Approved by the Order of the CEO of Pruffme LTD 2016-01 from January, 1, 2016 

The permanent address of the document publication:

Privacy Policy of Pruffme Ltd

1. General provisions

The current Privacy Policy (hereinafter Policy) is accepted by Pruffme Ltd. in order to ensure the implementation of the requirements of the current legislation of the Russian Federation. Terms and definitions: the Company  – Pruffme LTD is a legal entity registered in accordance with the  current  legislation  of  the  Russian  Federation  (  the  legal  address:  192029,  70, building  2,  Obukhovskoy  Oborony  prospect,  St.  Petersburg,  Russian  Federation, TIN 7811177643,  KPP  (Reason  code  of  registration)  on  the  location  address 781101001  ,  PSRN  1157847085285,  the  address  for  the  correspondence:  197022, 3,   building   A,   Medikov   prospect,   St.   Petersburg,   Russian   Federation)   and processing the personal data of personal data subjects. Personal data subject is a physical entity identifiable by the personal data. Personal  data  is  any  information  that  directly  or  indirectly  refers  to  a particular/specific person. Processing  of  personal  data  is  an  action  performed  by  the  Company  using means   of   automatization   or   without   them   including   collection,   recording, systematization,  accumulation,  storage,  clarification  (update,  change),  extraction, use,  transfer  (distribution,  granting,  access),  depersonalization,  blocking,  deletion, destruction of personal data. Automated processing of personal data is the processing of personal data by the means of computing machinery (computer).Information  system  of  personal  data  is  the  Company  database  containing personal data, information technologies and technical means allowing to carry out processing of personal data using means of automation or without such. Protection of personal data is a set of actions of organizational and technical nature on the part of the Company to protect personal data. Blocking   of   personal   data   is   a   temporary   cessation   of   personal   data processing (except cases when the processing is necessary for the improvement of personal data).Depersonalization  of  personal  data  is  actions,  which  becomes  impossible without  additional  information  to  determine  the  identity  of  personal  data  of  the specific personal data subject. Provision  of  personal  data  is  actions  aimed  at  revealing  personal  data to  a certain person or group of persons. Determination of personal data is actions aimed at revealing personal data to an indefinite circle of persons. Confidentiality   of   personal   data   is   a   mandatory   requirement   for   the Company or other person who has access to personal data to prohibit the disclosure of  personal  data  to  the  third  parties,  their  distribution  without  the  consent  of  the data subject or the presence of other legal grounds. Storage of the personal data is the direct content of personal data in personal data information system of the Company. Destruction  of  personal  data  is  actions  as  a  result  of  which  it  becomes impossible  to  restore  the  contents  of  personal  data  in  the  information  system  of personal data and (or) the material carriers of personal data are destroyed.

2. The basic principles and purposes of personal data processing

2.1. The principles of personal data processing-processing of personal data is performed on the legal and fair basis;-processing of personal data contradicting to the main purpose of collection of the personal data is not allowed;-processing  of  personal  data  is  limited  to  the  achievement  of  certain legitimate purposes;-processing  of  personal  data  is  permitted  only  with  the  consent  of  the  data subject;-processing of personal data that meet the purposes of processing specified in paragraph 2.2. of this section can be performed;-processing  of  personal  data  that  do  not  meet  the  purposes  of  such processing is not permitted;-personal data will be stored in the form enabling to identify the data subject within  the  term  that corresponds  to the personal data processing  purposes, if  such period is not set by the Federal law or contract, the party of which is the subject of personal  data  or  in  which  a  beneficiary  or  a  guarantor  is  the  subject  of  personal data;

2.2. The purposes of personal data processing-execution  of  the  provisions  of  the  current  legislation  of  the  Russian Federation;-proper  maintenance  of  personnel  records  of  employees  of  the  Company, accrual  of  wages,  health  insurance  and  payment  for  services  of  persons  under contracts of civil nature;-provision  of the  services  and execution  of  contracts  and  agreements concluded by the Company with physical persons;-any  other  purposes  for  which  the  Company  requires  the processing  of personal data in accordance with the current legislation of the Russian Federation.

3. Subjects of personal data

The following persons are the subjects of personal data: the field of labor relations - employees  working  for  the  Company  on  the  basis  of  labor  contracts concluded;-applicants for vacant positions of the Company. the field of civil relations: any  legally  capable  individuals  with  whom  the  Company  concludes  civil law agreements character;  any  capable  individuals  who  are  going  to  conclude  or  have  already concluded contracts with the Company and act as a party, beneficiary or guarantor under such agreements. other (related) areas: visitors to the Company's office; representatives (employees) of the Company's counterparties; other  persons  whose  processing  of  personal  data  may  be  required  by  the Company in accordance with requirements (on the basis of) the current legislation of the Russian Federation.

4. Rights of personal data subjects

4.1. The subject of personal data has the right to receive information relating to the processing of its personal data in accordance with applicable law.

4.2  In  order  to  exercise  their  rights  and  legitimate  interests,  the subject  of personal data may apply to the Company for providing information relating to the processing and protection of personal data. Company considers appeals of personal data subjects, gives explanations and takes measures to protect personal data. In the case of claims and complaints by personal data subjects, the Company accepts all necessary measures to eliminate possible violations, identify the perpetrators and resolve disputed situations in pretrial order.

4.3. The right of the subject of personal data to access his personal data may be limited in cases established by the current legislation of the Russian Federation.

4.4. Other rights determined by the Federal Law “On Personal Data”

5.  Categories  of  personal  data  to  be  processed  and  sources  of  their receipt in the  personal  data   information   system,   the   Company   processes the following categories of personal data.

5.1.In accordance with paragraph 3.1.Section 3 of the Policy: For Company employees-Full Name;-passport details;-date and place of birth;-registration address;-marital status;-education;-profession;- TIN data;-bank account details;-data of the pension insurance certificate;-data of medical policies; information about the birth of children and the conclusion or dissolution of marriage;-data on military registration;-place of work;-position;-information about labor activity (employment record); -phone. For relatives of the Company employees:-surname, name, patronymic;-date of birth;-the degree of kinship.

5.2.In accordance with paragraph 3.2.Section 3 Policies :For individuals with whom the Company enters into contracts of a civil nature-surname, name, patronymic;-passport details;-date and place of birth;-registration address;-TIN data;-data of the pension insurance certificate;-bank details;-phone .For individuals who are users of the Company’s software or are going to conclude (already concluded) contracts with the Company and act as a party, beneficiary or guarantor on such contracts:-surname, name, patronymic;-e-mail address (e-mail)-contact phone;-country and city of residence;-address of registration;-place of work, position-other information that may relate to physical dataindividuals.5.3.In accordance with clause 3.3.Section 3 Policies:-Full Name;-passport details;-telephone;-other information that may relate to these individuals.5.4.Sources of personal data include :For labor relations and personnel records of employees of the Company, as well as for persons with whom the Company concludes contracts of a civil nature and other persons whose processing of personal data may be required for the Company:-documents and information provided personally by the employees and individuals with whom they are concluded treaties of a civil nature. For individuals who are going to conclude or have already concluded contracts with the Company, beneficiary or guarantor under such agreements-information provided personally by such citizens when registering and creating accounts for the use of the software and the Company's websites and filling in relevant electronic forms. Mandatory information is marked in a special way. Any other information is provided by individuals at their discretion.

6. Confidentiality of personal data

6.1. All information relating to personal data that became known to the Company in connection with the implementation of the processing of such data are confidential information and protected by the legislation of the Russian Federation. The company is taking appropriate measures to protect such information.

6.2. Employees of the Company and other persons who have access to the personal data being processed must sign an agreement on non-disclosure of confidential information and warned about possible disciplinary, administrative, civil and criminal liability in case of violation provisions of the current legislation of the Russian Federation in the field of personal data processing and protection.

7. Measures to ensure the security of personal data during their processing

7.1.When processing personal data, the company accepts all the necessary legal, organizational and technical measures to protect personal data from unlawful or accidental access to them, destruction, changes, blocking, copying, providing, distributing personal data, as well as from other misconduct in relation to personal data.7.2.The main measures aimed at protecting personal data carried out by the Company:-the appointment of employees of the Company responsible for the processing of personal data;-implementation of internal control (audit) of compliance with the processing of personal data requirements Federal Law of July 27, 2006 No. 152-ФЗ“On Personal Data” and other regulatory and legal acts, regulating this area;-familiarization of the Company's employees who directly process personal data with provisions of the current legislation of the Russian Federation on personal data, including the requirements to the processing and protection of personal data by local regulations, including this Policy.-the use of organizational and technical measures aimed at ensuring the security of personal data processing in the information systems of personal data necessary to comply with the requirements for processing and protection of personal data.-accounting of physical carriers of personal data (computer);-the establishment of facts of unauthorized access to personal data and the adoption of appropriate measures;-restoration of personal data changed or destroyed due to unauthorized access to them;-the establishment of rules for access to personal data processed in the personal information system data, as well as ensuring the registration and recording of all actions performed with personal data in personal data information system;-monitoring the measures taken to ensure the security of personal data.

8. Final provisions

8.1. The company has the right to make changes to this Policy. The new edition of the Policy comes into force from the moment of its signing by an authorized person (Director General of the Company) and official publication of the electronic version on the Company's website at the following Internet address: compliance with the requirements of the Policy is carried out by persons responsible for ensuring personal data security.