Terms of Use (EU)

INTRODUCTION

Ubiquity Global Services, Inc. (“Ubiquity”) strives to properly address applicable data protection and privacy legal requirements. Ubiquity recognizes that the European Union (“EU”) has an “omnibus” data protection regime established pursuant to the European Data Protection Directive (95/46/EC) (the “Directive”). Among other things, the Directive generally requires “adequate protection” for the transfer of personally identifiable information about Ubiquity employees in the EU (“EU Employee Data”) and other individuals in the EU (“EU Individual Data”) (together, EU Employee Data and EU Individual Data are referred to herein as “Protected EU Data”) to Ubiquity operations in the United States. To address this requirement, Ubiquity adheres to the US/EU Privacy Shield Privacy Principles published by the US Department of Commerce (“Privacy Shield”) with respect to Protected EU Data that it receives in the United States from the EU. For more information about the Privacy Shield, please refer to the Privacy Shield website at https://www.privacyshield.gov/.

SCOPE

This Ubiquity Privacy Shield Policy (“Privacy Shield Privacy Policy”) provides employees and clients of customers of Ubiquity and Ubiquity’s subsidiaries and affiliates in the EU with certain important information about how Ubiquity handles Protected EU Data in the United States in accordance with the Privacy Shield. This Privacy Shield Privacy Policy does not apply to data concerning employees or individuals located outside of the EU or otherwise outside the scope of the Directive, such as employees or individuals in the United States or other non-EU jurisdictions.

NOTICE

EU Employee Data Transfers

The types of EU Employee Data that Ubiquity may receive in the United States include, but not necessarily limited to, the following:
* Personal information, including name, address, telephone number, email address, date of birth, gender, national identification number, social insurance number or other tax identification number, bank account information; and
* Employment related information, including job title, office location, work contact information, email address, department, supervisor, job responsibilities, accounting information, compensation information (including, but not necessarily limited to, base salary information, commissions, bonuses and severance, if or as may be applicable), pension information, benefit eligibility and elections, employment history, job application, interview evaluation, key dates (hire, rehire, service, termination, next review, incentive data (ratings and payment amounts), and performance information.
Ubiquity also may receive certain information regarding an employee’s spouse, family members, or other dependents for emergency contact purposes.

In addition, Ubiquity may receive EU Employee Data in the United States that is “sensitive” within the meaning of the Privacy Shield in a few instances. In particular, where permitted by applicable law, Ubiquity may receive information regarding criminal records and health or medical data for purposes of insurance claims resolution, payment of claims and for insurance underwriting purposes.

Uses of EU Employee Data

Ubiquity will use and otherwise process EU Employee Data in the United States for the following purposes:
* Annual compensation risk assessment;
* Maintenance of employee directory and global email system;
* Performance Management;
* Coordination of annual succession planning and talent management review;
* Internal Audits;
* Record-keeping and internal reporting;
* Maintenance of corporate insurance programs;
* Compensation, including administration and analysis;
* Payroll Processing;
* Pension Plan Administration;
* Succession Planning;
* Benefits and personnel administration; and
* Monitoring and enforcing compliance with company policies and procedures.

As necessary in connection with these purposes, Ubiquity personnel in the United States may, on a limited basis, access and otherwise process EU Employee Data in connection with their job responsibilities, as described in Ubiquity’s Personnel Records and Administration corporate policy, Access to Personnel Records corporate policy, and Verification of Employment and Neutral Reference corporate policy. Ubiquity takes appropriate steps to ensure that such personnel are bound by duties of confidentiality with respect to EU Employee Data.

EU Individual Data Transfers

The types of EU Individual Data that Ubiquity may receive in the United States include, but not necessarily limited to, the following:
* Personal information, including name, address, telephone number, email address, date of birth, gender, national identification number, social insurance number or other tax identification number, bank account information; and
* Other personal or sensitive information provided by an individual to our agents.

In addition, Ubiquity may receive EU Individual Data in the United States that is “sensitive” within the meaning of the Privacy Shield in a few instances.

Uses of EU Individual Data

Ubiquity will use and otherwise process EU Individual Data in the United States for the following purposes:
* Providing call center and other outsourced services to its customers;
* Backing up data;
* Internal audits;
* Record-keeping and internal reporting;
* Monitoring and enforcing compliance with company policies and procedures.

As necessary in connection with these purposes, Ubiquity personnel in the United States may, on a limited basis, access and otherwise process EU Individual Data in connection with their job responsibilities. Ubiquity takes appropriate steps to ensure that such personnel are bound by duties of confidentiality with respect to EU Individual Data.

CHOICE AND ONWARD TRANSFER

Ubiquity will only use Protected EU Data for the purposes for which such data was originally collected and will not disclose Protected EU Data to any third party, except with the appropriate consent of the affected individuals or as otherwise permitted under the Privacy Shield. In cases of onward transfer to third parties, Ubiquity remains responsible and liable under the Privacy Shield Principles if third-parties process data in a manner inconsistent with the Principles, unless Ubiquity proves that it is not responsible for the event giving rise to the damage.

DATA SECURITY AND DATA INTEGRITY

Ubiquity maintains reasonable security measures to safeguard Protected EU Data from loss, misuse, unauthorized access, disclosure, alteration, or destruction. Ubiquity also maintains reasonable procedures to help ensure that such data is reliable for its intended use and is accurate, complete, and current.

ACCESS

Individuals have the ability to access, review and update their own Protected EU Data in accordance with applicable law.

Employees should transmit requests for access to their own EU Employee Data, in writing (an email message using a work email address is acceptable), to the human resources department and/or to the Privacy Shield Contact identified below. All other individuals should transmit requests for access to their own EU Individual Data to the Privacy Shield Contact identified below.

If an individual in the EU is aware of changes or inaccuracies in his or her Protected EU Data, that individual is responsible for informing the Privacy Shield Contact (or, in the case of Ubiquity employees, the local human resources department) of such changes so that the Protected EU Data may be updated or corrected.

DISCLOSURES REQUIRED OR PERMITTED BY LAW

Regardless of any other provisions in this Privacy Shield Privacy Policy, Ubiquity may disclose or otherwise process Protected EU Data in the context of any sale or transaction involving all or a portion of the business, or as may be required or permitted by law, including to meet national security or law enforcement requirements, or the Privacy Shield.

ENFORCEMENT AND CONTACT INFORMATION

As a Privacy Shield participant, Ubiquity is subject to the investigatory and enforcement powers of the Federal Trade Commission. Ubiquity has further committed to cooperate with EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning Protected EU Data transferred from the EU, including EU Employee Data transferred in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs for more information or to file a complaint. Information regarding local contact information for local data protection authorities can be found at: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. For any residual claims, an individual may invoke binding arbitration as set forth in Annex I of the Privacy Shield, provided that such individual has invoked binding arbitration by delivering notice to Ubiquity’s Privacy Shield Contact in accordance with the procedures and subject to the limitations set forth in Annex I of the Privacy Shield. In particular, an individual who decides to invoke this arbitration option must first: 1) raise the claimed violation directly with Ubiquity and afford the Ubiquity an opportunity to resolve the issue within the timeframe set forth in Section III.11(d)(i) of the Privacy Shield; 2) make use of the independent recourse mechanism under the Privacy Shield; and 3) raise the issue through their Data Protection Authority to the Department of Commerce and afford the Department of Commerce an opportunity to use best efforts to resolve the issue within the timeframes set forth in the Letter from the International Trade Administration of the Department of Commerce.

Ubiquity Privacy Shield Contact:
Amy M. Pugh
Associate General Counsel
Ubiquity Services, Inc.
31 West 34th Street
8th Floor, Suite 8034
New York, NY 10001
646 257 2806
amy.pugh@ubiquity.com