PERSONAL DATA PROCESSING AND SECURITY POLICY

1. General Provisions

As part of the selection of personnel for its own needs, Sever Minerals JSC (hereinafter referred to as the “Company”) processes the personal data of various categories of individuals (personal data subjects) using its website http://severminerals.ru. For the purposes of this Policy, personal data is understood to mean any information provided through the Company's website related to a directly or indirectly determined or specified individual (the personal data subject).

2. Personal data collection

Through its website, the Company collects personal data that is entered into the data fields on the Company's website by users or by second parties on their behalf.

3. Principles and conditions for the processing of personal data

Only personal data that meets the purposes of the company’s processing is subject to processing. The content and volume of the personal data processed by the Company corresponds to the stated processing goals and redundancy of processed personal data is not permitted.

In the course of its activities, the Company may provide and/or entrust the processing of personal data to another person with the consent of the subject of personal data, unless otherwise stipulated by the legislation of the Russian Federation on personal data. In this case, the obligation of the parties to maintain confidentiality and to ensure the security of personal data during its processing is a prerequisite for the provision and/or order to process personal data to another person.

The terms for processing personal data are determined in accordance with the purposes for which they were collected.

4. Rights of the subject of personal data

The personal data subject has the right (unless otherwise provided by law):

If you have questions about the nature of the use, the use, modification or removal of personal data that you have provided, or if you want to refuse its further processing by the Company, please contact us by mail at the Company’s address, or by e-mail: hr@severminerals.com

Please note that the Company is not responsible for inaccurate information which is provided by the subject of personal data.

5. Implementation of requirements for the protection of personal data

In order to maintain business reputation and ensure compliance with federal legislation, the Company considers the most important tasks to ensure the legitimacy of the processing of personal data in the business processes of the Company and to ensure the appropriate level of security of personal data processed in the Company.

The Company requires other persons who have access to personal data not to disclose it to third parties and not to distribute personal data without the consent of the personal data subject, unless otherwise stipulated by federal law.

In order to ensure the security of personal data during its processing, the Company takes the necessary and sufficient legal, organizational and technical measures to protect personal data from unlawful or accidental access to it, as well as the destruction, modification, blocking, copying, provision and distribution of personal data and other illegal actions against it.

The Company seeks to ensure that all measures it takes for the organizational and technical protection of personal data are carried out legally, including in accordance with the requirements of the legislation of the Russian Federation on the processing of personal data.

In accordance with the identified threats, the Company applies the necessary and sufficient legal, organizational and technical measures to ensure the security of personal data, including the use of information security tools and the detection of unauthorized access to personal data, and taking measures, restoring personal data, restricting access to personal data, the registration and accounting of actions with personal data, as well as monitoring and evaluating the effectiveness of the measures taken to ensure the security of personal data.

The Company's management recognizes the importance and necessity of ensuring the security of personal data and encourages the continuous improvement of the system for protecting personal data processed as part of the Company's core business.

The Company has appointed persons responsible for organizing the processing and ensuring the security of personal data. Each new employee of the Company who directly processes personal data is familiarized with the requirements of the legislation of the Russian Federation on processing and ensuring the security of personal data, this Policy and other ‘local regulatory acts of the Company on processing and ensuring the security of personal data, and undertakes to comply with them.