Certus Cybersecurity Solutions, LLC Privacy Statement

Certus Privacy StatementVersion 1.0 – Effective May 1, 2018
Certus Cybersecurity Solutions®, LLC (“Certus”) respects your right to privacy and your desire to control your personal data that you share with us. We have developed this Privacy Statement to inform you about our privacy practices for our public-facing websites (“Certus Websites”). This Privacy Statement describes how Certus collects, uses, shares, and secures the personal information you provide to Certus other than through Certus’ Cloud Services. It also describes your choices regarding the use, access, and collection of your personal information.

Information We Gather from You – Personal Information
There are two ways in which you may explicitly and intentionally provide us with and consent to our collection of certain personal information:
• E-mail Request for Information or Registrations for Guides or Seminars – We use links throughout our site to provide you with the opportunity to contact us via e-mail to ask questions, request information and materials, register or sign up for guides, seminars, training classes or provide comments and suggestions. You may also be offered the opportunity to have one of our representatives contact you personally to provide additional information about our services. To do so, we may request additional personal information from you, such as your name, telephone number, and other address information, to help us satisfy your request.
• Recruitment and Employment – You may choose to provide us with information about yourself, such as a résumé or other employment-related information in connection with a job application or inquiry, whether advertised on the Certus site or as otherwise provided by Certus. Certus may use this information throughout Certus and its related entities for the purpose of employment consideration or as you inquire.Statistical Information About Your VisitWhen you visit Certus Websites, our systems collect personal information (in the manner described above) and statistical or non-personally identifiable information about your visit to our sites (e. g., IP address, pages visited, origin of visitor domains, and types of browsers used). However, unless you actively submit personal information, we do not typically identify you via the non-personally identifiable information. Notwithstanding the foregoing, to the extent permitted by applicable law, we reserve the right to combine non-personal information with personal information that you have actively submitted.


Use of Cookies
Certus and its partners use cookies or similar technologies to analyze trends, administer the website, track users’ movements around the website, and to gather demographic information about our user base as a whole. A “cookie” is a piece of information that Certus Websites send to your browser. Your browser stores the cookie on your system. The cookie will allow Certus to remember information about you and your preferences until either you exit your current browser window (if the cookie is temporary) or you disable or delete the cookie. Many users prefer to use cookies in order to help them navigate a website as seamlessly as possible. You should be aware that cookies contain no more information than you volunteer, and they are not able to “invade” your hard drive and return personal or other information from your computer. If you do not want Certus to deploy cookies in your browser, you can set your browser to reject cookies or to notify you when a website tries to put a cookie in your browser software. Rejecting cookies may affect your ability to use some of our products and/or services.List of Third Party Cookies: Various third-party cookies may in the future be set by third-party entities and used for statistical and marketing purposes.We may in the future partner with a third party to display and manage advertising. Our third-party partners may use cookies or similar technologies in order to provide you advertising based upon your browsing activities and interests. If you wish to opt out of interest-based advertising, please contact us at info@certuscyber.com.

Web Beacons
Certus may in the future use web beacons alone or in conjunction with cookies to compile information about site visitors’ usage of the site and interaction with emails from Certus. Web beacons are clear electronic images that can recognize certain types of information on your computer, such as cookies, when you viewed a particular website tied to the web beacon, and a description of a website tied to the web beacon. For example, Certus may place web beacons in marketing emails that collect information when you click on a link in the email that directs you to Certus’ site. We use web beacons to operate and improve Certus’ site and email communications. Certus may use information from web beacons in combination with data about Certus to provide you with information about Certus and the Certus Services.

Information Sharing
We will share your personal information with third parties only in the ways that are described in this privacy statement. We do not sell your personal information to third parties. In some cases, Certus uses suppliers to collect, use, analyze, and otherwise process information on its behalf. It is Certus’ practice to require such suppliers and other service providers to handle information in a manner consistent with Certus’ policies and to use your personal information only as necessary to provide these services to us.We may also disclose your personal information as required by law, such as to comply with a subpoena, or similar legal process when we believe in good faith that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request. We may also disclose your personal information if Certus, Inc. is involved in a merger, acquisition, or sale of all or a portion of its assets.

Certus Supported Blogs and Forums
If you use a blog, forum, or other chat tool on a Certus Website, you should be aware that any personal information you submit there can be read, collected, or used by other users of these forums, and could be used to send you unsolicited messages. Certus is not responsible for the personal information you choose to submit in these forums. You are also responsible for using these forums in a manner consistent with the applicable Terms of Use or other terms and conditions set forth on the relevant forum site. To request removal of your personal information from our blog or community forum, please contact Certus as described below. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why.

Testimonials
We display personal testimonials of satisfied customers on our site in addition to other endorsements. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial, you can contact Certus as described below.

Surveys
From time-to-time we may request information via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Survey information will be used for improving our customer service and service offerings. The feedback and data we collect from these surveys are aggregated and we do not single out individual responses, unless the respondent chooses to be identified.

Social Media Widgets
Certus Websites include social media features. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. Social media features are hosted either by a third party or directly on Certus Websites. Your interactions with these features are governed by the privacy statement of the company providing it.

Your Ability to Opt-Out of Further Notifications
From time to time, we notify visitors to Certus Websites of new products, announcements, upgrades, and updates unless you have opted out of these notices. If you would like to opt-out of being notified, please contact us at the address given at the end of this Privacy Statement.If you would like to change your preferences online, please contact us at info@certuscyber.com. Please be aware that you may not opt out of receiving information regarding the security, initial use, expiration, product enhancement or migration of our products or services.

Access or Update Personal Information
If your personal information changes, then please contact us at info@certuscyber.com.

Our Security Procedures
We consider the protection of all personal information we receive from Certus Website visitors as critical. Please be assured that we have appropriate security measures in place to protect against the unauthorized loss, misuse, and alteration of any personal information we receive from you. As with any transmission over the Internet, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering our services using the Secure Sockets Layer (SSL) protocol. If you have questions about security, please contact us at info@certuscyber.com.

Information Related to Data Collected through the Certus Platform
Certus may collect information and has no direct relationship with the individuals whose personal data it processes. In accordance with applicable law, Certus will retain personal data you provide for marketing purposes and to respond to the requests that you have made from Certus and use this personal data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.If you are a client of one of our customers and would no longer like to be contacted by such customer, please contact the customer that you interact with directly.
• Service Provider, Sub-Processors/Onward Transfer – Certus may transfer personal information to companies that provide Certus with services. Transfers to subsequent third parties are covered by the provisions in this statement regarding notice and choice and the service agreements with our customers.

Certus Privacy Notice
Before May 25, 2018, Certus complies with the European Community’s data protection regime pursuant to Directive 95/46/EC, which applies to the European Economic Area (“EEA”) and restricts companies in the EEA in transferring personal data about individuals in the EEA to the United States, unless there is “adequate protection” for such personal data when it is received in the United States.

GDPR
On and after May 25, 2018, Certus shall comply with the Regulation 2016/679, the “General Data Protection Regulation” (“GDPR”) of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The GDPR supersedes EU Data Protection Directive (also known as Directive 95/46/EC).

EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield
Certus will in the future participate in and certify its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. Certus is committed to subjecting all personal data received from European Union (EU) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Framework, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov/list.Certus complies with the Privacy Shield Principles for all onward transfers of personal data from the EU and Switzerland, including the onward transfer liability provisions. Under those provisions and under certain circumstances, Certus is responsible for the processing of personal data it receives under the Privacy Shield Framework and subsequently transfers to a third party acting as an agent on its behalf.With respect to personal data received or transferred pursuant to the Privacy Shield Framework, Certus is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission. In certain situations, Certus may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.Under certain conditions, more fully described on the Privacy Shield website, you may be entitled to invoke binding arbitration when other dispute resolution procedures have been exhausted.

Scope of this Notice
This Notice does not apply to employees of Certus; this Notice addresses other data subjects residing in the EEA and Switzerland (“EAA and Swiss Persons”) whose data Certus may receive from one of its subsidiaries, prospects, customers, suppliers or other businesses in the EEA or Switzerland, e. g., prospects’ procurement managers, suppliers’ sales representatives, individual independent contractors, and EEA and Swiss residents who are mentioned or referred to in documents to be produced in pre-trial discovery proceedings, etc.

Categories of EEA and Swiss Data
Certus collects data processing and advisory services largely for businesses and rarely if ever for consumers. Thus, Certus solely receives business-related information from the EEA and Switzerland. Occasionally, Certus also receives contact information related to individual representatives of businesses with whom Certus is dealing (including, without limitation, names, addresses, work phone numbers, work email addresses, etc.), and, in connection with our managed document review and advisory services, Certus processes data that may be relating to EEA and Swiss residents on behalf of, and in accordance with instructions from, prospects (collectively “EEA and Swiss Data”). Since EEA and Swiss Data covered by this Notice is by definition sent to Certus by another company in the EEA or Switzerland (e.g., a supplier to Certus), the categories of data sent and the purposes of processing often depend on such other company, with whom the EEA or Swiss Persons typically have a closer employment, business or other relationship (and which therefore, can provide additional information on categories of data shared with us).

Purposes
Certus may collect and use EEA and Swiss Data for purposes of providing data processing and advisory services to its prospects, communicating with corporate business partners about business matters, processing EEA and Swiss Data on behalf of corporate prospects, transmitting marketing emails and performing other marketing activities, and conducting related tasks for legitimate business purposes.

Disclosure
Certus may share EEA and Swiss Data with affiliates and contractors, which process EEA and Swiss Data on behalf of Certus. Certus may also share EEA and Swiss Data with other third parties for the purposes for which Certus receives the EEA and Swiss Data (e.g., performance of contractual obligations) and as required or permitted by law.With respect to marketing emails, EEA and Swiss Persons may opt-out of receiving further email marketing communications from Certus by sending an email to info@certuscyber.com, or by following opt-out instructions that are contained in each marketing email. EEA and Swiss Persons may also send an email to this address to ask to opt-out of disclosures to third parties, but such a limitation on data sharing may make it difficult or impossible for Certus to provide the requested services. Notwithstanding other statements in this Notice, Certus may disclose EEA and Swiss Data where it is legally required to disclose (e.g., under statutes, contracts or otherwise) or the disclosure is permitted by law and Certus has a legitimate business interest in such disclosure.

Access and Review
EEA and Swiss Persons whose EEA and Swiss Data Certus holds may request access to, and the opportunity to update, correct or delete some or all of the EEA and Swiss Data that Certus holds about them. To submit such requests or raise any other questions, please contact Certus as described below. Certus reserves the right to take appropriate steps to authenticate an applicant’s identity, charge an adequate fee before providing access and deny requests, except as required by the Privacy Shield Framework.Certus will in the future comply with the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Certus will seek to be certified by the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy statement and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov.

Changes To This Statement
We may update this privacy statement to reflect changes to our information practices. If we make any material changes, we will notify you by means of a notice on this site prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices.

Contact Information
If you have questions about Certus’ Privacy Statement, please contact us at info@certuscyber.com.