ARDIAN PRIVACY POLICY

Last Modified: 9/21/18

1. POLICY STATEMENT

Ardian Group, Inc. and its subsidiaries and affiliates, including Ardian Technologies, Inc., (Collectively “us,” “we,” “our,” or “Ardian”) operate the www.pvitl.com website, PVITL Software-as-a-Service (SAAS) and PVITL® Mobile Applications (the "Service").

This page informs you of our policies regarding the collection, use, disclosure and maintenance (“Handling”, “Handled”, “Handle”) of Personally Identifiable Information (“Information”) and/or Sensitive Personally Identifiable Information (SPII) when you use our Service.

When you choose to subscribe or open an account, or use any of our online or mobile services and features, all of the information provided to us is kept strictly private, including names, addresses, and contact information. All information collected is owned by the Client Administrator who is a Client of Ardian.

By using the Service, you agree to the Handling of Information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions, accessible at www.pvitl.com.

2. PRIVACY BY DESIGN

Ardian, as operator and controller of the Service, has implemented appropriate technical and organizational measures to meet the requirements of applicable Privacy laws, regulations and guidelines to protect the rights of an individual’s Information.

3. INFORMATION COLLECTION AND USE

While using our Service, we may ask you to provide us with certain Information that can be used to contact or identify you. Information may include, but is not limited to, your email address, photograph, name, phone number, or postal address.

We collect this Information for the purpose of providing the Service, identifying and communicating with you, responding to your requests/inquiries, servicing your purchase orders or subscriptions, and improving our services.

The Service allows a hierarchal user structure that allows user types to Handle the Information.

A. Definition of Types of Users

We have four (4) different types of users (“Users”) for our Service. The type of user you are will determine the collection and use policies of your Information.

  1. The first user type is a Client Administrator (“Client”) and is the controller of the Information. A Client is an Ardian customer that uses our Service to Handle Information from their Individual Users, communicate with Users and Registrants, and potentially create Events for Users and Registrants to attend.
  2. The second user type is a Community Administrator. A Community Administrator uses our Service to Handle Information on behalf of a specific group or category (“Community”) of Users and potentially create Events for Users to attend.
  3. The third type of user is an Individual User. An Individual User is a person that signs up and maintains their information on the Service. Individual Users may use the Service as provided by a Client. Individual Users agree to provide necessary information as specified by a Client and/or Community Administrator.
  4. The fourth type of user is a Registrant. Registrants are users providing information to Clients using the Service, but will not maintain their information. Registrants agree to provide necessary information as specified by a Client and/or Community Administrator.Ownership of User Information

B. Ownership of User Information

In using our Service, the Client may Handle Information about Users. The Client solely owns all Information that is collected and maintained through our Service, and we have no rights to sell or use the Information provided. The Client, not Ardian, is responsible for what Information is collected. Ardian will provide and maintain the secure storage of all User Data and will not share, rent, or sell the information collected to any third party.

Users must review the Client Privacy Policy, and by using the Service, agree to the terms of the Privacy Policy implemented by the Client. If Users want to find out how the Client will be using their information, the User should review the Client Privacy Policy or contact the Client directly.

Ardian requests that each Client abide by all laws, rules, and regulations applicable in the jurisdiction in which they reside. Clients are requested to prominently post a Client Privacy Policy to be encountered by all Users that use the Client’s web site; the policy should inform Users of Client’s data collection practices, including how that data is shared.

Client web sites should also reference Ardian’s Privacy Policy and provide a link for website Users. The Client should inform all website users of the Client Privacy Policy and make clear that it is distinct from Ardian’s Privacy Policy. Clients must obtain all necessary consents from Service Users in connection with Client’s collection of website usage and Information.

C. Ownership of Client Information Collected by Us

Clients purchasing the Service through Ardian will be required to provide certain Information for billing and communication purposes. This Information from Clients is collected when a Client opens a new account, (“Client Data”). We do NOT rent, or sell Client Data to any third parties.

4. TRANSPARENCY

This Privacy Policy outlines and provides notice on how Information is collected, used, disseminated and maintained. A Client using the Service may include additional notices based on requirements specific to how their Users’ Information is Handled (“Additional Notices”). Ardian uses Information for the purpose of account creation and managing accounts.

5. CONSENT

This Privacy Policy, Additional Notices, and Terms and Conditions are readily available to read and acknowledge consent at the onset of creating a User account for the Service or completing a form asking for Information. Client, Community Administrator and Individual User account types are required to acknowledge consent upon creating an account for the Service. The Registrant user type, who is only required to complete a form and is not required to create an account, will need to acknowledge consent upon completion of the form. In the event the Client and/or Community Administrator is Handling Information on behalf of an individual User, they acknowledge that they have received the appropriate consent by or from the individual User.

6. SPECIFYING PURPOSE

In addition to the Privacy Policy and Additional Notices, other banners, descriptions or instructions may be provided to describe the specific purpose and/or condition for Handling Information.

7. RIGHT TO ACCESS

Users of the Service have the right to access certain Information collected and to ensure that it is accurate and relevant for which it was collected. If a User desires to request access, limit use, limit disclosure or delete their Information, we may initially send your request to the Client and/or Community Administrator who submitted your Information and will support them as needed in responding to your request. Information will be provided free of charge in a “commonly used” readable, electronic format.

8. DATA PORTABILITY

Users’ Information will be provided in a “commonly used” readable, electronic format. Users have the right to reuse and transmit that Information for another purpose.

9. RETENTION OF CLIENT DATA

We will at times provide Client Administrators with the option to keep their information in the Service to maintain an ongoing Client Profile with us.

10. RETENTION OF CLIENT USER INFORMATION

The Client may retain Users and Registrants in our Service as long as the appropriate consent is provided. The Client’s Users may choose to opt in or out of this service.

11. RIGHT TO BE FORGOTTEN

Also known as Data Sanitization, Removal, or Erasure, Users have the right to have their information erased and further dissemination ceased as well as withdrawing the User’s consent from the original Specifying Purpose.

12. BREACH NOTIFICATION

During an Information breach where the event is likely to “result in a risk for the rights and freedoms of the individuals,” Users will be notified within the timeframe as required by applicable laws that a breach occurred.

13. LOG DATA

We may also collect information that your browser sends whenever you visit our Service ("Log Data"). This Log Data may include information such as your computer's Internet Protocol ("IP") address, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages and other statistics.

In addition, we may use third party services such as Google Analytics that collect, monitor and analyze Log Data in order to increase our Service's functionality. These third-party service providers have their own privacy policies addressing how they use such information.

14. COOKIES

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a web site and are transferred to your device. We use cookies to collect information in order to improve our services. Cookies are required for our subscription token.

The Help feature on most browsers provide information on how to accept cookies, disable cookies or to notify you when receiving a new cookie.

If you do not accept cookies, you may not be able to use some features of our Service and we recommend that you leave them turned on.

15. DO NOT TRACK DISCLOSURE

We support Do Not Track ("DNT"). Do Not Track is a preference you can set in your web browser to inform websites that you do not want to be tracked.

You can enable or disable Do Not Track by visiting the Preferences or Settings page of your web browser.

16. CHILDREN'S PRIVACY

Only persons age 18 or older have permission to create an account to access our Service.

We do not knowingly collect personally identifiable information from children under 13. If you are a parent or guardian and you learn that your Children have provided us with Information, please contact us.

If we become aware that we have collected Information from a child under the age of 13 without verification of parental consent, we take appropriate action to remove that information from our servers.

17. COMPLIANCE WITH LAWS

We will disclose your Information where required to do so by law or subpoena, or if we believe that such action is necessary to comply with the law and the reasonable requests of law enforcement or to protect the security or integrity of our Service.

18. SECURITY

The security of your Information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information we store, in order to protect it from unauthorized access, destruction, use, modification, or disclosure.

However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure, and we are unable to guarantee the absolute security of the Information we have collected from you.

19. DATA MINIMIZATION & USE LIMITATION

For the purposes of creating User accounts, we will only collect Information directly relevant and necessary to accomplish the specifying purpose. As controllers of the Information, the Client acknowledges that Information collected from their specific Users is directly relevant and necessary to accomplish the specifying purpose.

20. DATA QUALITY AND INTEGRITY

We will maintain the quality and integrity of Client Users’ Information originally entered by the User will be retained “as is.” Information may be changed, altered, or deleted because of specifying purpose requirements or a User request, or if an error that needs correction occurred upon entry. Information can be changed, altered, or deleted by all Users with the appropriate permissions and consent.

21. ACCOUNTABILITY AND TRAINING

Ardian personnel and contractors having access to Information are trained for accountability and compliance with security measures. The Client acknowledges that their Users who have access and Handle Information abide by the Ardian Privacy Policy and Terms and Conditions, as well Additional Notices set forth by the Client.

22. SERVICE PROVIDERS

We may employ third party companies and individuals to facilitate our Service, to provide the Service on our behalf, to perform services and/or to assist us in analyzing how our Service is used.

These third parties have access to your Personal Information only to perform specific tasks on our behalf and are obligated not to disclose or use your information for any other purpose.

23. THIRD-PARTY PAYMENT PROCESSOR

We use a third-party payment processor to process payments made to us. In connection with the processing of such payments, we do not retain any Personally Identifiable Information or any financial information such as credit card numbers. Rather, all such information is provided directly to our third-party processor, Stripe, whose use of your personal information is governed by their privacy policy. The Stripe privacy policy may be viewed at https://stripe.com/us/privacy. Changes to the third party payment processor will be communicated to Clients or Users by email.

24. MOBILE APPLICATIONS

We offer Mobile Applications that you may choose to download to your Device and by doing so, agree to the gathering and use of information from your Device.

Our Mobile Applications may access certain features of the Device you are using in order to function. Some of these uses include but are not limited to accessing a camera for photos, or using a Device’s Global Positioning System (“GPS”) in order to provide a tracking service. Our Mobile Applications will explicitly ask for your permission to access certain features. By granting permission to your Device, you consent to the collection and storage of the corresponding data including but not limited to camera data and location data.

We may collect data about your Device including but not limited to software type, hardware type, and IP address. This information is used to improve Mobile Application functions only.

25. USE OF REAL-TIME LOCATION INFORMATION

We may use your Device to provide GPS information to determine your specific location only with your permission. This service is provided through our Mobile Applications. We do not share locations with third parties. If you do not wish for us to collect and store location data, you may turn off GPS on your Device. Please note that turning off GPS on a Device may reduce functionality.

25. INTERNATIONAL TRANSFER

Your Information, may be transferred to — and maintained on — computers located outside of your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside the United States and choose to provide information to us, please note that we transfer the Information to the United States. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.

26. PRIVACY SHIELD FRAMEWORK

Ardian complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of Personal Information transferred from the European Union to the United States. Ardian has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

 In compliance with the Privacy Shield Principles, Ardian commits to resolve complaints about our collection or use of your Personal Information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Ardian at: privacypolicy@ardiangroup.com

 A. Data Protection Authorities

Ardian commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources and non-human resources data transferred from the EU.

Ardian further commits to refer unresolved Privacy Shield complaints to EU DPAs as an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit https://www.privacyshield.gov/assistance for more information or to file a complaint. The services of EU DPAs are provided at no cost to you.

B. Onward Transfer Accountability

We may employ third party companies and individuals to facilitate our Service. In compliance with the Privacy Shield Principles, Ardian ensures that third parties with access to Personal Information have given us contractual assurances that it provides at least the same level of protection as is required by the Privacy Shield Principles and notify us if it makes a determination that it cannot do so.

In addition, if it is determined that Personal Information is processed in a manner inconsistent with the Principles, third parties are to cease processing of the Personal Information or take other reasonable and appropriate steps to remediate.

We acknowledge that we have certain liability under the Privacy Shield if both (i) the agent on our behalf processes the Personal Information in a manner inconsistent with the Privacy Shield and (ii) we are responsible for the event giving rise to the damage.

C. U.S. Federal Trade Commission Enforcement

The U.S. Federal Trade Commission (FTC) has jurisdiction over Ardian’s compliance with the Privacy Shield.

D. U.S. Department of Transportation Enforcement

The U.S. Department of Transportation (DOT) has jurisdiction over Ardian Group Inc.’s compliance with the Privacy Shield.

E. Arbitration

An individual has the possibility, under certain conditions, to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, please visit

https://www.privacyshield.gov/article?id=ANNEX-I-introduction

27. LINKS TO OTHER SITES

Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over, and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

28. COMMUNICATIONS

We may use your Information to contact you with newsletters, marketing or promotional materials, and other information that may be of interest to you. You may opt out of receiving any, or all, of these communications from us by following the unsubscribe link or instructions provided in any email we send or by contacting us.

29. BUSINESS TRANSACTION

If Ardian is involved in a merger, acquisition or asset sale, your Personal Information may be transferred as a business asset. In such cases, we will provide notice before your Information is transferred and/or becomes subject to a different Privacy Policy.

30. CHANGES TO THIS PRIVACY POLICY

This Privacy Policy is effective as of August 8, 2018 and will remain in effect except with respect to any changes in its provisions in the future, which will be in effect immediately after being posted on this page.

We reserve the right to update or change our Privacy Policy at any time and you should check this Privacy Policy periodically. Your continued use of the Service after we post any modifications to the Privacy Policy on this page will constitute your acknowledgment of the modifications and your consent to abide and be bound by the modified Privacy Policy.

If we make any material changes to this Privacy Policy, we will notify you either through the email address you have provided us, or by placing a prominent notice on our website.

CONTACT US

If you have any questions about this Privacy Policy, please contact us at: pvitl@ardiangroup.com.