Information about processing personal data for people whose personal data we obtain in connection with providing services to our clients

Fulfilling the obligations according to the Article 21 paragraph 1 of Law on Personal Data protection of Montenegro ("Official gazette of Montenegro", no. 79/08, 70/09, 44/12, 22/17, hereinafter be referred to as “LPDP”) the data controller informs that:

1. PricewaterhouseCoopers d.o.o. Podgorica, Bulevar Džordža Vašingtona 98, Podgorica, TIN: 02656337 („PwC”, “we”) will be the controller of your personal data.

2. If you have any questions or complaints regarding your personal data being processed by PwC, and/or the rights you possess, please contact us via email: me_privacy@pwc.com;

3. PwC processes your personal data for the following purposes and on the following legal basis:

4. Your personal data will not be disclosed to third parties except the following recipients:

• other PwC global network member firms (each of which is a separate independent legal entity). For details of our member firm locations, please visit the website. We may share personal data with other PwC member firms where necessary for administrative purposes and lawful interests pursued by the PwC referred to in section 3;

• service providers that aren’t members of the PwC network (“third party service providers”) to process on PwC’s behalf. Third party service providers may include providers of IT services, including identity management, website hosting, marketing automation and management, CRM, data analysis, data back-up, security and storage services in so far as it refers to the business relation with PwC;

• governmental or regulatory authorities, courts and law enforcement authorities or agencies as required by and/or in accordance with applicable law or regulation.

5. Your personal data may be transferred to countries outside Montenegro - third countries, based on:

• Article 42 paragraph 1, point 6) of the LPDP - transfer to the EU member countries, countries of European Economic Area and/or countries listed by the EU as the countries with an adequate level of protection of personal data;

• Article 42 paragraph 1, point 8) of the LPDP - standard data protection clauses adopted by the European Commission.

6. Your personal data will be retained until the end of Client’s cooperation with PwC. After that, personal data might be stored only for the period indicated by statutory provisions of law or as long as you or us may pursue legal claims towards each other.

7. In relation to processing your personal data you have the following rights:

• right to access, to rectification (updating), to erasure, to restriction of processing, and to object;

• right to lodge a request for protection of rights and complaint with a data protection authority (Agency for Protection of Personal Data and Free Access to the information).

8. The provision of personal data is:

• necessary in order to establish and perform Client’s cooperation with PwC - in the scope of processing purposes pursued within the PwC lawful interests;

• mandatory - in the scope of processing purposes pursued within the legal obligation.

9. The entity that provides PwC with personal data as part of using our services (Client) or the entity that provides PwC with personal data as part of provision of our services to Client is a source of your personal data.

10.PwC processes, as a standard, the following categories of personal data: name, surname and business contact details (such as mobile number and email address). In some cases, the scope of processing may be wider. For example, we will review payroll data as part of an audit and we often need to use personal data to provide global mobility services or we are processing a national identification number complying with the provisions of anti-money laundering and terrorist financing legislation.