EU – U.S. PRIVACY – SHIELD FRAMEWORK PRIVACY POLICY, AND COOKIES AND SIMILAR TECHNOLOGIES STATEMENT

*Effective June 30, 2020

Tollanis Solutions, Inc. (hereinafter, “Tollanis,” “we,” “our,” and “us”) is committed to safeguarding privacy. This Privacy Policy (this “Policy”) is published to help Individuals (as defined below) understand the measures we take to protect privacy and how such measures can help Individuals to protect privacy.

Tollanis is an information technologies services corporation headquartered in the United States. It has one wholly owned subsidiary: Tollanis Solutions LLP., an Indian limited liability partnership. The Tollanis Companies (as defined below) share some databases, technological systems, business processes, and management structure, which may result in the transfer of some information across borders. In addition, Tollanis, by itself or through its subsidiaries, may provide customer services that involve the Processing of Personal Data (as such terms are defined below), and such Processing may also result in the transfer of some information across borders.

Tollanis is committed to, participate in, relies upon, and complies with the EU-U.S. Privacy Shield Framework (the “Framework”) as set forth by the U.S. Department of Commerce. The U.S. Department of Commerce’s International Trade Administration (ITA) continues to administer the Privacy Shield program despite the Schrems II judgment. With respect to the collection, use, and retention of Personal Data (as defined below) received from the European Union (“EU”) in the United States (“US”), Tollanis complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and the United Kingdom, as applicable, to the United States in reliance on Privacy Shield. Tollanis has certified to the Department of Commerce that it adheres to the Privacy Shield Principles of Notice; Choice; Accountability for Onward Transfer; Security; Data Integrity; Access, and Recourse, Enforcement; and Liability (hereinafter, the “Principles”) with respect to such information. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern.

For the purposes of the Framework, Tollanis is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission.

SCOPE

This Policy applies to all Personal Data (as defined below) described in this Policy that is collected and transferred by or on behalf of Tollanis Companies, or its customers, prospects, partners, vendors, or suppliers from countries in the EU to Tollanis in the U.S. This Policy also addresses the collection and use of Personal Data gathered in connection with the Site.

DEFINITIONS

Capitalized terms are defined as set out below, or as otherwise defined throughout this Policy.

• “Agent” means a third party that acts or performs on behalf of Tollanis.
• “Tollanis Company” means any of Tollanis, Tollanis Solutions Inc., or Tollanis Solutions LLP, individually, and “Tollanis Companies” means Tollanis, Tollanis Solutions Inc., or Tollanis Solutions LLP, collectively.
• “Business Contact Data” means Personal Data pertaining to or provided by current and prospective customers, partners, vendors, or suppliers of any Tollanis Company.
• “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.
• “HR Data” means Personal Data from Tollanis’ Indian subsidiary pertaining to its prospective, current, and former employees, consultants, contractors, and job applicants.
• “Individual” means a natural person in the EU.
• “Personal Data” means information that personally identifies, or may be used to personally identify, an Individual, whether by such information alone or in combination with other information.
• “Processing” means the performance of any operation or set of operations whether or not by automated means, such as collection, recording, organization, structuring, storage, keeping, adaptation or alteration, updating, retrieval, consultation, use, disclosure by transmission, disclosure, dissemination or otherwise making available, alignment or combination, blocking, restriction, erasure, or destruction.
• “Sensitive Data” means Personal Data specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, or information specifying the sex life of an individual.
• “Site” means www.tollanis.com and its related web pages.

PRIVACY SHIELD PRINCIPLES

Notice

Typically, we collect and receive two types of Personal Data: Business Contact Data and HR Data. When we receive such Personal Data, we will use and disclose it only in accordance with the notices provided and the choices, as applicable, made by the Individual to whom such Personal Data relates.

We must disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We do not sell, lease, or rent Personal Data to third parties.

Business Contact Data

Typically, Business Contact Data consists of names, business titles, and contact information, such as email addresses, telephone numbers, fax numbers, and business and mailing addresses. Business Contact Data may also consist of certain identification information, such as a user ID or code, and may include information related to, as applicable, service requests, including location and equipment. Business Contact Data is collected when such Data is voluntarily provided to us by an individual or in connection with a potential or existing business relationship. We collect, Process, and use Business Contact Data for the following purposes:

1. the provision of services and products,
2. fulfilling our business or contractual obligations to our customers,
3. contract and billing administration,
4. marketing and sales,
5. partner and supply chain management,
6. legal compliance,
7. protecting and defending our rights and property, and
8. other related business activities of which an Individual is informed when their Business Contact Data is collected or as soon as practical thereafter. We may also disclose or transfer Business Contact Data to our employees, agents, suppliers, vendors, and partners for such purposes.

Data

Typically, HR Data consists of name, title, contact information, addresses, telephone numbers, fax numbers, email addresses, personal, employee, and/or tax identification number(s), job descriptions, performance evaluations, resume, qualifications, accolades, disciplinary actions, salary history and information, picture/photo, and Sensitive Data that may relate to an employee’s health or other sensitive matters, such as information pertaining to an employee’s dependents and family members. Tollanis collects, uses, and Processes HR Data only for the following purposes:

1. determining, evaluating, and implementing employment-related actions and obligations;
2. recruiting and hiring job applicants;
3. performing background checks and verifying references;
4. assessing qualifications;
5. designing, evaluating, and administering compensation, benefits, payroll, training, and other human resource programs;
6. development and training programs;
7.  monitoring and evaluating employee conduct and performance;
8. implementing security programs and policies;
9. maintaining facility and employee security, health, and safety;
10. maintaining a global directory;
11. other general human resources purposes, including but not limited to team-building;
12. collecting and conducting accounting, auditing, and financial transactions and analyses;
13. collecting and storing information in compliance with contractual and legal obligations;
14. carrying out obligation under employment contracts, and employment, tax, and benefits laws, in connection with working relationships or arrangements;
15. facilitating business communications, negotiations, and transactions, including but not limited to employee communications and employee surveys;
16. fulfilling our business or contractual obligations;
17. managing and operating any Tollanis Company(ies) and its/their functions and activities;
18. cooperating with law enforcement and other governmental agencies; and
19. the purposes stated in the Business Contact Data paragraph above.

EU employees are notified in detail regarding how their HR Data will be Processed and used at the time of their employment. Before using an EU employee’s HR Data for any purpose other than described above, affirmative consent from such employee will be obtained. Such consent may be declined or withdrawn at any time; provided, however, that HR Data will be retained in the manner and for the time periods required under applicable laws and regulations.

HR Data may be accessed by other employees of any Tollanis Company only as necessary for legitimate human resources or business functions or issues. HR Data will be disclosed to third parties only as follows:

1. to customers, vendors, suppliers, and partners as required to facilitate the operations, management, and business of the Tollanis Companies;
2. to those retained by Tollanis as Agents for the purposes set forth in the paragraph above, including but not limited to, professional advisors such as accountants and lawyers,
3. as required pursuant to an applicable law, governmental or judicial order, or regulation, or to protect the rights or property of Tollanis,
4. as authorized in writing by the EU employee, and
5. where such Data is voluntarily provided by an EU employee in a context that makes it clear that such information will be provided to a third party.

EU employees may, for legitimate HR purposes, disclose Personal Data about their family members. In this event, such Personal Data shall be treated in accordance with this Policy as though such Data is HR Data.

Where HR Data is transferred to the U.S. from the EU in the context of an employment relationship, Tollanis will cooperate with investigations by and comply with the advice of the appropriate EU authorities, as applicable.

Data Provided by an Individual in Connection with the Site

Generally, an Individual can browse the Site without personally identifying themselves. However, an Individual may choose to provide us with Personal Data by completing a web form that requests any Personal Data; accessing our systems, platforms, and networks; requesting or registering to receive information from us; participating in correspondence or live chats with our representatives; participating in interactive features on the Site; choosing to share a page from the Site through one of our platforms; registering to use social media in conjunction with the Site; entering a contest or promotion sponsored by us; signing up for offerings that are co-sponsored between us and third-parties; reporting any problems or issues with the Site; contacting us; completing our surveys; or otherwise generally submitting Personal Data to us in connection to the Website. We will use your Personal Data only in accordance with the terms of this Policy.

Cookies and Other Automated Means of Collection

We use cookies and similar technologies in connection with the Site. For more information, please read the COOKIES AND SIMILAR TECHNOLOGIES STATEMENT below.

Choice

Tollanis offers each Individual the opportunity to choose whether their Personal Data is

1. to be disclosed for the first time to a third party; or
2. to be used for a purpose that is materially different from the purpose(s) for which it was originally collected or subsequently authorized by the Individual. To exercise their choice, an Individual must first email Tollanis at [email protected], with the subject line CHOICE REGARDING PERSONAL DATA.

Please note, however, that Tollanis will not provide a “choice” when disclosure is made to an Agent, provided that Tollanis has entered into a contract with such Agent.

For Sensitive Data, Tollanis will request and obtain express consent, otherwise known as an “opt in,” from an Individual if such information is to be

1. disclosed to a non-Agent third party; or
2. used for a purpose other than those for which it was originally collected or subsequently authorized by the individual through the exercise of opt-in choice. In addition, Tollanis will treat as Sensitive Data any Personal Data received from a third party, where the third party identifies and treats such Personal Data as sensitive.

Accountability for Onward Transfer

To transfer Personal Data to a third party acting as a Controller, Tollanis will comply with the Notice and Choice Principles. Tollanis will not transfer Personal Data to any third party Controller without entering into a contract with the same that provides that

1. Personal Data may be Processed only for limited and specified purposes consistent with the consent provided by the individual to whom such Personal Data pertains;
2. the recipient will provide the same level of protection as the Principles;
3. the recipient will notify us if it determines that it can no longer provide such level of protection; and
4. if such a determination is made, the third party controller shall cease Processing or take other reasonable and appropriate steps to remediate.

To transfer Personal Data to a third party acting as an Agent, Tollanis will:

1. transfer such Personal Data only for limited and specified purposes;
2. ascertain that the agent is obligated to provide at least the same level of privacy protection as is required by the Principles;
3. take reasonable and appropriate steps to ensure that the agent effectively Processes the Personal Data transferred in a manner consistent with our obligations under the Principles;
4. require the agent to notify us if the agent makes a determination that it can no longer meet its obligation to provide the same level of protection as is required by the Principles;
5. upon notice, take reasonable and appropriate steps to stop and remediate unauthorized Processing; and
6. provide a summary or a representative copy of the relevant privacy provisions of Tollanis’s contract with the applicable agent to the U.S. Department of Commerce upon request.

Security

Tollanis will take reasonable and appropriate measures to protect Personal Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction, taking into due account the risks involved in the Processing and the nature of the Personal Data. The user must exercise reasonable caution in that, user ID and password/s must not be shared with anyone else, precautions to guard against malware such as viruses, bots, etc. must be taken, suitable anti-virus software/s must be installed and regularly updated, etc.

Data Integrity and Purpose Limitation

Tollanis will limit its collection and Processing of Personal Data to only that which is relevant for the purposes set out in the “Notice” section above. Furthermore, we will not Process Personal Data in a way that is incompatible with the purpose(s) for which it has been collected or subsequently authorized by an Individual. We will also take reasonable steps to ensure that Personal Data is reliable for its intended use, accurate, complete, and current, and will adhere to the principles for as long as Tollanis retains such Personal Data.

Once we’ve collected or Processed Personal Data, we will retain it only for so long as it serves a purpose set out in the “Notice” section above; provided, that, we may retain and Process, subject to the Principles and the EU-U.S. Privacy Shield Framework, Personal Data for longer periods as may be

1. permitted or required by applicable law or
2. reasonable to serve the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research, and statistical analysis.

Tollanis is located primarily in the United States and users understand and agree that any information shared by them specifically with the Site or collected automatically by the Site shall be stored in the USA thereby crossing the international borders of the respective countries and regions.

Access

An Individual may access his or her Personal Data held by Tollanis and correct, amend, or delete such Personal Data where it is inaccurate or has been Processed in violation of the principles, except where the burden or expense of providing access would be disproportionate to the risks to the Individual’s privacy in the case in question, or where the rights of persons other than the Individual would be violated.

If you are an Individual and you wish to confirm, correct, amend, or delete your Personal Data, please contact us at [email protected].

RECOURSE, ENFORCEMENT, AND LIABILITY

Recourse

In compliance with the Privacy Shield Principles, we commit to resolve complaints about our collection or use of Personal Data. Individuals with inquiries or complaints regarding this Policy should first contact Tollanis by emailing us at [email protected]

We will respond to any inquiry or complaint within 45 days of receipt.

There are readily available independent recourse mechanisms to investigate and expeditiously resolve disputes and complaints if a timely acknowledgment of a complaint is not received from us, or if we have not resolved a complaint. The proper independent recourse mechanism to use depends upon the type of Personal Data at issue:

Business Contact Data

With regard to unresolved Privacy Shield Complaints regarding Business Contact Data, Tollanis has committed to refer those to the American Arbitration Association (AAA)’s International Centre for Dispute Resolution®/AAA Program (the “ICDR/AAA Program”), an alternative dispute resolution provider located in the United States. If timely acknowledgment of a complaint is not received from us, or if we have not resolved a complaint, please contact or visit http://go.adr.org/privacyshield.html for more information or to file a complaint.

The services of ICDR/AAA are provided at no cost to you and by reference to the Principals. Damages may be awarded in accordance with applicable law or private-sector initiatives.

Individuals have the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any other Privacy Shield mechanisms. Please visit Annex I for additional information: https://www.privacyshield.gov/article?id=ANNEX-I-introduction.

HR Data

With regard to unresolved Privacy Shield complaints regarding HR Data transferred from the EU in the context of the employment relationship, Tollanis has committed to cooperate with the dispute resolution procedures and the panel established by the EU Data Protection Authorities (DPAs), and to comply with the advice given by the panel.

Enforcement

Tollanis is committed to providing mechanisms for assuring compliance with the Principles. We have procedures to verify that the attestations and assertions we make about our privacy practices are true, and that our privacy practices have been implemented as presented. We routinely perform self-assessments, and may utilize outside assessments, to review our compliance with the Principles.

Liability

In cases of onward transfers to third parties, Tollanis has responsibility for the Processing of Personal Data we receive under the Privacy Shield and subsequently transfer to a third party acting as an agent on our behalf. Tollanis shall remain liable under the Principles if its agent Processes such personal information in a manner that is inconsistent with the Principles, unless Tollanis proves that it is not responsible for the event giving rise to the damage.

COOKIES AND SIMILAR TECHNOLOGIES STATEMENT

We use cookies and other similar technologies in connection with the Site. Those technologies, how we use them, and the choices available related to the same are explained in this Statement. This Statement covers the use of cookies by only this Site and does not cover the use of cookies by any advertisers or third parties.

Technologies We Use:

Cookies

Cookies are small data files that are written onto an individual computer by a website that stay there unless they expire or are removed. In general, they allow for recognition and make visiting and using a website easier and more efficient. Cookies cannot read data off of a hard drive or read cookie files created by other websites.

Cookies may be “persistent” or “session,” and “first-party” or “third-party.” A persistent cookie remains on a computer or mobile device when it is offline. A session cookie is deleted as soon as a web browser is closed. A first-party cookie is served by the entity that operates the website one is visiting. A third-party cookie is served by an entity other than that which operates the website one is visiting.

All types of cookies are used on the Site. We partner with third-party analytics providers, such as AdWords, AdRoll, and Google Analytics, which set cookies when the site is visited to assist us in understanding our Site visitors, measuring and optimizing the effectiveness of the Site and marketing efforts, advertising, and identifying areas for improvement.

For questions related to the privacy practices and policies of AdWords, AdRoll, or Google Analytics, please refer to their privacy guidelines, notices, policies, and restrictions, which are available at their websites (as applicable). Note that Google has additional information available about its Remarketing Privacy Guidelines, Policies, and Restrictions.

Pixels

Pixels are very small graphics that are loaded when a user visits a website or opens an email. They collect browser and device usage and can set cookies.

HubSpot

HubSpot is a marketing optimization platform that is utilized to market services through the website or via email campaigns. HubSpot is utilized as an online subscription service allowing the Site to build marketing web pages on HubSpot servers. These pages are then utilized for visitors to learn more about the company, download content, and provide their contact information and other demographic information. This information, which is stored and managed on the service providers’ servers, is then used so that the visitors can be contacted about their interest in the Tollanis Companies’ goods or services and interact with us. Information provided may be used by any of the Tollanis Companies and/or HubSpot for marketing and lead generation purposes.

Log Files

In addition to cookies, as with most websites, our Site gathers certain information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, traffic data, Internet Service Providers (ISPs), date/time stamps, etc., movements around the Site, other actions taken while visiting the Site, communications data, and whether an email or link sent by a Tollanis Company has been opened.

Local Storage

We may use local storage. Local storage enables data to be stored in a user’s computer or browser, which then reads such data upon the user’s return. It includes HTML5 local storage and browser cache.

How We Use These Technologies

We use these technologies to estimate and evaluate the audience size and usage patterns related to the Site, store, and recall information about a visitor’s preferences, speed up searches, authenticate access to and secure various areas of the Site, recognize a computer when the Site is revisited, track responses to our surveys, and conduct marketing and advertising. Ultimately, these uses enable us to compile aggregate data about Site traffic and use, which then allows us to offer better, faster, and safer experiences and content. We may link data collected via these technologies to Personal Data for any of the uses described in this paragraph.

Choices Regarding Use of These Technologies

A visitor can manage the above-described uses in several ways.

• A web browser usually can be configured to provide notice when a new cookie is received or to clear or decline cookies. Consult the browser‘s official web pages to learn more. Note that disabling the creation of cookies or refusing to accept them may prevent the use of features on the Site, the storage of preferences related to the Site, and the proper function of the Site.
• Install https://tools.google.com/dlpage/gaoptout/ to prevent user data from being used by Google Analytics.
• To opt out of HubSpot, please utilize the opt-out feature within the email.
• For information on how our advertising partners allow opt-out for receiving ads based on web browsing history, please visit any of the following:
  • http://​​optout.aboutads.info/
  • Network Advertising Initiative (NAI) – http://optout.networkadvertising.org/
  • Digital Advertising Alliance (DAA) – http://optout.aboutads.info/
  • Digital Advertising Alliance Canada (DAAC) – http://youradchoices.ca/choices
  • Digital Advertising Alliance EU (EDAA) – http://www.youronlinechoices.com/
  • DAA AppChoices page – http://www.aboutads.info/appchoices
• Personalization can be turned off with the click of a button on Twitter, LinkedIn, and on Google’s Ad Settings dashboard. On Facebook, ads can be opted out of based on an individual’s use of websites and apps.
• Check your mobile device for settings that control ads based on your interactions with the applications on your device.

CHANGES TO THIS POLICY

We reserve the right to amend this Policy at any time and for any reason, including, but not limited to, to address changes or modifications in applicable law(s), the EU-U.S. Privacy Shield Framework, or our business procedures. In the event of any change to this Policy, we will post the revised Policy, with the revision date, to this webpage.

CONTACT INFORMATION

Tollanis Solutions Inc.

ATTN: Privacy Team
762a South Military Trail
Deerfield Beach, Florida 33442

Tollanis Solutions LLP.

ATTN: Compliance Officer-US
Office Block 6b-2 at 6th Floor Pavilion
339/2 Mehrauli Road
Gurgaon 122007