GENERAL POLICY ON PERSONAL DATA PROCESSING

1. This General Policy on Personal Data Processing (hereinafter – “Policy”) defines general requirements for the processing of personal data in Data MATRIX (as defined below).

2. Personal data means any information relating to an identified or identifiable natural person (‘data subject’)

3. The Policy applies to the group of companies Data MATRIX including “Data MATRIX” Ltd., registered in Russia and “Data MATRIX” GmbH, registered in Germany (referred herein – “Data MATRIX”).

4. Personal data processing is performed in a strict compliance with the international and local legislation of the countries of Data MATRIX’s presence and its customers’ presence.

5. Data MATRIX acknowledges and agrees to comply with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679)), as well as with the relevant legislation of the operating countries.

6. Data MATRIX develops and implements internal regulating documents concerning personal data processing.

7. Internal regulating documents specify the requirements for particular and/or for general data processing cases in accordance with applicable legislation.

8. Internal regulating documents are based on the provisions of this Policy and applicable legislation.

9. Internal regulating documents of the Data MATRIX cannot contradict the General Data Protection Regulation (Regulation (EU) 2016/679)) and should primarily be aimed at protecting the rights and freedoms of the subject of personal data.

10. Data MATRIX does not collect or process data from persons under age of majority (18 years or more), except as provided by law.

11. All persons carrying out the processing of personal data must be familiarized with this Policy and internal regulating documents of Data MATRIX and act in strict compliance with their provisions.

12. Data MATRIX takes into account the difference in the legislation of the countries where personal data is processed, and always acts in the interests of the personal data subject.

13. Data MATRIX undertakes all possible legal, technical and organizational measures to protect personal data considering possible risks.

14. The Data MATRIX commits to inform the subjects of personal data about the changes in this Policy in an accessible form by publishing information on the Data MATRIX's website.

15. The Data MATRIX undertakes not to disclose personal data to third parties, except for cases determined by law of the operating countries and only on the basis of a written decision of courts or public authorities.

16. In order to protect the interests of personal data subjects the Data MATRIX appoints data protection officers.

17. Subject of personal data has the right to communicate the data protection officer about the processing of his/her personal data.

18. Data MATRIX undertakes to secure the confidentiality of applications of personal data subjects as well as impartiality and independence in considering each request.