Russian Federation, Moscow

Revision dated 12 April 2018

GENERAL PROVISIONS

• This Privacy Policy (hereinafter referred to as the “Policy”) was developed in accordance with Federal Law No. 152-FZ dated 27.07.2006 “On personal data” and sets forth the position and intentions of GLOBAL HEALTH CARE Ltd. (PSRN 1177746358294, TIN 7726400474, KPP 772601001, address: floor 2, office 11, bldg. 17, str. 15, Dukhovskoy per., 115191, Moscow) (hereinafter referred to as the “Company”) in relation to personal data processing and protection in order to respect and protect the rights and freedoms of each person and especially the right to personal and family privacy, honor and reputation protection.

• This Policy is available online at: global-healthcare.pro.

• This Policy is strictly adhered to by the management and staff of the Company.

• The Policy shall apply to all personal data of the subjects processed in the Company with or without the use of automation devices.

• This Policy may be accessed by any subject of personal data.

TERMS AND DEFINITIONS

• Personal data shall mean any information related to a directly or indirectly identified or identifiable individual (citizen/natural person).

• Personal data processing shall mean any action (operation) or combination of actions (operations) with Personal data conducted with or without the use of automation devices. Such actions (operations) may include the following: collection, receipt, recording, systematization, accumulation, storage, correction (updating, modification), retrieval, use, transfer (disclosure, provision, access), depersonalization, blocking, deletion, and destruction of personal data.

• User (subject of personal data) shall mean any legally capable individual who uses the Website for the purpose of submitting a request.

• Website shall mean the aggregate of information, texts, graphic elements, design, pictures, photos and video materials as well as other intellectual deliverables and computer software being a part of the information system ensuring availability of such information online at global-healthcare.pro.

• Request shall mean a request duly drafted by the User for feedback from the Company regarding goods and services provided by the Company.

• Any other terms and definitions used in this Policy shall be construed in accordance with the laws of the Russian Federation.

• Headings (names of clauses) contained herein are used for convenience only and shall not have any literal legal meaning.

• The Policy was developed and shall be construed in accordance with the laws of the Russian Federation.

• Use of the Website shall mean that the User agrees with the Policy and the terms and conditions thereof.

 PERSONAL DATA PROVIDED BY THE USER

• The Company shall collect, access and use Personal Data, technical and other information related to the User using the Website for the purposes defined herein.

• Technical information is not Personal Data. However, the Company uses cookies, which allow identifying the User. Cookies are text files accessible by the Company and used for processing of information on User’s activities, including information on sections of the Website visited by the User and the time spent there, the country from which the User accesses the Web site, the IP address, and also (possibly) gender and approximate age of the User. The Company uses Google Analytics and Yandex.Metrics to collect such information. The User may deactivate the use of cookies in the options of his/her browser.

• The Company shall process only the Personal Data provided to the Company by the User with the use of the Website. The Personal Data shall include, among other things, the following:

• Name;

• E-mail address;

• Contact phone number;

• The Company shall process Personal Data, technical information and other information of the User for 3 years from the date of provision of such information.

USER CONSENT TO PERSONAL DATA PROCESSING

• By submitting a Request with the use of the Website and accepting the terms and conditions of this Policy, the User gives his/her consent to processing of his/her personal data for the purposes stated below.

• The User agrees to receive informational newsletters and advertising materials from the Company to his/her e-mail address and/or contact phone number specified by the User when submitting a Request with the use of the Website.

• User’s consent to personal data processing shall be kept by the Company in electronic form.

• Personal data of the User shall be processed without his/her consent to such processing in the following cases:

• the personal data are public;

• such processing is requested by competent state authorities in cases stipulated by the federal law(s) of the Russian Federation;

• the personal data are processed for statistical purposes (provided the personal data are depersonalized);

• in other cases stipulated by laws.

PURPOSES FOR WHICH INFORMATION PROVIDED BY THE USER IS USED

• The Company shall use the information provided by the User for the following purposes only

• establishment of communication with the User in order to provide information about the Company and its services;

• conducting marketing, statistical, and other types of research using depersonalized information (data);

• sending information and other materials to the User’s e-mail address;

• improvement of quality of services and modernization of the Website;

• implementation of justice (if the Company receives a corresponding request from competent state authorities);

• adherence to Russian laws.

PRINCIPLES AND CONDITIONS OF PERSONAL DATA PROCESSING

• The Company shall process and protect personal data in accordance with the Constitution of the Russian Federation, Federal Law No. 152-FZ “On personal data”, by-laws, other federal laws of the Russian Federation concerning specific cases and peculiarities of personal data processing, regulations and guidelines issued by the Federal Service for Technical and Export Control of Russia and the Federal Security Service of Russia.

• When processing personal data, the Company shall pursue the following principles:

• legitimacy and equitable basis;

• restrictions of personal data processing to certain predetermined and legitimate purposes;

• inadmissibility of personal data processing incompatible with the purposes of personal data collection;

• inadmissibility of combining databases containing personal data that are processed for mutually incompatible purposes;

• personal data processing for pre-determined purposes;

• correspondence between the content and the scope of the processed personal data and the purposes of such processing;

• taking measures necessary to delete or correct incomplete or inaccurate data.

• The Company shall process personal data provided at least one of the following conditions is met:

• personal data are processed only if the subject of personal data agrees that his/her personal data will be processed;

• personal data processing is required for statutory purposes as well as for the purpose of fulfilment of the functions, powers and obligations imposed on the operator by the legislation of the Russian Federation;

• personal data processing is required for the purpose of performance of a contract, whereto the subject of personal data is a party, a beneficiary, or a guarantor, and also for the purpose of signing a contract at the initiative of the subject of personal data, whereto the subject of personal data will be a beneficiary or a guarantor;

• personal data processing is required for exercising the rights and legal interests of the Company or third parties, or for achievement of publicly significant goals, provided that it does not violate any rights and freedoms of the subject of personal data;

• processing of personal data is conducted in case access is granted to an indefinite number of persons by or on behalf of the subject of personal data;

• processing of personal data is conducted subject to mandatory disclosure and/or publication in accordance with federal laws.

• In cases stipulated by the legislation of the Russian Federation, the Company shall have the right to disclose personal data of individuals.

• The Company shall delete or depersonalize personal data once the purposes of processing are fulfilled or if such purposes are no longer relevant.

• The Company shall not engage in transboundary transfer of personal data received from the User.

PERSONAL DATA PROTECTION

• The Company shall take reasonable and sufficient legal, organizational and technical measures for protection of information provided by Users against unauthorized or accidental access, destruction, modification, blocking, copying, disclosure, and dissemination of personal data as well as against other unauthorized actions regarding personal data.

• User’s personal data shall be protected at the Company’s account in accordance with the federal law(s) of the Russian Federation.

• When protecting personal data of its Users, the Company shall take required organizational/management, administrative, legal and technical measures in accordance with Federal Law No. 152-FZ “On personal data”, namely:

• identification of threats to personal data security when processing them in information systems;

• use of organizational and technical measures for protection of personal data when processing them in information systems, which is essential for meeting the requirements for personal data protection, which in turn ensures the levels of personal data protection stipulated by the Government of the Russian Federation;

• use of means of data protection that were duly verified and assessed for compliance;

• assessment of efficiency of the measures taken in order to ensure personal data security prior to commissioning of the personal data information system;

• identification of instances of unauthorized access to personal data and taking respective measures;

• recovery of personal data modified or destroyed as a result of unauthorized access;

• setting forth the rules of access to personal data processed in the information system as well as registration and recording of all actions with personal data in the information system;

• monitoring of the measures taken to ensure personal data security and the security level of the personal data information system;

• recording/accounting of personal data media;

• monitoring of actions performed by persons related to Users’ personal data processing; investigation of violations of personal data security.

• The overall protection of Users’ personal data shall be the responsibility of the Company’s General Director. In order to coordinate the actions related to personal data protection, the Company has appointed persons in charge of personal data protection.

• User’s personal data shall be accessible by Company’s staff on the “need-to-know” basis.

RIGHTS OF THE USER

• The User whose personal data are processed by the Company may receive the following information from the Company:

• confirmation of personal data processing by the Company;

• legal grounds for and purposes of personal data processing;

• information on the means of personal data processing used by the Company;

• name and location of the Company;

• information on persons to whom access to personal data was or may be granted in accordance with a contract signed with the Company or pursuant to a federal law;

• list of personal data related to the requesting individual subject to processing and the source of such data (unless the procedure for provision of such information is altered by federal law(s));

• information on the timeframe of personal data processing as well as the period of data storage;

• information on the procedure in accordance with which the individual can exercise his/her rights stipulated by Federal Law No. 152-FZ “On personal data”;

• information on present or future transboundary transfer of personal data;

• name and address of the person in charge of personal data processing appointed by the Company;

• other information stipulated by Federal Law No. 152-FZ “On personal data” or by any other federal laws;

The User shall have the right to:

demand that his/her personal data are reviewed, blocked or destroyed if the personal data are incomplete, outdated, inaccurate, received/collected illegally or are not required for the purposes of personal data processing by sending a request to info@global-healthcare.pro;

• withdraw his/her consent to personal data processing by sending a request to the Company to info@global-healthcare.pro;

• individually withdraw his/her consent to receiving informational newsletters and advertising materials at any time by clicking the respective link in the e-mail (“Unsubscribe”);

• demand that the Company eliminates unauthorized actions related to his/her personal data;

• submit an objection/appeal against actions or inaction by the Company to the Federal Service for Supervision of Communications, Information Technology, and Mass Media (Roskomnadzor), or appeal to court if the individual is of the opinion that the Company processes his/her personal data with violations of Federal Law No. 152-FZ “On personal data” or otherwise infringes his/her rights and freedoms;

• protection of his/her rights and legal interests, including compensation for losses and/or compensation for moral damage by legal means;

• delete or modify the information communicated to the Company at any time by sending a message to the Company to info@global-healthcare.pro. At the same time the User agrees that the Company may continue using such information in cases not prohibited by the legislation of the Russian Federation.

RIGHTS OF THE COMPANY

• The Company may undertake statistical and other studies on the basis of depersonalized information provided by the User. The Company may grant access to such studies to third parties. The User consents to such studies by accepting this Policy.

• The Company may disclose information about Users to law enforcement authorities or to any other state authorities during court hearing or an investigation under a court decision, enforcement order or as a form of cooperation, and in other cases stipulated by the legislation of the Russian Federation.

• The Company may disclose information about Users to third parties in order to identify and eliminate fraudulent actions as well as to correct technical errors or security issues.

LIABILITY

• In case of defaults hereunder, the Company shall be held liable in accordance with the legislation of the Russian Federation.

• The Company shall not be held liable for the accuracy and completeness of the personal data provided by the User.

FINAL PROVISIONS

• The Company reserves the right to amend this Policy. In case of introduction of material changes to this Policy, i.e. changes in purposes of personal data processing, personal data storage period, introduction of transboundary data provision, the Company shall notify the User of the planned amendments and the effective date of the new revision of the Policy.

• The new revision of the Policy shall become effective immediately after its publication on the Website.

• If the User does not agree with this Policy, the User may not use the Website.

• This Policy is drafted in accordance with the legislation of the Russian Federation. Should the legislation of the Russian Federation on personal data protection be amended, this Policy shall be brought in line with the current legislation within a week from the date of introduction of such amendments.