Policy of Public Joint Stock Company Evropeyskaya Elektrotekhnica on Processing and Protection of Personal Data

1. GENERAL PROVISIONS

1.1. This Policy on Processing and Protection of Personal Data (hereinafter – the Policy) was developed in accordance with Article 18.1 of the Federal law dated 27.07.2006 № 152-FZ "On Personal Data" and is the main internal document of Public Joint Stock Company Evropeyskaya Elektrotekhnica (hereinafter – the Company) regulating its activities in the area of processing and protection of personal data of which the operator is the Company.

1.2. The Policy has been designed to implement the requirements of the legislation of the Russian Federation in the area of processing and protection of personal data, and is aimed at protecting the human rights and freedoms of citizens in the processing of personal data in the Company, including the protection of rights to privacy and personal and family secrets.

1.3. This Policy applies to any information received by the Company, both before and after the approval of the Policy.

1.4. This Policy applies to all information that the Company may obtain about a user, including during use of the site www.euroetpao.ru (hereinafter – the Site).

1.5. Visiting and using the Site means the user gives his/her unconditional consent to this Policy and the conditions of processing of his/her personal data contained in it.

1.6. In the event of disagreement with the terms of processing of personal data in the Company, the user must stop using the Site.

1.7. This Policy applies only to the Site www.euroetpao.ru. The Company does not control and is not responsible for the collection and processing of personal data by third parties to whose sites the user can go by clicking on the links available on the Site www.euroetpao.ru.

1.8. The Company does not verify the accuracy of the personal data provided by the user.

2. THE COMPOSITION OF PERSONAL DATA RECEIVED AND PROCESSED

2.1. User data received and processed by the Company under this Policy:

2.1.1. Data provided by the user by contacting the Company via phone numbers and email addresses listed on the Website, and may include the following information: Full name, contact phone number, email address. Other information provided by the user at his/her discretion.

2.1.2. Data automatically sent to the Company in the process of visiting and using the Site www.euroetpao.ru using the software installed on the user's device, including: IP address, information from cookies, information about the user's browser (or other program used to access the Site), time of access, address of the requested page.

3. PURPOSES OF THE COLLECTION AND PROCESSING OF PERSONAL DATA

3.1. The collection and processing of personal data of the user by the Company has the following purposes:

3.1.1. Identification of the user within the framework of legal relations with the Company;

3.1.2. Communication with the user, if necessary, including for sending notifications, requests and information related to the use of the Site and the provision of services, as well as for processing requests and applications from the user;

3.1.3. Providing the user with effective customer and technical support in the event problems arise associated with the provision of services by the Company;

3.1.4. Improving the quality of the Site and the convenience of its use;

3.1.5. Providing the user, with his/her consent, with personal services, special offers, pricing information, newsletters and other information on behalf of the Company or on behalf of the Company's partners;

3.1.6. Carrying out advertising activities with the consent of the user;

3.1.7. Providing the user with access to the websites or services of the Company's partners in order to obtain products, updates and services.

3.1.8. Conducting statistical and other research based on depersonalized data.

4. PROVISION OF ACCESS TO PERSONAL DATA

4.1. The Company ensures the safety of users' personal data.

4.2. The confidentiality of the user's personal data are maintained except as specified in paragraph 4.3. this Policy.

4.3. The Company has the right to transfer the user's personal data to third parties in the following cases:

4.3.1. The user has expressly given his/her consent to the transfer of his/her personal data;

4.3.2. The transfer of the personal data is necessary for the provision of certain services to the user by the Company's partners. In such cases the confidentiality of the personal information is ensured, and the user is notified of such transfer;

4.3.3. The transfer is provided for by Russian or other applicable legislation according to the established procedure (by a court decision, a request of law enforcement agencies, etc.);

4.3.4. Such transfer takes place as part of the sale or other transfer of the business (in whole or in part), and the purchaser shall also receive all obligations to comply with the terms of this Policy in regard to the personal information received by it;

4.3.5. In order to ensure the possibility of protecting the rights and legal interests of the Company.

4.4. In the event of loss or disclosure of personal data, the Company shall inform the user about the loss or disclosure of the personal data.

5. PROTECTION OF PERSONAL DATA OF USERS

5.1. The Company guarantees that the level of protection of personal data of users meets the requirements set out in the Decree of the Government of the Russian Federation dated November 1, 2012 No. 1119 "On Approval of the Requirements for the Protection of Personal Data Upon Their Processing in Personal Data Information Systems".

5.2. The Company takes the necessary organizational and technical measures to protect the user's personal data from unauthorized or accidental access, destruction, modification, blocking, copying, or distribution, as well as other illegal actions of third parties in accordance with the requirements of the Order of FSTEC of Russia (Federal Service for Technology and Export Control of Russia) dated 18.02.2013 No. 21 "On the Approval of the Composition and Content of Organizational and Technical Measures to Ensure the Security of Personal Data Upon Their Processing in Personal Data Information Systems".

6. LIABILITY

6.1. In the event of failure to fulfill its obligations, the Company is liable for losses incurred by the user in connection with the illegal use of personal data, in accordance with the legislation of the Russian Federation, except as provided in 6.2. of this Policy.

6.2. In the event of loss or disclosure of the user's personal data, the Company shall not be liable if this information became public prior to its loss or disclosure, or was disclosed with the User's consent

7. FINAL PROVISIONS

7.1. The Company has the right to make changes and additions to this Policy. The new version of the Policy is valid from the moment of its posting on the Site www.euroetpao.ru, unless otherwise provided in the new version of the Policy.

7.2. Relations in the area of processing and protection of personal data not regulated in this Policy are subject to the current legislation of the Russian Federation.

7.3. All suggestions or questions related to the processing and protection of personal data by the Company should be sent to the email address info@euroetpao.ru.

7.4. Data of the personal data operator:

Public Joint Stock Company Evropeyskaya Elektrotekhnica

INN 7716814300, KPP 771601001, OGRN 1167746062703;

Legal address: 129344, Moscow, 1 ul. Letchika Babushkina, bldg. 3;

Postal address: 129344, Moscow, 1 ul. Letchika Babushkina, bldg. 3.