Privacy Notice - European Economic Area (EEA), U.K. & Switzerland

If you are located in the European Economic Area, U.K., or Switzerland, you may have rights under the General Data Protection Regulation or similar laws in the U.K. and Switzerland (the “GDPR”). Under the GDPR, Venntel is required to provide individuals with certain information about the processing of their “Personal Data” and rights available to them with respect to such Personal Data.

This Privacy Notice applies to personal data we (Venntel, Inc.) collect as part of our Data Services, and through our Website. For a general description of the services provided by Venntel, the type of data we collect, and how we share such data and secure it, please refer to our general Privacy Policy (the “Privacy Policy”). Any capitalized terms used herein and not defined shall have the meaning set forth in such Privacy Policy.

Personal Data

The GDPR defines “Personal Data” as any information relating to an identified or identifiable individual. This may include a name, address, mobile device identifier, precise location data*, IP address, cookie identifiers, biometric data and related information, among others.

* For clarity, “precise location data” does not mean “real-time” data. Instead, it is information that describes the precise geographic location of a device derived through any technology that is capable of determining with reasonable specificity the actual physical location of a device at a previous point in time.

Your Rights in Connection with Personal Data

The GDPR grants you a number of rights with respect to your Personal Data that controllers, such as Venntel, may hold about you. Each of your rights is summarized in more detail below; additional conditions may apply:

• Right to Access. This enables you to receive a copy of Personal Data we hold about you and to check that we are lawfully processing it.
• Right to Correct. This enables you to have any incomplete or inaccurate information we hold about you corrected.

• Right to Erasure. This enables you to ask us to delete or remove Personal Data where there is no good reason for us to continue to process it. You also have a right to ask us to delete or remove your Personal Data where you have exercised your right to object to processing and we have no overriding legitimate ground to retain it.
• Restrict Processing. This right enables you to ask us to suspend the processing of Personal Data about you, for example, if you want us to establish its accuracy.
• Request Transfer. We will provide to you, or a third party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information where we rely on your consent, or performance of a contract with you, for use of that Personal Data.
• Withdraw consent. Where we rely on consent to process your Personal Data, you may choose to withdraw this consent. Please refer to the Privacy Choices section of our Privacy Policy for more information on your opt-out options. You may directly request to be removed from any data we provide through our Data Services by following the instructions on the Opt Out Section of the Privacy Policy. If we receive such opt-out request either directly or through a third party partner, we will cease processing your Personal Data for our Data Services within 30 days or less.
• Lodge a complaint. You have the right to file a complaint with the relevant data protection supervisory authority.

How to Exercise Your Rights

In order to exercise any of the rights described above, please contact us at privacy@venntel.com.

We may need to request specific information from you to help us confirm your identity and assist us in responding to your request. This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. We will only use the information you provide to us when exercising your rights above to verify your identity or authority to make the request.

We will deliver our written response by mail or electronically, at your option. We will not charge you a fee for access to your personal information (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is excessive or manifestly unfounded, or we may refuse to comply with your request in these circumstances.

Complaints

Should you have a complaint, please contact us as soon as possible. If you feel that your complaint has not been adequately resolved, please note that the GDPR gives you the right to contact your local data protection supervisory authority.

Legal Basis for Processing Personal Data

In respect of each of the purposes for which we use your Personal Data, the GDPR requires us to ensure that we have a legally justified reason, or “legal basis” for that use. Most commonly, our legal basis for processing your Personal Data will be:

• For the provision of our Data Services, we require your consent to use your Personal Data for the purposes we have specifically described in our Privacy Policy. We rely on app providers and our third party data suppliers to obtain consent from you. We contractually require our third party data suppliers to comply with all applicable laws and to only provide us with data which they have the rights to transfer to us for our specific uses.
• In some cases, we rely on legitimate interest as our legal basis for processing your Personal Data. When we use Personal Data to maintain the security of our services, such as to detect fraud or to ensure that bugs are detected and fixed, to protect our systems and information from unauthorized persons, and to comply with law, we rely on our legitimate interest. In determining our legitimate interest, we consider and balance any potential impact on you and your rights before we process your Personal Data to make sure that our interests do not override the impact on you.
• In certain circumstances, we process your Personal Data as necessary to perform a contract we are about to enter into or have entered into with you, to provide our Portal and other services, or to communicate with our customers with respect to our services (“Contractual Necessity”).
• In some cases, we will process your Personal Data where we need to comply with an EEA, U.K. or Swiss legal or regulatory obligation (“Compliance with Law”).

Transfers of Personal Data

Venntel, Inc. may share your Personal Data with third parties who are located in jurisdictions outside the EEA, U.K., or Switzerland. These jurisdictions have privacy laws that the European Commission considers are less protective of Personal Data than the privacy laws in your own country.

When we transfer Personal Data outside of the EEA, U.K., or Switzerland, or to countries the EU has deemed as having inadequate protections, we take steps to make sure that appropriate safeguards are in place to protect your Personal Data, including, but not limited to, making such transfers in accordance with the European Commission approved Standard Contractual Clauses. In these Standard Contractual Clauses, we make commitments with respect to the privacy and security of such Personal Data. For more information on the Standard Contractual Clauses, please visit the following link: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en. Additionally, we take care to ensure that we and our representatives act in a manner that is consistent with our Privacy Policy and this Privacy Notice.

Contact Information

Please contact us with any questions or comments about this EEA Privacy Notice or our practices at:

• General Privacy Email: privacy@venntel.com
• Data Protection Officer Email: privacy@venntel.com
• General Contact address:

Venntel, Inc.

2201 Cooperative Way, Suite 600

Herndon, VA 20171

Updated: April 2021