Privacy Policy

MEV Privacy Policy

Contents

1. Scope

2. Information we may Collect from or About You

3. Where we Store and access your Personal Data

4. How we Use Information About You

5. Transfer and Disclosure of information About You

6. You can Opt-Out of E-Mail Correspondence and Access and Correct the Information we collect

7. Data Integrity

8. Security

9. Limitation on Scope of Privacy Principles

10. Compliance and Enforcement

11. Unlawful Use of MEV Software

12. We do not Knowingly Collect Information from Children who are Under 13 (or under 16 in the EU)

13. Other Sites

14. Your rights

15. Data retention

16. Changes to our Privacy Policy

17. How to Contact Us

18. MEV Subsidiaries

19. Data processing terms & conditions

1. Scope

MATERIAL EXCHANGE VENTURES AB SWEDEN (“MEV”) IS committed to protecting and respecting your privacy.

This Privacy Policy (“Policy”) explains the basis on which we process any personal data we collect from or about you, or that you or any third party provide to us, not only from the use of our website, such as http://material-exchange.com/ (our “Site”), but also in connection with managing our workforce, conducting our business, SaaS services, and from any other means. Please read the following carefully to understand our practices regarding how we process personal data and how we will treat it.

We may revise this Policy from time to time. The most current version of this Policy will govern our use of your personal data. If we decide to change our Policy, we will post the updated Policy on this site and update the Policy modification date. Please check back regularly to review any changes to this Policy.

“Personal data” means any information or set of information that relates to an identifiable individual, either directly or indirectly. Personal data does not include information that is encoded or anonymized.

2. Information we may Collect from or About You

Personal Data

We may collect and process the following data about you:

• Information that you provide by filling in forms on our internal or external sites, including our Site, and information you provide on independent partner sites that is transferred to us. This includes information provided at the time of registering to use our site, subscribing to our services, posting material or requesting further services. We may also ask you for information when you report a problem with our site, our software and services or reporting suspected piracy.

• If access to our services is created by or at the request of an organization (an “Organization”) of which you are an employee, contractor, member, agent or other participant (each such user referred to as an “Organization User”) your “Organization’s Administrator” may provide us with certain personal data, such as your name, email address, and telephone number and organization name.

• If you contact us, we may keep a record of that correspondence.

• We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.

• Details of transactions you carry out and of the fulfilment of your orders, including licensing of software.

• Details of your visits to our site including, but not limited to, traffic data, data regarding the site pages you visit, weblogs, and other communication data, whether this is required for our own billing purposes or otherwise, and the resources that you access.

• Information that you supply to us in the course of general marketing and other business activities. • Information that you supply to us when you visit us or while attending an event (either in person or online) at which MEV is a host, a participant or which is sponsored (in whole or in part) by MEV. We may also make video recordings and take photographs at live events.

• Information that you provide or disclose on notice boards, newsgroups, community feedback sites, email systems, forum facilities, chat rooms, or similar features that we may establish on our site.

• Information that is provided to MEV by third parties such as our business partners, in the course of MEV providing and supporting MEV’s products and services.

• Information that you supply to us or that we obtain/create in the course of your application for employment or engagement (for example, salary, performance evaluations, benefits data, background checks).

Sometimes we ask you to provide personal information about yourself, such as your: • name • e/mail address • postal address • telephone number • password

• job title

• credit card information

Whether or not you choose to provide the information we request is entirely up to you and you are not under any statutory or legal obligation to provide Personal Information. But if you choose not to provide the information we request, you may be unable to purchase products or services or access certain services, offers, and content on the Website.

IP addresses and other Technical Information

When you visit our site, we may collect information about your computer, including where available, your IP address, domain name, operating system and browser type, certain hardware or device information and other technical information. This is information about browsing actions and patterns and the use of certain software products and apps, and does not identify any individual except where user settings are configured by the user to provide personal data or where we have expressly notified you in the course of registering for, or accessing a service that personal data will be collected.

Website Cookies & Beacons

Our site uses cookies (a small piece of information that is placed on your computer when you visit certain websites) to distinguish you from other users, to track your browsing pattern and to build a profile of how you and other users use our site. This helps us to provide you with a good experience when you browse any of our sites and also allows us to improve our site. If you have an online account with us, MEV also uses cookies to recognize you to pre-fill forms to save you time. MEV does not mandate Cookies for you to access our sites, and you may freely set your browser to reject all Cookies or prompt you to accept or reject them. Some of the cookies we use are session cookies and only last until you close your browser, others are persistent cookies which are stored on your computer for longer. We may collect information through web beacons about your web browsing activities such as the address of the page you are visiting, the address of the referrer page you had previously visited, the time you are viewing the page, your browsing environment and your display settings. We do this in order to optimize your browsing experience, the use of web-based services and provide you with relevant information on MEV products and interest based advertising. Please be aware that if you choose to block cookies, you may not be able to sign in or use those features, and preferences that are dependent on cookies may be lost. If you choose to delete cookies, settings and preferences controlled by those cookies, including advertising preferences, will be deleted and may need to be recreated.

Do-Not-Track Signals and Similar Mechanisms

Some Web browsers may transmit do-not-track (DNT) signals to websites with which the browser communicates. We will automatically collect cookies and other non-personally identifying information when you visit our Website and, therefore, do not respond to DNT signals.

Third-Party Hosting

The Company contracts with a third party to maintain and host the Website. Therefore, any information you submit, including personal information, will be placed and stored on a computer server maintained by this third-party host. The third party has agreed to implement technology and security features and strict policy guidelines to safeguard the privacy of your personal information from unauthorized access or improper use.

Site Technologies

The Company does not provide the technologies used to build the Website, and therefore neither recommends nor endorses the same. Any information regarding identified technologies, including their capabilities, limitations, and applications, should be sought directly from their manufacturers. The Company hereby disclaims any rights to trademarks, service marks, trade names, logos, copyrights, patents, domain names, or other intellectual property interests of third parties.

P3P Policy Setting

All information contained within this Privacy Policy supersedes browser P3P Policy settings, which may have been set to insure maximum access to our software as a service applications, while at the same time maximizing the protection of our users. Only those representations presented here in writing will be honoured; any changes, oral, or otherwise, will not be honoured.

3. Where we Store and access your Personal Data

MEV is a global company and as such personal data may be accessed anywhere in the world. If you are visiting our site or communicating electronically with us, various communications will necessarily result in a transfer of information across international boundaries. Accordingly, by visiting our site and/or communicating electronically with us (including the in the process of our providing information, software or services to you), you acknowledge that your personal data may be processed in a country other than the one in which you reside.

4. How we Use Information About You

In general, we will only process personal data where the processing is in our legitimate business interests or required to perform a contract with you or our corporate client. We use personal data held about you in the following ways:

• To ensure that content from our site is presented in the most effective manner for you and for your computer.

• To provide you with information, products or services that you request from us or which we feel may interest you.

• To carry out our obligations arising from any contracts entered into between you and us. • To allow you to participate in interactive features of our service, when you choose to do so.

• In order to better service you with respect to MEV products and services that are available from time to time.

• To notify you about changes to our service, updates to our site, new MEV product offerings or special events hosted or sponsored by MEV or its business partners.

• In order to enforce or apply our terms of use of our site, our software licenses, hosted services, and other agreements.

• To protect the rights, property, or safety of MEV, our customers, or others. To provide you with updates on any events you are registered to attend or interested in.

• If you attend or speak at any of our events or events that we attend as a sponsor, we may make video recordings of such events for use in promotional and educational material.

• Provide information about future products and services that may suit your particular interests.

• Help identify you if you lose your password

• Help you find information on the Website

• Analyse trends

• Track your activities

• Infer your interests

• Otherwise gather information about individual users of our products, services, and market segments.

We may provide information to you in the form of emails, mailings, website displays or other correspondence methods.

We are interested in your views, and we value feedback, and we may therefore set up notice boards, newsgroups, community feedback sites, email systems, forum facilities and/or chat rooms on our sites. Any information that you disclose via such facilities will be used in accordance with the terms of service for the particular forum and in the absence of such terms of service, this Policy. However, we can of course not control and be responsible for other parties’ use of the personal data which you make available to them through such facilities and otherwise on our sites. We encourage you to be careful about what personal data you share in this way.

MEV will offer individuals the opportunity to choose (opt-out) whether they receive communications from MEV or its authorized resellers concerning MEV products and services (as described further below).

We will only use and share personal data in ways that are relevant for the purposes for which the information was collected or subsequently authorized by you.

5. Transfer and Disclosure of information About You

To Other Third Parties.

We may transfer or disclose personal data to other third parties who agree to process such personal data in accordance with our instructions and provide appropriate technical and organizational security measures. Such third parties may include:

• Our authorized resellers and business partners for the limited purposes of offering our products and associated services.

• To trusted businesses or persons to process it for us, solely on our behalf.

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets.

• If any MEV entity, or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.

• If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use of any of our sites and other agreements; or to protect the rights, property, or safety of MEV, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

• government agencies or other third parties as authorized by applicable law: (i) to comply with legal, regulatory, or reporting requirements (such as reporting to tax authorities and employment regulators), (ii) in the event we are required to respond to a court order, subpoena, discovery request, or other legal process, or if, in our good faith opinion, such disclosure is required by law, (iii) at the request of governmental authorities conducting an audit or investigation, (iv) to verify or enforce compliance with applicable employee policies, laws, rules, or regulations, (v) in connection with corporate restructurings or potential acquisitions, mergers, or sales, or (vi) whenever we believe disclosure is necessary to limit the legal liability, or to protect or enforce the rights, interests, or safety, of you, the Company, our subsidiaries and affiliates, other employees, or third parties.

It is MEV’s policy to never sell your information to list brokers or similar entities for commercial gain.

6. You can Opt-Out of E-Mail Correspondence and Access and Correct the Information we collect.

In certain circumstances you may have the right to ask us not to process your personal data (“opt-out”). We will usually inform you (before collecting your data) how we intend to use your data or if we intend to disclose your information to any third party for the purpose for which it was collected. If you want to opt-out please contact as set out below.

You may also opt-out of future marketing correspondence by updating your preferences using the link on the footer of e-mail correspondence.

Upon request, we will provide you with reasonable access to personal data about you in our possession, and will take reasonable steps to permit you to correct, amend, or delete personal data that you demonstrate to be inaccurate or incomplete. If you have a http://material-exchange.com/ online account, you may access the data that http://material-exchange.com/ has recorded and update or correct the information at any time. You may also opt-out of future correspondence by updating your preferences. To do this go to http://material-exchange.com/ and visit your accounts. If you don’t have an account or are unable to locate your account information, you can create one or you may request a copy of the personal data we have stored and/or exercise your opt-out right by contacting dataprivacy@material-exchange.com. When updating personal data about you, we may ask you to verify your identity before we can act on your request.

We may reject requests that are fraudulent, unreasonably repetitious, require disproportionate technical effort (for example, developing a new system or fundamentally changing an existing practice), or would be extremely impractical (for example, requests concerning information residing on backup tapes).

Where we can provide information access and correction, we will do so at no cost to you, except where it would require a disproportionate effort. We aim to protect information from accidental or malicious alteration or destruction. Accordingly, after your information is deleted, we may not immediately delete residual copies from our active servers or remove information from our backup systems.

7. Data Integrity

We will take reasonable steps to ensure that personal data that we process is reliable for its intended use, accurate, complete, and current. You are responsible for the accuracy of all personal data you provide to us. We will use reasonable efforts to maintain the accuracy and integrity of the personal data we obtain, and to update it as appropriate. We will take reasonable steps to ensure that personal data is reliable for its intended use.

8. Security

We have implemented, and will maintain current, reasonable physical, technical, and organizational security measures for the purpose of protecting the personal data in our possession from loss, misuse, and unauthorized access, disclosure, alteration, or destruction.

Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we have security measures in place to protect your personal data, we cannot guarantee the security of your data transmitted to our sites; any transmission is at your own risk.

9. Limitation on Scope of Privacy Principles

Adherence by MEV to this privacy policy may be limited to the extent required to meet a legal, governmental, national security, or public interest obligation.

10. Compliance and Enforcement

MEV will conduct periodic internal compliance audits of our relevant privacy practices to verify adherence to this privacy policy. We encourage individuals covered by this Policy to raise any concerns they have about the way we process their personal data by contacting us at the address below.

MEV commits to resolve questions and complaints about your privacy and its collection or processing of your personal data. Individuals who believe that MEV is not complying with the terms of this Policy, can contact MEV by email at dataprivacy@material-exchange.com. We will answer any questions and to investigate any concerns or complaints. We will do our best to internally resolve any complaints and disputes regarding the use and disclosure of personal data brought to our attention.

Our IT Security & Privacy Officer

We have appointed an IT Security & Privacy Officer, who is responsible for ensuring that the protection of your Personal Information or other information collected is carried out in accordance with this Privacy Disclosure. The following person serves as our IT Security & Privacy Officer: Petersbergsstigen 9C, 144 52 RÖNNINGE, Sweden or privacyofficer@material-exchange.com

11. Unlawful Use of MEV Software

MEV regards software piracy as the crime it is, and we view offenders accordingly. We do not tolerate the unlawful use of MEV software products, and we pursue those who do so using all legal means available, including public and private surveillance resources. As part of these efforts, MEV utilizes data monitoring and scouring technologies to obtain and transmit data on unauthorized use of software. Such data may be transferred and processed in a country other than the one where the software is being used or accessed. If you are using an unauthorised or unlicensed copy of our software, cease using it immediately and contact MEV to obtain a legally licensed copy. By using an unauthorized or unlicensed copy of MEV software, you should be aware that MEV will collect, use, and transfer personal data internationally for the purposes of identifying users of such software. This personal data may include online identification, such as IP address, MAC address and geolocation.

12. We do not Knowingly Collect Information from Children who are Under 13 (or under 16 in the EU)

Our site is not directed to children younger than age thirteen (13) or under the age of sixteen 16 in the EU. We do not knowingly collect personal data from children under these ages on any of our sites and we will delete any such information later determined to be from such young person, unless we have received consent to collect such personal data from the child’s parent or guardian. In the event a parent or guardian believes that his/her child has provided information to MEV and wishes that data to be removed or corrected, please contact MEV as described below.

13. Other Sites

Our site may, from time to time, contain links to and from the websites of our authorized resellers, business partners, industry forums, analysts and to other sites that are relevant to our products and services. Additionally, for some of the functions within our websites we link to/use third party suppliers for example, when you visit a page with videos embedded from or links to YouTube or slideshare. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

14. Your rights

In certain circumstances, if you are an EEA resident, you may exercise the rights available to you under applicable data protection laws as follows:

• If you wish to access, correct, update or request deletion of your personal data, you can do so at any time by contacting us using the contact details below.

• In addition, you can object to processing of your personal data, ask us to restrict processing of your personal data or request portability of your personal data. Again, you can exercise these rights by contacting us using the contact details provided below.

• If we have collected and process your personal data with your consent, then you can withdraw your consent at any time. This may mean your access to certain services is restricted or denied as a result. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal data conducted in reliance on lawful processing grounds other than consent.

• You have the right to complain to a data protection authority about our collection and use of your personal data. For more information, please contact your local data protection authority. We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws. 15. Data retention Personal data will be stored in accordance with applicable laws and kept as long as needed to carry out the purposes described in this privacy policy or as otherwise required by applicable law. 16. Changes to our Privacy Policy This Policy may be amended from time to time. Any changes we may make to our privacy Policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. When amendments are made, we will revise the “last updated” date at the top of this Policy.

17. How to Contact Us

If you have any questions or concerns about our use of your personal information or this Privacy Policy, please contact us using the following details: IT Security & Privacy Officer Petersbergsstigen 9C, 144 52 RÖNNINGE, Sweden or privacyofficer@material-exchange.com

Version: August 15, 2018:

DATA PROCESSING TERMS & CONDITIONS

In the provision of certain services under the terms of the Agreement as defined below, Customer, as controller will require MEV to process certain personal data received from Customer. The parties agree that these terms and conditions shall apply to all such processing undertaken by MEV on behalf of Customer and shall be supplemental to the terms of the Agreement. 1. Appointment.

Customer as controller of certain personal data appoints MEV as processor to process the personal data listed in the Schedule(s) (the “Data”) for the purposes also described in the Schedule(s) (or as otherwise agreed in writing by the parties) (the “Permitted Purpose”). Each party shall comply with the obligations that apply to it under Applicable Data Protection Law.

Definitions

In these terms and conditions, the following terms shall have the following meanings:

(a) “Agreement”: Any agreement between MEV and Customer under the terms of which MEV provides services or licenses to Customer, including but not limited to MEV SaaS Service Terms and Conditions;

(b) “controller”, “processor”, “data subject”, “personal data”, “personal data breach” “processing” (and “process”) and “special categories of personal data” and “supervisory authority” shall have the meanings given in Applicable Data Protection Law; and

(c) “Applicable Data Protection Law” shall mean, where personal data of EU residents is processed (i) prior to 25 May 2018, the EU Data Protection Directive (Directive 95/46/EC); (ii) on and after 25 May 2018, the EU General Data Protection Regulation (Regulation 2016/679), and (iii) where personal data of non-EU residents is processed any applicable privacy law in the relevant jurisdiction. All other terms shall be as defined in the applicable Agreement.

International transfers

MEV may need to transfer personal data out of the country that the Customer or the data subjects are located. All such transfers shall be in accordance with MEV’s Global Data Transfer Agreement, or such other measures that permit the lawful transfer of personal data out of the EEA such as transferring the personal data to a recipient that has achieved binding corporate rules authorisation in accordance with Applicable Data Protection Law, or to a recipient that has executed standard contractual clauses adopted or approved by the European Commission.

Confidentiality of processing

MEV shall ensure that any person it authorises to process the personal data (an “Authorised Person”) shall protect the personal data in accordance with have committed themselves to preserve the confidentiality of such personal data.

Security

MEV shall implement the technical and organisational measures as set out in the Schedule to protect the personal data (i) from accidental or unlawful destruction, and (ii) loss, alteration, unauthorised disclosure of, or access to the personal data.

Cooperation and data subjects’ rights

MEV shall provide reasonable and timely assistance to Customer (at Customer’s expense) to enable Customer to respond to: (i) any request from a data subject to exercise any of its rights under Applicable Data Protection Law (including its rights of access, correction, objection, erasure and data portability, as applicable); and (ii) any other correspondence, enquiry or complaint received from a data subject, regulator or other third party in connection with the processing of the Data. In the event that any such request, correspondence, enquiry or complaint is made directly to MEV, MEV shall promptly inform Customer providing full details of the same.

Personal Data Breach

If it becomes aware of a confirmed personal data breach, MEV shall inform Customer without undue delay and shall provide reasonable information and cooperation to Customer so that Customer can fulfil any data breach reporting obligations it may have under (and in accordance with the timescales required by) Applicable Data Protection Law. MEV shall further take such any reasonably necessary measures and actions to remedy or mitigate the effects of the personal data breach and shall keep Customer informed of all material developments in connection with the personal data breach. Deletion or return of Personal Data Upon termination or expiry of the Principle Agreement, MEV shall (at Customer’s election) destroy or return to Customer all personal data in its possession or control. This requirement shall not apply to the extent that MEV is required by applicable law to retain some or all of the personal data, or to personal data it has archived on backup systems, which personal data MEV shall securely isolate and protect from any further processing except to the extent required by such law.

Liability

Each party’s liability to the other in respect of any individual claim for breach of contract, negligence, breach of statutory duty or otherwise in relation to these terms and conditions will be limited in accordance with the terms of the Principal Agreement.

General

The laws governing the Agreement shall apply to these terms and conditions except in the case where personal data of EU citizens is being processed and the jurisdiction of the Principle Agreement is not that of a member state of the EU, in which case the laws of the Republic of Ireland shall apply in default. These terms and conditions and the terms of the Principle Agreement referred to herein embody the whole agreement of the parties with respect to its subject matter.

Schedule:

Security Measures

Description of the technical and organisational security measures implemented by MEV as processor:

1. Secure user authentication protocols including:

• Control user IDs and other identifiers

• Provide a reasonably secure method of assigning and selecting passwords (or use an alternative authentication technology such as biometrics or token devices)

• Control data security passwords to ensure that such passwords are kept in a location and/or format that does not compromise the security of the data they protect

• Restrict access to active users and active user accounts only

• Block access to user identification after multiple unsuccessful attempts to gain access or the limitation placed on access for the particular system

• Restrict access to records and files containing personal information to those who need such information to perform their jub duties

• Assign unique identifications plus passwords, which are not vendor supplied default passwords, to each person with customer access, that are reasonably designed to maintain the integrity of the security of the access controls

2. Encrypt (to the extent technically feasible) all transmitted records and files containing personal information that will travel across public networks, and encryption of all data to be transmitted wirelessly

3. Implement reasonable monitoring of systems, for unauthorized use of or access to personal information

4. Encrypt all personal information stored on laptops or other portable devices

5. Provide reasonably up-to-date firewall protection and operating system security patches for files containing personal information on a system that is connected to the Internet, designed to maintain the integrity of the personal information

6. Provide reasonably up-to-date versions of system security agent software, which must include malware protection and reasonably up-todate patches and virus definitions, or a version of such a software that can still be supported with up-to-date patches and virus definitions, and is set to receive the most current security updates on a regular basis

DATA:

Data subjects

The Personal Data relating to the following categories of data subjects:

• Individuals who are authorized by Customer to use MEV products and/or access MEV services being Customer’s employees, consultants, subcontractors, suppliers, business partners and customers.

• Other individuals whose personal data may be uploaded by Customer to MEV services or software.

Personal Data Categories Name, Company, organisation, business contact details, interactions with MEV’s products and services such as logfiles and incident reports, training records and data that may be processed by MEV’s products and other personal data that an individual may share with MEV. IP addresses, cookie data, device identifiers and similar device-related information.

Permitted Purpose: To DELIVER MEV SOFTWARE & SERVICES to Customer in accordance with the terms of the Agreement and Customer’s instructions.

Revolutionizing supplier and brand communication. Improving material selection and management

support@material-exchange.com

CONNECT WITH US
2018  | All Rights Reserved | Material Exchange Ventures AB