Exterro Safe Harbor Statement

Exterro respects individual privacy and values the confidence of its customers, their stakeholders, employees, business partners, and others who may use their services. Not only does Exterro strive to operate in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in their business practices. This Safe Harbor Policy sets forth the privacy principles that Exterro follows with respect to the protection and transfers of personal information from the European Economic Area (EEA) and from Switzerland to the United States.

Safe Harbor

We do not collect any personal information (name, address, telephone number, or e-mail address) unless you provide it. We may request this information when a product or demo is downloaded, for newsletter subscriptions, or when additional information about our products or services is requested.

If you have submitted personal information and want it removed from our records, please contact us at the e-mail address listed at the bottom of this Privacy Statement.

Scope

This Safe Harbor Privacy Policy applies to all personal information received by Exterro in the United States from the EEA and from Switzerland, in any format, including electronic, paper, or verbal. This policy applies to all personal information Exterro handles (except as noted below), including on-line, off-line, and manually processed data.

Protecting Personal Information

The following privacy principles are based on the Safe Harbor Framework.

Notice and Choice To the extent permitted by the Safe Harbor Framework, Exterro reserves the right to process personal information in the course of providing professional services to their clients without the knowledge of individuals involved. Where Exterro collects personal information directly from individuals in the EEA, it will inform them about the purposes for which it collects and uses personal information about them, the types of non-agent third parties to which Exterro discloses that information, the choices and means, if any, Exterro offers individuals for limiting the use and disclosure of personal information about them, and how to contact Exterro.

Where Exterro receives personal information from its subsidiaries, affiliates or other entities in the EEA, it will use and disclose such information in accordance with the notices provided by such entities and the choices made by the individuals to whom such personal information relates. Data Integrity Exterro processes personal information only in ways compatible with the purpose for which it was collected or subsequently authorized by the individual. To the extent necessary for such purposes, Exterro takes reasonable steps to make sure that personal information is accurate, complete, current, and otherwise reliable with regard to its intended use.

Privacy Disclosures & Transfers

Protecting Exterro will not disclose an individual's personal information to third parties, except when one or more of the following conditions is true:

  • Exterro has the individual's permission to make the disclosure;
  • the disclosure is required by law or professional standards;
  • the disclosure is reasonably related to the sale or disposition of all or part of the business;
  • the information in question is publicly available;
  • the disclosure is reasonably necessary for the establishment or defense of legal claims; or
  • the disclosure is to another Exterro entity or to persons or entities providing services on Exterro's or the individual's behalf (each a “transferee"), consistent with the purpose for which the information was obtained, if the transferee, with respect to the information in question:
    • is subject to law providing an adequate level of privacy protection;
    • has agreed in writing to provide an adequate level of privacy protection; or
    • subscribes to the privacy principles.

Permitted transfers of information, either to third parties or within Exterro, include the transfer of data from one jurisdiction to another, including transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated. Exterro complies with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. Exterro has certified that it adheres to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view Exterro' certification, please visit http://www.export.gov/safeharbor/

Data Security

Exterro will take reasonable precautions to protect personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, destruction; and ensure the appropriate use and confidentiality of information, either for its own purposes or on behalf of their clients. Exterro has put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information it processes. However, Exterro cannot guarantee the security of information on or transmitted via the Internet or a third party software tool.

Access and Correction

If an individual becomes aware that information Exterro maintains about that individual is inaccurate, or if an individual would like to update or review his or her information, the individual may contact Exterro using the contact information below. Exterro will take reasonable steps to permit individuals to correct, amend, or delete information that is demonstrated to be inaccurate. The individual will need to provide sufficient identifying information, such as name, address, birthdate, and social security number. Exterro may request additional identifying information as a security precaution. In addition, Exterro may limit or deny access to personal information where providing such access would be unreasonably burdensome or expensive in the circumstances, or as otherwise permitted by the Safe Harbor Framework. In some circumstances, Exterro may charge a reasonable fee, where warranted, for access to personal information.

Dispute Resolution

Exterro utilizes the self-assessment approach to assure its compliance with this privacy statement. Exterro periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented, and in conformity with the principles. Exterro encourages interested persons to raise any concerns with us using the contact information below. Exterro will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this policy. Exterro has established a Safe Harbor team composed of senior members from Human Resources, Operations, Privacy, and Legal. The team will undertake self-assessment with an independent third party, as needed to ensure compliance to the Safe Harbor Principles. All requests or complaints may be submitted via email to legal@exterro.com or via mail at the address listed below. Once any request or complaint affecting these Principles has been submitted to Exterro the Safe Harbor team will promptly notify the data subject that the request or complaint has been received and is being investigated. The Team will notify each data subject regarding the resolution of their request or complaint. For complaints that cannot be resolved between Exterro and the complainant, Exterro has agreed to participate in the following dispute resolution procedures of the Judicial Arbitration and Mediation Services (JAMS) in the investigation and resolution of complaints to resolve disputes pursuant to the Safe Harbor Framework. Exterro commits to cooperating fully with EU Data Protection Authorities and the Swiss Federal Data Protection and Information Commission.

Enforcement

Exterro will conduct compliance audits of its relevant privacy practices to verify adherence to this policy. Any employee that Exterro determines is in violation of this policy or other company privacy policies will be subject to disciplinary action up to and including termination of employment.

Limitation on Application of Principles

Adherence by Exterro to these Safe Harbor Principles in the Safe Harbor Framework may be limited (a) to the extent required to respond to a legal or ethical obligation; (b) to the extent necessary to meet national security, public interest or law enforcement obligations; and (c) to the extent expressly permitted by an applicable law, rule or regulation.

Internet Privacy

Exterro sees the Internet and the use of other technologies as valuable tools to communicate and interact with consumers, employees, healthcare professionals, business partners, and others. Exterro recognizes the importance of maintaining the privacy of information collected online and has created a specific Internet Privacy Policy governing the treatment of personal information collected through websites that it operates. With respect to personal information that is transferred from the European Economic Area or Switzerland to the U.S., the Internet Privacy Policy is subordinate to this policy. However, the Internet Privacy Policy also reflects additional legal requirements and evolving standards with respect to Internet privacy. Exterro' Internet Privacy Policy can be provided upon request using the contact information below or by going online to https://www.exterro.com/privacy-policy/.

Questions or comments regarding Exterro' Safe Harbor certification should be submitted to Exterro by mail or e-mail as follows:

Exterro

Office of the General Counsel 4145 SW Watson Suite 400 Beaverton, OR 97005 USA legal@Exterro.com

Changes to This Safe Harbor Privacy Policy

This Policy may be amended from time to time, consistent with the requirements of the Safe Harbor Framework. A notice will be posted on the Exterro website ( www.Exterro.com) for 60 days whenever this Safe Harbor Privacy Policy is changed in a material way.