CRM PHARMIT PRIVACY POLICY

1.1. CRM PharmIT (hereinafter — the System) — software developed by PharmIT LLP, designed to automate the activities of pharmaceutical distribution companies, including customer base management, employee performance monitoring and efficiency analysis.

1.2. User — an employee of the client company (administrator, regional manager, medical representative) who has individual credentials to access the System.

1.3. Client — a legal entity (pharmaceutical distribution company) that has concluded an agreement with PharmIT LLP and provides access to the System to its employees.

1.4. Personal data — any information related to a directly or indirectly identified individual (User), including full name, position, contact phone number, email address, photograph and other information necessary for working in the System.

2.1. This Policy defines the procedures for collecting, storing, processing and protecting personal data of Users obtained while using CRM PharmIT.

2.2. The purpose of personal data processing is to ensure the functioning of the System, including:

• authorization and identification of Users;
• monitoring task execution and reporting;
• route planning and comparison of actual movements with planned ones;
• providing notifications and mailings;
• analysis, improvement and development of the System.

3.1. The following categories of data are processed within the use of the System:

• information about Users: full name, phone, email, position, photograph;
• data about company clients: information about doctors, pharmacies, medical institutions;
• technical information: IP address, cookies, login logs, geolocation, device and browser information.

3.2. All data is provided by the Client voluntarily when registering Users in the System.

4.1. Data processing is carried out exclusively for the purposes specified in clause 2.2 of this Policy.

4.2. Data is not transferred to third parties, except in cases provided for by the legislation of the Republic of Kazakhstan.

4.3. Creation and configuration of User access rights are carried out on the Client side.

4.4. Access to data is limited and provided only to authorized persons of PharmIT LLP to ensure technical support and functioning of the System.

5.1. Personal data is stored on secure servers located in the Republic of Kazakhstan.

5.2. PharmIT LLP takes all necessary organizational and technical measures to protect personal data from unauthorized access, modification, blocking, copying, distribution and destruction.

5.3. Data is stored for the duration of the agreement with the Client and deleted upon written request or after termination of the agreement.

6.1. The User has the right to:

• request information about their personal data;
• require their correction, update or deletion;
• withdraw consent to data processing.

6.2. To exercise rights, the User may contact the contact details specified in Section 8 of this Policy.

7.1. PharmIT LLP is not responsible for the actions of the Client that violate the rights of Users, including unlawful transfer or disclosure of personal data.

7.2. The Client is responsible for the accuracy and reliability of the data provided, as well as for the actions of its employees who have access to the System.

9.1. Use of CRM PharmIT by the User means agreement with the terms of this Policy.

9.2. PharmIT LLP reserves the right to change the Privacy Policy. The current version is always available upon Client request.