Personal data is any information that can be used for identification of an individual. Measures are implemented to ensure, that personal data of customers is always in safety when at disposal of data controllers, and that processing of personal data of customers is carried out in compliance with the existing data protection laws, internal policies, guidelines and procedures. The purpose of the Privacy Policy is to provide a natural person – data subject – with information on the purpose, extent, protection and term of processing of personal data during the process of obtaining and processing of data subject's personal data.

1. Controller of processing of personal data: LLC “NERE E ”, reg. No. 40003868642, legal address: Riga, Meistaru Street 10, LV-1050 (hereinafter also – NERE E )

2. Applicable legislation: the Personal Data Protection Law, the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and other applicable laws in the area of privacy and data processing.

3. What is the Privacy Policy?

The Privacy Policy serves as a link between NERE E and a natural person (hereinafter also – the User), who contacts NERE E and/or uses NERE E website and/or provided services.

NERE E undertakes to protect User's personal data. The Privacy Policy allows the User to understand, what information is obtained, when the User submits own data to NERE E or when NERE E obtains such data using other methods, why NERE E collects such data and how it will be used.

The Privacy Policy also provides information on how NERE E acquires, processes, stores, deletes and protects User's personal data, thus ensuring, that the User's personal data is processed lawfully, in good faith and in a transparent manner for the User. The Policy applies to the User's personal data, any processing of personal data, and the service provided to the User. If RERE E updates this Policy, all amendments will be published on the website of NERE E. In order to provide the User with better and more suitable services, and to ensure, maintain, protect and improve the existing services, NERE E processes data obtained during the process of provision of services.

4. What purposes the User's data is acquired for?

The User's personal data and any other information is acquired in order to: • offer and provide appropriate services, supervise transactions and protect Users from unlawful or harmful direct or indirect, intentional or unintentional acts by persons while processing information and data at disposal of the respective persons; • to process all requests for information by the User; • to fulfil the obligations of NERE E under regulatory documents; • to

provide the User with support services; • to carry out research, surveys and analysis of customers; • to provide the User with information on offers, products and services of NERE E, if the User has given its consent for receipt of such information.

5. What User's data is processed by NERE E?

Name, surname, personal identity number/date of birth, correspondence address, phone number and e-mail address; Bank details, if such are provided; Data, which the Customer notifies to NERE E itself; User's IP address; Cookies (website browsing data); Other personal data, depending on the type of service provided to the Customer.

This information is stored on servers of NERE E, located in secure infrastructure. When the User uses NERE E services, servers of NERE E maintain a unique journal of activities for the User's

safety, which stores a certain administrative and data flow information, including: • IP addresses; • access time; • access dates; • previously visited pages; • used language; • report on software errors according to used browser program. This information is important to ensure quality of provided services. Personal information is not obtained without the User's consent. User data will not be transferred to countries outside the European Union or the European Economic Area; however, if such necessity will occur, the User's data may be transferred only to countries that guarantee the same level of protection of personal data as required in the European Union.

6. What means are used by NERE E for acquisition and processing of data?

NERE E may automatically obtain the previously mentioned data and receive personal data indicated by the User while using services, or otherwise contacting and interacting with the website. NERE E may also receive personal information from other service providers online. NERE E is also entitled to attract third-party service providers to ensure technical support during provision of service. NERE E has access to the information provided by the User to these service providers and third-party e-commerce service providers, observing all requirements of the Privacy Policy.

7. What are the bases for processing of User personal data?

User's consent – the User as a data subject, completes an application and/or contact form, thus giving consent for acquisition and processing of personal data for specific purposes. The User agrees to processing of personal data for direct marketing purposes, enabling NERE E to offer new and individual services (this consent may be withdrawn by the User).

The User's consent comprises his/her free will and independent decision, and it may be given at any moment, thus allowing NERE E to process personal data for the specific purposes. The User's consent is binding upon the User, if given directly and explicitly. The User is entitled to withdraw its previously given consent at any moment, using the specified communication

channels of NERE E. The applied changes will come into force within three working days. The consent withdrawal shall not affect the lawfulness of data processing done on the basis of the consent before such withdrawal.

Provision of service – to be able to provide the User with high quality services, NERE E has to acquire and process certain personal data that is obtained from the User on the website of NERE E. Legitimate interests – observing the interests of NERE E, which are based on provision of high quality services and timely support to the User, NERE E is entitled to process User's personal data to the extent it is objectively required and sufficient for the purposes specified in this Privacy Policy. The legitimate interests of NERE E involve data processing during direct marketing processes, which results in offering new and/or individual services of NERE E to the User.

Fulfilment of legal obligations – NERE E is entitled to process personal data for the purpose of fulfilling requirements of regulatory enactments and responding to lawful requests of public and municipal authorities.

8. Exceptions to disclosure of User data

NERE E is entitled to disclose personal data only in the instances stipulated by regulatory enactments.

9. What are cookies?

Cookies are small text files, stored by our website on your computer or mobile device, when you visit our website. At any subsequent visit of our website the cookies are sent back to the website of origin or third-party website, which recognizes the respective cookie. In addition, cookies enable the website to remember settings selected by the User during previous visits,

so that these settings have not to be indicated repeatedly. Cookies are not used to identify your person. NERE E may use cookies as a tool for acquisition of information from the network server for the aforesaid purposes, following the use of the website by the User. If the User continues to use our website, he/she agrees to the use of cookies by NERE E. Cookies contain information, which is transferred to the hard drive of the User's computer. Cookies help NERE E to improve its website and provide better and more personalized services. The acquired data is used by the maintainer of NERE E website and Google, which obtains anonymous data, such data not being linked neither to a particular person, nor a particular IP address. Data safety of Google Analytics is certified by ISO 27001 certificate and the legal framework of U.S.-EU Privacy Shield. More information on these issues is available here: https://support.google.com/analytics/topic/2919631

If the User wants to delete all cookies stored on his/her computer or terminate cookies that follow activities of the User on the website, the User can do it by deleting the existing cookies and/or changing confidentiality settings of the web browser to block cookies (this process differs among various browsers). More information on how to do it is available on the website www.allaboutcookies.org.

10. Duration of storage of User personal data

NERE E will process the User's personal data as long as at least one of the following conditions is effective: a) while the User uses the provided service; b) the term for storage of personal data is determined by or arises from regulatory enactments of the Republic of Latvia or the European Union; c) to the extent necessary for implementation and protection of legitimate interests of NERE E; d) as long as the User's consent for processing of personal data is not withdrawn.

11. What are security conditions?

When using services of NERE E or contacting NERE E, the User agrees to NERE E terms and conditions of provision of services. NERE E ensures, revises and improves protection measures on regular basis to protect the User's personal data from unauthorized access, accidental loss, disclosure or destruction of data. To do so, NERE E applies modern technology, technical and organisational requirements, also using firewalls, intrusion detection and analysis software and data encryption. NERE E carefully checks all service providers that process the User's personal data on behalf and upon the order of NERE E, and assesses, whether cooperation partners (processors of personal data) implement appropriate security measures to ensure that processing of the User's personal data is implemented according to delegation by NERE E and requirements of regulatory enactments.

Cooperation partners are not allowed to process the personal data at disposal of NERE E for own purposes. NERE E does not assume any liability for any unauthorized access to personal data and/or loss of personal data, if it is not dependent on NERE E, for example, when the User has disclosed own personal data to third parties himself/herself. In the case of any threats to the User's personal data, NERE E will notify the User. NERE E also undertakes to notify the relevant authorities and involved natural persons about information/data processing security incidents or possible incidents without unjustified delay within 72 hours after such violation becomes known to NERE E, as stipulated by applicable regulatory enactments and/or laws of the European Union, except the instances, when according to the principle of accountability NERE E is able to prove, that the personal data protection violation, most likely, does not pose any risks to rights and freedoms of natural persons. NERE E stores all personal information received from the User in a protected database, encrypting some of the data and ensuring that connection to the database is protected.

13. What are the User's rights?

To address NERE E and receive a copy of personal data at disposal of NERE E. To rectify all personal data at disposal of NERE E on the User, and receive information about natural or legal persons that have received information on the User in a specific period of time. NERE E will not issue to the User any information about public institutions that manage criminal proceedings, subjects of operational activities or any other institutions, where disclosure of such data is forbidden by the law. To request deletion or limit processing of personal data, processing of which is not required anymore for the purposes this data was acquired (the right “to be forgotten”). The User has the right for portability of own personal data. To address NERE E or the personal data supervisory institution (Data State Inspectorate, www.dvi.gov.lv) in relation to issues concerning processing of personal data.

The e-mail address info@neweurope.lv can be used for communication with NERE E

All information security system questions and information/ data security questions that are not discussed in this Policy shall be addressed to NERE E (67780577 and info@neweurope.lv)