Data Privacy Framework Notice Data Axle Inc. and its various affiliates and subsidiaries in the United States (collectively “Data Axle,” “we,” or “us”) comply with the EU-U.S. Data Privacy Framework, the Swiss-U.S. Data Privacy Framework, and the UK. Extension to the EU-U.S. Data Privacy Framework (together, “Data Privacy Framework” or “DPF”) regarding the collection, use, and retention of personal information transferred from the European Union (“EU”), the United Kingdom (“UK”), and Switzerland to the United States (“U.S”) in reliance on the DPF. Data Axle is committed to complying with the Data Privacy Framework as set forth by the U.S. Department of Commerce. Data Axle has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the EU in reliance on the EU-U.S. Data Privacy Framework and from the UK (and Gibraltar) in reliance on the UK Extension to the EU-U.S. Data Privacy Framework. Data Axle has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. Data Privacy Framework. If there is any conflict between the terms in this Notice and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/. Data Axle’s U.S. affiliates and subsidiaries that commit to comply with the DPF include Infogroup Parent Holdings, Inc.; Consumer Base LLC dba Exact Data; Data Axle International Holdings, Inc.; DonorBase, Inc.; Lake Group Media, Inc.; infoUSA Inc.; infoUSA Marketing, Inc.; GoTime Corporation; Walter Karl, Inc.; Direct Media Holdings, Inc.; Direct Media, LLC; Yesmail, Inc.; and Yesmail International Holdings, Inc.; and Alerts.com LLC. Data Axle’s commitments under the DPF are subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission. This Notice supplements our Privacy Policy located at http://www.data-axle.com/privacy-policy. For this Notice, “Personal Data” means data about an identified or identifiable individual that are within the scope of Directive 95/46/EC, received by an organization in the U.S. from the EU, the UK, or Switzerland, and recorded in any form. Unless specifically defined in this Notice, any capitalized terms in this Notice have the same meaning given to them in our Privacy Policy. DPF Principles Data Axle ensures our collection, use, and retention of Personal Data comply with the DPF Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability. I. Notice If you are located in the EU, the UK, or Switzerland, we will inform you about the purposes for which we collect and use your Personal Data, the types of third parties to which we disclose your Personal Data, the choices and means, if any, we offer you for limiting the use and disclosure of your Personal Data, and how to contact us. Notice will be provided in clear and conspicuous language when you are first asked to provide Personal Data to us, or as soon as practicable thereafter, and in any event before we use or disclose your Personal Data for a purpose other than that for which it was originally collected. Our Privacy Policy and Job Applicant Privacy Statement describe the categories of Personal Data we may receive or collect as well as the purposes for using such Personal Data. II. Choice Data Axle offers you the opportunity to opt out of whether your Personal Data is to be disclosed to a third party or to be used for a purpose that is materially different than the purpose for which it was originally collected or subsequently authorized by you. Should we collect any sensitive personal information, we will give you the opportunity to affirmatively and explicitly consent to the disclosure of such information to a third party or for a purpose that is materially different than the purpose for which it was originally collected or subsequently authorized by you. We will provide you with reasonable mechanisms to exercise your choices. III. Accountability for Onward Transfer We may share Personal Data with third parties to provide services to you. We require written agreements with third parties to ensure Personal Data is protected with the same level of protection the DPF Principles require. Those written agreements ensure Personal Data is only processed for limited and specified purposes consistent with the consent provided by you. Third parties must inform us if they can no longer meet the obligations set forth in those written agreements. If we have knowledge that a third party uses or discloses Personal Data in a manner contrary to this Notice, we will take reasonable steps to remediate or cease the use or disclosure of such Personal Data. In cases where we transfer Personal Data to third parties, we may be potentially liable for those third parties in certain circumstances. IV. Security Data Axle maintains reasonable and appropriate security measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, or destruction in accordance with the DPF. V. Data Integrity and Purpose Limitation We use Personal Data only in ways that are compatible with the purposes for which it was collected or subsequently authorized by you. We take reasonable steps to ensure that Personal Data is relevant to its intended use, accurate, complete, and current. VI. Access You have the right to access the Personal Data we hold about you and to request that we correct, amend, or delete your Personal Data if it is inaccurate or has been processed in violation of the DPF. These access rights may not apply in some cases, including where providing access is unreasonably burdensome or expensive under the circumstances or where it would violate the rights of someone other than the individual requesting access. If you would like to request access to, correction, amendment, or deletion of Personal Data, you can submit written requests to the contact information provided below. We may request specific information from you to confirm your identity. VII. Recourse, Enforcement, and Liability We will investigate and attempt to resolve any complaints or disputes regarding the use or disclosure of your Personal Data within 45 days of receiving your complaint. In compliance with the Data Privacy Framework, Data Axle commits to refer unresolved complaints concerning our handling of Personal Data received in reliance on the Data Privacy Framework to the Association of National Advertisers (ANA) DPF Dispute Resolution, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your complaint from us or you are unsatisfied with the resolution of your complaint, you can contact and submit a complaint to ANA DPF Dispute Resolution by visiting https://www.ana.net/content/show/id/accountability-dpf-consumers. These services are provided at no cost to you. If neither we nor ANA DPF Dispute Resolution resolve your complaint, you may have the possibility to engage binding arbitration through the Data Privacy Framework Panel. For more information on binding arbitration, please visit https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-a-Participating-Organization-s-Compliance-with-the-DPF-Principles-dpf. Data Axle will cooperate and comply with the EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (“ICO”), and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with respect to human resources data transferred from the EU, the UK, and Switzerland in the context of the employment relationship. If you do not receive timely acknowledgment of your complaint regarding human resources data or you are unsatisfied with the resolution involving human resources data, you should contact the EU DPAs, the UK ICO, or the FDPIC, as applicable, for more information. Required Disclosure Under certain circumstances, we may be required to disclose your Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Contact Us In compliance with the Data Privacy Framework, Data Axle commits to resolve DPF Principles-related complaints about our collection and use of your Personal Data. EU, UK and Swiss individuals with inquiries or complaints regarding our handling of Personal Data received in reliance on the DPF should first contact Data Axle at: Data Axle Inc. Chief Privacy Officer 13155 Noel Rd #1750 Dallas, TX 75240 [email protected] You may also contact our Data Protection Officer in the United Kingdom at: Fieldfisher, Riverbank House Hazel Grant 2 Swan Lane London EC4R 3TT Changes to This Policy We reserve the right to amend this Notice from time to time consistent with the DPF’s requirements. This Notice was last updated on November 8, 2023.