Privacy Policy

Data Processing Policy

of

Sales Benchmark Index, LLC

 

 

Introduction

 

This is the Data Processing Policy for Sales Benchmark Index, LLC and its Affiliates (collectively, “SBI”, “us”, or “we”) who act as data collectors, controllers, and processors. We are committed to respecting your privacy and protecting your personal data, meaning any information that is capable of identifying you as an individual person. This policy explains SBI’s methods for the collection, processing, transfer, storage, and disposal of the personal data we collect from you when you use our website or when you contract with us for services that we provide.

 

SBI may, at its discretion, amend this policy from time to time. To ensure you remain informed about the information we collect and how we use it, material changes to our policy will be reflected here. SBI’s website may contain links to external sites which are not governed by this policy. SBI does not take responsibility for the policies of any such sites before you submit information there.

 

Your acceptance of the terms of this policy

Please read this policy thoroughly and carefully. By entering into a contract with SBI or browsing our website and expressly consenting where required, you agree to be bound by this policy.

 

Note: Our websites are not designed for or directed at children 16 years of age or younger, and SBI does not intentionally collect or maintain personal data about anyone under this age.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Definitions

 

“Affiliate” means any entity that directly or indirectly controls, is controlled by or is under common control with the subject entity. “Control,” for purposes of this definition, means direct or indirect ownership or control of more than 50% of the voting interests of the subject entity.

 

“Authorized Persons” means receiving party’s employees, officers, partners, principals, contractors, subcontractors, sub-processor, or other agents who process Personal Data.

 

A “Data Breach” has occurred when receiving party (i) has knowledge of or (ii) reasonably believes that there has been: a loss of; actual or attempted unauthorized or unlawful access to, or acquisition, use, or disclosure of; or any other compromise of Personal Data within the possession or control (e.g., physical or IT environment) of the receiving party.

 

“Data Protection Laws” means all applicable laws, such as EU Data Protection Laws, US Federal and State laws, including but not limited to the CCPA, which govern the use of data relating to identified or identifiable natural persons.

 

“Data Subject” means the living individuals who are the subject of the Personal Data.

 

“Personal Data” means any personal data, as defined in the Data Protection Laws and Regulations, which is provided by or on behalf of the disclosing party and Processed by the receiving party.

 

“Process, Processed or Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 

“Sub-processor” means any Processor (including any Vendor Affiliate) that Vendor engages to Process Personal Data in connection with SBI’s use of Personal Data.

 

 

 

 

 

 

 

 

 

 

 

What is the GDPR?

 

The General Data Protection Regulation (GDPR) is a privacy and security law that was drafted and passed by the European Union (EU), but imposes obligations onto organizations anywhere, so long as they target, collect or process data related or connected to people in the EU. Our Data Processing Policy is updated regularly to ensure ongoing compliance with the GDPR.

 

What data does SBI collect and process?

We collect the following data for non-prospective-employees and employees:

• Personal identification information (Name, email address, phone number, etc.).
• Data necessary for the provision of our services to you.
• Information that you provide to us in connection with the provision of our services to you.
• IP address, device identifier, web browser used.

 

• Information about the devices you use to interact with our website.

 

• Information about how you use our website, such as what you have searched for/viewed.

 

 

If you deal with SBI as a prospective employee, then, depending on the jurisdiction you are in, we collect the following types of personal data about you in addition to what is listed above:

 

• Personal details, such as name, age, date of birth, gender, citizenship, occupation and marital status;
• Contact details, such as current and previous address, telephone, email, in some cases both private and work-related contact details;
• Identification documents, such as your passport, copies which generally include a head and shoulders photograph from, as applicable, your passport, national identity card or driver's license, as required and permitted by applicable laws and regulations addressing due diligence and related matters;
• A government-issued personal identifier, such as, depending on your country of residence, your Social Security Number, National Insurance Number, Tax File Number or Medicare Number etc. (as permitted by law);
• Personal details relating to your immediate family members and details relating to any senior political figures (e.g. senior military or government official) to whom you are connected; and
• Information relating to political affiliations, trade union membership or criminal convictions (as required and/or permitted by law).
• SBI maintains applications for up to four (4) years. If an applicant no longer wishes for SBI to process their data or wishes to exercise any rights related to such data, the data protection rights below are instructive.

 

 

If you deal with SBI in the capacity of an officer, employee, director and or principal of one of our corporate or institutional clients, the personal data we collect about you personally may include in addition to the information above:

 

• Your name, date of birth and contact details;
• Your role/position/title and area of responsibility; and certain identifying information (e.g. passport photo, etc.) as required by applicable law; regulations addressing money laundering and related matters; and
• Information relating to political affiliations, trade union membership or criminal convictions (as required and/or permitted by applicable law).

We will also request sensitive personal data from employees, applicants for employment or individuals wishing to provide services to us. Such data may include information about your racial or ethnic origin, political opinion, religious beliefs or affiliations, philosophical beliefs, membership of a professional or trade association, sexual orientation or practices, criminal record, genetic information, health information or medical history. As with any personal data, we will only collect and process sensitive information where we have a legal basis for such collection and processing, including where required or permitted under applicable law or where we have your consent (where we are legally required to do so).

Information we collect from employees also includes:

Home address;

Telephone number;

Date of birth;

Marital status;

Employee identification number;

Emergency contacts;

Residency;

Work permit status;

Drivers license number;

Military status;

Nationality;

Passport information;

Social security or other taxpayer/government identification number;

Payroll information, banking details;

Wage and benefit information;

Retirement account information;

Sick pay, Paid Time Off, retirement accounts, pensions, insurance and other benefits information (including the gender, age, nationality and passport information for any spouse, minor children or other eligible dependents and beneficiaries);

Information from interviews and phone-screenings you may have had, if any;

Date of hire, date(s) of promotion(s), work history, technical skills, educational background, professional certifications and registrations, language capabilities, and training records;

Beneficiary and emergency contact information;

Forms and information relating to the application for, or in respect of changes to, employee health and welfare benefits; including, short and long-term disability, medical and dental care, etc.;

Physical limitations and special needs in order to provide reasonable accommodations;

Records of work absences, vacation/paid time off, entitlement and requests, salary history and expectations, performance appraisals, letters of appreciation and commendation, and disciplinary and grievance procedures (including monitoring compliance with and enforcing our policies);

Where permitted by law and applicable we may collect the results of credit and criminal background checks, screening, health certifications, drivers license number, vehicle registration, and driving history;

Information required for us to comply with laws, the requests and directions of law enforcement authorities or court orders (e.g., child support and debt payment information);

Acknowledgements regarding our policies, including employee handbooks, ethics and/or conflicts of interest policies, and computer and other corporate resource usage policies;

Information captured on security systems and key card entry systems;

Voicemails, e-mails, correspondence, documents, and other work product and communications created, stored or transmitted for professional or job related purposes using our networks, applications, devices, computers, or communications equipment;

Date of resignation or termination, reason for resignation or termination, information relating to administering termination of employment (e.g. references);

Letters of offer and acceptance of employment;

Your resume or CV, cover letter, previous and/or relevant work experience or other experience, education, transcripts, or other information you provide to us in support of an application and/or the application and recruitment process; and

References and interview notes.

Of course, you are not required to supply any of the personal data that we request. However, failure to supply any of the personal data that we request may result in our being unable to open or maintain your account, provide services to you or your company, discuss any other opportunities with you or deal with other matters.

 

 

What is the legal basis for SBI’s collection/processing of Personal Data?

 

We collect and process your data to comply with applicable laws that require certain information in order to satisfy regulatory or legal requirements.

 

1. a) if necessary for our legitimate interests (in each case provided such interests are not overridden by your privacy interests) or necessary for taking steps to enter into or executing a contract with you for the services or products you request, or for carrying out our obligations under such a contract, such as when we use your personal data including:

• Administer and operate services in accordance with the customer documents (including without limitation authorizing or confirming transactions and for billing purposes);
• To provide operational support and development of our businesses including to evaluate customer service, efficiency and cost, as well as risk management purposes; and
• To contact you about other services and products we offer (with your prior consent where required by applicable law). 

(b) When dealing with us as an individual, where necessary for taking steps to enter into or executing a contract with you for the services or products you request; or for carrying out our obligations under such a contract, in this case, the provision of your personal data is a requirement necessary to enter into a contract with us, meaning that you are obliged to provide your personal data to us in order to carry out the relevant contract (which otherwise, we will not be able to do), including:

• For recruitment purposes, to confirm your references and educational background and to consider your suitability for any current or future recruitment requirements;
• In case of employees, to carry out the employment relationship, to fulfill our duties as an employer and to make use of our rights as employer; and
• For internal training purposes.
• To exercise and defend our legal rights anywhere in the world including in relation to any litigation, disputes or contentious matter we are involved in and/or to assist with investigations, complaints, regulatory requests, litigation, arbitration, mediation or requests from individuals;

 

• In order to comply with legal and regulatory obligations and requests (including any legal or regulatory guidance, codes or opinions) applicable to us anywhere in the world or for the performance of a task carried out in the public interest, including:
• To carry out credit, money laundering and conflict checks and for fraud, financial crime prevention purposes (and this may include consideration of information regarding political affiliations and criminal offences committed or alleged to have been committed); to verify your personal data we collect from you for such credit, money laundering and conflict checks;
• For reporting (including without limitation transaction reporting) to, and audits by, national and international regulatory, enforcement or exchange bodies and complying with court orders associated with us; and for monitoring purposes specified below.

 

 

Our processing of your personal data is based on:

 

• The efforts necessary to execute an agreement with you or your company, and not for SBI’s own purposes or other commercial exploitation. For clarity, SBI will not collect, retain, use, or disclose Personal Data for any purpose other than as necessary for the specific purpose of processing Personal Data, meaning that your Personal Data will not be used for the purposes of enhancing SBI’s products or services;
• Our legitimate interests in promoting and protecting SBI, maintaining relationships, recruitment, and providing our services;
• Your consent (e.g., registering for a profile, enrolling in our newsletters, participating in events, entering a contract, or to support website experience and functionality, authorizing a background check where permitted).

 

 

 

How do we collect your data?

Most of the data we collect is directly provided by you. We collect and process data when you:

• Enter into an agreement with us for our services;
• Register online or place an order for any of our products or services;
• Voluntarily complete a customer survey or provide feedback on any of our message boards or via email;
• Create an SBI profile;
• Register for SBI newsletters and alerts;
• Sign up for conferences and events;
• Participate in public user posting areas (surveys, bulletin boards, discussion forums);
• Apply for jobs via the SBI recruitment network;
• Use or view our website via your browser’s cookies; and
• For employees or job applicants, from your resume or job application;
• For employees, from employment forms you fill out regarding benefits, disability, time off, and
• For individuals employed by a company providing services to SBI, we request the information from your employer.

Personal data obtained from other sources

We also obtain your personal data from our agents or service providers acting on our behalf, from third parties authorized to provide us with such information, such as credit reporting bodies, other credit providers or other agencies used for running due diligence checks, authorized third parties performing identity verification procedures on our behalf.

The personal data we obtain through these sources include personal details, contact details, identification documents, personal identifier, financial account information, and where permitted by applicable law and only to the extent needed information relating to political affiliations, trade union membership or criminal convictions.

Some of this information is publicly accessible and/or reliable and independent databases that we access through an authorized third party to whom we disclose your personal data for the purpose of performing required identity verification procedures.

Where you are an individual associated with a corporation or institution with whom SBI does business, your personal data will also be provided to us via that corporation or institution. Such personal data includes personal and contact details, financial information, identification documents and, where permitted by applicable law and only to the extent needed, information relating to political affiliations, trade union membership or criminal convictions.

 

How will we use your data?

SBI collects your data so that we can:

• Tailor the services we provide under services agreements with our clients;
• Process your order and manage your account;
• Tailor content you view or access on our website and assess website performance and functioning;
• Distribute newsletters to you;
• Recruit and evaluate job candidates;
• For internal training purposes;
• For job applicants to confirm references and educational background, and where permitted criminal background and where permitted credit history;
• In the case of employees, to carry out the employment relationship, to fulfill our duties as am employer, and to make use of our rights as employer;
• Email you with special offers on other products and services we think you might like; and
• Subject

 

Sharing Your Data with Others

We will not share your personal information with a third party outside of SBI or its Affiliates except in limited circumstances, including:

• When you direct us to share your personal information with another company to fulfill your request.
• When companies perform services on our behalf, like marketing, advertising, IT systems providers, recruitment service providers, background check providers, analytic service providers, or event organizers; however, these companies are prohibited from using your personal information for purposes other than those requested by us or required by law.
• When we share your personal information with third parties in connection with the enforcement of our terms of use or rules, to ensure the security of our users and third parties, to protect our rights and property and the rights and property of our users and third parties, to comply with legal processes, or in other cases if we believe in good faith that disclosure is required by law.
• Our processing and use of your personal data, for the purposes specified in this Policy, includes disclosure of your personal data.
• To other persons processing your personal data on our behalf or otherwise providing us or them with professional or other services including our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions, including cloud service providers.
• To credit reference, fraud prevention and other similar agencies, and other financial institutions, with whom information is shared for credit and money laundering checking and fraud prevention purposes.
• IT providers.
• To persons to whom we assign or novate our rights or obligations.
• To national and international regulatory, enforcement or exchange bodies or courts anywhere in the world as required by applicable law or regulations anywhere in the world or at their request.
• To a prospective seller or buyer in the event that we sell or buy any business or assets or if all or substantially all of our assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
• To background check and credit reporting agencies where permitted.

 

These disclosures may involve overseas storage and other overseas transfer, processing and use of your personal data, and disclosure to these third parties, including in or to countries or territories where the laws may provide a different level of data protection. Without limiting the foregoing, your data will be disclosed by us to our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions including the United States of America and other countries where SBI operates. When personal data is transferred to countries or territories that are not recognized under applicable law as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms and conducted data transfer assessments, where required under applicable law, to ensure personal data remains protected.

 

Please note that once we share your personal information with another company in the above circumstances, the information received by the other company is controlled by that company and becomes subject to the other company’s privacy practices.

 

Sub-processors

 

SBI may use Sub-processors in connection with the provision of its Services. However, we will neither appoint nor disclose any Personal Data to a proposed Sub-processor except without your prior written consent. We will also, upon request, provide you with copies of the any agreements with Sub-processors (which may be redacted to remove confidential commercial information not relevant to this policy’s requirements). SBI will notify you in writing at least 30 days before any new or replacement Sub-processor is engaged to process Personal Data.

 

You may object, in good faith, to our proposed use of a new or replacement Sub-processor by written notification within 30 calendar days after receiving notice of same. Should you object, we will use reasonable efforts to change the configuration or use of the Services to avoid the processing of any of your Personal Data by the Sub-processor in question without restricting the services in any way. If we are unable to make a requested change within a reasonable period of time or if the services are restricted as a consequence of the objection, we may terminate the applicable order form(s) and/or agreement without penalty.

 

Data Protection Officer

 

Article 37 of the GDPR requires that all companies that collect or process EU citizens’ personal data maintain a Data Protection Officer (DPO). The DPO is responsible for the following:

 

• Receiving comments and questions from Data Subjects related to the processing of their personal data and the GDPR;
• Informing employees of their obligations under the GDPR;
• Monitoring the company’s compliance with the GDPR, train staff on compliance, and perform audits;
• Performing data protection impact assessments in accordance with Article 35 of the GDPR
• Where a type of processing is likely to result in a high risk to the rights and freedoms of natural persons, the DPO shall, prior to the processing, carry out an assessment of the impact of the envisaged processing operations on the protection of Personal Data.
• Cooperating with SBI’s data protection supervisory authority;
• Acting as the focal point for SBI’s data protection supervisory authority on matters relating to the processing of Personal Data and other matters, where appropriate.

 

Records of Processing Activities

 

Where applicable, we maintain records of our processing activities, ensuring that our obligations under Article 30 of the GDPR are met.

 

The GDPR requires processors and their representatives to maintain records of their processing activities to help demonstrate compliance with the GDPR. These records must include:

• The name and contact details of:

• the processor or processors;
• each controller that the processor acts on behalf of;
• the processor’s or controller’s representative, if applicable; and
• the data protection officer, if applicable.

• The categories of processing activities performed on behalf of each controller.
• Information on Personal Data transfers to countries outside of the EU.
• A general description of the processors' security measures to protect Personal Data.

 

The GDPR also requires that these records be in writing (which includes electronic form) and that the processor make the records available to the supervisory authority on request.

 

Security Practices

SBI has implemented generally accepted standards of technology and organizational security to protect personal data from loss, misuse, or destruction. These standards include anonymizing or pseudonymizing data where possible. Only SBI Authorized Persons and third-party service providers are provided access to personal data, and these employees and contractors are required to treat such information as confidential.

Please note, however, that no method of transmission over the Internet or method of electronic storage is 100% secure. While SBI strives to use generally accepted means to protect your personal information, we cannot guarantee its absolute security, and we cannot be responsible for any actions resulting from a breach of security when information is supplied over the internet or a public computer network.

 

Anonymous Data

SBI may obtain and aggregate technical and other data about your business activities or your use of SBI’s websites, excluding any personally identifiable data with respect to you (“Aggregated Anonymous Data”), and SBI may use the Aggregated Anonymous Data to analyze, improve, support and operate the websites and otherwise for any business purpose, including without limitation to generate industry benchmarks or best practices guidance, recommendations or similar reports for distribution to and consumption by you and other SBI customers and prospects. This Section does not give SBI the right to identify SBI as the source of any Aggregated Anonymous Data.

 

What are your data protection rights?

SBI would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

 

• The right to access: You have the right to request copies of your Personal Data. We may charge you a reasonable fee for this service.

 

• The right to rectification: You have the right to request that SBI correct any information you believe is inaccurate. You also have the right to request that SBI complete information you believe is incomplete.

 

• The right to erasure: You have the right to request that SBI erase your Personal Data, under certain conditions.

 

• The right to restrict processing: You have the right to request that SBI restrict the processing of your Personal Data, under certain conditions.

 

• The right to object to

 

• The right to data portability: You have the right to request that SBI transfer the data that we have collected to another organization, or directly to you, under certain conditions.

 

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: dataprivacy@sbigrowth.com

Call us at: (469) 718-1747

Or write to us: c/o Privacy Matters, 2021 McKinney Avenue, Suite 550, Dallas, Texas 75201

 

Data Breach Notifications

The GDPR requires that we notify you after learning of a Data Breach which affects the availability, integrity or confidentiality of Personal Data. We will provide such notice to you upon confirming the occurrence of a Data Breach and provide you with all required information about the Data Breach as we are reasonably able to disclose to you, taking into account the information available to us and any restrictions on disclosing the information.

 

In the event of a Data Breach, we will also have a documented response program that records sufficient information to you and/or us to meet any reporting or notification obligations or inform Data Subjects of the Data Breach. We will fully comply with all applicable Data Protection Laws in our efforts to stop or mitigate the effect of any Data Breach.

 

What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology.

 

For further information, visit

 

How do we use cookies?

SBI uses cookies in a range of ways to improve your experience on our website, including:

• Keeping you signed in;
• Understanding/tracking how you use our website;
• Enable you to share content on networking or social media sites;
• Marketing and promotional purposes where you have subscribed to our marketing communications.

 

SBI may also use cookies to keep track of your visit to our Sites, speed up navigation and improve your experience of the site, (e.g. - remembering some of your preferences or choices, the last pages you visited or searches you carried out, or by keeping you logged in).

Our sites use cookies such as Google Analytics to carry out some analytics on and enhance our sites. These cookies help us understand, for example, how you use our sites, which pages are the most visited or where people visiting our Sites are located. We may also use cookies to enable you to share content on networking or social media sites or for marketing and promotional purposes where you have subscribed to our marketing communications from SBI.

The “help” section of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive new cookies, and how to disable or delete cookies altogether.

Please note that if you choose to disable cookies, certain functionalities of our sites might not work.

 

Conflicts

In the event of inconsistencies between the provisions of this policy and any services agreement with SBI, the provisions of this policy shall prevail regarding the parties’ data protection obligations relating to Personal Data. In cases of doubt, this policy shall prevail, in particular, where it cannot be clearly established whether a clause relates to a party’s data protection obligations.

 

 

 

Changes to our Data Processing Policy

SBI keeps its Data Processing Policy under regular review. This policy was last updated on Aug 9, 2023.

 

How to contact us

If you have any questions about SBI’s Data Processing Policy, the data we hold about you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

 

Email us at: dataprivacy@sbigrowth.com

Call us at: (469) 718-1747

Or write to us: c/o Privacy Matters, 2021 McKinney Avenue, Suite 550, Dallas, Texas 75201.

SALES BENCHMARK INDEX, LLC 

SBI CLIENT PRIVACY POLICY - CANADA

 

Your privacy is very important to us. This Privacy Policy discloses how Sales Benchmark Index, LLC (“SBI”) collects, protects, and uses personal information gathered about you, in compliance with applicable law. Our Privacy Policy below applies to your use of the activities, services, business activities, events, applications, websites, communications, and other interactions between SBI and you. By visiting our website, submitting information, engaging SBI for a business relationship, or otherwise interacting with SBI, you acknowledge that you accept the practices and policies outlined in the then-current Privacy Policy.

This Privacy Policy will assist you in understanding what types of information we may collect, how we collect the information, how it may be used, and your rights and options. If you do not agree with this Privacy Policy, it is incumbent upon you to neither use SBI services nor provide us your personal information.

We adhere to Ten Privacy Principles to ensure your personal information is protected. These principles are based on the Canadian Personal Information Protection and Electronic Documents Act ("PIPEDA") and guidance from the Office of the Privacy Commissioner of Canada, and are paramount to our process for collecting, using, and protection personally information.

PRINCIPLE 1 – ACCOUNTABILITY

We are responsible for maintaining and protecting the personal information under our control. In fulfilling this mandate, we are required to designate an individual who is accountable for our compliance with the Ten Privacy Principles.

All of our employees, officers, directors and independent contractors are aware of, and accountable for, our responsibility to maintain the security and confidentiality of the Personal Information we collect. The Chief Privacy Officer has been designated as the Privacy Officer who oversees privacy governance, including privacy policy, complaints, employee training, recordkeeping and reporting privacy matters to our Senior Management and, when required, regulatory authorities with appropriate jurisdiction.

PRINCIPLE 2 – IDENTIFYING PURPOSES

We use your Personal Information to perform the services you request. We have designed our Privacy Policy to inform you of the use of your Personal Information. In addition, we and our service providers use Personal Information for legitimate business purposes, including:

• Fulfilling and processing requests for services or information;
• Communicating with you;
• Administering accounts;
• Providing client service;
• Offering new products and services;
• Engaging in marketing and advertising our services;
• Measuring and improve the effectiveness of our marketing, and advertising;
• Tailoring our offerings to your preferences;
• Administering surveys;
• Sending marketing communications from us or third parties in which we feel you may be interested in;
• Protecting against and prevent fraud and unauthorized transactions;
• Enforcing agreements and legal requirements;
• Preventing, detecting, and investigate security incidents;
• Dealing with and preventing malicious, deceptive, fraudulent, or illegal actions directed at us and prosecuting those actions;
• Ensuring the physical safety of individuals;
• Verifying and maintain quality and safety of products, and services;
• Alerting you about product issues; and
• For other legally permissible purposes.

PRINCIPLE 3 – CONSENT

Your knowledge and consent is required for the collection, use or disclosure of Personal Information, except where required or permitted by law. Withdrawing your consent in certain situations may also mean that we may not be able to provide you with certain products or services.

PRINCIPLE 4 – LIMITING COLLECTION

Personal Information collected is limited to those details necessary for the purposes identified in this Policy. We collect Personal Information by fair and lawful means.

What We May Collect:

• Personal contact information such as name, address, telephone number and email address;
• Business contact information such as business address, telephone number and email address;
• Sale, payment, and transactional information, including bank, credit, or debit card numbers;
• Information necessary to provide services or products to you;
• Comments and opinions you provide when you contact us directly by email, telephone, or mail;
• App usage data;
• Internet or other electronic network activity information (including Internet or other similar activity, browsing history, search history, IP address, and information regarding your interactions with our Website or other services);
• Browser and device information;
• Online information collected through “cookies” and other technologies;
• How you use our sites, search terms, pages you visit on our Website, and other performance information;
• Demographic information and other information provided by you that does not reveal your specific identity;
• Information that has been aggregated in a manner such that it no longer reveals your specific identity;
• Commercial information, including products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies;
• Demographic information (e.g., age and date of birth, sex, gender);
• Geolocation data (inferred from your IP address or mobile device location); and
• Audiovisual information.

How We May Collect:

Generally, we collect Personal Information directly from you in circumstances where you provide Personal Information. However, in some instances, the Personal Information we collect has been inferred about you based on other information you provide us, through your interactions with us, or from third parties. When we collect your Personal Information from third parties it is either because you have given us express consent to do so, your consent was implied by your actions, or because you provided explicit consent to the Third-Party to provide the Personal Information to us. Where permitted or required by applicable law or regulatory requirements, we may collect Personal Information about you without your knowledge or consent.

We may collect information about you in a number of ways and through different sources. For example, we may gather information when you:

• Enter into an agreement with us for our services;
• Register online or place an order for any of our products or services;
• Voluntarily complete a customer survey or provide feedback on any of our message boards or via email;
• Create a profile;
• Register for newsletters and alerts;
• Sign up for conferences and events;
• Participate in public user posting areas (surveys, bulletin boards, discussion forums);
• Use any applications or web services we provide; and
• Use or view our website via your browser’s cookies.

Automated Information Collection

We may connect information collected automatically with information we already have about you in order to identify you.

In order to provide the best experience possible and run our business operations, we also use automated information collection for reporting and analysis purposes. We may review these metrics to see how you shop on our website, in our stores, and other business transactions.

You can choose not to provide us with certain information in some situations, but if you make this choice, we may not be able to provide you with the product, service, or information you request.

PRINCIPLE 5 – LIMITING USE, DISCLOSURE AND RETENTION

We use your Personal Information to perform the services you request, and in the manner described above. We have designed our Privacy Policy to inform you of the use of your Personal Information. In addition, we and our service providers use Personal Information for legitimate business purposes.

We do not sell your Personal Information to third parties at any time. We may share personal information with our service providers, consultants, vendors, and affiliates for our internal business purposes. Except as described in this Privacy Policy, we will not share Personal Information with a third party. Unless prohibited by law or under the terms of a specific service agreement, we may share your Personal Information within our organization including locations outside of Canada, including the United States of America, where we do business, for legal and regulatory purposes, to manage business risks, to perform analytics, to ensure we have correct or up to date information about you and to better manage an applicable client's relationship with us. This sharing may involve overseas storage and other overseas transfer, processing and use of your Personal Information, and disclosure to these third parties, including in or to countries or territories where the laws may provide a different level of data protection. Without limiting the foregoing, your Personal Information will be disclosed by us to our associated firms and vendors which conduct operational, technology and customer service functions in various jurisdictions including the United States of America and other countries where SBI operates. When Personal Information is transferred to countries or territories that are not recognized under applicable law as offering an adequate level of data protection, we have put in place appropriate data transfer mechanisms and conducted data transfer assessments, where required under applicable law, to ensure personal data remains protected.

We share information as follows:

• Service providers, vendors, consultants, and affiliates. We may share your personal information with our corporate affiliates, service providers, vendors and consultants, in order for them to provide their services to us. We may share your personal information to process your requests, provide customer service, operate and improve our business, website and apps, improve our products and customer service, process payments or assess creditworthiness, perform auditing and quality control, assist with marketing and advertising, to communicate with you on our behalf, and to otherwise operate our business. We may share information with third parties in connection with or during negotiations of any reorganization, acquisition, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceeding).
• Other Disclosures with Your Consent. We may ask if you would like us to share your information with other unaffiliated third parties who are not described elsewhere in this Privacy Policy.
• Other Disclosures without Your Consent. We may disclose Personal Information in response to subpoenas, warrants, or court orders, or in connection with any legal process, or to comply with relevant laws. We may also share your personal information in order to establish or exercise our rights, to defend against a legal claim, to investigate, prevent, or take action regarding possible illegal activities, suspected fraud, safety of person or property, or a violation of our policies, or to comply with your request for the shipment of products to, or the provision of services by, a third-party intermediary.
• Background Checks and Credit Reports. We may disclose Personal Information to entities engaged in background checks and credit reporting as allowed by law.
• Some areas of our websites may provide the opportunity to post comments or reviews in a public forum. If you decide to submit information on these pages, that information may be publicly available.
• Service Providers. We share your personal information with service providers. Among other things, service providers may help us to administer our websites, support our programs, conduct surveys, provide technical support, respond to complaints or other issues, and assist in the provision of services.

We attempt to ensure that personal information is safeguarded against loss, access, use, modification, disclosure or other misuse. All reasonable steps are taken to prevent unauthorized use or disclosure of your personal information.

We will retain your personal information only for as long as necessary to fulfill the purpose(s) for which it was collected and to comply with applicable laws and your consent to such purpose(s) remains valid after termination of our relationship with you. The criteria used to determine our retention periods include:

• The length of time we have an ongoing relationship with you and provide our services to you;
• Whether there is a legal obligation to which we are subject; or
• Whether retention is advisable in light of our legal position.

We take all reasonable steps to ensure that your personal information is accurate, up-to­ date, complete, relevant, and not misleading.

We may store your personal information in databases located in Canada and/or other countries outside of Canada. Additionally, some of our service providers may reside in Canada or other countries outside of Canada and will be subject to the laws of the local jurisdiction. As a result, in certain circumstances, Canada and other foreign governments, courts, law enforcement agencies or regulatory agencies may be entitled to access the personal information collected and held by us.

PRINCIPLE 6 – ACCURACY

Personal Information will be maintained in as accurate, complete and up-to-date form as is necessary to fulfill the purposes for which it is to be used. If you discover inaccuracies in our records or the applicable Personal Information changes, please notify us immediately so that we can make the necessary changes. Failure to notify us of changes to Personal Information may negatively impact the way we communicate or provide services to you.

PRINCIPLE 7 – SAFEGUARD PERSONAL INFORMATION

We safeguard your personal information on the Internet by using industry-standard practices. Although "guaranteed security" does not exist either on or off the Internet, we make commercially reasonable efforts to make the collection and security of such information consistent with our Privacy Policy and all applicable laws and regulations. While we use reasonable efforts to protect your personal information from unauthorized access, use, or disclosure, we cannot guarantee the security of your personal information. In the event that we are required by law to inform you of any unauthorized access to your personal information, we may notify you electronically, in writing, or by telephone, if permitted to do so by law.

PRINCIPLE 8 – OPENNESS

We are required to make information available to you concerning the policies and practices that apply to the management of the Personal Information that you have provided to us.

This Privacy Policy may be updated and revised from time to time without notice, and we will post the updated policy with the effective date of the change. Personal Information we collect is subject to the Privacy Policy in effect at the time of collection. You should check this Policy periodically to review any changes.

PRINCIPLE 9 – CLIENT ACCESS

Upon request, you will be informed of the existence, use and disclosure of the Personal Information that you have provided to us, and you shall be given access to it. You may verify the accuracy and completeness of your Personal Information, and you may request that it be amended, if appropriate.

PRINCIPLE 10 – HANDLING CLIENT COMPLAINTS AND SUGGESTIONS

You may direct any complaints, questions or enquiries with respect to the privacy principles outlined above or about our practices by contacting the Chief Privacy Officer as noted below:

Privacy Matters

2021 McKinney Avenue, Suite 550

Dallas, Texas 75201

(469) 718-1747

dataprivacy@sbigrowth.com