Privacy Policy | CKH Technology Services

Privacy Policy 1. INTRODUCTION In this Privacy Policy, the terms "Company," "we," "us" or "our" each refer, collectively, to the entity that is providing you services and with whom you entered into the Master Service Agreement described below. Note that Company's licensors, vendors and service providers may act in Company's place with respect to any portion of this Privacy Policy.

2. WHAT IS THE PURPOSE OF THIS PRIVACY POLICY? We created this Privacy Policy ("Policy") to demonstrate our firm commitment to the privacy of our customers and resellers of our services, agents, affiliates and visitors to our websites, chat boxes, live chats, chat bots and mobile applications (and those of our vendors and affiliates).

3. HOW DOES COMPANY DEFINE PERSONAL DATA? In this Privacy Policy, "Personal Data" means any information about an identified or identifiable individual, in accordance with the meaning of the General Data Protection Regulation (GDPR), or the applicable data protection law for the country in which you are located. Personal Data is collected, obtained or otherwise processed by Company in the following situations:

Through access to or use of Company's websites; and Through the submission of information by prospective customers, resellers, agents or affiliates to Company for purposes of receiving more information about our services; and When a new customer, reseller, agent or affiliate of Company creates a Company account; and When a new customer, reseller or affiliate of Company purchases our services (the "Services"), including as the term "Services" may be defined in your Master Service Agreement, reseller agreement or other agreement with Company (the "Agreement"); and When a current customer, reseller, agent or affiliate of Company uses our platform or Services or contacts our customer service or technical support team. By visiting our websites, creating a Company account, purchasing Services, or using our platform or Services, you accept the practices set forth in this Privacy Policy.

4. WHAT IS THE SCOPE OF THIS PRIVACY POLICY? This Privacy Policy only covers Personal Data collected by Company. Company's websites may contain links to third-party websites. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that Company does not accept any responsibility or liability for these policies. Please check the applicable third-party privacy policies before you submit any data to such third-party websites.

5. WHAT ARE COMPANY'S GUIDELINES REGARDING CHILDREN? Company requires that all account holders be 18 years of age or older. In addition, our websites and Services are not designed for or directed to children under the age of 18, and Company does not knowingly collect or maintain Personal Data about any person under the age of 18. If you believe Company has collected any Personal Data from or about any person under 18, please contact us via the contact information set forth on Company's website or in the Agreements.

6. WHAT ABOUT YOUR USE OF COMPANY FORUMS? Company may make chat rooms, forums, message boards, news groups and similar media, including social media, available to you. Please remember that any information that is disclosed in these areas may become public and you should exercise caution when deciding to disclose any Personal Data in any of these areas.

7. WHAT KIND OF INFORMATION DOES COMPANY COLLECT? Company may collect the following information, which may include Personal Data:

Type of Information Collected

Illustrative Examples (Not an Exhaustive List)

How Company May Use This Information

Contact and Account Information

Email address, name, user name, telephone number, home, work, or billing address, and ZIP code, Internet Protocol ("IP") , account owner user names and account numbers, billing name and address, and phone number for language preference, title and department

Company may use this information (including Personal Data) to provide Company Services; create a customer or partner account; determine your tax status; communicate with customers or partners; respond to customer or partner requests for support; and facilitate analytics, lead generation, and targeted marketing to potential customers and partners (including identification of the organization).

Payment Information

Billing name, address, and credit card and other payment information; and offering, price or other information about your purchase

Company may use this information (including Personal Data) to bill account holders who subscribe to Company Services.

Non-Service Usage Data (information collected through integration with third parties and other technical standard information sent by a user's browser during visits to our websites, chat boxes, live chats, chat bots or a user's use of our Services)

Social media account information, single sign on service tokens or other tokens, IP address, the type of device being used, your device's operating system, approximate location information, internet or network activity, language preference, chat identifiers and chat content (attachments, conversations, hyperlinks), widgets and browser type

Company may use this information (including Personal Data) to create a customer or partner account; provide Company Services; communicate with customers or partners; respond to customer or partner requests for support; and facilitate analytics, lead generation, and targeted marketing to prospective customers and partners (including identification of the organization).

Service Usage Data (information that is generated through a user's actions by using our Services, which is collected, used, and processed by Company solely for the purposes referenced herein)

IP address, MAC address, device type, operating system type and version, client version, type of camera, microphone or speakers, connection type and other related information; User feedback ratings, internal feature usage analytics, usage logs, cookie identifiers; Traffic and location data (including without limitation caller location, call recipient location, routing information, duration and time with respect to each communication); Network monitoring data; Call records produced by a telephone call or other telecommunications transactions with call details, such as time, duration, completion status, source number and destination number; Fraud data such as blacklist history and security logs; Metadata, such as session logs and join & leave time of participants; Log data including IP address, Internet Service Provider ("ISP"), browser type, referring/exit pages, operating system, date/time stamp, and/or clickstream data; Publicly available data from end user accounts; Personal contacts to which a user has given access; Contact preferences; Contact or authentication data; and Chat identifiers, widgets and browser type. Company may use this information (including Personal Data) to (a) connect users to and optimize users' experience using our website, applications, and Company Services; (b) provide customers and partners with dashboards and reports; (c) respond to customer or partner requests for support; (d) conduct fraud and threat analysis, and detect and prevent SPAM or unlawful or abusive activity or other violations of Company's Acceptable Use Policy; (e) monitor performance of our data centers and networks; (f) conduct analytics to improve Company's website, applications, and Company Service performance; (g) personalize users' experience with our websites, applications and Company Services (e.g., providing users with disclosures appropriate to their location); (h) comply with applicable law; (i) convey a communication on an electronic communications network for billing; or (j) for any of the other purposes described herein.

Application Data

Mobile Device Data: Device information (such as your mobile device model and manufacturer), operating system, version information and system configuration information, device and application identification numbers, browser type and version, hardware model Internet service provider and/or mobile carrier, and IP address (or proxy server). Information about the phone network associated with your mobile device, your mobile device's operating system or platform, the type of mobile device you use, your mobile device's unique device ID, and information about the features of our application(s) you accessed. Access to mobile device features, such as your mobile device's Bluetooth, calendar, camera, contacts, microphone, and storage Company may use this information (including Personal Data) to provide Company Services; communicate with customers or partners about Company Services; respond to customer or partner requests for support; send push notifications regarding a customer's or partner's account or certain features of the application; and market Company products and services to existing and prospective customers, partners, and users.

SMS Messages

Content of blocked SMS messages that violate Company's SPAM rules

Company may use this information (including Personal Data) to conduct fraud and threat investigations and to detect and prevent activity that is unlawful, abusive, or a violation of Company's Acceptable Use Policy.

Geolocation Information

Information about where you are located when using Company Services

Company may use this information (including Personal Data) to provide Company Services; communicate with users about Company Services; respond to customer or partner requests for support; personalize users' experience with our websites, applications, and Company Services; and market Company products and services to existing and prospective customers, partners, and users.

Please Note: The information collected by Company may also include:

Information about general usage of our website collected by using a cookie file which is typically stored on the hard drive of your computer. Please see the "Cookies" section below for more information; and One or more of the following categories of Personal Data (as such categories are defined or interpreted for purposes of the CCPA or other applicable law): identifiers; customer records information; characteristics of protected classifications under California or federal law or special categories of Personal Data or sensitive Personal Data as defined under other applicable law; commercial purchasing information; internet or network activity; geolocation data; professional or employment-related information; education information; and inferences drawn from Personal Data. Company may collect the following Personal Data from end users on behalf of Company customers, which may include Personal Data.

Type of Information Collected

Illustrative Examples (Not an Exhaustive List)

How Company May Use This Information

End User Personal Data

Email address, name, user name, telephone number, home, work, or billing address, and ZIP code, Internet Protocol ("IP") address, account owner user names and account numbers, billing name and address, and phone number for language preference, title and department; Other forms of personal information we collect on behalf of the relevant customer such as title, role, organization, phone number, and other related information; or other forms of personal information we collect as necessary to offer the relevant website, application or Company services, such as IP address, cookie identifiers, and other related information; and Chat identifiers and chat content (attachments, conversations, hyperlinks); widgets and browser type. Company may use this information (including Personal Data) to provide Company Services; create a customer or partner account; determine your tax status; communicate with customers or partners; respond to customer or partner requests for support; and facilitate analytics, lead generation, and targeted marketing to potential customers and partners (including identification of the organization).

User Content/Images

Files, images, any content of communication, chat content or other information you or another user or participant upload, provide, grant access to or otherwise implement.

Company may use this information (including Personal Data) to provide Company Services to Company customer or partner on whose behalf we collect or store the information and optimize users' experience using our website, applications, and Company Services.

8. HOW DOES COMPANY COLLECT YOUR PERSONAL INFORMATION? Company collects your personal information when you provide it through your interactions with us. Company may automatically collect personal information from you as you use our applications and/or Services (as a user or a participant) or visit our websites. Company may receive personal information about you from a business or commercial partner or another user of our applications and/or Services. 9. WHY AND HOW DOES COMPANY DISCLOSE YOUR INFORMATION? The tables in Section 7 above describe how Company may use the information that it collects. In addition to the uses set forth in Section 7, Company may use, store, record and retain information, which may include Personal Data, in the following ways:

To gather broad demographic and statistical information, and other de-identified or aggregated information, which Company may use for purposes such as understanding broad demographic trends and statistical information; To comply with applicable legal requirements, industry standards and Company's procedures and policies, to enforce our Agreements, and to defend our legal rights; and For other purposes to which you may provide your consent. You may provide Personal Data during the use of Company's interactive website, chat boxes, live chats, or chat bots ("AI-related services"). Company will process, use, store or disclose your Personal Data only with your consent, which we may obtain by i) acceptance by You or Your organization of our Master Service Agreement (MSA), End User License Agreement (EULA), or other contractual documentation, ii) Your use of or access to Company website(s) (including interactions with chat boxes, completion of web forms, etc.), iii) Your download and/or use of Company services or iv) other methods. Company may use your Personal Data to help enhance your interactive experience. Company has designed its AI-related services with the intent of not using any of your audio, video, chat, screen sharing, attachments or other communications using Company's Services to train Company's or third-party artificial intelligence models.

We may also collect and process IP addresses for various purposes, as referenced in Section 7 above. This means we (or our third-party service providers) may match an IP address with publicly available or business-related data to identify the organization or business associated with that IP address. We use this information to:

Gain insights into how businesses interact with our Services; Improve and customize our marketing, lead generation, and website experiences; Enhance security and fraud detection; and Analyze site usage and performance. We do not use this method to personally identify individual users or consumers. Instead, our focus is on business-to-business (B2B) insights to better serve our existing and prospective business customers.

Your Personal Data will be stored by us in accordance with applicable data protection laws to the extent necessary for the processing purposes outlined in this Privacy Policy. Your Personal Data will be made anonymous in accordance with Company's policies or irrevocably deleted promptly (as soon as fourteen (14) calendar days) following the termination of Your applicable Service, including but not limited to, databases, contacts, calendars, e-mail, website content, and any other Personal Data hosted by Company; provided, however, that Personal Data that is included in Company's account-level business records, such as billing information and history, user account identifiers, access logs and other business operation information, will not be deleted in accordance with this sentence and will be retained by Company in accordance with its business information retention policies. It will be solely Your responsibility to secure all necessary Personal Data from Your account prior to termination.

10. HOW DOES COMPANY DISCLOSE YOUR INFORMATION? Company does not directly sell your Personal Data in the traditional sense (i.e., transfer such data in exchange for money or anything else of value), but Company may disclose your Personal Data to third parties to help provide and improve Company's Services as follows:

To entities within the Company's group and third-party business partners, consistent with the purposes described above; Billing information to organizations that process billing information on our behalf; In de-identified or aggregated form to third parties, such as usage information to our service and license providers for licensing compliance, licensing usage calculation, billing and support purposes; and/or To vendors and contractors retained in connection with the provision of the Services or support of Company's business. For example, Company may use service providers to measure Service usage and Service performance metrics; monitor security aspects of our Services and infrastructure; provide data storage services; and deliver customer service or technical support. Company will only release information that is needed to deliver the service for which the third- party vendor has been contracted. These vendors are required to maintain strict security and confidentiality of the information and are prohibited from using it for any other purposes other than in accordance with Company's instructions and policies. In addition, Company may access and release your information, including Personal Data, under the following circumstances:

Occasionally, Company may be required by law enforcement or judicial authorities to disclose your Personal Data to the applicable law enforcement authorities. Company will do so upon receipt of a court order or subpoena (or other mandatory legal process), to cooperate with a law enforcement investigation or if Company otherwise believe disclosure is necessary to exercise, establish or defend our legal rights. Company reserves the right to report to law enforcement authorities any activities that Company, in good faith, believes to be unlawful. If Company obtains your consent or permission to disclose or release your information, which Company may obtain in various ways. For example, Company may present you with an "opt-in" prompt when you access the Services, the administrative control panel for the Services and associated websites. If Company, any of its websites or Services or a related asset or line of business is acquired by, transferred to, or merged with another company. 11. IS YOUR PERSONAL DATA SECURE? Company takes reasonable steps in an effort to ensure that your Personal Data is treated securely and in accordance with this Privacy Policy and requires its suppliers to do the same. Company maintains administrative, technical and physical safeguards that are intended to appropriately protect Personal Data against accidental or unlawful destruction, accidental loss, unauthorized alteration or access, misuse, and any other unlawful form of processing of the Personal Data in our possession. Your contact and financial information is submitted via a secure (HTTPS) connection and stored in the Company database protected by a firewall. Any payment transactions will be encrypted using SSL technology.

Although Company uses reasonable efforts to protect your Personal Data, transmission via the Internet is not completely secure. Therefore, Company cannot guarantee the security of your Personal Data transmitted using our websites or Services, and any transmission is at your own risk.

12. YOUR RIGHTS AND CHOICES Various jurisdictions (including multiple countries in Europe, as well as California, Colorado, Connecticut, Utah and Virginia in the United States) have implemented data privacy laws to protect their respective residents and/or consumers, and Company expects more jurisdictions to adopt such laws in the future. Company is committed to protecting your privacy rights and complying with applicable privacy laws.

You have the right to request that Company not contact you or use your Personal Data for purposes which are not reasonably necessary for the administration of our websites and/or the provision of Services, such as marketing communications. If you wish to exercise this opt-out right, you may indicate a preference to stop receiving further marketing communications from us by accessing available opt-out features in the administrative control panel for your Account, by following the "unsubscribe" instructions provided in a communication you receive, or by contacting Company by e-mail (at such address as is provided on Company's website or in the Agreement). Where required under applicable law, Company will only send you marketing communications with your consent.

Please note that you cannot unsubscribe from certain correspondence from us regarding our provision of Services to you, including messages relating to your Account, unless you stop using our Services. In addition, certain information may be required in order to use our websites or Services; as such, the only practicable method to opt out of providing information in connection with the use of those websites or Services would be to refrain from subscribing to or using those websites or Services.

You may also revise your contact and financial information or terminate your account through the administrative control panel for your Account.

13. GENERAL DATA PROTECTION REGULATION (GDPR) Legal Basis for Processing If you are located in the EEA, Company only processes your Personal Data based on a valid legal ground, including when:

You have consented to the use of your Personal Data; for example, to provide you with tailored advertising (such consent may be withdrawn at any time, solely as it relates to communications subsequent to such request); Company needs your Personal Data to provide you with the Services or otherwise fulfill Company's contractual obligations, including for account creation, the delivery of Company's Services, responding to your inquiries, and providing customer service and technical support; Company has a legal obligation to use your Personal Data, such as the obligation to protect intellectual property rights or restrict content available on the Service based on your location; or Company has a legitimate interest in using your Personal Data. For example, Company has a legitimate interest in using your Personal Data to conduct business analytics and otherwise improve the security and performance of Company's Services. Company may also disclose this information to third parties for this purpose. Transfer of Personal Data If you are located within the EEA, Company complies with EU data protection law when transferring your Personal Data outside of the EEA. Your Personal Data will be transferred to, and processed in, countries outside the EEA, including the United States. These countries may not have similar data protection laws to the EEA. If Company transfers your Personal Data outside of the EEA, Company will protect your Personal Data as described in this Privacy Policy or as required by applicable law. However, Company takes adequate measures to ensure that your Personal Data will at all times be protected in accordance with applicable regulations as described in the Data Processing Agreement that forms part of the Agreement.

Your Data Protection Rights If you are located in the EEA, you have the following rights:

Right to Withdraw Consent: You may withdraw your consent to the processing of your Personal Data at any time. Right to Access: You can request access to the Personal Data Company holds on you with some limited exceptions. Right to Rectify: If you feel the Personal Data Company holds on you is inaccurate, you can ask Company to correct or update it. Right to Erasure: You can request that Company erase your Personal Data, unless it is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims. This right may be limited by law. Right to Restrict the Processing: You have the right to request that Company restrict processing if you contest the accuracy and wish to verify it, it has been unlawfully processed, or Company no longer needs the data but you need it to assert, exercise or defend legal claims. Right to Object: You have the right to object to the processing of your Personal Data if you disagree with any legitimate interest or public interest Company has relied upon to process your Personal Data. Right to Data Portability: You have the right to receive your Personal Data in a structured, commonly used and machine-readable format where your Personal Data is processed in reliance either on your consent or because such processing is necessary for the performance of a contract, and the Personal Data, in either case, is processed by automatic means. Right Not to be Subject to Automated Decision-making, Including Profiling: You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects. Company does not make such decisions about You in connection with providing its Services. We may, however, use limited automated processes to operate, keep secure and/or provide our Services – for example, to detect suspicious activity or filter unwanted communications. Additionally you have the right to lodge a complaint with the Dutch Data Protection Supervisory Authority (Autoriteit Persoonsgegevens), PO Box 93374, 2509 AJ DEN HAAG, or, if GDPR provides that an alternative supervisory authority has jurisdiction over the applicable dispute, with such other supervisory authority.

These rights are not absolute and may be limited in certain circumstances, as permitted or required by applicable law. You may exercise your rights or learn more about how Company handles any of your requests to exercise your rights above, including your right to access your data, by contacting Company at the toll-free number, e-mail address, mailing address or web contact form as is provided on Company's website or in the Agreement.

UK Data Protection Rights. Notwithstanding your rights above, if you are a resident of the United Kingdom (UK), Company shall process and transfer your Personal Data in accordance with the applicable data protection law of the UK, including UK GDPR and Data Protection Act of 2018.

14. California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA) Does Company Sell or Share Your Personal Data? Under the privacy laws of California, the term "Sell" means when a company exchanges your Personal Data with a third party for money or anything else of value.

Company does not sell your Personal Data in the traditional sense, nor does Company share your Personal Data in a manner that would be prohibited by the CCPA or CPRA; however, Company may disclose your Personal Data to third parties to help provide Company's Services to you and for the other purposes described herein. Please review the section above entitled "How Does Company Disclose Your Information?" for more information.

Your Data Protection Rights If you are a California resident, you have the right, under the CCPA, as amended by the CPRA, and certain other privacy and data protection laws, as applicable, to exercise your data protection rights free of charge. You may submit a verifiable request for information, no more than twice within a 12-month period.

In order to receive such a report, or to access, change, or delete any Personal Data, please contact Company by phone, e-mail or through our website (at such toll-free number, e-mail address, mailing address or web contact form as is provided on Company's website or in the Agreement).

For more details on California-specific data privacy rights, please see Appendix I at the end of this Policy.

15. CANADA Transfer of Personal Data If you are located within Canada, Company complies with Canadian data protection law when transferring your Personal Data outside of Canada. Your Personal Data will be transferred to, and processed in, countries outside Canada, including the United States. These countries may not have similar data protection laws to Canada. If Company transfers your Personal Data outside of Canada, Company will protect your Personal Data as described in this Privacy Policy or as required by applicable law. However, Company takes adequate measures to ensure that your Personal Data will at all times be protected in accordance with applicable regulations as described in the Data Processing Agreement that forms part of the Agreement.

16. COOKIES What are Cookies? Cookies are small text files that are placed on your device or browser when you make use of Company's websites, services, applications and/or administrative control panel. These allow Company's services to function more efficiently, for example, storing and honoring your settings or preferences, combating fraud, providing advertising, and analyzing how Company's services perform. Some cookies only last for a short duration and expire at the end of a session, for example, when you close a browser winder. These are known as "session cookies." Other cookies last longer and remain stored on your browser or device and can, for example, track your settings or activities on several sites. These are known as "persistent cookies."

How does Company Use Cookies? When you access Company's websites, services, applications and/or administrative control panel, Company may send one or more cookies (and/or similar technologies) to your computer. By sending you cookies with values that are unique, Company may be able to uniquely identify your web browser or device when you access Company's websites, services, applications and/or administrative control panel. Company may use both "session" and "persistent" cookies to collect, store, and sometimes track various types of information.

Why Does Company Use Cookies? Company uses cookies to retain your session states and to offer you a personalized experience on Company's websites, services, applications and/or administrative control panel. You can review the "Help" file in your browsers or mobile devices to learn the proper way to modify your cookie settings. Please be aware, however, that the use of certain cookies (see "Necessary Cookies" below for more information) is necessary for the use of the administrative control panels and certain other aspects of Company's websites, services, applications and/or administrative control panel.

What Are the Different Types of Cookies Used by Company? The following are the different types of cookies that Company uses and why Company uses them:

Necessary Cookies Company uses cookies that are necessary so Company's website and Services can operate. These are required to monitor the functionality of Company's site, improve security, and/or allow you to make use of functions such as Company's administrative control panel and web chat.

Performance Cookies Company uses cookies to assess the performance of Company's website, Services and administrative control panel to improve your user experience. This includes analyzing how users use Company's website, Services and control panel and making sure they remain up and operational.

Functional Cookies Company uses cookies that help with functionality when accessing or using Company's website or Services. For example, cookies may be used to save your preferences or location settings.

Advertising or Targeting Cookies Company uses cookies to deliver content tailored to you. Company also uses cookies to help measure the effectiveness of Company's marketing campaigns. Company also partners with some authorized third parties who may place cookies on your device when you interact with Company's website or Services. When you visit one of Company's websites, advertising companies may place a cookie or similar technologies on your computer and may collect certain information about your use of Company's websites. These companies may use this information, as well as information they collect from your use of other websites, to display advertisements on the Internet about products and services they believe you may be interested in. You can learn more about this practice, and can learn about your choices with respect to the use of this information about you for customizing advertisements, at www.aboutads.info/choices.

How Can You Control Your Cookies? When you visit one of Company's websites, you can manage and control your cookies by using our cookie preference tool available on our websites, if such feature is available in your region, to opt out of cookies that are not necessary for the core operation of Company's website, such as performance, advertising and targeting cookies.

You can also change the browser settings on your computer or other device you are using to access Company's websites or Services. Most browsers provide functionality that lets you reject and/or remove cookies. You can learn more about how to manage your cookies at https://www.aboutcookies.org/how-to-control-cookies/.

"Do Not Track" Notice There is no accepted standard on how to respond to Do Not Track (DNT) signals, and Company does not respond to such signals. You can learn about DNT at www.allaboutdnt.com.

17. QUESTIONS REGARDING THIS PRIVACY POLICY How Can You Contact Company with Questions Regarding Privacy Issues? If you have any questions about this Privacy Policy, the privacy practices of our websites or Services, or your dealings with our websites or Services, please feel free to contact Company at the toll-free number, e-mail address, mailing address or web contact form as is provided on Company's website or in the Agreement.

How is this Privacy Policy Updated? Company reserves the right to change this Privacy Policy at any time. Any changes to the Privacy Policy will be posted to at least one of our websites, including at https://www.serverdata.net/legal/legal.asp.

In the event that the changes materially alter your rights or obligations under this Privacy Policy, Company will make reasonable efforts to notify you of the change. For example, Company may send a message to your email address, if Company has one on file, or generate a pop-up or similar notification when you access Company's Services or administrative control panel for the first time after such material changes are made. In addition, Company will obtain your consent prior to any new uses of your Personal Data, as may be required by law.

The most current version of this Privacy Policy will govern our Processing of Personal Data about you. Your continued use of Company's Services constitutes your acceptance of the terms of the Privacy Policy as amended or revised by Company from time to time.

Does Company adhere to the EU-U.S. Data Privacy Framework? On July 10, 2023, the EU-US Data Privacy Framework ("EU-U.S. DPF") replaced the EU-U.S. Privacy Shield Framework ("Privacy Shield"). Company complies with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, as set forth by the U.S. Department of Commerce. Company has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles ("Principles") with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework program, please visit https://www.dataprivacyframework.gov/.

In compliance with the Principles, Company will give you an opportunity to choose whether your Personal Data may be used for a purpose that is materially different from the purposes for which it was originally collected or subsequently authorized by you, or if we intend to disclose it to a third party acting as a data controller that we have not previously disclosed to you. In such circumstances, we will notify you and offer you the opportunity to opt-out of such uses and/or disclosures where non-sensitive Personal Data is involved, and to opt-in where sensitive Personal Data is involved. To request to limit the use and disclosure of your Personal Data, please submit a written request by contacting us at the toll-free number, e-mail address, mailing address or web contact form as is provided on Company's website or in the Agreement.

Where Company shares Personal Data subject to the Principles with third parties, Company shall remain liable under the Principles if its agent processes such Personal Data in a manner inconsistent with the Principles unless Company proves that it is not responsible for the event giving rise to the damage.

In compliance with the Principles, Company commits to resolve complaints about our collection or use of your Personal Data. EU and UK individuals with inquiries or complaints regarding our compliance with the Principles should first contact us at the toll-free number, e-mail address, mailing address or web contact form as is provided on Company's website or in the Agreement. If Company does not resolve your complaint, or if Company does not address your complaint to your satisfaction, and the complaint concerns our handling of Non-HR Personal Data, you may submit your complaint to JAMS, Company's designated alternative dispute resolution provider for EU-U.S. DPF issues, at https://www.jamsadr.com/DPF-Dispute-Resolution. JAMS is located in the United States, and their services are provided at no cost to you. Under certain conditions specified by the Principles, you may also be able to invoke binding arbitration to resolve your EU-U.S. DPF related complaint. Company has further committed to cooperate with the panel established by the EU data protection authorities with regard to unresolved EU-U.S. DPF complaints concerning data transferred from the EU and United Kingdom. Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC). You can find further information on the DPF website.

Appendix I Additional Data Privacy Rights of California Residents Disclosure of Personal Data that Company Collects About You

You have the right to know, and request disclosure of:

The categories of Personal Data that Company has collected about you, including sensitive Personal Data; The categories of sources from which the Personal Data is collected; Company's business or commercial purpose for collecting, selling, or sharing Personal Data; The categories of third parties to whom Company discloses Personal Data, if any; and The specific pieces of Personal Data Company has collected about you. Please note that Company is not required to:

Retain any Personal Data about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered Personal Data; or Provide the Personal Data to you more than twice in a 12-month period. Disclosure of Personal Data Sold, Shared, or Disclosed for a Business Purpose

In connection with any Personal Data that Company may sell, share, or disclose to a third party for a business purpose, you have the right to know:

The categories of Personal Data about you that Company sold or shared and the categories of third parties to whom the Personal Data was sold or shared; and The categories of Personal Data that Company disclosed about you for a business purpose and the categories of persons to whom the Personal Data was disclosed for a business purpose. You have the right to opt-out of the sale of your Personal Data or sharing of your Personal Data for the purpose of targeted behavioral advertising. If you exercise your right to opt-out of the sale or sharing of your Personal Data, Company will refrain from selling or sharing your Personal Data, unless you subsequently provide express authorization for the sale or sharing of your Personal Data.

Right to Limit Use of Sensitive Personal Data

You have the right to limit the use and disclosure of your sensitive Personal Data to the use which is necessary to:

Perform the services or provide the goods reasonably expected by an average consumer who requests those goods or services; Perform the following services: (1) Helping to ensure security and integrity to the extent the use of the consumer's Personal Data is reasonably necessary and proportionate for these purposes; (2) Short-term, transient use, including, but not limited to, non-personalized advertising shown as part of a consumer's current interaction with the business, provided that the consumer's Personal Data is not disclosed to another third party and is not used to build a profile about the consumer or otherwise alter the consumer's experience outside the current interaction with the business; (3) Performing services on behalf of Company, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing analytic services, providing storage, or providing similar services on behalf of the business; and (4) Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured by, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned by, manufactured by, manufactured for, or controlled by the business; and As authorized by further regulations, you have a right to know if your sensitive Personal Data may be used, or disclosed to a service provider or contractor for additional specified purposes. Right to Deletion

Subject to certain exceptions set out below, on receipt of a verifiable request from you, Company will:

Delete your Personal Data from its records; Direct any service providers or contractors to delete your Personal Data from their records; and Direct third parties to whom the business has sold or shared your Personal Data to delete your Personal Data unless this proves impossible or involves disproportionate effort. Please note that Company may not delete your Personal Data if it is reasonably necessary to:

Complete the transaction for which the Personal Data was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and Company; Help to ensure security and integrity to the extent the use of the consumer's Personal Data is reasonably necessary and proportionate for those purposes; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with the California Electronic Communications Privacy Act; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided Company has obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with Company; Comply with an existing legal obligation; and/or Otherwise use your Personal Data, internally, in a lawful manner that is compatible with the context in which you provided the information. Right of Correction

If Company maintains inaccurate Personal Data about you, you have the right to request Company to correct that inaccurate Personal Data. Upon receipt of a verifiable request from you, Company will use commercially reasonable efforts to correct the inaccurate Personal Data.

Protection Against Retaliation

You have the right to not be retaliated against by Company because you exercised any of your rights under the CCPA/CPRA. This means Company cannot take any of the following actions as retaliation for your exercise of any of your rights under the CCPA/CPRA:

Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of goods or services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Please note that Company may charge a different price or rate or provide a different level or quality of goods and/or services to you based on reasonable commercial reasons unrelated to the exercise of your rights under the CCPA/CPRA. Company may also offer loyalty, rewards, premium features, discounts, or club card programs consistent with these rights or payments as compensation for the collection of Personal Data, the sale of Personal Data, or the retention of Personal Data. Direct any service providers or contractors to delete your Personal Data from their records; and Direct third parties to whom the business has sold or shared your Personal Data to delete your Personal Data unless this proves impossible or involves disproportionate effort. Please note that Company may not delete your Personal Data if it is reasonably necessary to:

Protection Against Retaliation

Questions about this document? Contact sales@ckhts.com or support@ckhts.com.