US/EU PRIVACY SHIELD POLICY

Introduction / Activities of the Company

HarQen, LLC (the “Company”, “we”, or “us”) utilizes audio, video, and text to improve collaboration and enrich existing systems. The Company may work with clients based in the European Union (the “EU”) and/or receive Personal Information (defined herein) from individuals located in the EU. Protecting consumer privacy is important to the Company. The Company adheres to the EU-U.S. Privacy Shield Framework concerning the transfer of personal data, including Personal Information, from the EU to the United States of America (the “US”). Accordingly, we follow the Privacy Shield Principles published by the US Department of Commerce (the “Principles”) with respect to all such data. If there is any conflict between the policies in this US/EU Privacy Shield Policy (the “Privacy Shield Policy”) and the Principles, the Principles shall govern. This Privacy Shield Policy outlines our general policy and practices for implementing the Principles, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding our use of and their ability to correct that information. This Privacy Shield Policy applies to all Personal Information (defined herein) of individuals located in the EU that the Company receives whether in electronic, paper or verbal format.

The Company collects and processes audio, video, and text responses relating to an individual's interests or abilities. The gathered information is made available in a secure environment for the Company’s client to conduct evaluations. The Company can, at the request of the Company’s client, disclose candidate responses to third parties for evaluation such as professional assessment firms, third-party hiring managers, or subject-matter experts.

To learn more about the EU-U.S. Privacy Shield Framework and access a list of self-certified companies, please visit https://www.PrivacyShield.gov/.

Contact Information

Questions, comments or complaints regarding the Privacy Shield Policy or data collection and processing practices can be to the Company at the mailing address, email address or telephone number listed below. These contacts are available for the handling of inquiries, complaints, access requests, and any other issues arising under the Privacy Shield Policy.

Name of Organization: HarQen, LLC

Mailing Address:

HarQen, LLC

Attn: Privacy Officer

300 N. Corporate Dr., Suite 340

Brookfield, WI 53045

USA

Email Address: privacy@harqen.com

Telephone: +1 414-755-1962

Definitions

“Personal Information” means information that (1) is transferred from the EU to the US; (2) is recorded in any form; (3) is about or pertains to a specific individual; and (4) can be linked to that individual, which may include without limitation, an audio or video recordings of a specific individual’s disclosure of his or her name, address, credentials, and other personal information.

“Sensitive Personal Information” means Personal Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns an individual’s health.

Principles

Effective date of implementation

2018-05-10

Notice

The Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent third parties to which the Company discloses or may disclose such Personal Information. The Company shall provide such individual with the choice and means for limiting the use and disclosure of such Personal Information. Notice will be provided in clear and conspicuous language when individuals are first asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any event before the Company uses or discloses the Personal Information for a purpose other than for which it was originally collected. The Company has developed notice and accompanying opt-in policy that requires the individual whose Personal Information the Company will receive to specifically opt-in or, alternatively, refuse to consent to the collection of such data.

Choice / Right to Limit Use

The Company will offer each individual the opportunity to choose whether such individual’s Personal Information is (1) to be disclosed to a third party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give each individual the opportunity to affirmatively or explicitly consent to the disclosure of the Sensitive Personal Information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The Company shall treat Sensitive Personal Information received from an individual with a similar level of care as the individual would treat it.

Onward Transfers and Change of Control

Prior to disclosing Personal Information to a third party, the Company shall notify the individual of such disclosure, including without limitation all US-affiliated companies that will access transferred Personal Information, and allow the individual the choice of such disclosure. The Company shall ensure that any third party for which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. As part of the Company’s opt-in policy, the individual will be asked to consent to the transfer of certain Personal Information to the Company’s client.  The Company is liable for onward transfers to third-party service providers or agents.

We may we sell, merge, divest, reorganize, or transfer all or part of the company, including any of our products, services, assets and/or businesses, go through a bankruptcy (each a “Transaction”). Notwithstanding the foregoing paragraph, your information such as customer names and email addresses, and other user information related to our products and services may be among the assets sold, assigned or otherwise transferred in such a Transaction. You will be notified via email and/or a prominent notice on our website of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information.

Data Security

The Company shall take reasonable steps to protect the Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction. The Company has put in place appropriate physical, electronic and managerial/administrative procedures to safeguard and secure the Personal Information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Though the Company will take reasonable steps to ensure the privacy and security of the Personal Information, it cannot guarantee the security of Personal Information on or transmitted via the Internet. The Company shall make individuals aware of this limitation and to the extent data is transmitted via the Internet, the individuals will be asked to consent to such transmission.

Data Integrity / Corrections

The Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes and subject to the knowledge of the Company, the Company shall take reasonable steps to ensure that Personal Information is accurate, complete, current and reliable for its intended use. The Company will take reasonable steps to correct any inaccurate or incomplete data it may find and that it knows is inaccurate or incomplete, while processing the Personal Information and may ask the individual to update and/or supplement the Personal Information held by the Company.

Access to Individuals

The Company shall allow an individual access to their Personal Information and allow the individual to correct, amend or delete inaccurate information, except if the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in the case in question or if the rights of persons other than the individual would be violated. The individual may not be granted access to work product of the Company, but such individual will be given access to the Personal Information upon which the work product is based. An individual may submit Personal Information to the Company from time to time for certain specific purposes. Such individual may not be able to access such Personal Information once it is submitted to the Company.

Human Resources Data

The Company commits to respect the Principles regarding human resources data. This may require coordinating with the EU employers providing access to this data.

Enforcement

The Company uses a self-assessment approach to assure compliance with this Privacy Shield Policy and periodically verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided. We will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Information in accordance with the Principles.

In compliance with the Principles, the Company commits to resolve complaints about your privacy and our collection or use of your personal information. EU citizens with inquiries or complaints regarding this Privacy Shield Policy should first contact the Company’s Privacy Officer at the contact information listed above.

We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of personal data within forty-five (45) days of receiving your complaint. We have further committed to refer unresolved privacy complaints under the EU-U.S. Privacy Shield Principles to BBB EU PRIVACY SHIELD, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information and to file a complaint.

Under certain circumstances, individuals may choose to refer unresolved disputes under the Principles free of charge to such individual to binding arbitration with an independent dispute resolution body established by a data protection authority (“DPA”) panel in your location. If you do not receive timely acknowledgment of your complaint (within 45 days), or if your complaint is not satisfactorily addressed by the Company, please visit the following site for additional recourse https://www.PrivacyShield.gov/.

The Company is subject to the investigatory and enforcement powers of the US Federal Trade Commission (https://www.ftc.gov/).

Information Subject to Other Policies

The Company is committed to following the Principles for all Personal Information within the scope of the EU-U.S. Privacy Shield Framework. However, certain information is subject to policies of the Company that may differ in some respects from the general policies set forth in this Privacy Shield Policy.

Name of any privacy program in which the organization is a member

EU-U.S. Privacy Shield Framework

Method of Annual Verification

In-House Verification

The independent recourse mechanism that is available to investigate unresolved complaints

BBB EU Privacy Shield (www.bbb.org/EU-privacy-shield/for-eu-consumers/) Recourse, Enforcement, and Liability

The Company remains responsible and liable under the Principles and works with third parties in the processing of personal data, unless the Company can prove that it is not responsible for the event giving rise to the damage.

The Company elects to satisfy the requirement in points (a)(i) through (a)(iii) of the Privacy Shield Recourse, Enforcement and Liability Principle by committing to cooperate with the DPAs.

The Company commits to cooperate with the DPAs in the investigation and resolution of complaints brought under the EU-U.S. Privacy Shield Framework.

The Company commits to cooperate with the DPAs with regard to human resources data transferred from the EU in the context of the employment relationship.

The Company will comply with advice given by the DPAs where the DPAs take the view that the Company needs to take specific action to comply with the Principles, including remedial or compensatory measures for the benefit of individuals affected by any non-compliance with the Principles, and will provide the DPAs with written confirmation that such action has been taken.

As an organization that is committing to utilize the EU DPAs, the Company supports EU DPA panels through the US Council for International Business, which has agreed to act as trusted third-party for this purpose.

Disclosure to Public Authorities

The Company must disclose Personal Information to comply with valid and lawful requests from public authorities, including national security and law enforcement.

Availability and Amendments

This Privacy Shield Policy may be amended from time to time consistent with the Principles and the requirements of the EU-U.S. Privacy Shield Framework. We will post any revised Privacy Shield Policy at http://harqen.com/policies/eu-privacy-shield.html.