PERSONAL IDENTIFIER INFORMATION PROTECTION POLICY

1. PURPOSE

ConverseNow Technologies, Inc. (“ConverseNow”) has adopted this Policy to govern the treatment of our customers’, employees’, business partners’, and users’ Personal Information. The loss of Personal Information can result in substantial harm to individuals, including embarrassment, inconvenience, and fraudulent use of the information. Protecting the confidentiality and integrity of Personal Information is a critical responsibility that must be taken seriously at all times. Compliance with this Policy is mandatory. The purpose of the Policy is to: Define Personal Information and Sensitive Personal Information. Establish general principles for protecting Personal Information. Assign accountability for protection of Personal Information.

2. SCOPE

This Policy applies to all ConverseNow employees, agents, and representatives, including any independent contractors or third-party provider of services to the ConverseNow (“Third-Party Service Provider”) who have access to Personal Information we collect, have in our possession, or otherwise have access to. This Policy applies to all Personal Information collected, maintained, transmitted, stored, retained, or otherwise used by the ConverseNow regardless of the media on which that information is stored and whether relating to employees, customers, or any other person.

3. DEFINITIONS

“Personal Information” means information the ConverseNow has collected or otherwise maintains or has in its possession that identifies or can be used to identify or authenticate an individual, including, but not limited to: Names. Addresses. Telephone numbers. Email addresses. Financial account numbers. Geolocation data. “Data Subject” means the person about whom Personal Information is collected. “Sensitive Personal Information” means Personal Information that if lost, compromised, accessed, or improperly disclosed could result in harm, embarrassment, inconvenience, or unfairness to an individual and that therefore is subject to heightened protections. Examples of Sensitive Personal Information include, but is not limited to financial account numbers, credit card numbers, or debit card numbers with or without any required security code, access code, personal identification number, or password, that would permit access to an individual’s financial account. In most jurisdictions, the law will provide for the types of information that are subject to heightened protection. “Security Incident” means any act or omission that compromises the security, confidentiality, or integrity of Personal Information or the physical, technical, administrative, or organizational safeguards the ConverseNow or a Third-Party Service Provider has put in place to protect Personal Information. The loss of or unauthorized access to, disclosure, or acquisition of Personal Information is a security incident.

4. USING, HANDLING, AND RETAINING PERSONAL INFORMATION

Notice and Collection. It is ConverseNow policy that whenever it collects Personal Information for any purpose, including for human resources or employment purposes, it must inform the Data Subject of how it will use, process, disclose, protect, and retain that Personal Information by presenting a privacy policy or privacy notice to the individual at the time the individual provides the Personal Information. You may only collect Personal Information in compliance with applicable ConverseNow policies, notices, and Data Subject consent, and the Personal Information collected must be limited to that which is reasonably necessary to accomplish ConverseNow’s legitimate business purposes or as necessary to comply with law. You must not personally store or keep any Personal Information about any ConverseNow business partner, employee, or user. Access, Use and Sharing of Personal Information. YOU MAY ONLY ACCESS PERSONAL INFORMATION WHEN THE INFORMATION RELATES TO AND IS NECESSARY TO PERFORM YOUR JOB DUTIES. YOU MAY NOT ACCESS PERSONAL INFORMATION FOR ANY REASON UNRELATED TO YOUR JOB DUTIES. You may only share Personal Information with a ConverseNow business partner, employee, agent, or representative if the recipient has a job-related need to know the information (for example, processing an order for food). Personal Information may only be shared with a Third-Party Service Provider if it has a need to know the information for the purpose of providing the contracted services and if sharing the Personal Information complies with the privacy notice provided to the Data Subject. Accuracy. You must collect, maintain, and use Personal Information that is accurate, complete, and relevant to the purposes for which it was collected. Retention and Disposal. You should keep Personal Information only for the amount of time it is needed to fulfill the legitimate business purpose for which it was collected or to satisfy a legal requirement.

5. REPORTING A SECURITY INCIDENT

‌ If you know or suspect that a Security Incident has occurred, do not attempt to investigate the matter yourself. Immediately contact your supervisor or ConverseNow at [EMAIL ADDRESS FOR IC’S TO CONTACT]. You should preserve all evidence relating to the potential Security Incident.

6. MONITORING COMPLIANCE AND ENFORCEMENT

If you are concerned that any provision of this Policy, or any related policy, operating procedure, process, or guideline designed to protect Personal Information, has been or is being violated, please contact [POINT OF CONTACT EMAIL]. ConverseNow will conduct periodic reviews and audits to assess compliance with this Policy. Employees or contractors who violate this Policy and any related guidelines, operating procedures, or processes designed to protect Personal Information may be subject to discipline. ‌

7. DISCLAIMER OF RESTRICTIONS ON EMPLOYEES’ RIGHTS

This Policy is not intended to restrict communications or actions protected or required by state or federal law.

8. AMENDMENT AND REVISION?

‌ This Policy may be revised from time to time. This Policy was last revised on March 26, 2020.