Privacy Policy: GDPR Compliance

General Data Protection Regulation

Privacy and Cookies Policy The RepTrak Company ("RepTrak") is committed to protecting and respecting your privacy. This Privacy and Cookies Policy (“Policy”) (together with and any other documents referred to therein) sets out the basis on which the personal data collected from you, or that you provide to Us will be processed by Us. Please read the following carefully to understand our views and practices regarding your personal data and how We will treat it. For the purpose of the General Data Protection Regulation (“GDPR”, from the GDPR implementation date) or, until GDPR implementation date, the Data Protection Act 1998, (collectively the “Data Protection Laws”) the following Reputation Institute group companies are the Data Controllers: UK – Reputation RI UK Ltd Italy - Reputation Institute Italy s.r.l Australia - Reputation Institute Pty Ltd Brazil - R.I.-Consultoria EM Reputacao Empresarial LTDA Denmark - Reputation Institute Denmark ApS The Netherlands - Reputation Institute The Netherlands (B.V.) Panama - Reputation Institute Panama Spain - Reputation Institute Spain S.L. UK - Reputation (R.I.) UK Limited DK Holdings - Reputation Institute Holding A/S US - Reputation Institute, Inc. Chile - Reputation Institute Chile SA China - Reputation Institute (Greater China Limited) Your Personal Information

Information We Collect from You We collect and process some or all of the following types of information from you in the course of your use of the website or providing our services: Information that you provide to us in person, over the telephone or by email in connection with a business relationship between us and you or between us and an organisation that you work for. - Information that you provide by filling in forms on our website at (the “Website”) or filing in forms as part of the registration process. This includes information provided at the time of registering to use the Website, subscribing to our service, or requesting further information or services. We may also ask you for information when you report a problem with the Website. - Specifically, personal details such as name, email address, or any information input by when using the Website, completing our survey forms, using our Services. - If you contact us, we may keep a record of that correspondence. - We may also ask you to complete surveys that We use for research purposes, although you do not have to respond to them. - Details of your visits to the Website including, but not limited to, traffic data, location data, weblogs and other communication data, and the resources that you access. The provision of personal and company name, email address, is required from you to enable Us to grant you access to member and research content. We will inform you at the point of collecting information from you, whether you are required to provide the information to Us. Uses Made of Your Information Lawful basis for processing We rely on legitimate interest as the lawful basis on which We collect and use your contact information. Our legitimate interests are performance of contracts with our customers and suppliers, marketing and promotion of our business to individuals and organisations who we have identified as genuine prospects and providing and collecting research insights for our customers. Purposes of processing We use information held about you in the following ways: - To provide you or the organisation that you work for with our services. - To conduct surveys and provide market research insights for our customers. - To ensure that content on the Website is presented in the most effective manner for you and for the device(s) you use to access and view the Website; - To provide you with information and offers that you request from Us or which We feel may interest you. - To carry out our obligations arising from any contracts entered into between Us and you, or Us and the organisation that you work for. - To allow you to participate in interactive features of our service, when you choose to do so. - To notify you about changes to our services. Marketing In addition to the above uses We may use your information to notify you about goods or services which may be of interest to you. Where We do this, We will contact you by electronic means (e-mail or SMS). If you do not want Us to use your data in this way please either (i) tick the relevant box situated on the form on which We collect your data (for example, the registration form); (ii) unsubscribe from our electronic communications using the method indicated in the relevant communication; or (iii) inform Us at any time by contacting Us at the contact details set out below. Automated decision making/profiling We use a marketing automation tool to identify business contacts who may be interested in receiving information and promotions relating to our products and services. Disclosure of Your Information We may pass your information to our third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (e.g. to host our servers and emails).We may disclose your personal data to any member of our corporate group, which means our subsidiaries, our ultimate holding company and its subsidiaries, as defined in section 1159 of the UK Companies Act 2006 (where applicable). We may also disclose your personal data to third parties: - if We are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Website Terms and Conditions and other agreements; or

- to protect Our rights, property, or safety or that of our affiliated entities, customers or suppliers or any other third party We interact with. Other than as set out above and save insofar as is necessary in order for Us to carry out our obligations arising from any contracts entered into between you and Us, We will not share your data with third parties unless We have procured your express consent to do so. Storing Your Personal Data Security We take appropriate measures to ensure that any personal data are kept secure, including security measures to prevent personal data from being accidentally lost, or used or accessed in an unauthorized way. We limit access to your personal data to those who have a genuine business need to know it. Those processing your information will do so only in an authorized manner and are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where We are legally required to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although We will do our best to protect your personal data, We cannot guarantee the security of your data transmitted to the Website; any transmission is at your own risk. Once We have received your information, We will use strict procedures and security features to try to prevent unauthorised access. The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and terms of use and that we do not accept any responsibility or liability for these policies and terms of use. Please check these policies before you submit any personal data to these websites. Keeping your personal data up to date If your personal details change you may update them by contacting us. If you have any questions about how We use data collected which relates to you, please contact Us by sending an email to We will endeavor to update your personal data within seven (7) working days of any new or updated personal data being provided to Us, in order to ensure that the personal data We hold about you is as accurate and up to date as possible. How long we keep your personal data We will hold the data set out above for a reasonable time having regard to the nature of the personal data and the purpose for which it was collected. In particular: - Where we hold your personal data in connection with the performance of a contract with one of our customers or suppliers, we will hold your data, and in particular any communications between you and us in relation to the negotiation or performance of the contract by either party for so long as that contract is in force and for a period of at least 7 years after; - Where we hold your data in connection with the marketing or promotion of our business, we will hold your data for up to 2 years, or for up to 2 years after you last communicated with us, if later. - In respect of website usage data, we hold your data for 5 years from the date of collection. Where We Store Your Personal Data All information We hold about you is stored on our secure servers within the EEA. The data that We collect from you may be transferred to, and stored in the USA and other destinations outside the European Economic Area ("EEA"). It may also be processed by staff operating outside the EEA who work for Us or for one of our suppliers. Such staff maybe engaged in, among other things, the fulfilment of your orders and the provision of support services. Countries outside the EEA do not have the same data protection laws as the United Kingdom and EEA. Whilst the European Commission has not given a formal decision that such countries provide an adequate level of data protection similar to those which apply in the United Kingdom and EEA, any transfer of your personal data will be subject to safeguards such as the US-EU Privacy Shield or a European Commission approved contract (as permitted under Article 46(5) of the General Data Protection Regulation that are designed to help safeguard your privacy rights and give you remedies in the unlikely event of a misuse of your personal data. To obtain a copy of the such safeguards please contact Us using the details set out below. If you would like further information please contact Us, our Data Protection Officer (see ‘Contact’ below). We will not otherwise transfer your personal data outside of the EEA or to any organisation (or subordinate bodies) governed by public international law or which is set up under any agreement between two or more countries. Your Rights Under the General Data Protection Regulation you have a number of important rights free of charge. In summary, those include rights to: - access to your personal data and to certain other supplementary information that this Policy is already designed to address - require Us to correct any mistakes in your information which We hold - require the erasure of personal data concerning you in certain situations - receive the personal data concerning you which you have provided to Us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations - object at any time to processing of personal data concerning you for direct marketing - object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you - object in certain other situations to our continued processing of your personal data - otherwise restrict our processing of your personal data in certain circumstances - claim compensation for damages caused by our breach of any data protection laws. For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please: - email, call or write to Us - let Us have enough information to identify you, - let Us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and - let Us know the information to which your request relates, including any account or reference numbers, if you have them How to Submit We hope that We can resolve any query or concern you raise about our use of your information. The General Data Protection Regulation also gives you right to lodge a complaint with a supervisory authority, in particular in the European Union (or European Economic Area) state where you work, normally live or where any alleged infringement of data protection laws occurred. The supervisory authority in the UK is the Information Commissioner who may be contacted at or telephone: 0303 123 1113. Changes to Our Privacy Policy We reserve the right to modify this Policy at any time. Any changes We may make to our Policy in the future will be notified and made available to you using the Website. Your continued use of the services and the Website shall be deemed your acceptance of the varied privacy policy. Information About Our Use of Cookies [And IP Addresses] We may collect information about [your mobile phone, computer or other device from which you access the Website] including where available your IP address, operating system and browser type, for systems administration and to report aggregate information to third parties affiliates. This is statistical data about our users’ browsing actions and patterns, and does not identify any individual. We may, however, use such information in conjunction with the data We have about you in order to track your usage of our services. Our Website uses cookies to distinguish you from other users of our Website. This helps Us to provide you with a good experience when you browse our Website and also allows Us to improve the Website. By using our Website you agree to our use of cookies as more specifically set out below. A cookie is a small file of letters and numbers that We store on your browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer's hard drive. The cookies We use include: - “Analytical” They allow Us to recognise and count the number of visitors and to see how visitors move around the Website when they are using it. This helps Us to improve the way our Website works, for example, by ensuring that users are finding what they are looking for easily. - “Strictly necessary” cookies. These are cookies that are required for the operation of our Website. They include, for example, cookies that enable you to log into secure areas of our Website, use a shopping cart or make use of e-billing services. - “Functionality” cookies. These are used to recognise you when you return to our Website. This enables Us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region). - “Targeting” cookies. These cookies record your visit to our Website, the pages you have visited and the links you have followed to our affiliates websites. We will use this information to make our Website, offers e-mailed to you and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Please note that third parties affiliates may also use cookies, over which We have no control. You may block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of the Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon as you visit our Website. Contact All questions, comments and requests regarding this Privacy and Cookies Policy should be addressed to Write to us at: The RepTrak Company, 399 Boylston St, Floor 7, Boston, MA, 02116.