Privacy Shield Policy

Hinda recognizes that the EU and Switzerland have established strict protections regarding the handling of EU and/or Swiss Personal Data, including requirements to provide adequate protection for EU and/or Swiss Personal Data transferred outside of the EU and Switzerland. To provide adequate protection for certain EU and/or Swiss Personal Data relating to website visitors, customers, prospective customers, partners, vendors, third party suppliers and contractors that Hinda receives in the U.S., Hinda complies with the EU-U.S. Privacy Shield and the Swiss-U.S. Privacy Shield Frameworks (collectively, “Privacy Shield”) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. Hinda has certified to the Department of Commerce that it adheres to the Privacy Shield. Hinda adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. If there is any conflict between the terms in this Policy and the Privacy Shield, the Privacy Shield shall govern. For purposes of enforcing compliance with the Privacy Shield, Hinda is subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission. For more information about the Privacy Shield, see the U.S. Department of Commerce’s Privacy Shield website located at https://www.privacyshield.gov. To review Hinda’s Privacy Shield certification, see the U.S. Department of Commerce’s list of Privacy Shield certified companies located at https://www.privacyshield.gov/list.

Types of EU and/or Swiss Personal Data Collected

Hinda collects EU and/or Swiss Personal Data (i) from individuals who visit our website and voluntarily provide their information, and (ii) from our customers, vendors, contractors and agents, including the following specific types of information:

• Contact information, including name, address, email address and phone number
• Professional and employment information
• Financial information

Hinda also collects certain data that may not specifically identify an individual but relate to an individual’s visit to our site, including information about equipment, browsing actions and usage patterns. This data is used for internal purposes only.

Purposes of EU and/or Swiss Personal Data Collection and Use

Hinda collects, uses and processes EU and/or Swiss Personal Data for the purposes of:

• Providing information about our products, services and events
• Providing products, services and support to our customers
• Administrative purposes relating to processing transactions with our customers
• Communicating with business partners, vendors, agents and contractors about business matters
• Analysis of information in order to improve business practices, products and services
• Conducting related tasks for legitimate business purposes
• Other purposes disclosed at the time of collection
• Compliance with legal requirements and protection of rights and property

Hinda will only process EU and/or Swiss Personal Data in ways that are compatible with the purpose for which Hinda collected the EU and/or Swiss Personal Data, or for purposes that the individual or entity providing the EU and/or Swiss Personal Data later authorizes. Before we use your EU and/or Swiss Personal Data for a purpose that is materially different than the purpose for which it was collected or that you later authorized, we will provide you with the opportunity to opt out. Hinda maintains reasonable procedures to help ensure that EU and/or Swiss Personal Data is reliable for its intended use, accurate, complete, and current. We may collect, or our customers may provide to us when using Hinda services, certain EU and/or Swiss Personal Data that is regarded as “sensitive”. When we directly collect sensitive EU and/or Swiss Personal Data, we will obtain opt-in consent where the Privacy Shield requires, including if we disclose sensitive EU and/or Swiss Personal Data to third parties, or before we use sensitive EU and/or Swiss Personal Data for a different purpose than we collected it for or than the data subject later authorized.

Data Transfers to Third Parties

Third Party Agents or Service Providers. We may transfer EU and/or Swiss Personal Data to our third party agents or service providers that perform functions on our behalf. Where required by the Privacy Shield, we enter into written agreements with those third party agents and service providers requiring them to provide the same level of protection that the Privacy Shield requires and limiting their use of the data to the specified services provided on our behalf. We take reasonable and appropriate steps (i) to ensure that third party agents and service providers process EU and/or Swiss Personal Data in accordance with our Privacy Shield obligations and (ii) to stop and remediate any unauthorized processing. Under certain circumstances as specified within third party agreements, we may remain liable for the acts of our third party agents or service providers that perform services on our behalf for their handling of EU and/or Swiss Personal Data that we transfer to them. Third Party Data Controllers. In some cases, we may transfer EU and/or Swiss Personal Data to unaffiliated third party data controllers. These third parties do not act as agents or service providers and are not performing functions on our behalf. We may transfer your EU and/or Swiss Personal Data to third party data controllers for the following purposes:

• To facilitate provision of services to Hinda customers, Hinda may provide EU and/or Swiss Personal Data to third party software and services companies whose products interact with Hinda products and services in certain instances where an Hinda customer is also a client of such third party.

We will only provide your EU and/or Swiss Personal Data to third party data controllers where you have not opted-out of such disclosures. We enter into written contracts with any unaffiliated third party data controllers requiring them to provide the same level of protection for EU and/or Swiss Personal Data that the Privacy Shield requires. We also limit their use of your EU and/or Swiss Personal Data so that it is consistent with any consent you have provided and with the notices you have received. If we transfer your EU and/or Swiss Personal Data to one of our affiliated entities within our corporate group, we will take steps to ensure that your EU and/or Swiss Personal Data is protected with the same level of protection that the Privacy Shield requires.

Disclosures for National Security or Law Enforcement

Under certain circumstances, we may be required to disclose your EU and/or Swiss Personal Data in response to valid requests by public authorities, including to meet national security or law enforcement requirements.

Security

Hinda maintains reasonable and appropriate security measures to protect EU and/or Swiss Personal Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction in accordance with the Privacy Shield.

Access Rights

You may have the right to access the EU and/or Swiss Personal Data that we hold about you and to request that we correct, amend, or delete it if it is inaccurate or processed in violation of the Privacy Shield. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of your EU and/or Swiss Personal Data, you can submit a written request to the contact information provided below. We may request specific information from you to confirm your identity. In some circumstances we may charge a reasonable fee for access to your information. If your EU and/or Swiss Personal Data was provided to us by an Hinda customer, we may facilitate your access to such data by directing you to the customer that provided your data to us.

Questions or Complaints

You can direct any questions or complaints about the use or disclosure of your EU and/or Swiss Personal Data to us as noted below (Contact Us). We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your EU and/or Swiss Personal Data within 45 days of receiving your complaint. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact the European Union Data Protection Authorities (“DPAs”).

Binding Arbitration

You may have the option to select binding arbitration for the resolution of your complaint under certain circumstances, provided you have first taken the following steps: (1) raised your complaint directly with Hinda and provided us the opportunity to resolve the issue; (2) raised the issue through the relevant data protection authority and allowed the U.S. Department of Commerce an opportunity to resolve the complaint at no cost to you. For more information on binding arbitration, see U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration) at http://ec.europa.eu/justice/data-protection/files/annexes_eu-us_privacy_shield_en.pdf.

Contact Us

If you have any questions about this Policy or would like to request access to your EU and/or Swiss Personal Data, please contact us as follows: Hinda Attn: Vance Primus – Data Compliance Department 2440 W. 34^th St. Chicago, IL 60608, USA us-privacy@Hinda.com Changes To This Policy We reserve the right to amend this Policy from time to time consistent with the Privacy Shield’s requirements. Effective Date: October 10, 2019