POLICY This policy (“Policy”) aims to provide users of our services with an understanding regarding how we handle their personal data, including our data collection practices. We aim to provide clarification, through this Policy, about the methods through which we collect information, use such information, how it is shared (if at all) and how it is protected and stored. Unless the context suggests otherwise, any reference to data in this Policy is to personal data, which means any information relating to an identified or identifiable person. Examples of personal data are provided under paragraph [4.1]. We recognize the importance of protecting the privacy of all customers who access and/or use, whether as a guest or registered user, our websites and applications (our “Sites”), including those running on smart phones, tablets and other devices. We aim to be transparent about the personal data we collect about you, how it is used and with whom it is shared. It is important that you read this Policy together with any other notice we may provide on other occasions when collecting or processing personal data about you. This Policy is supplementary to such other notices and does not override them. We may modify this Policy from time to time. Changes cannot be retroactive. We will provide you with notice if any material changes are made to this Policy. What constitutes a “material change” will be determined at our sole discretion, in good faith and using reasonable judgment and common sense. Your continued use of our services after notice of change is issued means that you are consenting to the updated terms. MINORS No one under 16 years of age (“Minors”) may use our Sites or provide any personal information to our Sites without the consent of their legal parent or guardian. Unless otherwise required by the law, we will delete any personal information collected or received from a Minor if we subsequently learn that such information was collected or received without verification of parental consent. Anyone with reason to believe we might have information from or about a Minor without legal parental or guardian consent should contact us. DATA CONTROLLERS SimpleStrata will be the controller of the personal data provided to, or collected by or for, or processed under the Sites. If you have any questions, comments or complaints relating to this Policy or the manner in which we collect and use your personal data, please contact us. If you are resident in the European Union (EU) and believe we are in breach of any of your rights with respect to your personal data, you have the right to file a complaint to our data protection representative as per the EU General Data Protection Regulation (GDPR) requirements. You can contact our data protection representative on: Email: dataprotection@exceeders.com COLLECTION OF DATA We collect different types of personal data depending on the Site being utilized. Such types of data may include the following: Accessibility data: includes your settings with respect to the receipt of marketing material from SimpleStrata or its partners. Contact data: includes delivery address, location, billing address, email address and telephone numbers. Employment data: includes job title, company name, business address and country, primary website, industry sector, former employer name, business address and country and other details relating to current or former employment. Financial data: includes payment card and bank account details, payment history. Identity data: includes first name, last name, address, username or similar identifier, title, marital status, gender and date of birth. Networks and connections data: includes information about the accounts, webpages, groups or other items you are connected to and how you interact with them through the use of our services. Also includes uploaded, synced or imported contact information. Profile data: includes login details, transaction history details, preferences and survey results. Purchase history data: includes details of purchased services and products. Sensitive data: includes details about ethnicity, biometric data, religious and political views, health, and any other information that must be treated with additional protections. Technical data: includes login data, browser type and version, operating system, platform, type of device, device settings and locations, language and time zone, IP address and mobile phone number, and data from cookies stored on your device, including cookie IDs and settings. Usage data: includes information about how you use our Sites, products and services, how you use your devices to access our Sites and what actions you take, including the screens you visit and searches you make, the times, frequencies and duration of any visits or activities, including people or accounts you interact with. Other content provided: includes content, communications and other information provided through the use of our services, including when registering, creating or sharing content, or communicating with others through our services. The Sites are dynamic and we often introduce new features which may require the collection of new information. If we collect materially different personal data or materially change how we use your personal data, we will notify you and modify this Policy as further elaborated under paragraph 1.5. We may collect or receive data, including personal data, from you or from third parties, through direct interactions. This may include information about you collected by their linking or our associating any provided content to you. We may also collect or receive data through publicly available sources. Additionally, we collect or receive data through automated technologies and interactions such as cookies, web beacons, log files. These technologies permit us to provide certain of the following services, among others: Requested services such as retention of cart items or log-in details; Improvement of user experience through collection of anonymous information; Browsing habits, including to determine targeting or advertising interests. Our collection of personal data may be legally or contractually required for the provision of our services. Where you refuse to provide such data, we may have to cancel a product or service provided to you, but we will notify you if this is the case at the time. RETENTION OF DATA We retain your personal data in line with our internal policy. We will retain your personal data to the extent reasonably necessary to comply with our legal, accounting or reporting obligations or enforce our agreements with you. While determining the appropriate retention period of personal data, we take into consideration legal and contractual requirements, the purposes for which we process your personal data, the nature, sensitivity and amount of the personal data, the potential risk of harm from disclosure or unauthorized use of your personal data, and whether we can achieve our purposes through other means than retention. We do not own title to your personal data. This remains in your ownership and the data is made available to us solely for the purposes of providing our services as set out in this Policy as well as required by legal, accounting and reporting requirements, or under any insurance contracts or other agreements to which we are party. In some cases, we may retain certain information in a depersonalized or aggregated form, in this case we may use this information indefinitely without further notice to you. For the avoidance of doubt, such retained data is not considered personal data. YOUR RIGHT TO ACCESS AND CONTROL YOUR DATA Privacy controls may vary depending on the Site being utilized. Further details with respect to available privacy controls are available on the relevant Site, either under its terms of services or policies, or notices, emails, or other means of communication. If you have any queries with respect to the measures available in order to control or restrict our or other parties’ access to or use of your personal data (if any), please contact us. With respect to your personal data, you have the following rights, among others: Request deletion of data; Request change or correction of data; Object to, or limit or restrict, use of data; Request withdrawal of consent; and Request access and/or to take your data. Where your request pursuant to this paragraph 6 is clearly groundless, repetitive or excessive, we may charge a reasonable fee or to the extent legally permitted, refuse to comply with your request. PROCESSING OF DATA We may use your personal data for the purpose of authorizing access and controlling the information made available to you, and when the law allows us or requires us to. We use your personal data to assist us in performing and enforcing our agreements with you and/or providing our services and products to you. User experience: When you use our services, we may use automated technologies to identify your browser and provide an easier user experience. We accomplish this by helping you log in faster and stay logged in as you open multiple pages or access our services through various devices. Authentication: Verification of your account and determining when you are logged in to enhance your user experience (e.g. show you the appropriate features). Security, site and product integrity: To keep your account, data and our services safe and secure. We may use your data (including your communications) if we think it’s necessary for security purposes or to investigate possible fraud or other violations of this Policy. Advertising, recommendations, insights and measurement to process your personal data for any purpose relating to suggesting connections or other services or allowing advertisements to target you or your type of profile. Location Information: You can choose, through your device’s privacy settings, whether or not to allow us to collect and use real-time information about the device’s location. Customer Support: We may use the data (including your communications) to investigate, respond to and resolve complaints and issues with the Sites (e.g. bugs). Analytics and research: We may use the data to conduct analyses and researches relating to the provision of our services. If we need to use your personal data for a purpose unrelated to the above, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law. SHARING DATA Information provided to the Sites will not be shared with companies, organizations or individuals outside Exceed unless you have provided your consent. However, information provided to the Sites may be shared, without obtaining your consent, with domain administrators, for external processing or for legal reasons. Our Sites may include links to third-party websites, plug-ins and applications. Selecting those links or enabling those connections may allow third parties to collect and/or share data about you. We encourage you to read the privacy policies of those third-parties and are not responsible for their privacy statements. OUTSOURCING We outsource certain of our services, e.g. marketing and development, audit, maintenance, payments. We will ensure that any entity to which services are outsourced have access to your information only to the extent reasonably necessary to perform the tasks on our behalf and are obligated not to disclose or use it for any other purposes. LEGAL DISCLOSURES It is possible that we will need to disclose information about you when required by law, subpoena, or other legal process or if we believe that disclosure is reasonably necessary to (1) enforce our agreements with you; (2) investigate and defend ourselves against any third-party claims or allegations; (3) protect the security or integrity of the Sites; (4) exercise or protect the rights and safety of our users, personnel, or others; and (5) fulfil any requirements we may have under our insurance or other agreements. CHANGE IN CONTROL OR SALE Any entity which purchases all or part of the Sites, our services and/or products, will have the right to continue to use your data, but only in the manner set out in this Policy, unless you agree otherwise. For the avoidance of doubt, we may transfer to said entity any and all information obtained from you (pursuant to our legal and contractual rights). SECURITY MEASURES We cannot warrant or guarantee the security of any information you sent us. We have undertaken all reasonable security measures to ensure your data is secure and prevent it from being accidentally lost, or used, accessed, altered or disclosed in an unauthorized way. We also regularly review and update such measures to meet new perceived threats that may arise from technological advances. Where legally required to do so, we will notify you and any applicable regulator of any suspected or actual breach of personal data. Cross-Border Data Transfers Where legally required or in order to enforce our rights pursuant to this Policy, we process personal data inside and outside the UAE. We require all our group companies to follow the same rules when processing your personal data. Certain countries where we process data may have laws less protective than those of your own country. SEVERABILITY The provisions contained in each paragraph of this Policy shall apply independently of each of the others and its validity shall not be affected if any of the others is invalid. If any of those provisions is void but would be valid if some part of the provision were deleted or reduced in scope or time, the provision in question shall apply with the minimum modification necessary to make it valid.