BLIINX INC. PRIVACY & COOKIE POLICY Effective date: December 3rd, 2018. Bliinx Inc. (“Bliinx”, "us", "we", or "our") operates the www.app.bliinx.com platform (the “Website”) and the Bliinx online relationship management platform and software extension service (the “Online Service”), the access and use of which are reserved to authorized users (the Website and the Online Service being collectively referred to as the "Service"). This page informs you of our policies regarding the collection, use, disclosure and any other processing of Personal Data (as defined below) when you use the Service and of the choices you have associated with the processing of that data. In addition to this policy, the agreement we execute with each Customer (as defined below) also contains provisions about our confidentiality obligations regarding data, including Personal Data and non-Personal Data. Consequently, Customers will also want to refer to the relevant contractual documentation for additional information on the subject. We use your Personal Data to provide and improve the Service. By using the Service, you agree to the processing of information in accordance with this policy. 1. DEFINITIONS 1.1. “Personal Data” means any information relating to an identified or identifiable natural person. An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 1.2. “Usage Data” is data collected automatically and either generated by the use of the Service or from the Service infrastructure itself. Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages or sections of our Service that you visit, the time and date of your visit, the time spent on those pages or sections, geolocation information, unique device identifiers and other diagnostic data. 1.3. “Cookies” are small pieces of data stored on a User’s device. They contain small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. 1.4. “Customer” means a purchaser of Bliinx products and services. 1.5. “Data Controller” is an expression frequently used in personal information protection laws to mean a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. For this Privacy Policy, we have two separate and distinct roles: - We are a Data Controller only in respect of the Personal Data we collect from our Customers and our Website visitors. - When our Customers and the Users upload Personal Data to the Online Service for relationship management of their business contacts, we are not the Data Controller but solely act as Data Processor of that information. In such a case, the Customer acts as the Data Controller and is responsible for compliance of its affiliated Users with applicable personal information protection laws. Through its Users acting as representatives, the Customer is responsible for complying with applicable personal information protection laws, which entails – among others – obtaining the consent of Data Subjects whose Personal Data is collected and processed, managing the consent-revoking process and enabling the right to access the Personal Data collected. 1.6. “Data Processor” (or “Service Providers”) is an expression frequently used in personal information protection laws to mean a natural or legal person, public authority, agency or other body which processes Personal Data on behalf of the Data Controller (other than its employees). We may use the services of various Service Providers to process your data more effectively, all following this policy. Please see Section 4.2 for more details about the types of Service Providers we use and how we manage such relationships concerning the processing of your Personal Data. When Customers and Users upload Personal Data in the Online Service for relationship management of business contacts, we act solely as Data Processor to this information. We process the data on behalf of the Customer and to provide and improve the Service. 1.7. “Data Subject” is an expression frequently used in personal information protection laws to any natural person who is the subject of Personal Data. 1.8. “User” is a natural person using our Service. A User may be a Customer or an employee of a Customer. Users also are Data Subjects when we act as Data Controller. 2. SOURCES OF PERSONAL DATA We process the Personal Data that originates from your use of the Service, including the portions of the Service that are publicly accessible (such as the Website) and those that require the creation of an account to access (such as the Online Service). We also process the Personal Data provided by our Customers and Users in the context of their use of the Online Service. 3. PURPOSES OF PROCESSING AND LEGAL BASIS We process each of the following types of Personal Data for the purposes described below to provide and improve the Service for our Customers and Website visitors. 3.1. Customer Information. When a Customer requests products or services from Bliinx, Bliinx may collect and process Personal Data or other information related to the Customer which the Customer chooses to provide. For example, when a Customer registers to receive content, completes forms on Bliinx’s Website (including information reporting a problem with the Website or Online Service), or communicates with Bliinx, the Customer is willingly providing information which could be included the collection of Personal Data. (a) Purposes and Legal Basis. We process our Customers’ Personal Data to provide appropriate products and services to fit our Customers’ needs. The legal basis to this processing is our Customers’ consent. We process the Personal Data to verify the financial information and to collect payments to the extent that doing so is necessary to complete a transaction and perform our contract with our Customers. 3.2. Account Information. To use our Online Service, Users need to have an account in the system, which they access using their email address as identifier and a password of their choice. The account also contains the name of the user, email address, phone number, title. (a) Purposes and Legal Basis. We process each User’s email address, name and a password because the User needs to use them to sign in and connect to her/his account. The legal basis for this processing is our legitimate interest in protecting the security of each User’s account and the Online Service in general. We also process the Users’ email address to recognise them when they use our customer support. The legal basis for this processing is our legitimate interest in providing the best customer support we may offer you. We also process our Users’ email address to send them important information about the Service, such as important security information or material changes to this policy. The legal basis to this processing is our legitimate interest in providing our Users with important security or other important information regarding the Service or changes in this policy. If you have consented to receiving marketing information from us, we will also process your email address to send you such information about us or the Service. The legal basis to this processing is your consent. You may withdraw your consent at any time by changing your preferences in your account or by using the unsubscribe link at the bottom of our marketing communications. The content of some of the marketing communications you may receive from us may be determined by your Internet Protocol (IP) address and Cookies that are associated with your profile. The legal basis to this processing is our legitimate interest in reducing the number of marketing emails sent to our Users by automatically selecting content that may be more adapted to them instead of sending all our marketing emails to all our Users who have consented to receiving marketing emails. 3.3. Data Subject Information. We process the Personal Data of Data Subjects provided by our Customers and our Users, including the name, email address, phone number, job title, age, and personal description of their business contacts. We also process such public or private information about Data Subjects and the business they are affiliated with that Users of the Online Service choose to collect and store. For example, we use LinkedIn sales navigator to obtain public work-related data from a contact, such as the contact’s employer, past jobs, skill set, and education. (a) Purposes and Legal Basis. We process Personal Data of Data Subjects provided by our Customers and our Users to provide and improve the Online Service. The legal basis to this processing is the consent of the Data Subject and our legitimate interest in offering performing and relevant products and services meeting our Customers’ needs. Since we have no control over the manner Users utilize the Online Service to collect and process Personal Data of Data Subjects, Customers must first ensure they have obtained proper consent before uploading Personal Data of Data Subjects to the Online Service and also educate their Users about the legal obligations that stem from personal information protection laws. While this is not meant to be an exhaustive enumeration of the consent requirements set out in applicable personal information protection laws, each Data Subject must minimally consent to the following: (i) use of her/his Personal Data by the Customer for business development purposes, (ii) disclosure of her/his Personal Data by the Customer to the Customer’s Users community. We demand that Customers and their Users obtain consent from their business contacts of the utilization of Bliinx’s Online Service, and of the collection and processing their Personal Data by us following the purposes described in this policy. If, as a Data Subject, you believe that your Personal Data has been provided to us improperly, or to otherwise exercise your rights relating to your Personal Data, please refer to Section 8.2, below. 3.4. Usage Data. We process the following Usage Data when you access our Services: IP address, browser type, browser version, operating system, time and date of visit, time spent on site, geolocation information. If you use certain features of our Services on a mobile device, we may also collect telephony log information (like phone numbers, time and date of calls, duration of calls, SMS routing information and types of calls), device event information (such as crashes, system activity, hardware settings, browser language), and location information (through IP address, GPS, and other sensors that may, for example, provide us with information on nearby devices, Wi-Fi access points and cell towers). (a) Purposes and Legal Basis. We process such Usage Data to better understand the usage patterns for the Service and to ensure they properly respond to the Users’ needs. The legal basis to this processing is our legitimate interest in offering performing and relevant products and services meeting our Users’ needs. 3.5. Tracking Cookies Data. We process Cookies and similar tracking technologies such as beacons, tags, and scripts to track the activity on our Service and hold certain information to improve the Service and improve your overall experience when using the Service. The Cookies, which contain Users’ anonymous unique identification and other any relevant information, such as the unique ID of a preferred contact for example, allow us to divide our userbase into different types of audiences to cater to their specific needs in terms of usage experience optimisation. Examples of Cookies we use: • Session Cookies. We use Session Cookies to operate our Service. • Preference Cookies. We use Preference Cookies to remember your preferences and various settings. For example, whenever a User searches for a specific contact, that contact will be saved as a preferred contact by the mobile application by keeping track of such preferred contact’s anonymous unique identifier. • Security Cookies. We use Security Cookies for security purposes. • Google Analytics. We use cookies to enable the Google Analytics service. Please refer to Section 9 for additional information about our use of third-party web analytics services. (a) Purposes and Legal Basis. If you have consented to the collect of information through the use of Cookies and similar tracking technologies, we will process Cookies and similar tracking technologies, with the assistance of third-party analytics services, to (i) analyse the way you navigate the Service, (ii) generate statistics about the use of the Service, (iii) help diagnose problems with the Service and (iv) help administer the Service. The legal basis to this processing is your consent. You may withdraw your consent at any time by requesting your administrator to deactivate your account. By using our services, you agree to allow us to use tracking technologies for the four purposes stated above. 4. DISCLOSURE OF PERSONAL DATA 4.1. General. Bliinx commits to keep your Personal Data confidential and not to share your Personal Data with third parties, except in the limited cases and solely for the purposes described below. 4.2. Service Providers. We may employ third-party Service Providers to facilitate our Service, to provide the Service on our behalf, to perform Service-related services or to assist us in analyzing how our Service is used. For example, we use online services provided by third-party Service Providers to perform the following: support tasks management, technical support incident tickets processing, and customer-relationship management. These third-party Service Providers have access to such portions of your Personal Data that is necessary for them to perform these tasks on our behalf and are obligated to maintain the confidentiality of your Personal Data and not to use it for any other purpose than the performance of services to us. 4.3. Business Transaction. If Bliinx is involved in a merger, acquisition or asset sale, your Personal Data may be transferred if the assignee is compliant with all legislations regarding Personal Data that apply to you and is taking the same or better means to protect your Personal Data than us. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy. 4.4. Legal Requirements. Bliinx may disclose your Personal Data in the good faith belief that such action is necessary to: • To comply with a legal obligation; • To protect and defend the rights or property of Bliinx; • To prevent or investigate possible wrongdoing in connection with the Service; • To protect the personal safety of Users of the Service or the public; • To protect against legal liability. 4.5. Disclosure for Law Enforcement. Under certain circumstances, Bliinx may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g. a court or a government agency). 5. SECURITY OF DATA The security of your Personal Data is important to us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. We use best of class data centers and cloud database providers as a way to ensure we use the most advanced and up-to-date security protocols and create a highly secure environment for our and our Customer’s data. 6. RETENTION OF PERSONAL DATA Bliinx will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. All the information is archived during the term of the agreement with a Customer, which allows Users in a company that decides to come back to our services to not lose their data. Data will be deleted once a company leaves our services. Bliinx will also retain Usage Data for internal analysis purposes Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or when we are legally obligated to retain this data for longer periods. 7. TRANSFER OF PERSONAL DATA TO OTHER COUNTRIES We process your Personal Data on our Service Provider’s systems in Canada. However, usage of certain features, such as image recognition, may involve that the specific data processed through such features, such as an image for example, be processed outside of Canada. Therefore, it is possible that your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other jurisdiction, where the data protection laws may differ than those from your jurisdiction. Accordingly, if you are located outside Canada and choose to provide information to us, we transfer the data, including Personal Data, to Canada and process it in that country. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. Bliinx will take all steps reasonably necessary to ensure that your data is treated securely and following this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your Personal Data. For any transfer of Personal Data from a jurisdiction that does not automatically consider Canada as an adequate jurisdiction for a transfer of your Personal Data without additional requirement, all steps necessary to satisfy those requirements are taken by us, such as using Model Contractual Clause, for the European Union. 8. YOUR RIGHTS 8.1. Customers Rights Bliinx aims to take reasonable steps to allow its Customers and its Website visitor to correct, amend, delete, limit or oppose to the processing of their Personal Data. Whenever made possible, you can update your Personal Data directly within your account settings section. If you are unable to change your Personal Data, please contact your Data Controller as set out in Sections 1.5. If you wish to be informed what Personal Data we hold about you and if you want it to be removed from our systems, please contact us. Our Customers and our Website visitors may, at any time, withdraw any consent they gave us to process their Personal Data in the preference settings of their account or, in such instances where they do not have an account with the Service, by contacting us. In this case, we will, as soon as commercially and reasonably possible, delete from our systems all the Personal Data obtained on the legal basis of your consent and request our Data Processors, if any, to do the same. Please note that your request does not ensure complete or comprehensive removal of the Personal Data or information, your Personal Data may have been registered by another User of our Online Service. In such instance, please refer to 8.2 of this Privacy Policy. Without limiting the foregoing, in certain circumstances, our Customers and our Website visitors have the right: • To access and receive a copy of the Personal Data we hold about them; • To rectify any Personal Data held about them that is inaccurate; • To request the deletion of Personal Data held about them. Our Customers and our Website visitors also have the right to data portability for the information provided to Bliinx. Our Customers and our Website visitors have the right to receive your Personal Data in a structured, commonly used and machine-readable format and have the right to transmit those data to another Data Controller without hindrance from us. You have the right to have your Personal Data transmitted directly from us to another Data Controller, where technically feasible. Depending of your jurisdiction (e.g. Canada and European Union), you may have the right to initiate a complaint with a supervisory authority. Please note that we may ask you to verify your identity before responding to such requests. 8.2. Third-Party Rights As described in Section 1.6, we may process Personal Data in the role of a Data Processor. If your Personal Data has been submitted to us by a Customer or a User of Bliinx and you wish to exercise any rights you may have under applicable data protection laws, please inquire with the applicable Customer or User directly. We may only access a Customer’s data upon instruction from that Customer. If you wish to make your request directly to us, please provide to us the name of the User or Customer who submitted your data to us. We will refer your request to that Customer or to the Customer associated with the User you provided and will support them as needed in responding to your request within a reasonable timeframe. Customers and Users of Bliinx are required to comply with all applicable privacy laws. 9. ANALYTICS We may use third-party Service Providers to monitor and analyze the use of our Service. Google Analytics. Our Website uses Google Analytics, a web analytics service offered by Google which transmits website traffic data to Google servers in the United States. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. We use reports provided by Google Analytics to help us understand website traffic and web page usage. You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about visits activity. Concerning our application, there are four ways in which Google Analytics will analyse users’ activity using their data: (i) BigQuery allows us to analyse the entire dataset to predict future user behavior. (ii) Firebase Crash Reporting allows us to receive the frequency at which crashes arise and which Users are impacted the most. We can also target audiences which are impacted and release notifications to those. (iii) Firebase Cloud Messaging logs events which are released based on the application interactions such as clicking or pressing an interface component, like a button. (iv) Firebase Remote Config receives user behavior and data to categorise them in audiences, which then allows us to customise their experience by changing the appearance and behavior of the application. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/policies/privacy/partners/. 10. LINKS TO OTHER SITES Our Service may contain links to other sites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services. 11. CHILDREN'S PRIVACY Our Service does not address anyone under the age of 16 ("Children"). We do not knowingly collect Personal Data from anyone under the age of 16. If you are a parent or guardian and you are aware that your Children have provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers. 12. CHANGES TO THIS PRIVACY POLICY We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page. 13. CONTACT US If you have any questions about this Privacy Policy, please contact us by email at legal@bliinx.com.