(Effective Date September 2016)

This Privacy Policy (“Policy”) applies to Perfect Commerce Holdings, LLC, and all of its United States based subsidiaries, including without limitation, Perfect Commerce, LLC, Perfect Commerce Global Purchasing, Perfect Commerce Operations, Inc., Pantellos Corporation, Pantellos I, Inc., Pantellos II, Inc., Perfect Commerce LP, Commerce One, LLC, Commerce One BPO, LLC, Trade Ranger US Inc., Trade-Ranger Management, LLC, Trade-Ranger Holdings, LLC, Hubwoo USA LP, Hubwoo USA Inc., C1CAT, LLC, and Compro Business Services, LLC (collectively and individually “Perfect”). Perfect’s international subsidiaries, including without limitation, Perfect Commerce France SAS, Perfect Commerce UK Limited, Perfect Commerce S.A., Perfect Commerce GmbH, Perfect Commerce Limited, Perfect Commerce Southeast Asia Limited, Hubwoo SA, Hubwoo Belgium SA, Hubwoo Germany GmbH, CC-Chemplorer Ltd., Conexa Pty. Ltd, InterSources (UK) Ltd., and InterSources India Pvt., (collectively “Global Subsidiaries”), send data to Perfect and also comply with the general privacy principles contained herein.

Perfect is located within the United States and recognizes the jurisdiction of the US Department of Commerce. Perfect complies with the US-EU Privacy Shield Framework and the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce, regarding the collection, use, and retention of personal information from European Union member countries. Perfect affirms that it participates in the Privacy Shield Framework program. Perfect certifies that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Perfect certifies that it will process data in accordance with these Principles. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list. Perfect reserves the right to use model contract clauses as approved by the European Commission in lieu of other means or as a supplement to other means of Privacy compliance. For more information on model contract clauses visit http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm

As a condition of use of this website and related Service (as defined below), You (“User(s)”) agree on your own behalf and on behalf of each entity on whose behalf you act, to the terms of this Policy, as amended from time to time, and to the practices for the collection, use, or disclosure of your personal information as described herein.

Collection and Use of Information

Perfect and its Global Subsidiaries collect, use, and retain information, including “Personal Information,” (“Information”), about Users and “User Companies” through our websites, through third party vendors, and through hosted on-demand software as a service software application, to service, identify, and communicate with Users and potential customers (collectively, the “Service”). Perfect and its Global Subsidiaries’ work with third parties consisting of, vendors, suppliers, buyers, users, auditors, subcontractors, and agents such as lawyers and accountants.

Perfect and its Global Subsidiaries do not sell, rent, distribute or provide User Information or any marketing lists to third parties other than to subcontractors as may be necessary to meet business needs. Subcontractors having access to Information are bound by contractual confidentiality provisions and have agreed to meet all applicable privacy laws, specifically including the Privacy Shield Privacy Principles, as applicable, while acting on Perfect’s behalf. Customer Information will not be sold, distributed, or shared with third parties for third party marketing, except when acting on behalf of Perfect and within the bounds of this privacy policy.

Perfect and its Global Subsidiaries are aware of the potential liability in cases of onward transfers of Privacy Shield data to third parties, and employ at a minimum, reasonable industry standard precautions to mitigate any potential risks. When transferring personal data to authorized third parties, Perfect and its Global Subsidiaries agree to the following: (i) transfer such data only for its limited and specified purposes (ii) ensure that third parties provide at least the same level of privacy protection as is required by the Principles (iii) take reasonable and appropriate steps to ensure that third parties effectively process the personal information transferred in a manner consistent with Perfect’s and its Global Subsidiaries’ obligations under the Principles (iv) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing and (v) upon request, provide a summary or a representative copy of the relevant privacy provisions of the contract with the third party to the Department.

Public Facing Marketing Websites and Prospective Customers

Perfect and its Global Subsidiaries publish a public website for marketing purposes (www.perfect.com) which is hosted in the Commonwealth of Virginia, in the United States.

As a general policy, Perfect and its Global Subsidiaries do not automatically collect or store Information concerning visitors to our public websites except information generally considered “Website Visitor Analytics Data” such as:

Domain information,
The Internet address of the website from which User linked directly to our site, if any, and if navigating from a search engine site, may collect search information through one or more third party service providers,
The type of web browsing software User uses to view Perfect and its Global Subsidiaries’ sites, such as Microsoft Internet Explorer, and
The date and time User accesses our site.
Website Visitor Analytics Data are not matched or cross referenced with other data except in conjunction with evaluating website effectiveness. Visitors to public facing marketing websites for Perfect and its Global Subsidiaries may be asked to provide personal contact information with the purpose of soliciting contact by Perfect and/or its Global Subsidiaries. The contact information that these visitors provide is added to a “Marketing List,” which is contained in a third party provided software as a service customer relationship management database hosted by a large U.S. based provider.

For the purpose of identifying potential business customers, Marketing Lists may be supplemented or additional contacts may be added from time to time through the use of third party marketing list providers such as Zoom Information, Inc. or Hoovers. Perfect and its Global Subsidiaries currently do not purchase marketing lists for European markets, except as provided in connection with fees for participation in a tradeshow or similar event. Whenever marketing lists are purchased, Perfect requires providers to make appropriate contractual representations regarding compliance with the privacy laws of the countries where the contacts are located. In addition, Information may be added to Marketing Lists from tradeshows or through personal interactions with employees or agents. Contact information typically included in the Marketing List includes name, title, business name, address, phone number, and e-mail address.

Perfect, its Global Subsidiaries, or a contracted third party marketing firm will use the Marketing List to communicate on a regular basis with potential customers using email and/or a dynamic e-Newsletter with a Perfect domain and e-mail as the sender. Click through responses are collected, scored, and stored with the Marketing List. If the score is significant, a phone call will be placed to the target which will ask the target for confirmation that the user is interested. At any time, any person on a Marketing List may request to be removed, may request for access to their personal data, or may request a correction, amendment, or deletion be made to incorrect personal data, and such requests will be reasonably accommodated, except where providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Software as a Service Application

In addition to maintaining useful Marketing Lists, Perfect and/or its Global Subsidiaries may use Information to provide Users with information relating to products and services provided by Perfect or its Global Subsidiaries, to respond to specific questions from Users, to comply with certain reporting laws and regulations, to design or improve our products and services, to extend invitations to participate in sourcing events, and to communicate with Users regarding our offerings.

If User becomes a Customer of Perfect or one of its Global Subsidiaries, (“Customer”), User will provide Perfect with additional information about User in order to facilitate transactions that User or User Companies may initiate through Perfect’s software as a service application.

If a Customer initiates a transaction through any software as a service application, that Information User provides will be used to facilitate the completion of the transaction.

If User subscribes to the Perfect Open Supplier Network (OSN) as a “Supplier,” Information may be shared with other Customers who use the OSN as “Buyers” as part of the Perfect trading partner directory, unless User exercises the Opt-out procedures below or otherwise restricts authorization of use as part of a signed contract with Perfect. Inclusion in the Perfect trading partner directory means that Information identifying Suppliers will be exposed to all Buyers using the OSN.

Customers of the Services will be using the Site to host data and information (“Data”). In the collection and use of this Data, Perfect and its Global Subsidiaries generally function as a Data Processor, as defined by various laws and as established in customer contracts. Perfect Commerce will not review, share, distribute, print, or reference any such Data except as provided herein, in the contract agreement with Customer, or as may be required by law. Individual Data records may at times be viewed or accessed for the purpose of resolving a problem, support issue, suspected violation of the contract agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration login id and password.

Unless prohibited by law or by contract, Perfect and its Global Subsidiaries do aggregate Data containing personal information about Customers and the electronic commerce conducted through the OSN in order to, among other things, compile and distribute aggregated or sanitized statistics and general OSN information about Customers. Perfect and its Global Subsidiaries do this in a manner that would not reveal individual personal information except to a Customer and only then would do so for its own Users.

Perfect and its Global Subsidiaries require Customers who register to use the services offered on our websites or software as a service application to provide information which may include: contact name, company name, address, phone number, e-mail address, and financial qualification and billing information such as, billing name and address, credit card number for billing purposes, and the number of Users within the organization that will be using the Service. When a Customer expresses interest in obtaining additional information, or when a Customer registers for the Service, we may also ask for additional personal information, such as title, department name, fax number, or additional company information, such as annual revenues, number of employees, or industry. Perfect cautions Customers against sending credit card information in email, however, Perfect uses encryption technology in its email systems to mitigate some risk.

Customers can opt out by not providing Information when asked or by making a request in accordance with the Opt-out procedures below. Customers with log-in information may also update or remove their personal information at any time by logging into the applications they use and editing their Personal Information within Setup. If this functionality is unavailable with User’s specific software as a service application, or if functionality is otherwise not available, then Information collected may be retrieved and modified upon the reasonable request of the User to privacy@perfect.com. Upon receiving such request, Perfect may demand that User reasonably demonstrate the validity of his or her identity. Perfect will not require that any Personal Information be transmitted via unsecured email.

Sensitive Information

Generally, Perfect and its Global Subsidiaries do not collect Sensitive Information from Users as defined by various laws, except to the extent that a person’s name, title, employer, telephone number, email address, tax identification number, and business address may be considered

Sensitive Information in a particular jurisdiction. The one exception to this is, in the U.S., we do allow our customers to collect business registration information for minority business programs designed to promote minority owned businesses. To that end, by using our website and services, applicable Users consent to potentially having some sensitive information collected, for the aforementioned limited purpose(s). Tax identification information may be collected in general business documents such as IRS Form I-9. Perfect complies with all laws where it does business regarding this tax identification information. Sensitive Information of Perfect’s or its Global Subsidiaries’ employees may be collected and/or used only as required by law.

International Transmission of Information (including Employee Information)

From time to time, personal information may be shared by Global Subsidiaries with Perfect, however, personal information is not shared directly among Global Subsidiaries except between subsidiaries within the European Union. Personal information may be shared by Perfect with Global Subsidiaries, unless expressly prohibited by law.

Generally, for Marketing Lists, vendor information, and human resources information, Perfect has instituted specific procedures to protect the privacy of the employees of customers and of Perfect’s employees and its Global Subsidiaries’ employees who are located in Europe and elsewhere in the world. Perfect provides Customers the option of setting up a semi-anonymous account for the transfer of their employees’ account information. Employees of Perfect and/or its Global Subsidiaries in Europe are provided the option to “opt-in” to Perfect’s transfer of their personal data, however, if preferred, alternative arrangements can be made. Contact Perfect at privacy@perfect.com if arrangements in accordance with this section are necessary or desired.

Employee Access to Confidential Information

All of Perfect and its Global Subsidiaries’ employees are required to follow our employee privacy policy. The employee privacy policy provides that employees are obligated to keep Customer Information confidential and never to discuss or disclose such Information inside or outside of Perfect or its Global Subsidiaries unless it is required to transact proper business. This obligation continues once an employee has left the employment of Perfect or one of its Global Subsidiaries.

Right to Access, Correct or Delete Personal Data

Individual Users have the right to know what Personal Data about them is included in Perfect’s databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Perfect collected it. Individual Users may review their own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Perfect’s policies. Upon reasonable request and as required by the Privacy Shield principles, Perfect allows Individual Users access to their own Personal Data, in order to correct or amend such data where inaccurate.

Individuals may edit their Personal Data by logging into their account profile or by contacting Perfect at privacy@perfect.com. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request erasure of Personal Data, Individual Customers should submit a written request to Perfect at privacy@perfect.com.

Perfect will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.

Protection of Information via Established Security Procedures

Perfect and its Global Subsidiaries maintain security standards and procedures to help prevent unauthorized access to confidential information about you that is under our control. We update and test our technology to improve the protection of our information about you and to help assure the integrity of our information.

When our software as a service application is accessed using web browsers, Secure Socket Layer (SSL) technology is used to protect information using both server authentication and data encryption that help ensure that Data is safe, secure, and available only to the User. Perfect and its Global Subsidiaries also implement an advanced security method based on dynamic data and encoded session identifications, and hosts the Site in a secure server environment that uses firewall and other technology to prevent interference or access from outside intruders. Finally, Perfect and its Global Subsidiaries provide unique user names and passwords that must be entered each time that a Customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.

Cache Storage of Information

Internet browser software typically stores/caches information from the website being visited on the hard drive of the User. This means that information viewed or inputted during a visit to a website can usually be viewed again by merely hitting the “BACK” button in your browser. Some websites issue a “no-cache” command to browsers to prevent this temporary storage. To provide better service to Users, we do not send this command to the browser. To better protect your personal information, Users should clear their cache of information from their computers periodically. Instructions for clearing this cache are usually included in the User’s browser.

Cookies

To provide better service, Perfect, its Global Subsidiaries, or either’s agents, may use “cookies.” A cookie is a small bit of information sent to your browser application that is written into storage, so that it can be retrieved later. A cookie is a way for a web site to recognize whether or not you have visited the site before. Your web browser can be set to inform you when cookies are set or to prevent them from being set.

Perfect and its Global Subsidiaries use two types of cookies: session and persistent-based. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include information such as a unique identifier for your browser. Perfect and its Global Subsidiaries use session cookies containing encrypted information to allow the system to uniquely identify Users while logged in. Session cookies are required in order to use Perfect’s and its Global Subsidiaries’ software as a service application. Perfect and its Global Subsidiaries also use persistent cookies, that is useful for Perfect and its Global Subsidiaries to identify the fact that you are a Customer or a prior web site visitor. Perfect and its Global Subsidiaries are very careful about the security and confidentiality of the information stored in persistent cookies. For example, Perfect does not store account numbers or passwords in persistent cookies.

To help us administer our website and improve its quality, Perfect and its Global Subsidiaries may from time to time engage third parties to track and analyze non-personally identifiable usage, volume, and statistical information from visitors to our website. Such third parties may use cookies to help track visitor behavior. All data collected by such third parties on behalf of Perfect and its Global Subsidiaries are used only to provide Perfect and its Global Subsidiaries with information on website usage and is not shared by Perfect and its Global Subsidiaries with any other third parties other than Perfect’s contractors.

Users expressly “opt-in” and consent to the use by Perfect and its Global Subsidiaries of any cookies necessary for the Services to function properly. Users may Opt-out or revoke consent of the use of cookies by Perfect and/or its Global Subsidiaries at any time by using the Opt-out Policy. In the event that a User chooses to Opt-out or revoke consent of the use of cookies by Perfect or its Global Subsidiaries, Perfect and/or its Global Subsidiaries may discontinue providing Perfect Services to that User without breaching any Agreement with the User related to the Services.

Website Links and Third Party Content

This policy covers only information that is collected by Perfect or its Global Subsidiaries’ website(s) or software as a service application. It does not cover information collected on sites that are not operated by Perfect or its Global Subsidiaries, or by a Customer’s vendor on its own behalf, or sites that appear as links on a Customer’s portion of the software as a service application.

Perfect and its Global Subsidiaries’ websites and software as a service application may contain links to other sites, including those of our business partners, vendors and advertisers. While we try to link only to sites that share our high standards, adherence to, and respect for privacy, please understand that we are not responsible for the content of, or the privacy practices employed by other sites. Therefore, Customers and visitors who access a linked site may be disclosing their private information. To understand their privacy expectations, we strongly encourage Customers and visitors to check the privacy policy statement of these other websites.

Opt-Out Policy

At any time, individuals can opt out of being contacted or receiving information from us, simply by sending an email to privacy@perfect.com, or by sending regular mail to the address listed below. We will reasonably accommodate all requests. In addition, Perfect and its Global Subsidiaries do not intend to collect information of legal minors (for example, persons under the age of 18 in the United States.) If you have reason to believe that Perfect or its Global Subsidiaries has personal information of minors, please inform Perfect immediately.

Changes to Privacy Policy and Practices

Perfect and its Global Subsidiaries reserve the right to make changes to this Policy and to our related procedures at any time. In order to notify Users and Customers of changes to our Privacy Policy, as changes are made to the Policy, this webpage will be updated to display the most current Policy, including its effective date. We encourage you to review this Policy from time to time. In addition, the terms contained in any signed contract shall take precedence over the terms of this policy.

Investigatory and Enforcement Powers

Perfect and its Global Subsidiaries acknowledge that they are subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).,

Lawful Requests

Perfect and its Global Subsidiaries may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including, to meet national security or law enforcement requirements.

Enforcement of Policy

For inquiries or complaints, or if you suspect a violation of this Policy, please address your concerns first to the Legal Department at Perfect at:

privacy@perfect.com

OR

Perfect Commerce

Attn: Legal Department

PO Box 12079

Newport News, VA 23612

Perfect will respond to your concerns within 45 days. If you do not receive a response within 45 days, you may seek enforcement of this Policy by initiating a complaint. Perfect has committed to refer unresolved privacy complaints under the US-EU Privacy Shield Framework to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. For more information on how to file a claim with the BBB EU, free of charge, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers. Finally, as a last resort and in limited situations, EU individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. This arbitration option is available to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles, and whether any such violation remains fully or partially unremedied. For more information on the Privacy Shield Panel visit https://www.commerce.gov/sites/commerce.gov/files/media/files/2016/eu_us_privacy_shield_full_text.pdf.pdf

Email

To better serve you, if you use email, Perfect and its Global Subsidiaries will generally preserve the content of your email, including, your email address, and our response. Depending on the content of your email, we may be required by existing laws and regulations to keep this information.

If you send email to us, please remember that email is not secure against interception. If your email contains information that is very sensitive or includes personal information such as account numbers, charge card or credit card numbers, or social security number, please send this information via postal mail or contact us to establish or verify a secure electronic transmission process.

Contact Information and Internal Procedures

If you have any questions, please contact us at privacy@perfect.com or call our Headquarters and ask to speak with someone from the Legal Department. A team of legal and information technology experts will review the Policy annually and will report internally on compliance to the certifying officer for this program prior to recertification to the US Department of Commerce.

US-Swiss Safe Harbor

Perfect and its Global Subsidiaries comply with the US-Swiss Safe Harbor Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from Switzerland. Perfect and its Global Subsidiaries have certified that they adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Safe Harbor Privacy Principles, the Safe Harbor Privacy Principles shall govern. To learn more about the US-Swiss Safe Harbor and to view our certification page, please visit http://www.export.gov/safeharbor/

In compliance with the US-Swiss Safe Harbor Principles, Perfect and its Global Subsidiaries commit to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact the Legal Department at Perfect at: privacy@perfect.com

OR

Perfect Commerce

Attn: Legal Department

PO Box 12079

Newport News, VA 23612

Perfect and its Global Subsidiaries have further committed to refer unresolved privacy complaints under the US-Swiss Safe Harbor to an independent dispute resolution mechanism operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/us/safe-harbor-complaints for more information and to file a complaint.

HR Data From the European Union & Switzerland

Perfect agrees to cooperate with local DPAs for HR Data. Users with an HR Data complaint should first contact us at the address above. If your HR Data complaint has not been resolved in a timely manner, users may also file a complaint with their local Data Protection Authority (“DPA”). For information on how to contact your EU jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.