PrivacyPolicy

Clifton Myers EnterprisesEU-U.S. Privacy Shield Policy

Clifton Myers Enterprises Inc. (the “Company”) complies with the EU-U.S. Privacy Shield Framework as set forth by the
U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the
European Union and the United Kingdom to the United States. The Company has certified to the Department of
Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy
policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy
Shield program, and to view our certification, please visit https://www.privacyshield.gov.

The Company is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Scope

This policy applies to all personal information knowingly received and processed by the Company in the United
States from the European Economic Area including, but not limited to, personal information collected from the
Company’s business customers concerning their employees and/or customers in the context of the services the
Company performs for its clients.

Definitions

“The Company” means Clifton Myers Enterprises Inc., its predecessors, and successors.

“Personal information” means information that identifies or reasonably may identify a natural person. Personal
information does not include anonymized information or aggregate information to the extent an individual’s identity
cannot reasonably be derived from such information. In addition, the Company reserves all rights to use public
information or information as to which an individual has given explicit consent for use, consistent with the Privacy Shield
Framework.

“Agent” means any third party that processes, collects, or uses personal information pursuant to the instructions of, and
solely for the benefit of, the Company, or to which the Company discloses personal information for use on its behalf.
“Sensitive personal information” means personal information that reveals a natural person’s race, ethnic origin, political
opinions, religious or philosophical beliefs, criminal record, or trade union membership, or that concerns a natural
person’s sex life or health.

Privacy Principles

The privacy principles in this policy are based on and shall be interpreted in a manner not inconsistent with the Privacy
Shield Framework.

Notice

The Company is contracted by its clients to process their employees’ and/or customers’ personal data for the purpose of
business process outsourcing functions such as assistance with software functionality, development and support.
During that process, information collected may include personal information about an individual. This information is
collected to facilitate the Company’s client’s human resources information management and computer systems
functionality in an efficient, organized, and comprehensive matter. The Company is not responsible for the content of
the information it collects, which may include personal information, nor is it responsible for the way its clients treat their employees’ and customers’ personal information.

Choice

The Company generally does not collect information directly from individuals within the EEA. It merely acts as a data
processor for its clients. If the Company does collect information directly from individuals within the EEA, it will offer
such individuals the choice to opt out of having their personal information disclosed to a third party that is not an agent
or used for a purpose other than for which it was collected originally. Similarly, to the extent required by the Privacy
Shield Framework, the Company will offer individuals the choice to opt in to having their sensitive personal information
disclosed to a third party that is not an agent or used for a purpose other than for which it was collected originally.

Onward Transfer

The Company will obtain reasonable assurances from its agents that they will safeguard personal information knowingly
collected by the Company concerning individuals residing in the EEA consistently with this policy and the Privacy Shield
Framework. Examples of appropriate assurances may include (1) a contract obliging the agent to afford a level of
6289/21410-001 Current/12452382v1 02/03/2017 12:35 PM
protection to the personal information that is at least equivalent to the Privacy Shield Framework, (2) Privacy Shield
certification by the agent, or (3) the agent being subject to EU Directive 95/46/EC or other law providing an adequate
level of privacy protection.

The Company also may disclose personal information for other purposes or to other third parties when an individual has
consented to or requested such disclosure. Please be aware that the Company may be required to disclose an
individual’s personal information in response to a lawful request by public authorities, including to meet national security
or law enforcement requirements. The Company is liable for appropriate onward transfers of personal data to third
parties.

Access

Upon an individual’s request, if feasible, the Company will offer individuals reasonable access to their personal
information and will afford individuals a reasonable opportunity to correct, amend, or delete inaccurate information. If an
employee or customer of one of the Company’s clients would like to access personal information about him or her that
is maintained by the Company, the employee or customer should make a written request to his or her employer’s local
human resources representative or customer service information contact, as well as to the Company at the following
address:

Clifton Myers Enterprises Inc.
17853 Santiago Blvd, #107-471
Villa Park, CA 92861
e-mail: privacy.shield@gotowww-dev.gotocme.com

For security and business purposes, the Company may have to coordinate such a response with the individual’s
employer or other applicable entity. The Company may then contact the employee or customer and ask him or her to
provide it with various pieces of personal information to process the request. The Company may limit or deny access to
personal information where providing such access would be unreasonably burdensome or expensive under the
circumstances or as otherwise permitted by the Privacy Shield Framework.

Security

The Company will take reasonable measures including technical, physical, and administrative measures and training, as
appropriate, to protect personal information from loss, misuse, and unauthorized disclosure, access, alteration, and
destruction. The Company safeguards information according to established security standards and periodically
assesses new technology for methods of protecting information. However, the Company cannot guarantee the security
of personal information.

Data Integrity

The Company will take reasonable measures to ensure that personal information is relevant for its intended use, reliable
for its intended use, accurate, complete, and current.

The Company will conduct periodic assessments to confirm the accuracy of, and verify its adherence to, this policy. The
Company will investigate suspected infractions and will take all appropriate action. Any questions, concerns, or
complaints concerning the collection and use of personal information by the Company should be directed to:

Clifton Myers Enterprises Inc.
Attn: Daniel Riscalla
17853 Santiago Blvd, #107-471
Villa Park, CA 92861
e-mail: privacy.shield@gotowww-dev.gotocme.com

The Company will conduct a reasonable investigation of and will attempt to resolve any complaints in accordance with
the principles contained in this Statement. The Company has further committed to cooperate with EU data protection
authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the EU. If you
do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your
satisfaction, please contact the EU DPAs for more information or to file a complaint. For complaints that cannot be
resolved between the Company and the complainant, the individual may seek redress from the Privacy Shield Panel, a
binding arbitration mechanism.

Limitations

The Company’s adherence to the Privacy Shield Framework may be limited by any applicable legal, regulatory, ethical,
or public interest consideration, and as expressly permitted or required by any applicable law, rule, or regulation.
Examples of such limitations include (1) exceptions to the opt-in requirements for sensitive personal information
permitted by Commission Decision 2000/520/EC of 26 July 2000, (2) exceptions on access as permitted by the Privacy
Shield Framework, or (3) limitations under applicable European Economic Area member state directives. The Company
also may disclose personal information reasonably related to the sale or disposition of all or part of its business.

Internet Privacy

The Company maintains a distinct Internet Privacy Policy governing the privacy of information collected by the
Company online through its United States site. To learn more about the Privacy Shield Frame program, and to view Clifton
Myers Enterprises Inc.’s certification, please visit https://www.privacyshield.gov.

Modification of this Privacy Shield Policy

This policy may be amended from time to time with or without notice in accordance with the Privacy Shield Framework.
Any modified policies will be posted on the company’s website for public viewing.

Contact Information

Questions, concerns, or complaints concerning the collection and use of personal information by the Company pursuant
to this Privacy Shield policy should be directed by mail or electronic mail to the following address:

Clifton Myers Enterprises Inc.
Attn: Daniel Riscalla
17853 Santiago Blvd, #107-471
Villa Park, CA 92861
e-mail: privacy.shield@gotowww-dev.gotocme.com