Protection of personal information

Normally, we only collect such personal information as website visitors disclose to us on a voluntary basis for purposes of receiving information and/or services or notification about employment opportunities. Please review carefully this Policy on the processing of personal data and other transmitted information (hereinafter referred to as “Policy”) in order to form a more complete picture of the Group's procedures for the collection, use, transfer and protection of personal information obtained and other information, transmitted to the Group.

1. Collection and use of transmitted information

1.1 Nature of information collected by us

We obtain your transmitted details if you disclose it to us voluntarily, including through the use of telecommunications and mobile communications, or make an enquiry using an online form. Sometimes the Group may already be in possession of personal and (or) another data provided by you (for example, if you are a client of the Group ). The Group reserves the right to engage in collection of any information or other data sourced fr om the website, including through filling in any available forms and subscription to the newsletter, fr om social media through subscription/posting on the Group's pages (for example, on LinkedIn, Facebook, Twitter but not limited to them) and also through messengers (including but not limited to Telegram, WhatsApp, Viber) and (or) by means of SMS notifications/messages being sent to the Group (telecommunications and mobile communications). The nature of other information collected by the Group depends on your privacy settings on the social media/messengers used for interactions with the Group; we therefore request that you review the relevant provisions or privacy policies of the third-party service provider used.

When you disclose your personal data or other information to the Group, we use your data in compliance with this Policy. Transmitted data shall not be used for any purposes other than those above, unless you authorize us to use same for other purposes or such use is required or allowed by law or professional standards. Wh ere you send us, for purposes of employment with the Group, an email message with your résumé or curriculum vitae attached, we will use this information to notify you of available vacancies and to enter you into our job seeker database.

1.2 Statutory authority to use the obtained data

the Group normally performs the collection of only the data required to process your enquiry or to serve you as a client of the Group. Should we need to obtain further details, you will be notified thereof when the data are being collected.

For the purposes of complying with the requirements of applicable law, which authorizes us to process data transmitted by you as long as we have legal authority to do so, we will meet one of following processing criteria:

• Contractual performance: your personal and (or) other data need to be processed in furtherance of our obligations under the contract, including the preliminary analysis and evaluation of your request at the stage of negotiations;

• Statutory duty: we are required to process your personal and (or) other data in furtherance of our statutory duty, for example, to keep records on file for tax purposes, or disclosure to this or that public or law enforcement authority;

• Legitimate interests: we will process your details wh ere such processing falls within our legitimate interests in the context of legitimate activities and is required in furtherance thereof, provided that such information processing is carried out in accordance with the applicable law;

• Your consent: in certain circumstances, that are provided by the law, we will request your express consent to the processing of a given block of your personal data or other data, with no processing of your data by the Group without your consent. You shall be entitled to revoke your consent at any time by emailing the Group at info@beterra.ru and specifying the purpose for which your contact details were given to us.

The following are examples of the above-mentioned legitimate interests:

• Provision of information and/or services to the visitors of our website, social networks of the Group, to the persons interacting with us via messengers and (or) via SMS notifications/ messages or notification about employment opportunities.

• Prevention of wrongdoing or crime and protection of our IT systems.

• Fulfilment of our corporate and social commitments.

• Compliance with legislative requirements and regulatory acts/directives.

1.3 Personal and other Data Processing and Security Policy

The Personal and other Data Processing and Security Policy (hereinafter referred to as “Policy of the Group”) has been developed pursuant to art. 18.1 of the Federal Law of 27 July 2006, No. 152-FZ, “On Personal Data”, and in consideration with provisions pf Federal Law dated 29.07.2004 №98-FL “On trade secret”, and is the fundamental internal regulatory document of the Group, defining its key areas of focus in the processing and security of personal data (hereinafter referred to as “PD”) for which the Group is a data controller.

1.4. IP addresses

An IP address is a number assigned to your computer or your mobile phone (smartphone) every time it accesses the internet. It makes it possible for computers/mobile phones (smartphones) and servers to identify each other and exchange information. Moreover, the Group may collect and use other technical data, such as: device specifications, information stored in cookies, browser information, date and time of access to the Group website, addresses of the requested pages and other similar information. The IP addresses and other technical data of visitors to our websites will be recorded for purposes of information security and system diagnostics. This information will mostly be also used in an aggregated form for website use analytics and effectiveness.

1.5 Widgets and apps on the social media

The website of the Group can have functionality for information exchange through third-party apps on social media, such as the Like button on Facebook and Twitter widget, but not limited to them, and also via messengers and SMS notifications/messages sent to Baker Tilly (telecommunications and mobile communications). Social media apps will collect and use information on your use of the resource of the Group website, including technical data. All information that you share through such apps on social media will quite often be collected and used by other users of the app, and such interaction is covered by the privacy policy of the corporate providers of the app. We do not control the companies involved and disclaim any responsibility for the way they use your data.

1.6 Children

the Group is fully aware of the importance of protecting the privacy of children, most of all in online communications by email. Our website and social networks are not for children younger than 13 years old. In accordance with our policy, we never engage in targeted collection and storage of information on persons younger than 13 years old, when we know the age of these individuals, except for collection and storage of such information in furtherance of the provision of professional services.

2. Exchange and transfer of personal and other data

2.1 Disclosure to third parties

We do not disclose transmitted by you data to third parties, except where required for purposes of our professional activities, processing of your enquiries and/or required or permitted by law or professional standards.

the Group can transfer certain personal data abroad to third parties working with us or on our behalf or acting in our name for purposes listed in present Policy.

the Group undertakes not to disclose the personal data provided by you to third parties, to be used by the third parties for purposes of direct marketing.

3. Discretion

You are generally not required to disclose any personal and (or) other data to us; the Group will, however, request certain data from you so that you can receive additional information about our services and events being held. The Group will also be requesting your consent to use your personal data and if it is required other data for certain purposes and you will have the discretion to either give or deny such consent. If you subscribe to certain services or newsletters, you can at any time cancel them by following the instructions included in every message sent to you. If you opt to cancel your subscription, we shall do our best to delete your data as soon as possible; we may, however, require additional information from you before processing your request.

4. Your rights

Should the Group process your personal data, and also other data, including data with commercial nature, you shall have the following rights:

- Access and correction of inaccuracies: you have the right to access your personal and other data. The form for such access is titled “Data subject's request for access”. If you are entitled to receive requested data under applicable statutes, such data will be provided to you free of charge. Prior to providing you with requested data, we may request that you provide proof of your identity and sufficient evidence of the nature of your relationship with us so that we can identify your data. If you suppose that your personal data that are kept on record with us are incorrect, you are entitled to contact us with a request for correction of inaccuracies.

- Withdrawal of consent: you have the right to withdraw your consent to the processing of your personal or other data if you find that we may not continue using it.

- Other rights: you shall also be entitled to request that we delete your data if you find that they have been kept on record unreasonably long, as well as – in certain situations – request that the processing thereof be restricted in scope, and/or receive printouts of your data that we store electronically.

You can send a request and exercise the above-listed rights by emailing the Group at info@beterra.ru specifying the purpose of the request with your contact details, and we, for our part, will do whatever is reasonable and practical to comply with your request, provided that it is not at variance with the applicable legislation and professional standards.

5. Information security and data integrity

the Group has put in place security policies and measures designed to protect personal and other data against loss, unauthorized use, modification or deletion. At the same time, given all existing threats to information security, it is impossible to provide full guarantee of transmitted data security even despite all the efforts that the Group will be making. For our part, we do whatever is possible in order to grant access to data transmitted by you on a need-to-know basis or on other legal grounds. Persons with access to such data are bound by confidentiality restrictions.

We do our best to keep transmitted personal data or other only as long as we need them for 1) fulfilling the requests of the discloser thereof, 2) complying with the requirements of legislation, regulators/ supervisory authorities, internal administrative activities or in-house policies 3) the period until the discloser contacts us with a request to remove the data. The storage period of such data will depend on specific events and circumstances that were taken into account when the data were collected; the transmitted data will not, however, be kept any longer than required under the applicable law.

6. Links to other websites

the Group's website can contain links to other websites, social networks and messengers, which are subject to the provisions of other privacy and personal and other transmitted data security documents, quite often different from present Policy. Prior to disclosing any personal data, we recommend that online-visitors review the relevant privacy policy posted on each web resource.

7. Amendments to Policy

the Group can from time to time make changes to present Policy in order to reflect the data security procedure in effect at the material time. Whenever we make changes, we will specify the date of the revised version at the top of this page. To learn more about how the Group ensures the security of your personal and other data, transmitted by you, we recommend reviewing the Policy on a regular basis, because by transmitting information you confirm, that information, transmitted to the Group, is not within the regime of trade secret, obtained legally by the Group and can be used to provide services for your company, including pre-contractual stage.

The most recent amendment to the section made on January 27, 2023.