(Effective Date October 2017)

This Privacy Policy (“Policy”) applies to Proactis US Holdings Inc., and all of its United States based subsidiaries and affiliates, including without limitation, Perfect Commerce, LLC; Intesource, Inc.; Proactis Inc.; Perfect Commerce Global Purchasing; Perfect Commerce Operations, Inc.; Commerce One, LLC; Commerce One BPO, LLC; C1CAT, LLC; Trade Ranger US Inc., Trade-Ranger Management, LLC, Trade-Ranger Holdings, LLC, Hubwoo USA LP, Hubwoo USA Inc., and Compro Business Services, LLC (collectively and individually “Company”).

Proactis US Holdings Inc. is a wholly owned subsidiary of Proactis Holdings PLC (“Proactis Holdings”). Proactis Holdings has its own privacy policy, which applies to all of its subsidiaries based outside of the United States, and may be accessed at: http://www.proactis.com/Footer-Links/Privacy.

Company is located within the United States and recognizes the jurisdiction of the US Department of Commerce. Company complies with the US-EU Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce, regarding the collection, use, and retention of personal information from the European Union and Switzerland to the United States, respectively. Company affirms that it participates in the Privacy Shield Framework program. Company certifies that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement, and Liability. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. Company certifies that it will process data in accordance with these Principles. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/ and https://www.privacyshield.gov/list. Company reserves the right to use model contract clauses as approved by the European Commission in lieu of other means or as a supplement to other means of Privacy compliance. For more information on model contract clauses visit http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm

As a condition of use of this website and related Service (as defined below), You (“User(s)”) agree on your own behalf and on behalf of each entity on whose behalf you act, to the terms of this Policy, as amended from time to time, and to the practices for the collection, use, or disclosure of your personal information as described herein.

Collection and Use of Information

Company collects, uses, and retains information, including “Personal Information,” (“Information”), about Users and “User Companies” through our websites, through third party vendors, and through hosted on-demand software as a service software application, to service, identify, and communicate with Users and potential customers (collectively, the “Service”). Company works with third parties consisting of, vendors, suppliers, buyers, users, auditors, subcontractors, and agents such as lawyers and accountants.

Company does not sell, rent, distribute or provide User Information or any marketing lists to third parties other than to subcontractors as may be necessary to meet business needs. Subcontractors having access to Information are bound by contractual confidentiality provisions and have agreed to meet all applicable privacy laws, specifically including the Privacy Shield Privacy Principles, as applicable, while acting on Company’s behalf. Customer Information will not be sold, distributed, or shared with third parties for third party marketing, except when acting on behalf of Company and within the bounds of this privacy policy.

Company is aware of the potential liability in cases of onward transfers of Privacy Shield data to third parties, and employ at a minimum, reasonable industry standard precautions to mitigate any potential risks. When transferring personal data to authorized third parties, Company agrees to the following: (i) transfer such data only for its limited and specified purposes (ii) ensure that third parties provide at least the same level of privacy protection as is required by the Principles (iii) take reasonable and appropriate steps to ensure that third parties effectively process the personal information transferred in a manner consistent with Company’s obligations under the Principles (iv) upon notice, take reasonable and appropriate steps to stop and remediate unauthorized processing and (v) upon request, provide a summary or a representative copy of the relevant privacy provisions of the contract with the third party to the Department.

Public Facing Marketing Websites and Prospective Customers

Company publishes a public website for marketing purposes (www.Perfect.com) which is hosted in the Commonwealth of Virginia, in the United States.

As a general policy, Company does not automatically collect or store Information concerning visitors to our public websites except information generally considered “Website Visitor Analytics Data” such as:

Domain information,
The Internet address of the website from which User linked directly to our site, if any, and if navigating from a search engine site, may collect search information through one or more third party service providers,
The type of web browsing software User uses to view Company’s sites, such as Microsoft Internet Explorer, and
The date and time User accesses our site.
Website Visitor Analytics Data are not matched or cross referenced with other data except in conjunction with evaluating website effectiveness. Visitors to public facing marketing websites for Company may be asked to provide personal contact information with the purpose of soliciting contact by Company. The contact information that these visitors provide is added to a “Marketing List,” which is contained in a third party provided software as a service customer relationship management database hosted by a large U.S. based provider.
For the purpose of identifying potential business customers, Marketing Lists may be supplemented or additional contacts may be added from time to time using third party marketing list providers such as Zoom Information, Inc. or Hoovers. Company currently does not purchase marketing lists for European markets, except as provided in connection with fees for participation in a tradeshow or similar event. Whenever marketing lists are purchased, Company requires providers to make appropriate contractual representations regarding compliance with the privacy laws of the countries where the contacts are located. In addition, Information may be added to Marketing Lists from tradeshows or through personal interactions with employees or agents. Contact information typically included in the Marketing List includes name, title, business name, address, phone number, and e-mail address.

Company, or a contracted third-party marketing firm, will use the Marketing List to communicate on a regular basis with potential customers using email and/or a dynamic e-Newsletter with a Company domain and e-mail as the sender. Click through responses are collected, scored, and stored with the Marketing List. If the score is significant, a phone call will be placed to the target which will ask the target for confirmation that the user is interested. At any time, any person on a Marketing List may request to be removed, may request for access to their personal data, or may request a correction, amendment, or deletion be made to incorrect personal data, and such requests will be reasonably accommodated, except where providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

Software as a Service Application

In addition to maintaining useful Marketing Lists, Company may use Information to provide Users with information relating to products and services provided by Company, to respond to specific questions from Users, to comply with certain reporting laws and regulations, to design or improve our products and services, to extend invitations to participate in sourcing events, and to communicate with Users regarding our offerings.

If User becomes a Customer of Company, (“Customer”), User will provide Company with additional information about User in order to facilitate transactions that User or User Companies may initiate through Company’s software as a service application.

If a Customer initiates a transaction through any software as a service application, that Information User provides will be used to facilitate the completion of the transaction.

If User subscribes to the Perfect Open Supplier Network (OSN) as a “Supplier,” Information may be shared with other Customers who use the OSN as “Buyers” as part of the Company trading partner directory, unless User exercises the Opt-out procedures below or otherwise restricts authorization of use as part of a signed contract with Company. Inclusion in the Company trading partner directory means that Information identifying Suppliers will be exposed to all Buyers using the OSN.

Customers of the Services will be using the Site to host data and information (“Data”). In the collection and use of this Data, Company generally functions as a Data Processor, as defined by various laws and as established in customer contracts. Company will not review, share, distribute, print, or reference any such Data except as provided herein, in the contract agreement with Customer, or as may be required by law. Individual Data records may at times be viewed or accessed for the purpose of resolving a problem, support issue, suspected violation of the contract agreement, or as may be required by law. Customers are responsible for maintaining the confidentiality and security of their user registration login id and password.

Unless prohibited by law or by contract, Company aggregates Data containing personal information about Customers and the electronic commerce conducted through the OSN in order to, among other things, compile and distribute aggregated or sanitized statistics and general OSN information about Customers. Company does this in a manner that would not reveal individual personal information except to a Customer and only then would do so for its own Users.

Company requires Customers who register to use the services offered on our websites or software as a service application to provide information which may include: contact name, company name, address, phone number, e-mail address, and financial qualification and billing information such as, billing name and address, credit card number for billing purposes, and the number of Users within the organization that will be using the Service. When a Customer expresses interest in obtaining additional information, or when a Customer registers for the Service, we may also ask for additional personal information, such as title, department name, fax number, or additional company information, such as annual revenues, number of employees, or industry. Company cautions Customers against sending credit card information in email, however, Company uses encryption technology in its email systems to mitigate some risk.

Customers can opt out by not providing Information when asked or by making a request in accordance with the Opt-out procedures below. Customers with log-in information may also update or remove their personal information at any time by logging into the applications they use and editing their Personal Information within Setup. If this functionality is unavailable with User’s specific software as a service application, or if functionality is otherwise not available, then Information collected may be retrieved and modified upon the reasonable request of the User to privacy@perfect.com. Upon receiving such request, Company may demand that User reasonably demonstrate the validity of his or her identity. Company will not require that any Personal Information be transmitted via unsecured email.

Sensitive Information

Generally, Company does not collect Sensitive Information from Users as defined by various laws, except to the extent that a person’s name, title, employer, telephone number, email address, tax identification number, and business address may be considered Sensitive Information in a particular jurisdiction. The one exception to this is, in the U.S., we do allow our customers to collect business registration information for minority business programs designed to promote minority owned businesses. To that end, by using our website and services, applicable Users consent to potentially having some sensitive information collected, for the aforementioned limited purpose(s). Tax identification information may be collected in general business documents such as IRS Form I-9. Company complies with all laws where it does business regarding this tax identification information. Sensitive Information of Company’s employees may be collected and/or used only as required by law.

International Transmission of Information (including Employee Information)

From time to time, personal information may be shared by Proactis Holdings and its non-U.S. subsidiaries with Company, however, personal information is not shared directly within Proactis Holdings except between subsidiaries within the European Union. Personal information may be shared by Company with Proactis Holdings and its non-U.S. subsidiaries, unless expressly prohibited by law.

Generally, for Marketing Lists, vendor information, and human resources information, Company has instituted specific procedures to protect the privacy of the employees of customers and of Company’s employees. Company provides Customers the option of setting up a semi-anonymous account for the transfer of their employees’ account information. Employees of Company are provided the option to “opt-in” to Company’s transfer of their personal data, however, if preferred, alternative arrangements can be made. Contact Company at privacy@perfect.com if arrangements in accordance with this section are necessary or desired.

Employee Access to Confidential Information

All of Company’s employees are required to follow our employee privacy policy. The employee privacy policy provides that employees are obligated to keep Customer Information confidential and never to discuss or disclose such Information inside or outside of Company unless it is required to transact proper business. This obligation continues once an employee has left the employment of Company.

Right to Access, Correct or Delete Personal Data

Individual Users have the right to know what Personal Data about them is included in Company’s databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Company collected it. Individual Users may review their own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law and Company’s policies. Upon reasonable request and as required by the Privacy Shield principles, Company allows Individual Users access to their own Personal Data, in order to correct or amend such data where inaccurate.

Individuals may edit their Personal Data by logging into their account profile or by contacting Company at privacy@perfect.com. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request erasure of Personal Data, Individual Customers should submit a written request to Company at privacy@perfect.com.

Company will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data.

Protection of Information via Established Security Procedures

Company maintains security standards and procedures to help prevent unauthorized access to confidential information about you that is under our control. We update and test our technology to improve the protection of our information about you and to help assure the integrity of our information.

When our software as a service application is accessed using web browsers, Secure Socket Layer (SSL) technology is used to protect information using both server authentication and data encryption that help ensure that Data is safe, secure, and available only to the User. Company also implements an advanced security method based on dynamic data and encoded session identifications, and hosts the Site in a secure server environment that uses firewall and other technology to prevent interference or access from outside intruders. Finally, Company provides unique user names and passwords that must be entered each time that a Customer logs on. These safeguards help prevent unauthorized access, maintain data accuracy, and ensure the appropriate use of Data.

Cache Storage of Information

Internet browser software typically stores/caches information from the website being visited on the hard drive of the User. This means that information viewed or inputted during a visit to a website can usually be viewed again by merely hitting the “BACK” button in your browser. Some websites issue a “no-cache” command to browsers to prevent this temporary storage. To provide better service to Users, we do not send this command to the browser. To better protect your personal information, Users should clear their cache of information from their computers periodically. Instructions for clearing this cache are usually included in the User’s browser.

Cookies

To provide better service, Company, its agents, or both, may use “cookies.” A cookie is a small bit of information sent to your browser application that is written into storage, so that it can be retrieved later. A cookie is a way for a web site to recognize whether or not you have visited the site before. Your web browser can be set to inform you when cookies are set or to prevent them from being set.

Company uses two types of cookies: session and persistent-based. Session cookies exist only during an online session. They disappear from your computer when you close your browser software or turn off your computer. Persistent cookies remain on your computer after you’ve closed your browser or turned off your computer. They include information such as a unique identifier for your browser. Company uses session cookies containing encrypted information to allow the system to uniquely identify Users while logged in. Session cookies are required in order to use Company’s software as a service application. Company also uses persistent cookies, that are useful for Company to identify the fact that you are a Customer or a prior web site visitor. Company is very careful about the security and confidentiality of the information stored in persistent cookies. For example, Company does not store account numbers or passwords in persistent cookies.

To help us administer our website and improve its quality, Company may from time to time engage third parties to track and analyze non-personally identifiable usage, volume, and statistical information from visitors to our website. Such third parties may use cookies to help track visitor behavior. All data collected by such third parties on behalf of Company is used only to provide Company with information on website usage and is not shared by Company with any other third parties other than Company’s contractors.

Users expressly “opt-in” and consent to the use by Company of any cookies necessary for the Services to function properly. Users may Opt-out or revoke consent of the use of cookies by Company at any time by using the Opt-out Policy. In the event that a User chooses to Opt-out or revoke consent of the use of cookies by Company, Company may discontinue providing Company Services to that User without breaching any Agreement with the User related to the Services.

Website Links and Third-Party Content

This policy covers only information that is collected by Company’s websites or software as a service application. It does not cover information collected on sites that are not operated by Company, or by a Customer’s vendor on its own behalf, or sites that appear as links on a Customer’s portion of the software as a service application.

Company’s websites and software as a service application may contain links to other sites, including those of our business partners, vendors and advertisers. While we try to link only to sites that share our high standards, adherence to, and respect for privacy, please understand that we are not responsible for the content of, or the privacy practices employed by other sites. Therefore, Customers and visitors who access a linked site may be disclosing their private information. To understand their privacy expectations, we strongly encourage Customers and visitors to check the privacy policy statement of these other websites.

Opt-Out Policy

At any time, individuals can opt out of being contacted or receiving information from us, simply by sending an email to privacy@perfect.com, or by sending regular mail to the address listed below. We will reasonably accommodate all requests. In addition, Company does not intend to collect information of legal minors (for example, persons under the age of 18 in the United States.) If you have reason to believe that Company has personal information of minors, please inform Company immediately.

Changes to Privacy Policy and Practices

Company reserves the right to make changes to this Policy and to our related procedures at any time. In order to notify Users and Customers of changes to our Privacy Policy, as changes are made to the Policy, this webpage will be updated to display the most current Policy, including its effective date. We encourage you to review this Policy from time to time. In addition, the terms contained in any signed contract shall take precedence over the terms of this policy.

Investigatory and Enforcement Powers

Company acknowledges that it is subject to the investigatory and enforcement powers of the Federal Trade Commission (“FTC”).,

Lawful Requests

Company may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including, to meet national security or law enforcement requirements.

Enforcement of Policy

In compliance with the US-EU and Swiss-EU Privacy Shield Principles, Company commits to resolve complaints about your privacy and our collection or use of your personal information. Any individuals with inquiries or complaints regarding this privacy policy should first contact the Legal Department at Company at:

privacy@perfect.com

OR

Perfect Commerce
Attn: Legal Department
PO Box 12079
Newport News, VA 23612

Company will respond to your concerns within 45 days. If you do not receive a response within 45 days, you may seek enforcement of this Policy by initiating a complaint. Company has committed to refer unresolved privacy complaints under the US-EU Privacy and Swiss-US Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU Privacy Shield, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/ for-eu-consumers for more information and to file a complaint. Finally, as a last resort and in limited situations, EU and Swiss individuals may seek redress from the Privacy Shield Panel, a binding arbitration mechanism. This arbitration option is available to determine, for residual claims, whether a Privacy Shield organization has violated its obligations under the Principles, and whether any such violation remains fully or partially unremedied. For more information on the Privacy Shield Panel visit https://www.commerce.gov/sites/commerce.gov/files/media/files/2016/eu_us_privacy_shield_full_text.pdf.pdf

Email

To better serve you, if you use email, Company will generally preserve the content of your email, including, your email address, and our response. Depending on the content of your email, we may be required by existing laws and regulations to keep this information.

If you send email to us, please remember that email is not secure against interception. If your email contains information that is very sensitive or includes personal information such as account numbers, charge card or credit card numbers, or social security number, please send this information via postal mail or contact us to establish or verify a secure electronic transmission process.

Contact Information and Internal Procedures

If you have any questions, please contact us at privacy@perfect.com or call our Headquarters and ask to speak with someone from the Legal Department. A team of legal and information technology experts will review the Policy annually and will report internally on compliance to the certifying officer for this program prior to recertification to the US Department of Commerce.

Swiss-US Privacy Shield Framework

Company complies with the Swiss-U.S. Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information transferred from Switzerland to the United States. Company has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program and to view our certification, please visit https://www.privacyshield.gov/.

In compliance with the Swiss-U.S. Privacy Shield Principles, Company commits to resolve complaints about your privacy and our collection or use of your personal information. Swiss citizens with inquiries or complaints regarding this privacy policy should first contact the Legal Department at Company at: privacy@perfect.com

OR

Perfect Commerce
Attn: Legal Department
PO Box 12079
Newport News, VA 23612

Company has further committed to refer unresolved privacy complaints under the Swiss-U.S. Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/ for-eu-consumers for more information and to file a complaint.

HR Data From the European Union & Switzerland

Company agrees to cooperate with local DPAs for HR Data. Users with an HR Data complaint should first contact us at the address above. If your HR Data complaint has not been resolved in a timely manner, users may also file a complaint with their local Data Protection Authority (“DPA”). For information on how to contact your EU jurisdiction’s DPA, visit http://ec.europa.eu/justice/data-protection/article-29/structure/data-protection-authorities/index_en.htm.