INTERNAL POLICY

Last updated: March 20, 2019

This Privacy Policy is an integral part of the agreement between you and us regarding the use of the website at www.srm-falcon.com. This Policy explains who we are, for what purpose, and how we process personal data, what rights do you have for giving us any information about yourself, and how to contact us if necessary.

We reserve the right to make changes to the Privacy Policy at any time and for any reason. The date of the last update of the Policy will be indicated in the "Last updated" line at the beginning of this page.

We are "Falcon" Security Risk Management Agency. Our contact details and address are given at the end of this Policy. We are a data controller that is processed in accordance with this Policy (unless otherwise stated).

We may process your personal data if:

• You are our customer (or are interested in becoming one).
• You use our services.
• You work for our customer, or for someone who uses our services.
• You are a client (or you work for a client) whom we want to tell about our services or to offer them.
• You are our employee, contractor, or are interested in cooperation with us.

We do not intentionally require online data from children under the age of 13, nor do we offer them services. We do not intentionally collect personal data of children under the age of 13. If we find that a child under the age of 13 has provided us with personal information without parental consent, we take steps to remove such information.

We may process your personal information received directly from you or from any other source. Such data may include:

• Your name.
• Information about who you work for, department and your job responsibilities.
• Your address, telephone number, email address or other contact information (your personal or business data, depending on the nature of our relationship with you or the person you are working with).
• Personal information received during the process of communicating with you by phone, email, through our website, social networks or otherwise. This information also includes data that we receive or provide to us when you use the website: by registering for our news, providing us with goods or services, interested in our services, placing orders, participating in a contest, advertising or surveying, contacting us to report a problem or performing the steps above on behalf of the person you are working for.
• Information related to the operations upon our and your participation or participation of the person you are working for (for example, details about the products we have developed or the services we provided or received from you or the person you are working for).
• Other personal data that we need to process for the purpose of concluding or executing an agreement with you or the person you are working for (for example, right to process working information and information received from credit history agencies, if necessary for the implementation of the relevant checks on contracts with you or with another person you are working for, or in some way related with).
• Information about events that you or persons associated with you are invited to, as well as your personal information and preferences, if such data is necessary for organizing and managing these events (for example, your preferences about the treatments).
• Your personal information that you provide to us, or which we receive in any way during your visits (for example, if you fall into the CCTV recordings or you are registered when you visit any branch of "FALCON" Security Risk Management Agency, or you provide us with your vehicle's registration data).
• Personal information that you provide us when using the website, including:
  - technical information, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone, browser plug-in types and versions, operating system, and platform; - information about your visit, including complete unique resource locators (URLs), history of visits and movements on our website, history of transition from our website (including date and time), services you have viewed or searched, page response times, errors during download, duration of stay on specific pages, activity information on a page (for example, scrolling, clicks, and mouse cursor), how to navigate from a page, and phone number or social network icon you used to connect with us.

The provisions for using our cookies to process personal data are set out in our Cookie Policy. Please read it.

We process your personal information for the following purposes:

• Conclusion and performance of an agreement with you or the person you are working for in order:
  - to provide services to clients or other users of these services;
  - to receive goods and services from suppliers;
  - to manage our relationships with customers, suppliers and other users of our services. Where you or the person you are working for may be a customer, user or supplier of goods or services for the purposes described above.
  
• to carry out advertising and sales, as well as providing information about our services.
• to administer our website in accordance with the terms of the agreement and for conducting internal operations, including defect fixes, data analysis, testing, research, statistics collection, land surveys.
• to improve our website to ensure that the content is presented in the most effective way for you and your computer.
• to guarantee safety on our website and other systems.
• to provide advice and recommendations on services that may be of interest to you or the person you are working for, which would suit your preference, where appropriate.

We may share your personal data with:

Any members of our association, which includes our subsidiaries and their affiliated companies.

Certain third parties, including:

• our business partners, customers, suppliers and subcontractors for the execution of any agreement we enter into, or other contracts that arise normally when dealing with you or the person you are working with;
• our auditors, legal advisers, and other professional consultants or service providers;

We may share the data obtained through our website with:

• our advertisers and ad networks that need the data to select and place relevant ads for you and other users. We do not disclose to our advertisers personal information that can identify you, but we provide them with aggregate information about our users. We can also use aggregate information to help advertisers display their targeted audience. We may use your personal data to display the advertisements of our advertisers to their target audience, using the provisions of the Cookie Policy;
• providers of analytics and search systems that help us improve and optimize our website in accordance with the provisions of the Cookie Policy.

We may disclose your personal information to third parties:

In case we sell or buy any business or assets. In this case, we may disclose your personal data to a prospective seller or buyer of such business or assets subject to the terms of this Privacy Policy.

If we or all of our assets are acquired by third parties, the personal data they receive about their clients will be one of the assets transferred.

If we are obliged to disclose or share your personal data for the purpose of fulfilling any legal obligations, or for the performance or observance of the terms of the agreement, terms of service delivery and other agreements concluded with you; or to protect the rights, property, or safety of the "FALCON" Security Risk Management Agency, our clients, employees or other users. This includes exchange of information with other companies and organizations (including law enforcement agencies) to protect against fraud and other risks.

When processing your personal data, we rely on the following:

Your prior consent to appropriate processing for individual cases (such as direct marketing). In doing so, we obtain and rely on your consent for the appropriate processing (see below for how to withdraw your consent to processing).

In the absence of consent, we will process your personal data only when it is required:

• to execute the agreement you are a party of, or to take upon your request the steps necessary for the conclusion of such agreement;
• to comply with the legal obligations we have taken on ourselves; or in the legitimate interests pursued by us or another person only in circumstances where these legitimate interests do not conflict with your interests or fundamental rights and freedoms that require protection of personal data (most of the circumstances when we process your personal data according to the nature of relationship we have with the person you are working for will fall into this category).

We process personal data only as much as it is necessary for the purpose(s), for which they were originally collected, after which the data will be deleted or transferred to the archive, except when it is required to continue processing for compliance with our legal obligations, which we have taken on our own, or for other legitimate and legal purposes.

If you are our client or potential customer, we will process your personal data up to three years from the date of collection, unless another term does not follow the purpose of the data processing.

Your personal data that we process may be transferred and stored outside the European Economic Area; such data may not be subject to another data protection law. Such data may also be processed by employees outside the European Economic Area, who work for us or for one of our suppliers. This includes employees who deal, among other things, with the execution of orders, processing of payment requisites, and provision of support services.

If we receive personal data during the provision of services, we will take all necessary measures to ensure that all relevant security measures that apply to them are respected and that they are securely protected in accordance with this Privacy Policy.

We adhere to generally accepted industry standards to protect personal information provided to us, both during data transfer and upon receipt. All processed personal data is stored on secured servers. Any payment transactions are encrypted using the appropriate technology. If we provide you (or you have set) a password that gives you access to certain parts of our website or systems, you are responsible for the confidentiality of this password. We ask you not to share this password with anyone.

Unfortunately, transfer of information over the Internet is not completely secure. While we do our best to protect your personal data, we cannot guarantee the security of the data transferred to our website, so any transfer is at your own risk. As soon as we receive your information, we will be able to apply strict procedures and security measures to prevent unauthorized access.

You must be aware that the other websites that link from our website(s) or emails from "FALCON" Security Risk Management Agency may have another privacy policy that is different from this Privacy Policy. In order to protect your privacy, we encourage you to familiarize yourself with the privacy practices of these websites, apps, or other digital resources.

When you provide us with personal data for processing, you have the following rights:

• You may request access to the relevant personal data.
• You may request correction of any incorrect personal data about you.
• Under certain circumstances (for example, when there is no need to process certain personal data provided by you) you have the right to request the removal of the relevant personal data.
• If we process your personal data based on your prior consent for this processing, you can withdraw your consent for data processing, after which the processing of data will cease.
• If you have a complaint regarding any processing of your personal data, you can contact us, or, if you are in the EU, contact your local representative.

Any changes we shall make to our Privacy Policy in the future will be posted on this page and, if necessary, sent to you by email. Please, visit the Policies page more often so that you do not miss the updates and changes in our Privacy Policy.