Privacy Notice

Converged Security Solutions > Privacy Notice

PRIVACY NOTICE

Effective Date: June 5, 2025

This Privacy Notice is for Converged Security Solutions, LLC and our affiliates and subsidiaries (“CSS”, “we”, “us”, or “our”). This notice may also pertain to obligations specific to our Evolver, LLC subsidiary, as applicable.

Evolver, LLC provides comprehensive eDiscovery and legal support services to law firms, corporations, and government agencies, helping them manage the full lifecycle of electronically stored information for litigation, investigations, and regulatory compliance. The company emphasizes data security, privacy, and operational efficiency, with services tailored to support complex legal matters while safeguarding sensitive information. Evolver, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce.

The notice below describes how and why we might access, collect, store, use, and/or share (“process”) your personal information when you use our services (“Services”), including when you:

· Visit our website
· Engage with us in other related ways, including sales, marketing, or events.

This Privacy Notice applies to clients, customers, and users of CSS’s services. A separate Employee Privacy Notice is available to current and former employees, contractors, and applicants, which outlines how CSS handles employment-related personal information in compliance with applicable law. We collect personal information as needed in connection with employment-related activities, including hiring, onboarding, and workforce manageme

  1. WHAT INFORMATION DO WE COLLECT?We collect personal information that you voluntarily provide to us when you express an interest in obtaining information about us or our products and Services, when you participate in activities or the Services, or otherwise when you contact us.Personal Information Provided by You. The personal information that we collect depends on the context of your interactions with us and the Services, the choices you make, and the products and features you use. The personal information we collect may include the following:· names· phone numbers

    · email addresses

    · mailing addresses

    · job titles

    · usernames

    · contact preferences

    · contact or authentication data

    About Other Information Automatically Collected

    Like many businesses, we also collect information through cookies and similar technologies.

    The information we collect includes:

    · Log and Usage Data. Log and usage data is service-related, diagnostic, usage, and performance information our servers automatically collect when you access or use our Services, and which we record in log files. Depending on how you interact with us, this log data may include your IP address, device information, browser type, and settings and information about your activity in the Services (such as the date/time stamps associated with your usage, pages and files viewed, searches, and other actions you take such as which features you use), device event information (such as system activity, error reports (sometimes called “crash dumps”), and hardware settings).

    · Device Data. We may collect device data, including information about the computer, phone, tablet, or other device you use to access the Services. Depending on the device used, this device data may include information such as your IP address (or proxy server), device and application identification numbers, location, browser type, hardware model, Internet service provider and/or mobile carrier, operating system, and system configuration information.

    · Location Data. We may collect location data, including information about your device’s location, which can be either precise or imprecise. The amount of information we collect depends on the type and settings of the device you use to access the Services. For example, we may use GPS and other technologies to collect geolocation data that tells us your current location (based on your IP address). You can opt out of allowing us to collect this information either by refusing access to the information or by disabling your Location setting on your device. However, if you choose to opt out, you may not be able to use certain aspects of the Services.

    Some information, such as your Internet Protocol (IP) address and/or browser and device characteristics, is collected automatically when you visit our Services.

    We may collect certain information when you visit, use, or navigate the Services. This information does not reveal your specific identity (like your name or contact information) but may include device and usage information, such as your IP address, browser and device characteristics, operating system, language preferences, referring URLs, device name, country, location, information about how and when you use our Services, and other technical information. This information is primarily needed to maintain the security and operation of our Services, as well as for our internal analytics and reporting purposes.

    Information Collected from Other Sources

    We may collect limited data from public databases, marketing partners, and other outside sources.

    To enhance our ability to provide relevant marketing offers and services to you and to update our records, we may obtain information about you from other sources, including public databases, joint marketing partners, affiliate programs, data providers, and other third-party sources. This information includes mailing addresses, job titles, email addresses, phone numbers, intent data (or user behavior data), Internet Protocol (IP) addresses, social media profiles, social media URLs, and custom profiles, for purposes of targeted advertising and event promotion.

  2. HOW DO WE PROCESS YOUR INFORMATION?We process your information to provide, improve, and administer our Services, communicate with you, for security and fraud prevention purposes, and to comply with applicable laws. We process personal information for the following purposes listed below. We may also process your information for other purposes only with your prior explicit consent.We process your personal information for a variety of reasons, depending on how you interact with our Services, including:· For lawful use in connection with eDiscovery and related legal matters.· For lawful use to secure our operational systems and for investigating system performance issues.

    · To deliver and facilitate the delivery of services to the user. We may process your information to provide you with the requested service.

    · To respond to user inquiries/offer support to users. We may process your information to respond to your inquiries and solve any potential issues you might have with the requested service.

    To send administrative information to you. We may process your information to send you details about our products and services, changes to our terms and policies, and other similar information.

    · To fulfill and manage your orders. We may process your information to fulfill and manage your orders, payments, returns, and exchanges made through the Services.

    · To enable user-to-user communications. We may process your information if you choose to use any of our offerings that allow for communication with another user.

    To save or protect an individual’s vital interests. We may process your information when necessary to save or protect an individual’s vital interests, such as to prevent harm or injury.

  3. WHAT LEGAL BASES DO WE RELY ON TO PROCESS YOUR INFORMATION?We only process your personal information when we believe it is necessary and we have a valid legal reason (i.e., legal basis) to do so under applicable law, with your consent, to comply with laws, to provide you with services to enter in to or fulfill our contractual obligations, to protect your rights, or to fulfill our legitimate business interests. We retain your personal information only as long as necessary to fulfill the purposes described in this Privacy Notice or to follow best practices for recordkeeping of data, unless a longer retention period is required or permitted by law.For Individuals in the European Union and the United KingdomLegal Bases for Processing Personal Information Under GDPR and UK GDPR.If you are located in the EU or the UK, this section applies to you.

    The General Data Protection Regulation (GDPR) and the UK GDPR require us to explain the lawful bases on which we rely to process your personal information. Accordingly, we may rely on the following legal bases:

    · Consent: We may process your personal information when you have provided consent for a specific purpose. You may withdraw your consent at any time. Learn more about how to withdraw your consent.

    · Performance of a Contract: We may process your personal information when it is necessary to fulfill our contractual obligations to you, including the provision of our Services, or at your request before entering into a contract.

    · Legal Obligations: We may process your personal information when required to comply with legal obligations, such as cooperating with law enforcement or regulatory authorities, asserting or defending our legal rights, or disclosing your information as part of legal proceedings.

    Vital Interests: We may process your personal information when necessary to protect your vital interests or those of another individual, such as in cases involving potential threats to the safety or life of any person.

    For Individuals in Canada

    Consent and Permitted Processing Under Canadian Privacy Law.

    If you are located in Canada, this section applies to you.

    We may process your personal information when you have provided specific permission (express consent) for a particular purpose, or when your permission can be reasonably inferred from the circumstances (implied consent). You may withdraw your consent at any time.

    In certain limited circumstances, we may be permitted by law to process your personal information without your consent. These circumstances may include:

    · When the collection is clearly in the interests of an individual and consent cannot be obtained in a timely manner;

    · For investigations and the detection or prevention of fraud;

    · In connection with business transactions, subject to applicable legal conditions;

    · When the information is contained in a witness statement and the collection is necessary to assess, process, or settle an insurance claim;

    · For identifying injured, ill, or deceased individuals and for communicating with their next of kin;

    · Where there are reasonable grounds to believe that an individual has been, is, or may be a victim of financial abuse;

    · When obtaining consent could compromise the availability or accuracy of the information, and the collection is reasonable for investigating a breach of an agreement or a legal violation;

    · When required to comply with a subpoena, warrant, court order, or applicable court rules;

    · When the information was produced in the course of employment, business, or professional activities, and the collection aligns with the original purpose;

    · When the collection is solely for journalistic, artistic, or literary purposes;

    · When the information is publicly available as defined by regulation;

    · When disclosing de-identified information for approved research or statistical purposes, subject to ethics oversight and confidentiality agreements.

  4. WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?We may share personal information under specific circumstances described in this section and/or with the following categories of third parties.Vendors, Consultants, and Other Third-Party Service ProvidersWe may disclose your information to third-party vendors, service providers, contractors, or agents (“third parties”) who perform functions on our behalf or on behalf of our client or client counsel; and require access to personal information to fulfill their duties. These third parties are bound by contractual obligations that ensure the safeguarding of your personal information. They are not permitted to use your personal information for any purpose other than as instructed by us and may not share it with any external organization. They are also required to protect the personal information they handle on our behalf and retain it only for the duration we specify. All third parties must uphold a level of data protection consistent with the principles of the EU-U.S. Data Privacy Framework and the Swiss-U.S. Data Privacy Framework.The categories of third parties with whom we may share personal information include:

    · Cloud Computing Services

    · Communication and Collaboration Tools

    · Data Analytics Providers

    · Data Storage Service Providers

    · IT Services Providers (such as Managed Services Providers)

    We may also disclose personal information in the following situations:

    Business Transfers: We may share or transfer personal information in connection with, or during negotiations of, a merger, sale of company assets, financing, or acquisition of all or part of our business by another entity.

    Affiliates: We may disclose your information to our affiliates, which include our parent company, subsidiaries, joint ventures, and other companies under common ownership or control. These affiliates are required to adhere to the terms of this Privacy Notice.

    Business Partners: We may share your personal information with our business partners to provide you with specific products, services, or promotional offers.

  5. DO WE USE COOKIES AND OTHER TRACKING TECHNOLOGIES?We use cookies and similar tracking technologies to collect and store information when you interact with our Services. We use a cookie consent management platform to capture and honor your preferences. Visitors to our websites are presented with a banner that allows them to:· Accept all cookies· Reject non-essential cookies· Customize cookie settings

    The categories of cookies we use are:

    · Essential cookies (required for site operation and security, cannot be disabled)

    · Analytics (statistics) cookies (used for site usage measurement, such as Google Analytics 4, loaded only after consent)

    · Marketing cookies (used for advertising or remarketing, loaded only after consent)

    Non-essential cookies (analytics and marketing) will not be activated until you provide consent.

    These tracking technologies apply to individuals interacting with our websites and digital services.

    We may also allow third parties and service providers to use online tracking technologies on our Services for purposes including analytics and advertising. These technologies may be used to help manage and display advertisements, tailor advertisements to your interests, or send reminders, such as for abandoned shopping carts, depending on your communication preferences. Third parties may use their own technologies to provide advertising about products and services that may be of interest to you, which may appear on our Services or other websites.

    To the extent the use of these tracking technologies is considered a “sale” or “sharing” of personal information (as defined under applicable U.S. state privacy laws, including in relation to targeted advertising), you have the right to opt out. You may submit a request to exercise this right as described in the section titled “DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?”

    Specific details about the cookies and tracking technologies we use, along with instructions on how to opt out of certain cookies, are provided in our Cookie Notice.

    Google Analytics We may share your information with Google Analytics to help us understand how the Services are used and to improve performance. The Google Analytics Advertising Features we may use include Google Analytics Demographics and Interests Reporting.

    To opt out of tracking by Google Analytics across our Services, you may visit: https://tools.google.com/dlpage/gaoptout You can also opt out of Google Analytics Advertising Features through Google Ad Settings or your mobile device settings.

    For more information about Google’s data practices, please visit: https://policies.google.com/privacy

  6. IS YOUR INFORMATION TRANSFERRED INTERNATIONALLY?EU-U.S., UK Extension to the EU-U.S., and Swiss-U.S. Data Privacy Framework.We comply with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework, as established by the U.S. Department of Commerce, regarding the collection and use of personal information transferred from the European Union (EU), the United Kingdom (UK, including Gibraltar), and Switzerland. We have certified to the U.S. Department of Commerce that we adhere to the EU-U.S. Data Privacy Framework Principles and the Swiss-U.S. Data Privacy Framework Principles. If there is any conflict between the terms in this Privacy Notice and the Data Privacy Framework Principles, the Principles shall govern. To learn more about the Data Privacy Framework program or to view our certification, please visit https://www.dataprivacyframework.gov.Under the Data Privacy Framework, individuals in the EU, UK, and Switzerland have the right to request confirmation as to whether we maintain personal information relating to them in the United States. Upon request, we will provide access to the personal information we hold.Individuals also have the right to correct, amend, or delete inaccurate personal information. Requests to access, correct, amend, or delete such data should be directed to privacy@evolverinc.com. We will respond to such requests within a reasonable timeframe.

    If we receive your personal information in the United States and subsequently transfer it to a third party acting as our agent, we remain responsible under the Data Privacy Framework Principles if the agent processes the information in a manner inconsistent with those Principles, unless we can demonstrate that we are not responsible for the event giving rise to the damage.

    Before disclosing personal information to third parties other than agents or using it for a purpose materially different from the one for which it was collected or authorized, we will offer individuals the opportunity to opt out, and for sensitive information, the opportunity to opt in. To request limitations on the use or disclosure of your personal information, please send a written request to privacy@evolverinc.com .

    Under the Data Privacy Framework Principles, we are committed to resolving complaints regarding our handling of your personal information. Individuals from the EU, UK, or Switzerland with inquiries or complaints should first contact us. If you do not receive a timely acknowledgment or if we do not resolve your complaint satisfactorily, you may contact our U.S.-based independent dispute resolution provider, the Better Business Bureau. Visit https://bbbprograms.org/dpf-complaints for more information or to submit a complaint. This service is provided at no cost to you.

    If your Data Privacy Framework complaint is not resolved through these channels, under certain conditions, you may be able to invoke binding arbitration.

    We are subject to the investigatory and enforcement authority of the U.S. Federal Trade Commission (FTC). In certain circumstances, we may be required to disclose personal information in response to lawful requests from public authorities, including those related to national security or law enforcement requirements.

    For additional details regarding our participation in the Data Privacy Framework, please refer to the following sections of this Privacy Notice:

    · WHAT INFORMATION DO WE COLLECT? For details on the types of personal information collected

    · HOW DO WE PROCESS YOUR INFORMATION? For information on the purposes of processing

    · WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION? For disclosure details

    · WHAT ARE YOUR PRIVACY RIGHTS? For information about your access and control rights

    Learn more about the program at https://www.dataprivacyframework.gov. To view our certification, please visit https://www.dataprivacyframework.gov/s/participant-search .

    If your complaint is not resolved, you may contact our U.S.-based dispute resolution provider, BBB National Programs, at https://bbbprograms.org/dpf .

    Under certain conditions, you may invoke binding arbitration. More information is available at https://www.dataprivacyframework.gov/s/article/How-to-Submit-a-Complaint-Relating-to-the-Privacy-Shield-Programs-dpf .

    European Commission’s Standard Contractual Clauses

    We have implemented measures to protect your personal information, including the use of the European Commission’s Standard Contractual Clauses for transfers of personal information between our group companies and between us and our third-party providers. These clauses require all recipients to protect all personal information that they process, originating from the EEA or the UK, in accordance with European data protection laws and regulations. Our Standard Contractual Clauses can be provided upon request. We have implemented similar appropriate safeguards with our third-party service providers and partners, and further details can be provided upon request.

  7. HOW LONG DO WE KEEP YOUR INFORMATION?We keep your information for as long as necessary to fulfill the purposes outlined in this Privacy Notice unless otherwise required by law.We will only keep your personal information for as long as it is necessary for the purposes set out in this Privacy Notice, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements).When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize such information, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  8. HOW DO WE KEEP YOUR INFORMATION SAFE?We aim to protect your personal information through a system of organizational and technical security measures.We have implemented appropriate and reasonable technical and organizational security measures designed to protect the security of any personal information we process. This includes the use of Microsoft for cloud encryption that includes TLS/SSL, AES-256, and IPSec to secure passwords and other sensitive data. However, despite our safeguards and efforts to secure your information, no electronic transmission over the Internet or information storage technology can be guaranteed to be 100% secure, so we cannot promise or guarantee that hackers, cybercriminals, or other unauthorized third parties will not be able to defeat our security and improperly collect, access, steal, or modify your information. Although we will do our best to protect your personal information, transmission of personal information to and from our Services is at your own risk. You should only access the Services within a secure environment.
  9. DO WE COLLECT INFORMATION FROM MINORS?We do not knowingly collect data from or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction.We do not knowingly collect, solicit data from, or market to children under 18 years of age or the equivalent age as specified by law in your jurisdiction, nor do we knowingly share such personal information. By using the Services, you represent that you are at least 18 or the equivalent age as specified by law in your jurisdiction or that you are the parent or guardian of such a minor and consent to such minor’s use of the Services. If we learn that personal information from users less than 18 years of age or the equivalent age as specified by law in your jurisdiction has been collected, we will deactivate the account and take reasonable measures to promptly delete such data from our records. If you become aware that we have collected data from children under the age of 18 or the equivalent age as specified by law in your jurisdiction, please contact us at the designated privacy email address.
  10. WHAT ARE YOUR PRIVACY RIGHTS?Depending on your place of residence within the United States or in regions such as the European Economic Area (EEA), the United Kingdom (UK), Switzerland, or Canada, you may have privacy rights that provide you with greater control over your personal information. These rights may allow you to review, modify, or delete your account at any time, depending on your country, province, or state of residence.In some jurisdictions (including the EEA, UK, Switzerland, and Canada), data protection laws grant you specific rights. These may include the right to:· request access to your personal information and obtain a copy of it,· request that your personal information be corrected or deleted,

    · restrict how your personal information is processed,

    · request the transfer of your personal information in a portable format, where applicable, and

    · not be subject to a decision based solely on automated processing if that decision produces legal or similarly significant effects.

    If such an automated decision is made, we will inform you, explain the main factors involved, and provide a clear process for requesting human review. In some circumstances, you may also have the right to object to our processing of your personal information. You may exercise any of these rights by contacting us using the details provided in the section titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” below.

    We will evaluate and respond to each request in accordance with applicable data protection laws.

    If you are located in the EEA or UK and believe that we are processing your personal information unlawfully, you have the right to file a complaint with your data protection authority. If you are located in Switzerland, you may contact the Swiss Federal Data Protection and Information Commissioner.

    Withdrawing your consent: Where we rely on your consent to process your personal information (whether express or implied, depending on the applicable law), you have the right to withdraw that consent at any time. You may contact us using the contact information provided in the section titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” Please note that withdrawing your consent will not affect the lawfulness of any processing performed before the withdrawal. Additionally, in cases where applicable law allows, it will not impact processing conducted on legal grounds other than consent. Opting out of marketing and promotional communications: You may opt out of receiving our marketing or promotional emails at any time by clicking the unsubscribe link in any marketing message or by contacting us using the details provided in the section titled “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?” After opting

    out, you will be removed from our marketing lists. However, we may still contact you when necessary, such as for important service-related messages related to your account, responses to your service requests, or for other non-promotional purposes.

    Cookies and similar technologies: Most web browsers are configured to accept cookies by default. You can usually set your browser to delete or reject cookies. Please note that disabling cookies may impact the functionality of certain parts of our Services.

    If you have any questions or concerns regarding your privacy rights, you may contact us.

  11. CONTROLS FOR DO-NOT-TRACK FEATURESMost web browsers, as well as some mobile operating systems and applications, offer a Do-Not-Track (“DNT”) feature or setting that you can enable to express your preference not to be tracked online. However, we do not currently support or recognize DNT signals, as there is no finalized industry or legal standard for detecting or responding to them. If such a standard is adopted in the future, we will update this Privacy Notice accordingly. California law requires us to disclose how we respond to DNT signals. Since no consensus exists, we do not respond to them at this time.
  12. DO UNITED STATES RESIDENTS HAVE SPECIFIC PRIVACY RIGHTS?If you are a resident of California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, or Virginia, you may have the right to request access to and receive details about the personal information we maintain about you and how we have processed it, correct inaccuracies, get a copy of, or delete your personal information. You may also have the right to withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. More information is provided below.Categories of Personal Information We CollectThe table below shows the categories of personal information we have collected in the past twelve (12) months. The table includes illustrative examples of each category and does not reflect the personal information we collect from you. For a comprehensive inventory of all personal information we process, please refer to the section “WHAT INFORMATION DO WE COLLECT?
Categories of Personal Information Collected
CATEGORY EXAMPLES COLLECTED
A. Identifiers Contact details, such as real name, alias, postal address, telephone or mobile contact number, unique personal identifier, online identifier, Internet Protocol address, email address, and account name YES
B. Personal information as defined in the California Customer Records statute Name, contact information, education, employment, employment history, and financial information YES
C. Protected classification characteristics under state or federal law Gender, age, date of birth, race and ethnicity, national origin, marital status, and other demographic data YES
D. Commercial information Transaction information, purchase history, financial details, and payment information YES
E. Biometric information Fingerprints and voiceprints NO
F. Internet or other similar network activity Browsing history, search history, online behavior, interest data, and interactions with our and other websites, applications, systems, and advertisements YES
G. Geolocation data Device location YES
H. Audio, electronic, sensory, or similar information Images and audio, video or call recordings created in connection with our business activities YES
I. Professional or employment-related information Business contact details in order to provide you our Services at a business level or job title, work history, and professional qualifications if you apply for a job with us YES
J. Education Information Student records and directory information NO
K. Inferences drawn from collected personal information Inferences drawn from any of the collected personal information listed above to create a profile or summary about, for example, an individual’s preferences and characteristics NO
L. Sensitive personal information Account login information, citizenship or immigration status, drivers’ licenses, financial information, health data, national origin, passport numbers, precise geolocation, racial or ethnic origin, social security numbers, state ID card numbers, contents of email or text messages, personal information from a known child YES

We only collect sensitive personal information, as defined by applicable privacy laws or the purposes allowed by law or with your consent. Sensitive personal information may be used or disclosed to a service provider or contractor for additional, specified purposes. You may have the right to limit the use or disclosure of your sensitive personal information. We do not collect or process sensitive personal information for the purpose of inferring characteristics about you.

We may also collect other personal information outside of these categories through instances where you interact with us in person, online, by phone, or by mail in the context of:

· Receiving help through our customer support channels;

· Regarding Clients Litigation or Regulatory inquires;

· Participation in customer surveys or contests; and

· Facilitation in the delivery of our Services and to respond to your inquiries.

We will use and retain personal information only as long as necessary to provide the Services or as required by the duration of the legal matter and specific client requests.

Sources of Personal Information

Learn more about the sources of personal information we collect in “WHAT INFORMATION DO WE COLLECT?”

How We Use and Share Personal Information

Learn more about how we use your personal information in the section “HOW DO WE PROCESS YOUR INFORMATION?”

We may use your personal information for our own business purposes, such as for undertaking internal research for technological development and demonstration. This is not considered to be “selling” of your personal information.

We have not sold or shared any personal information to third parties for a business or commercial purpose in the preceding twelve (12) months. We have disclosed the following categories of personal information to third parties for a business or commercial purpose in the preceding twelve (12) months:

· Category A. Identifiers

· Category B. Personal information as defined in the California Customer Records law

· Category C. Characteristics of protected classifications under state or federal law

· Category F. Internet or other similar network activity

· Category G. Geolocation data

· Category H. Audio, electronic, visual, and similar information

· Category I. Professional or employment-related information

· Category L. Sensitive personal information

The categories of third parties to whom we disclosed personal information for a business or commercial purpose can be found under “WHEN AND WITH WHOM DO WE SHARE YOUR PERSONAL INFORMATION?”

Your Rights

You have rights under certain US state data protection laws. However, these rights are not absolute, and in certain cases, we may decline your request as permitted by law. These rights include:

· Right to know whether or not we are processing your personal information

· Right to access your personal information

· Right to correct inaccuracies in your personal information

· Right to request the deletion of your personal information

· Right to obtain a copy of the personal information you previously shared with us

· Right to non-discrimination for exercising your rights

· Right to opt out of the processing of your personal information if it is used for targeted advertising (or sharing as defined under California’s privacy law), the sale of personal information, or profiling in furtherance of decisions that produce legal or similarly significant effects (“profiling”)

Depending upon the state where you live, you may also have the following rights:

· Right to access the categories of personal information being processed (as permitted by applicable law, including the privacy law in Minnesota)

· Right to obtain a list of the categories of third parties to which we have disclosed personal information (as permitted by applicable law, including the privacy law in California, Delaware, and Maryland)

· Right to obtain a list of specific third parties to which we have disclosed personal information (as permitted by applicable law, including the privacy law in Minnesota and Oregon)

· Right to review, understand, question, and correct how personal information has been profiled (as permitted by applicable law, including the privacy law in Minnesota)

· Right to limit use and disclosure of sensitive personal information (as permitted by applicable law, including the privacy law in California)

· Right to opt out of the collection of sensitive data and personal information collected through the operation of a voice or facial recognition feature (as permitted by applicable law, including the privacy law in Florida)

How to Exercise Your Rights

To exercise these rights, you can contact us by referring to the contact details at the bottom of this document.

Under certain US state data protection laws, you can designate an authorized agent to request on your behalf. We may deny a request from an authorized agent that does not submit proof that they have been validly authorized to act on your behalf in accordance with applicable laws.

Request Verification

Upon receiving your request, we will need to verify your identity to confirm that you are the same person for whom we have information in our system. We will only use personal information provided in your request to verify your identity or authority to make the request. However, if we cannot verify your identity using the information already maintained by us, we

may request that you provide additional information to verify your identity and for security or fraud prevention purposes.

If you submit the request through an authorized agent, we may need to collect additional information to verify your identity before processing your request, and the agent will need to provide written and signed permission from you to submit such a request on your behalf.

Appeals

Under certain US state data protection laws, if we decline to take action regarding your request, you may appeal our decision by emailing us. We will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decision. If your appeal is denied, you may submit a complaint to your state attorney general.

California “Shine The Light” Law

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us by using the contact details provided in the section “HOW CAN YOU CONTACT US ABOUT THIS NOTICE?”

13.

DO WE MAKE UPDATES TO THIS NOTICE?

Yes, we will update this notice as necessary to stay compliant with relevant laws.

We reserve the right to update this Privacy Notice from time to time. The updated version will be indicated by an updated “Revised” date at the top of this Privacy Notice. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice regularly to stay informed about how we protect your information

14.

HOW CAN YOU CONTACT US ABOUT THIS NOTICE?

If you have questions or comments about this notice, you may contact our Data Protection Officer (DPO) by email, or contact us by post at:

CSS, LLC Attn: Privacy Policy Officer 11800 Sunrise Valley Dr Ste 900 Reston, VA 20191 P: 888.742.4090 privacy@evolverinc.com

15.

HOW CAN YOU REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?

Based on the applicable laws of your country or state of residence in the US, you may have the right to request access to the personal information we collect from you, details about how we have processed it, correct inaccuracies, or delete your personal information. You may also have the right to request that we limit the use or disclosure of your personal information or withdraw your consent to our processing of your personal information. These rights may be limited in some circumstances by applicable law. To request a review, update, or deletion of your personal information, please visit: https://bbbprograms.org/programs/all-programs/dpf-consumers .

Questions or concerns? If you still have any questions or concerns, please contact us at privacy@evolverinc.com .

Policy Review

This policy shall be reviewed at least once a year, from the approval date, as part of an overall management review by the policy owner and the CSS quality department. The policy may also be reviewed in an ad hoc manner to assess the updates needed to accommodate changes in government laws and regulations.