at protecting personal data carried out by the Company:-the appointment of employees of the Company responsible for the processing of personal data;-implementation of internal control (audit) of compliance with the processing of personal data requirements Federal Law of July 27, 2006 No. 152-ФЗ“On Personal Data” and other regulatory and legal acts, regulating this area;-familiarization of the Company's employees who directly process personal data with provisions of the current legislation of the Russian Federation on personal data, including the requirements to the processing and protection of personal data by local regulations, including this Policy.-the use of organizational and technical measures aimed at ensuring the security of personal data processing in the information systems of personal data necessary to comply with the requirements for processing and protection of personal data.-accounting of physical carriers of personal data (computer);-the establishment of facts of unauthorized access to personal data and the adoption of appropriate measures;-restoration of personal data changed or destroyed due to unauthorized access to them;-the establishment of rules for access to personal data processed in the personal information system data, as well as ensuring the registration and recording of all actions performed with personal data in personal data information system;-monitoring the measures taken to ensure the security of personal data.

8. Final provisions

8.1. The company has the right to make changes to this Policy. The new edition of the Policy comes into force from the moment of its signing by an authorized person (Director General of the Company) and official publication of the electronic version on the Company's website at the following Internet address: https://pruffme.com/pages/privacy/8.2.Monitoring compliance with the requirements of the Policy is carried out by persons responsible for ensuring personal data security.