GDPR Policy

Eyrus Incorporated GDPR Policy

Last Modified: November 5, 2020

Eyrus Incorporated (“Company” “we” or “Eyrus”) respects your privacy and is committed to protecting it through compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit our websites, our Apex platform (“Apex”), our Axon platform (“Axon”), or our Eyrus Visibility application (collectively referred to as our “Platform”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • On this Platform.
  • In email, text, and other electronic messages between you and this Platform.
  • Through mobile and desktop applications you download from this Platform, which provide dedicated non- browser-based interaction between you and this Platform.
  • If applicable, through your employer, and then only to the extent covered by our contractual relationship with your employer.It does not apply to information collected by:
  • us offline or through any other means, including on any other Platform operated by Company or any third party; or
  • any third party, including through any application or content (including advertising) that may link to or be accessible from or on the PlatformPlease read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Platform. By accessing or using this Platform, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Platform after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.Information Eyrus Collects About You and How We Collect ItEyrus collects several types of information from and about users of our Platform, including information:
  • by which you may be personally identified, such as name, postal address, e-mail address, telephone number,or any other identifier by which you may be contacted online or offline (“personal information”); and/or
  • about your internet connection, the equipment you use to access our Platform and usage details.Eyrus collects this information:
  • Directly from you when you provide it to us.
  • Automatically as you navigate through the Platform. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

• If applicable, through your employer, and then only to the extent covered by our contractual relationship with your employer.

Information You Provide to Us. The information we collect on or through our Platform may include:

  • Information that you provide by filling in forms on our Platform. This includes information provided at the time of registering to use our Platform, subscribing to our service, or requesting further services. We may also ask you for information when you report a problem with our Platform. We regularly receive and store any information you enter on the Platform or give us in any other way, whether it be through filling out a form, or through an actual communication. You may elect to not provide certain information, but such an election may prevent you from taking advantage of, and accessing many of our features. We use the information that you provide for purposes such as: responding to your communications and/or requests, customizing future experiences on the Platform for you, improving our Platform, and communicating with you in any other way. The types of personally identifiable information which may be collected through your use of the Platform include, but are not limited to: your name, physical address, any email address, phone numbers, fax numbers, billing address, order and/or confirmation numbers, financial account information, debit card numbers and expiration dates, credit card numbers and expiration dates, credit card account information, referring URLs, IP addresses, passwords, usernames, photos and images, general and specific employment information, pertinent health information, gender, occupation, personal interests, your age and information about your hobbies, likes, interests, programs and other services you use or may be interested in. Additionally, we may receive certain information such as health information which may be collected and compiled as a result of the provision of services. You voluntarily provide the above personally identifiable information to us when you enter such information on the Platform, whether input with the intention of registering for services, registering as a Worker (as defined below), facilitating a purchase, payment, newsletter subscription, and/or any other special offers or benefits. You are the source of this information.
  • Records and copies of your correspondence (including email addresses), if you contact us.You also may provide information to be published or displayed (hereinafter, “posted”) on public areas of the Platform, or transmitted to other users of the Platform or third parties (collectively, “User Contributions”). Your User Contributions are posted on and transmitted to others at your own risk. Although we limit access to certain pages/you may set certain privacy settings for such information by logging into your account profile, please be aware that no security measures are perfect or impenetrable. Additionally, we cannot control the actions of other users of the Platform with whom you may choose to share your User Contributions. Therefore, we cannot and do not guarantee that your User Contributions will not be viewed by unauthorized persons.Information We Collect Through Automatic Data Collection Technologies. As you navigate through and interact with our Platform, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
  • Details of your visits to our Platform, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Platform.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.
  • Personal information specified above, may be collected or aggregated automatically as a result of the use of certain products listed below in the “Our Products” provision of this policy.The information we collect automatically may include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Platform and to deliver a better and more personalized service, including by enabling us to:

• Estimate our audience size and usage patterns.

  • Store information about your preferences, allowing us to customize our Platform according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to our Platform.
    The technologies we use for this automatic data collection may include:
  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Platform. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Platform.
  • Flash Cookies. Certain features of our Platform may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Platform. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
  • Web Beacons. Pages of our Platform may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages and for other related Platform statistics (for example, recording the popularity of certain Platform content and verifying system and server integrity).Google AnalyticsWe use Google Analytics Advertising Features to collect information from you. The Advertising features utilized by us include Demographics and Interest reporting, Remarketing, GDN Impression Reporting and Campaign Manager Integration.To understand how Google uses information collected from this Platform, please review the information provided here: https://policies.google.com/technologies/partner-sites
  • You can prevent your information being collected by Google Analytics by opting out through the Google Analytics Opt-out Browser Add-on, which can be found at:
  • https://tools.google.com/dlpage/gaoptout/
  • How We Use Your Information
  • We use information that we collect about you or that you provide to us, including any personal information:
  • To present our Platform and its contents to you.
  • To provide you with information, products, or services that you request from us.
  • To fulfill any other purpose for which you provide it.
  • To provide you with notices about your account, including expiration and renewal notices.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you andus, including for billing and collection.
  • To notify you about changes to our Platform or any products or services we offer or provide though it.
  • To allow you to participate in interactive features on our Platform.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Platform users is among the assets transferred.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.Disclosure of Your InformationWe may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may

We may

• •

disclose personal information that we collect or you provide as described in this privacy policy:

To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.

For any other purpose disclosed by us when you provide the information.

With your consent.

also disclose your personal information:

To comply with any court order, law, or legal process, including to respond to any government or regulatory request.

To enforce or apply our terms of use and other agreements, including for billing and collection purposes.

If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Eyrus Incorporated, our customers, or others.

Choices About How We Use and Disclose Your Information

Eyrus strives to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

• Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe’s Platform. If you disable or refuse cookies, please note that some parts of this Platform may then be inaccessible or not function properly.

We do not control third parties’ collection or use of your information to serve interest-based advertising. However, these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s Platform.

Our Products

This policy describes how we treat personal information when you use or access our Platform, and any services or products offered therethrough. The following sections below describe in further detail, certain privacy practices specific to our various products offered throughout the platform. In addition to the information provided elsewhere in this policy, the collection and processing of your personal information may also be subject to the corresponding the terms of this particular provision, when using any particular product offered through our Platform. The various products offered throughout the Platform may be subject to change at any time within our discretion, and therefore it is your responsibility to regularly check this policy for updates on the practices of the collection and processing of

your information. The products offered through the Platform, and the corresponding collection and processing practices thereof, are as follows:

Apex Platform:

Apex is a workforce visibility product, which utilizes automated data collection and generates actionable insights into the schedule and productivity of your workers. Apex allows for the automated collection of data of employees, contractors, agents, or any other registered individual (collectively “Workers”) as they enter or walk onto any given specified location or Registered Site (as defined below). In order to utilize Apex and be classified as a Registered Site, the location/site (“Registered Site”) sought to be monitored must be registered with the Company, and said location/site must be outfitted by the Company with defined zones and card scanning technology, which will permit the reading of identification cards (“Cards”) held by Workers.

  • How Apex Collects Information: Once a company has set up a Registered Site with Apex, the company will then be permitted to provide its Workers with a Card, each containing a unique identifying serial number. The Card itself does not carry any particular personal information regarding the Worker to which the Card has been assigned, however, the serial number of each Card will be assigned in the Company’s applicable database, to the Worker carrying the Card. Once the Worker enters the Registered Site while carrying their Card, the scanning technology placed at each barrier strategically placed within the Registered Site will scan the Worker’s Card as they pass by such scanning technology, and the serial number of the Card will be triggered within the database. Once a Card of a Worker has been picked up by the scanning technology on a Registered Site, the database will be automatically updated with the fact that the Worker to which that particular Card has been assigned, has just entered the area of the Registered Site in which the Worker’s Card was scanned. The administrator or other authorized user of the company’s Apex account, can then see and receive real-time updates of the entering and exiting of the Registered Site by the Workers, and can pull up the applicable Worker’s information stored in the Company’s applicable database. We may collect Worker information from employers.
  • As stated above, the Card itself does not carry any personal information of the Worker directly on it, however, the serial number of the Card is stored in the Company’s applicable database and associated with the particular Worker to which said Card has been assigned. When registering with Apex, each individual Worker will be asked to enter the personal information the company holding the applicable Apex account, would like to collect. This personal information entered into Apex by each Worker when registering, will then be stored in the Company’s applicable database, and can be pulled up by the administrator or other authorized user of company’s Apex account. This information stored within the Company’s applicable database, which will be retrieved through use of Apex, would fall within the category of that of the “Information You Provide to Us” above.Axon Platform:Axon is a manual data reporting product, which utilizes a centralized platform in order to streamline cross-team collaboration, and streamline productivity. Axon permits account holders to create projects, add in project details, invite assigned Workers to join the data reporting project, and set up custom text fields and data log selections, through which Workers can manually submit daily progress logs and updates on the status of said project.

• How Axon Collects Information: Once a particular project has been created within Axon and the desired Workers have joined the project, said Workers and other authorized users will then have the ability to begin manually reporting data through Axon, as it pertains to the project to which they were assigned. From their phones, computers, tablets, or other devices on which Axon has been made accessible by Company (the accessibility of any type of devices may be added, removed, or altered at any time within Company’s sole discretion), the Workers may be permitted to manually report certain data and progress updates which may include, but shall not be limited to: task progress, attendance, safety status, notes, and photos. Once such data has been manually entered and reported through Axon by the Workers, such data may be accessed,

viewed, stored, or otherwise processed by the authorized company account administrators or other authorized users, and the same will be stored in the Company’s applicable database. This information stored within the Company’s applicable database, which will be retrieved through use of Axon, would fall within the category of that of the “Information You Provide to Us” above. We may collect Worker information from employers

Eyrus Visibility:

Eyrus Visibility is an application which syncs directly with the Apex product referenced above, permitting account holders to track Workers using Bluetooth technology. This application allows account holders to perform walkthroughs of job sites and easily perform security and efficiency checks. In using Eyrus Visibility, account holders will be able to quickly and efficiently identify the people on the applicable site, ensure individuals are working in the correct areas, and monitor the attendance of Workers, within the account holder’s Bluetooth range.

  • How Eyrus Visibility Collects Information: When activated by an account holder using the application, Eyrus Visibility uses Bluetooth technology on the account holder’s mobile phone or tablet, and will scan any applicable Cards of Workers who are within the Bluetooth range of the account holder using Eyrus Visibility. Once a Card has been scanned, the application will then connect to the Company’s applicable database, and will locate the applicable database account of the holder of the Card. This then allows account holders using the application to instantly access and view the information stored on the Company’s applicable database, of anyone who is registered within the database, who is also carrying a Card with them. This information stored within the Company’s applicable database, which will be retrieved through use of the Eyrus Visibility application, would fall within the category of that of the “Information You Provide to Us” above.
  • The Eyrus Visibility application may be made available to you by the Company through a variety of application service providers within the Company’s sole discretion, such as the Apple App Store. You hereby acknowledge and agree that any such downloading, access, or use of the application by you, may thereby also be subject to the privacy terms of such application service providers, in addition to the privacy terms contemplated hereunder.Eyrus Registrations:Eyrus Registrations is a webpage, which permits users of the Company’s products to log in and provide pertinent registration information. Such information will be stored in the Company’s applicable database, and may be accessible to applicable account holders, who are associated with the registrant’s project. This information stored within the Company’s applicable database, which will be retrieved through use of other Eyrus products, would fall within the category of that of the “Information You Provide to Us” above.Health Information
  • As stated herein above, certain health information may be collected through the provision of the services. Any such health information provided by you shall be made voluntarily, unless disclosure of the same is required by law. The Company’s collection, storage, and disclosure of such health information, along with your disclosure thereof, will comply with any and all applicable laws and regulations, including but not limited to, the Americans with Disabilities Act (ADA), Family and Medical Leave Act (FMLA), and the Health Insurance Portability and Accountability Act (HIPAA).
  • HIPAA: In some instances, we may disclose and release certain protected health information of yours, obtained by us through your provision of the same to us, or through the provision of the services, to your employer or other designated third-parties, where such information may otherwise be protected from disclosure under HIPAA. Any and all such disclosures shall be made in strict accordance with the authorization you have provided us through a signed HIPAA disclosure authorization form permitting the same, and in accordance with the terms of this Privacy Policy. Your consent to the disclosure of such information, as authorized by you in the signed HIPAA disclosure authorization form, may be withdrawn by you at any time, through the provision of a written request to the company, which may be sent to the following email address: privacy@eyrus.com

Third-Party Links

You may encounter links to third party Platforms, videos, pictures, and applications (“Third-Party Links”) when using the services. We cannot control the content on these Third-Party Links and we can make no guarantees as to the protection and privacy of any information which you submit to these Third-Party Links. Please exercise caution when accessing Third-Party Links

Accessing and Correcting Your Information

You can review and change your personal information by logging into the Platform and visiting your account profile page.

You may also send us an email at info@eyrus.com to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.

If you delete your User Contributions from the Platform, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Platform users.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Platform. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Platform.

Children

Our Platform is not intended for children under 13 years of age.

Eyrus will not knowingly solicit or collect personal information from or about children on or through its Platform except as permitted under applicable law.

“Do Not Track” Policy and Procedures

We do not currently respond to “do not track” browser headers or specific “do not track” requests. You do have the ability to limit tracking through these third-party programs and by taking the actions listed below. The use of online tracking mechanisms by third-parties is governed by those third-parties’ own privacy policies, and not the terms included hereunder. If you prefer to prevent third-parties from setting and accessing cookies on your computer, you may adjust the settings of your own web browser to block the placement of cookies. You may remove yourself from the targeted advertising of companies by contacting the Network Advertising Initiative, or of companies participating in the Digital Advertising Alliance program by contacting them directly.

YOUR CALIFORNIA PRIVACY RIGHTS

Supplemental Privacy Notice to California Residents:

• If you are a resident of California, California Civil Code Section 1798.83 permits you to request information regarding the disclosure of your personal information by Eyrus or its subsidiaries to a third-

You acknowledge and consent to taking such steps

as are necessary in order to verify your identity and your age for the purposes of complying with applicable law, in

order to use the Platform.

party for the third-party’s direct marketing purposes. This right is granted to California residents and applies only to their activities within the State of California. To make such a request, please send an email to: privacy@eyrus.com or write us at:

o Eyrus Incorporated Eyrus.com

ATTN: CA Privacy Rights 2101 L Street NW
Suite 800
Washington, DC 20037

In your request, please specify the Eyrus company or subsidiary to which your request pertains. If no company is specified, we will treat your request as pertaining to Eyrus Incorporated.

International Privacy Practices

The Company is primarily operated and managed on servers located and operated within the United States. In order to provide our services to you, we may send and store your Personal Information outside of the country where you reside or are located, including to the United States. Accordingly, if you reside or are located outside of the United States, your Personal Information may be transferred outside of the country where you reside or are located, including countries that may not or do not provide the same level of protection for your Personal Information. We are committed to protecting the privacy and confidentiality of Personal Information when it is transferred. If you reside or are located within the European Economic Area and such transfers occur, we take appropriate steps to provide the same level of protection for the processing carried out in any such countries as you would have within the European Economic Area to the extent feasible under applicable law. By using and accessing our services, users who reside or are located in countries outside of the United States agree and consent to the transfer to and processing of Personal Information on servers located outside of the country where they reside, and that the protection of such information may be different than required under the laws of their residence or location.

Personal Information Will Be Sent to The United States

The Company is based in the United States and your Personal Information will be processed in the United States. The hosting facilities for your Personal Information are in the United States. United States laws may be less strict than those of your own country.

Your Rights Under The EU General Data Protection Regulation (GDPR)

• Your principal rights under the EU General Data Protection Regulation (GDPR) are as follows:

  1. Right of Access: you have the right to be informed of, and request access to, thePersonal Information we process about you.
  2. Right to Rectification: you have the right to request that we amend or update your personal data where it is inaccurate or incomplete.
  3. Right to Erasure: you have the right to have the Company delete your Personal Information.
  4. Right to Restrict: you have the right to request that we temporarily or permanently stop processing your Personal Information.
  5. Right to Object: you have the right to object to us processing your Personal Information on grounds relating to your particular situation or for direct marketing purposes.
  1. Right to Data Portability: you have the right to request a copy of your Personal Information in electronic format and the right to transmit that personal data for use in another party’s service.
  2. Right not to be Subject to Automated Decision Making: you have the right to not be subject to a decision based solely on automated decision making, including profiling, where the decision would have a legal effect on you or produce a similarly significant effect

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. Eyrus reserves the right to update or modify this Policy and any Platform Privacy Statements at any time and without prior notice. Any modifications will apply only to the personal information we collect after the posting.

Data Controller and How to Contact Us

The personal information we collect and process is controlled by Eyrus Incorporated, a Delaware corporation located

in the United States. You may contact us by email at:

privacy@eyrus.com.