This Privacy Shield Statement (the “Statement”) describes the practices of SICOM Systems, Inc. (“SICOM”, “we”, “our” or “us”) for the transfer of personal data transferred from the European Economic Area (“EEA”)1 and Switzerland to the United States of America (“U.S.”).

1. Introduction

The U.S. Department of Commerce and the European Commission and the Swiss Administration have agreed on a framework of data protection principles and supplemental principles (collectively, the “Privacy Shield Principles”) to enable U.S. companies to provide an adequate level of protection for personal data transferred from the EEA or Switzerland to the U.S. (the "Privacy Shield"). SICOM respects the privacy of all those who entrust us with their personal information, including our employees and our customers (our “Customers”) and business partners and their guests and employees, and recognizes the need for appropriate protection and management of personal information. On our behalf and on behalf of our U.S. domiciled entities, SICOM has made a decision to voluntarily adhere to the Privacy Shield Principles recognized by the EEA as providing adequate data protection. SICOM complies with the Privacy Shield Principles as agreed upon between the U.S. Department of Commerce and the European Commission and Swiss Administration regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. SICOM has certified that we adhere to the Privacy Shield Principles of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, recourse, enforcement and liability. To learn more about the EU-U.S. and Swiss-U.S. Privacy Shield program, please visit https://www.privacyshield.gov/. A current list of organizations certified under the Privacy Shield Principles is available at https://www.privacyshield.gov/list. Should there be any conflict between the Privacy Shield Principles and this Statement, the Privacy Shield Principles will prevail. This Statement outlines the general practices for implementing the requirements of the Privacy Shield in connection with personal data that is transferred from the EEA or Switzerland to the U.S. – including the type of information that is collected and transferred, how it is used and the choices individuals located in the EEA or Switzerland have regarding the use of, and their ability to correct, that information.

2. Scope

This Statement applies to all SICOM U.S. operations, divisions and subsidiaries as far as personal information from the EEA or Switzerland is received in any format whatsoever, including electronic, paper or oral transmission. This Statement also applies to service providers that handle and process personal data on behalf of SICOM.

3. Definitions

For purpose of this Statement, the following definitions shall apply: “Personal Data” and “Personal Information” are data about an identified or identifiable individual that are within the scope of the Directive 95/46/EC and EU General Data Protection Regulation 2016/679 (“GDPR”), received by an organization in the United States from the European Union, and recorded in any form. “Sensitive Personal Information” means personal information specifying medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or information specifying the sex life of the individual or personal information received from a third party that is identified and treated as sensitive by the third party. “Processing” of personal data means any operation or set of operations which is performed upon personal data, whether or not by automated means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure or dissemination and erasure or destruction. “Controller” means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of personal data.

4. Processing of Personal Data

SICOM may from time to time process certain EEA or Swiss Personal Data about current or prospective Customers, business partners, suppliers, vendors, independent contractors and consumers, including information recorded on various media as well as electronic data. SICOM will process these data in conformity with the Privacy Shield Principles and will continue to apply the Principles to personal data received under the application of the Privacy Shield. SICOM will use Personal Information as set forth in our Privacy Policy, available at https://www.sicom.com/about/privacy-policy/. SICOM may also share Personal Information with our service providers for the sole purpose and only to the extent needed to support our Customers’ business needs. Service providers are required to keep confidential Personal Information received from SICOM and may not use it for any purpose other than originally intended. In case of data transfers to third parties acting as controllers, the affected individuals will be informed about the transfer and the underlying purposes respectively.

5. Privacy Shield Principles

A detailed description of the EU-U.S. and Swiss-U.S. Privacy Shield Principles can be found on the website of the U.S. Department of Commerce: https://www.privacyshield.gov/. 5.1 Notice SICOM maintains a Privacy Policy which explains how the company collects, uses and shares personal data. Where SICOM collects Personal Information directly from our Customers’ guests or employees in the EEA or Switzerland, SICOM relies on our Customers to inform those individuals about the purposes for which it collects and uses Personal Information about them, the types or identity of third parties acting as controllers to which SICOM discloses that information, the purposes for which it does so and the choices and means SICOM offers for limiting the use and disclosure of their Personal Information and about the right of individuals to access their personal data. 5.2 Choice As stated in our Privacy Policy, SICOM depends on our Customers to notify and provide guests with information about their choices. SICOM keeps Personal Information strictly confidential and does not share or sell it to third parties except as necessary to deliver our services or as otherwise disclosed in our Privacy Policy. We do not sell, rent or share Personal Information with or to third parties for their own marketing purposes and we will not disclose Personal Information to a third party or use it for a purpose other than as disclosed in the Privacy Policy unless the individuals are provided (through SICOM or our Customers) with notice and an opportunity to opt out. For Sensitive Personal Information, we will not disclose Sensitive Personal Information to a third party or use it for a purpose other than as disclosed in the Privacy Policy unless the individuals are provided (through SICOM or our Customers) with notice and such individuals provide express consent. We may contact our Customers and their employees about SICOM and our products and services, and Customers may exercise their choices regarding such communications as described in the Privacy Policy. 5.3 Accountability for Onward Transfer SICOM will obtain assurances from our service providers that they will safeguard Personal Information consistent with this Statement and will transfer personal data only for limited and specific purposes. Examples of appropriate assurances that may be provided by service providers include: a contract obligating to provide at least the same level of protection as is required by the relevant Privacy Shield Principles, being subject to EU Data Protection Directive 95/46/EC or GDPR, Privacy Shield certification by the service provider or being subject to another European Commission adequacy finding. SICOM recognizes our responsibility and potential liability for onward transfers to service providers. In the event that SICOM becomes aware that a service provider is using or disclosing Personal Information in a manner contrary to this Statement and/or the level of protection as required by the Privacy Shield Principles, SICOM will take reasonable, appropriate and prompt steps to prevent, remediate or stop the use or disclosure. If SICOM transfers Personal Information to non-agent third parties acting as a controller, SICOM will apply the Notice and Choice Principles unless a derogation for specific situations under European data protection law applies and will obtain assurance from these parties that they will provide the same level of protection as is required under the Principles. 5.4 Security SICOM will take reasonable and appropriate precautions to protect Personal Information in our possession from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in the processing and the nature of the personal data. 5.5 Data Integrity and Purpose Limitation SICOM will use Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual (see 5.2.). SICOM will take reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete and current. SICOM will adhere to the Privacy Shield Principles as long as we retain personal information received under our Privacy Shield certification. SICOM will keep Personal Information only as long as necessary for the purpose of processing or for statistical analysis, research or another approved purpose. 5.6 Access Upon request, and generally through our Customers, SICOM will grant individuals reasonable access to Personal Information that we hold about them. In addition, through our Customers, SICOM will take reasonable steps to permit individuals to correct, amend or delete information that is demonstrated to be inaccurate or incomplete or has been processed in violation of the Privacy Shield Principles. SICOM or our Customers may limit an individual’s access to Personal Information where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy or where the legitimate rights of persons other than the individual would be violated. 5.7 Recourse, Enforcement and Liability SICOM utilizes the self-assessment approach to assure our compliance with this Statement. SICOM periodically verifies that this Statement is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and in conformity with the Privacy Shield Principles. Any questions or concerns regarding the use or disclosure of Personal Information should be directed to SICOM using the contact information provided below. SICOM will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information in accordance with the principles contained in this Statement. If SICOM determines that any person in our employ is in violation of this Statement, such person will be subject to disciplinary action. With respect to any complaints relating to this Statement that cannot be resolved through SICOM’s internal processes, SICOM has further committed to refer unresolved disputes pursuant to the Privacy Shield Principles to an independent dispute resolution mechanism operated by the International Centre for Dispute Resolution and American Arbitration Association (“ICDR-AAA”). Individuals can report an unresolved privacy complaint to the ICDR-AAA using the contact information provided below. In the event that SICOM or the independent dispute resolution mechanism determines that SICOM did not comply with this Statement, SICOM will take reasonable, appropriate and prompt steps to address any adverse effects and to promote future compliance. SICOM is also subject to the investigatory and enforcement powers of the Federal Trade Commission, which is the competent supervisory body and enforcement authority under the Privacy Shield. To the extent the complaint involves SICOM employee or HR data, SICOM is also subject to the investigatory and enforcement powers of the EU Data Protection Authorities. Where a complaint cannot be resolved by any of the before mentioned recourse mechanisms, individuals have a right to invoke binding arbitration under the Privacy Shield Panel as recourse mechanism of ‘last resort’.

6. Limitations

SICOM's adherence to the Privacy Shield Principles may be limited (a) to the extent necessary to meet applicable national security, public interest, or law enforcement requirements, e.g. in the course of lawful requests by public authorities; (b) by statute, government regulation, or case law that creates conflicting obligations or explicit authorizations, provided that, in exercising any such authorization, an organization can demonstrate that its non-compliance with the Privacy Shield Principles is limited to the extent necessary to meet the overriding legitimate interests furthered by such authorization; or (c) if the effect of the Directive or Member State law is to allow exceptions or derogations, provided such exceptions or derogations are applied in comparable contexts.

7. Contact Information

Questions or comments regarding this Statement should be submitted to SICOM by mail or email as follows: SICOM Privacy Address: 1684 South Broad Street, Suite 300; Lansdale, PA 19446 Phone: +1.215.489.2500 Email: privacy@www.sicom.com You may also address any unresolved complaints to ICDR-AAA at the following address: International Centre for Dispute Resolution Case Filing Services Address: 1101 Laurel Oak Road, Suite 100, Voorhees, NJ 08043 Email: casefiling@adr.org Telephone: +1.212.484.4181 Web: http://go.adr.org/privacyshield.html

8. Changes to this Statement

This Statement may be amended from time to time, consistent with the requirements of the Privacy Shield Principles. Appropriate public notice will be given concerning such amendments. In the event of any inconsistency between the English version of this Statement and any translation, the English version shall control. Effective Date: April 23, 2018
1As of the Effective Date of this Statement, the EEA includes the following countries: Austria, Belgium, Bulgaria, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Liechtenstein, Lithuania, Luxembourg, Malta, Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden and United Kingdom.