POLICY

Streamconnect is committed to respecting and protecting the privacy of individuals and keeping Personal Information secure by complying with applicable data protection, privacy and information security laws and regulations.

This Policy describes our methods regarding the necessary collection, use, disclosure, and safeguarding of Personal Information for business related purposes. We will protect personal Information and ensure that such information remains secure and available.

SCOPE

This Policy applies to all Streamconnect lines and departments globally, including all corporate office locations, lines of business, shared services and operational business units. It also applies to independently operated subsidiaries.

DEFINITIONS

1. Personal Information

Any and all information or data (regardless of format) that (i) identifies or can be used to identify, contact or locate an individual, or (ii) that relates to an individual, whose identity can be either directly or indirectly inferred, including any information that is linked or linkable to that individual regardless of any attributes or status of such individual.

2. Sensitive Personal Information

A subset of Personal Information, which due to its nature has been classified by law, contract, or by Streamconnect policy as requiring additional privacy protections and Enhanced Safeguarding.

Examples of Sensitive Personal Information may include:
 

• (i) government-issued identification numbers,

• (ii) financial account numbers (including payment card information and Cardholder Data, as defined by the Payment Card Industry Data Security Standard),

• (iii) individual medical records (including Protected Health Information, 45 CFR § 160.103) and biometric information,

• (iv) data obtained from a consumer reporting agency (including employee background investigation reports, credit reports, and credit scores),

• (v) data elements revealing race, ethnicity, national origin, religion, trade union membership, sex life or sexual orientation, and criminal records or allegations of crimes, and

• (vi) any other Personal Information designated by Quantum Generate as Sensitive Personal Information.

​

3. Enhanced Safeguarding

The implementation of more stringent physical, technical, and administrative measures against the risk of inadvertent or unauthorized disclosure of Sensitive Personal Information than the safeguards generally required because the inadvertent or unauthorized disclosure of Sensitive Personal Information may create a risk of substantial harm to the individual (for example, identity theft or financial fraud).

​

4. Privacy Officer

The individual appointed by the Streamconnect for the oversight of Streamconnect's Global Privacy Program

GOVERNANCE

1. The Privacy Officer is responsible for the oversight of this Policy, the enterprise strategy to address operational and information privacy management risk, and the support of compliance with all applicable data protection, privacy and information security laws and regulations.
    

2. Each individual business line and department is responsible for following this Policy in order to address its specific activities involving the collection, use, disclosure and safeguarding of Personal Information

COLLECTION

1. Streamconnect may collect Personal Information for business related purposes, which may include providing customer service, managing the services we provide to clients, complying with legal requirements, payment processing, and for marketing our products and services.
    

2. If required by contract, Streamconnect policy, or applicable law or regulations, Streamconnect shall obtain consent to collect Sensitive Personal Information.
    

3. Streamconnect may collect Personal Information from publicly available sources, including, but not limited to, public internet websites and databases, public or government sources, and news or open source reporting.

USE

1. Streamconnect may use and process Personal Information for providing information on products and services, promoting and marketing products and services, and for statistical and research purposes.
    

2. Any use or processing of Personal Information to generate de-identified, statistical, summary, or aggregated information shall be deemed an allowable use compliant with this Policy; provided that such information cannot be used to identify any individual.
    

3. Streamconnect shall retain Personal Information only for as long as necessary to fulfil the business related purposes described in this Policy or as may be required by applicable laws or regulations. In addition, such retention of Personal Information shall be consistent with Streamconnect policies regarding the storage of business records.

DISCLOSURE

Streamconnect may disclose Personal Information to outside organizations, including Streamconnect's affiliates, partners or other third parties that provide Streamconnect with various outsourced business functions, including, but not limited to, employee benefits administrators or credit card vendors. ​
 

• i) When Streamconnect discloses Personal Information to a third party, it is authorized to use and further disclose the related Personal Information only as necessary to provide their services to Streamconnect or as required by law.
   

• ii) Streamconnect shall take appropriate actions to ensure that a third party protects Personal Information that Streamconnect discloses to it.
   

• iii) Streamconnect may disclose Personal Information when required by applicable law or regulation, as well as when Streamconnect has reason to believe that disclosure is necessary to protect Streamconnect's rights, protect the safety of individuals or others, investigate fraud or other criminal activity, or respond to a government request.

SAFEGUARDS

1. Streamconnect shall collect, use, maintain, disclose (internally and externally), and destroy Personal Information in a manner that reasonably limits the risk of loss, theft, misuse, or unauthorized access.

2. Streamconnect shall appropriately dispose of Personal Information upon expiration of required retention periods or when no longer needed for the business related purposes.

FURTHER GUIDANCE

Any exceptions and interpretations of this Policy should be submitted to the Privacy Officer. The Privacy Officer is responsible for interpreting any portions of this Policy as they may apply to specific situations.