Welcome to Crossbeam – a data sharing platform that allows our customers to share information with their partners to identify ecosystem-led opportunities and drive growth. This Privacy Policy explains how Crossbeam, Inc., together with its affiliates (collectively, “Crossbeam”, “we”, “our” or “us”), collect, use, disclose and protect information from and about you through our websites any other website or mobile application that links to this Privacy Policy (the “Sites”), and any other interactions (e.g., customer service and other communications) that you may have with Crossbeam (collectively, the “Offerings”).

SCOPE OF THIS PRIVACY POLICY

For purposes of this Privacy Policy:

• A “Customer” means an entity that has entered our Terms of Service, Master Cloud Agreement or other customer agreement with Crossbeam (a “Customer Agreement”) to access our products or solutions (our “Products”).

• A “User” means an individual who accesses our Products as or on behalf of a Customer, including Customer personnel.

• A “Site Visitor” means an individual who visits our Site outside of the context of our Customers’ use of the Products.

This Privacy Policy applies to our handling of information about:

• Site Visitors.

• Prospective Customers and their personnel.

• Current Customers and Users, but only in relation to their procurement of our Products and management of their relationship with Crossbeam.

We refer collectively to these categories of individuals as “you” throughout this Privacy Policy.

This Privacy Policy does not address our privacy practices relating to Crossbeam job applicants, employees and other employment-related individuals, nor data that is not subject to applicable data protection laws (such as deidentified or publicly available information). This Privacy Policy is also not a contract and does not create any legal rights or obligations not otherwise provided by law.

Data protection laws sometimes differentiate between “controllers” and “processors” of personal data. A “controller” determines the purposes and means (the why and how) of processing personal data. A “processor,” which is sometimes referred to as a “service provider,” processes personal data on behalf of a controller subject to the controller’s instructions.

This Privacy Policy describes our privacy practices where we are acting as the controller of personal data. However, this Privacy Notice does not cover or address how our customers may process personal data when they use our Offerings, or how we may process personal data on their behalf in accordance with their instructions where we are acting as their processor.

If you have questions about how your information is collected and processed through the Products, please contact the Customer who has provided your information to us for more information. In addition, we are generally not permitted to respond to individual requests relating to personal data we process on behalf of our customers, so we recommend directing any requests to the relevant customer.

Please see the Controller Details and Contact Information section this Privacy Policy for more information about our legal entities operating as the controllers of your personal data.

THE INFORMATION WE COLLECT

We collect, store and use certain information from or about you for the purposes described below.

1. INFORMATION YOU PROVIDE TO US

We collect a variety of information that you provide directly to us. For example, we collect information from you through:

• When you register for an account with us

• Your use of the Offerings

• Requests or questions you submit to us via online forms, email, or otherwise

• When we reach out to you by phone or email in our sales and marketing efforts

• Your participation in surveys, sweepstakes, or contests

• When you communicate with our customer service teams via email, phone, or chat

• When you attend our conferences or events or interact with us at other conferences or events

The types of data we collect directly from you include:

• First, middle, and last name

• Email address

• Postal Address

• Telephone number

• Online account or screen name

• Your company or organization name

• Your title

• Your public, social profile links

• Any other information you choose to directly provide to us in connection with your use of the Offerings

We may also collect and store any data and related output created, derived or generated by you through the use of the Offerings, as well as your search history and Offerings usage. If you are a Customer, we may also collect and store technical logs, data and learnings about your use of the Products (which, for clarity, do not include the Customer Data that you submit).

2. INFORMATION WE COLLECT THROUGH AUTOMATED MEANS

When you use our Offerings, we and our service providers (who are third parties that perform services on our behalf) automatically collect certain information about your device and how you use the Offerings, including your IP address, browser type, browser language, operating system, the state or country from which you accessed the Offerings, software and hardware attributes (including device IDs), referring and exit pages and URLs, platform type, the number of clicks, files you download, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Offerings, error logs, and other similar information.  From your IP address, we may be able to infer your general location (e.g., city/state or postal code).

To collect this information, we and our service providers may also make use of “cookies” or similar tools that track, measure, and analyze the behaviors and usage patterns of our users. Cookies are small data files that can be stored on your browser and device so we can recognize you when you return. We use cookies for analytics purposes, to deliver certain features of the Offerings, to help us understand how users engage with the Offerings, and to improve your experience. You may set your web browser to notify you when you receive a cookie and to accept or refuse certain cookies. However, if you elect not to accept cookies, some functionality and areas of the Offerings may be restricted. To learn how to manage your cookies, please follow the instructions from your specific browser, or if accessing the Offerings via a mobile device, refer to the manufacturer’s instructions.

3. INFORMATION WE COLLECT FROM OTHERS

From time to time we may collect information about you from other sources, including marketing vendors, survey providers, data enhancement services, social media, conferences, and other industry events or other purposes that we explain to you at the time of collection, to the extent permitted by applicable law.  We use this information to supplement the information that we collect directly from you in order to derive your possible interests and provide more relevant experiences for you and improve our Offerings, analytics, and advertising.

4. INFORMATION WE COLLECT FROM SOCIAL MEDIA AND OTHER CONTENT PLATFORMS

If you access the Offerings through a third-party connection or log-in (e.g., through a social network), you may allow us to have access to and store certain information from your profile on that third-party service. This may include your name, gender, profile picture, user name, age range, language, country, friends list, and any other information stored with such service that you permit the social network to share with third parties.  The data we receive is dependent on your settings on such service. If you do not wish to have this information shared, do not use a third-party connection to access the Offerings. For a description on how third parties such as social networking sites handle your information, please refer to their respective privacy policies and terms of use, which may permit you to modify your privacy settings.

When you “like” or “follow” us on Facebook, Instagram, Twitter or other social media sites, we may collect some information from you including your name, email address, and any comments or content you post relevant to us.

HOW WE USE YOUR INFORMATION

We use your information for various purposes depending on the types of information we have collected from and about you, in order to:

• Provide you with access to and to administer our Products and Offerings

• Respond to your requests for information and provide you with more effective and efficient customer service

• Contact you by email, postal mail, or phone with news, updates, information, promotions, surveys or contests relating to our Products or Offerings or other services that may be of interest to you, in accordance with applicable legal requirements related to such communications

• Customize the content you see on our Offerings

• Help us better understand your interests, and to develop and improve our Products and Offerings

• Secure our Offerings and resolve technical issues being reported

• Facilitate business transactions and reorganizations impacting the structure of our business

• Comply with any procedures, laws, and regulations which apply to us where it is necessary for our legitimate interests or the legitimate interests of others

• Establish, exercise, or defend our legal rights where it is necessary for our legitimate interests or the legitimate interests of others

Aggregate/De-Identified Information. We may aggregate and/or de-identify any information collected through our Offerings so that such information can no longer be linked to you or your device.  Such aggregate and de-identified information is no longer personal data and we may use such information for any purpose, including without limitation for research and marketing purposes, and may also share such data with any third parties, including advertisers, partners, and sponsors. Where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.

ONLINE ANALYTICS AND ADVERTISING

1. ANALYTICS.

We may use third-party web analytics services (such as those of Google Analytics) on our Offerings to collect and analyze usage information through cookies and similar tools; engage in auditing, research, or reporting; assist with fraud prevention; and provide certain features to you. To prevent Google Analytics from using your information for analytics, you may install the Google Analytics Opt-out Browser Add-on by clicking here.  If you receive email from us, we may use certain analytics tools, such as clear GIFs to capture data such as when you open our message or click on any links or banners our email contains. This data allows us to gauge the effectiveness of our communications and marketing campaigns.

2. ONLINE ADVERTISING.

In using the Offerings, we allow select third party advertising technology partners to place cookies or other tracking technologies on the browser of your device to collect information about you as discussed above. These third parties (e.g., ad networks and ad servers such as Google, Facebook, and others) may use this information to serve relevant content and advertising to you as you browse the Internet, and access their own cookies or other tracking technologies on your browser to assist in this activity.  If you are interested in more information about these online advertising activities, and how you can generally control cookies from being put on your computer to deliver tailored advertising, you may visit the Network Advertising Initiative’s Consumer Opt-Out link, the Digital Advertising Alliance’s Consumer Opt-Out link, or Your Online Choices to opt-out of receiving tailored advertising from companies that participate in those programs. We do not control these opt-out links or whether any particular company chooses to participate in these opt-out programs. We are not responsible for any choices you make using these mechanisms or the continued availability or accuracy of these mechanisms.  Please note that if you use these mechanisms, you may still see advertising on our Offerings or across the Internet, but it will not be tailored to you based on your online behavior over time.

Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. We are committed to providing you with meaningful choices about the information collected on our Offerings for third party purposes, and that is why we provide the variety of opt-out mechanisms listed above. However, we do not currently recognize or respond to browser-initiated DNT signals.

HOW WE SHARE AND DISCLOSE YOUR INFORMATION

We will share your information in the following ways:

• Service Providers. We provide access to or share your information with select third parties who help us deliver or improve our Products and Offerings or perform services on our behalf, including billing and credit card verification, advertising and marketing, Offerings content and features, analytics, research, customer service, shipping and fulfillment, data storage, security, fraud prevention, and legal services.

• Your Company.  If you are a User, we may provide your information to the company you are engaged or employed by in order to fulfill and enforce our Customer Agreement with your company, and to inform your company regarding usage, support, or training needs.

• Our Partners.  We may share your information with our partners that offer products and services either in connection with our Offerings or separately that we think would be of interest to you.  If you do not want us to share your information for these purposes, please click on this link.

• Testimonials.  We may display personal testimonials and endorsements of satisfied customers on the Offerings, and with your consent, will associate your name or your company’s name with such postings.

• Protection of Crossbeam and Others. By using the Products or Offerings, you acknowledge and agree that we may access, retain, and disclose the information we collect and maintain about you if required to do so by applicable law or in a good faith belief that such access, retention or disclosure is reasonably necessary to: (a) comply with legal process (e.g. a subpoena or court order); (b) enforce any contracts with you, including our Customer Agreement; (c) respond to claims that any content violates the rights of third parties; and/or (d) protect the rights, property or personal safety of Crossbeam, its agents and affiliates, its users and/or the public.

• Business Transactions.  In accordance with applicable legal obligations, your information may be provided to third parties in connection with a merger or acquisition (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of Crossbeam or our assets, or as part of a corporate reorganization or stock sale or other change in corporate control or fundamental business change, including for the purpose of determining whether to proceed or continue with such transaction or business relationship.

• Otherwise with Your Consent or at Your Direction. In addition to the sharing described in this Privacy Policy, we may share information about you with third parties whenever you consent to or direct such sharing.

RETENTION OF YOUR INFORMATION

We keep your information for no longer than necessary for the purposes for which it is processed. The length of time for which we retain information depends on the purposes for which we collected and use it and/or as required to comply with applicable laws.

YOUR RIGHTS AND YOUR CHOICES

You have certain rights with respect to your information as further described in this section.

1. YOUR LEGAL RIGHTS

If you would like further information in relation to your legal rights under applicable law or would like to exercise any of them, please contact us using the information in the “Contact Information” section below at any time. Your local laws  may permit you to request that we:

• provide access to and/or a copy of certain information we hold about you

• update information which is out of date or incorrect

• delete certain information that we are holding about you

• restrict the way that we process and disclose certain of your information

They may also permit you to revoke your consent for the processing of your information.

We will consider all requests and provide our response within the time period stated by applicable law and as otherwise required by applicable law. Please note, however, that certain information may be exempt from such requests in some circumstances, which may include if we need to keep processing your information for our legitimate interests or to comply with a legal obligation. We may request you provide us with information necessary to confirm your identity before responding to your request.  To submit a request, please contact us at privacy@crossbeam.com or use the form available at this link.

If your information has been collected by or submitted to Crossbeam as a result of our Customer’s use of our Products, Crossbeam collects and processes such information under the directions of the relevant Customer pursuant to its Customer Agreement with Crossbeam. If these circumstances apply to you and you wish to access, edit, delete or exercise any rights you may have under applicable data protection laws with respect to any such information that we have collected about you, please direct your query to the relevant Customer, as this may expedite the completion of your request. We nevertheless provide reasonable assistance to our Customers to give effect to data subject rights as appropriate and required by applicable laws.

2. MARKETING COMMUNICATIONS

If, in accordance with applicable legal requirements, we send you marketing communications regarding our Offerings, or the services of third parties that we believe will be interesting to you, you can ask us to stop sending such communications at any time by contacting us using the information in the “Controller Details and Contact Information” section below at any time. In our marketing email messages, you can also opt out by following the instructions located at the bottom of such emails. Please note that, regardless of your request, we may still use and share certain information as permitted by this Privacy Policy or as required by applicable law. For example, you may not opt out of certain transactional emails from us, such as those confirming your requests or providing you with updates regarding our Privacy Policy or other terms.

THIRD PARTY LINKS AND FEATURES

Our Offerings may contain links to third-party websites.  If you choose to visit these sites and use their services, please note that we are not responsible for their content or privacy practices. The collection, use, and disclosure of your information will be subject to the privacy policies of the third-party websites, and not this Privacy Policy. We urge you to read the privacy policies of these third parties.

CHILDREN’S PRIVACY

The Offerings are intended for general audiences and not for children under the age of 13. If we become aware that we have inadvertently collected “personal information” (as defined by the United States Children’s Online Privacy Protection Act) from children under the age of 13 without valid parental consent, we will take reasonable steps to delete it as soon as possible. We also do not knowingly process data of EU residents under the age of 16 without parental consent. If we become aware that we have collected data from an EU resident under the age of 16 without parental consent, we will take reasonable steps to delete it as soon as possible.

HOW WE PROTECT YOUR INFORMATION

Crossbeam takes a variety of technical and organizational security measures to protect the information provided to us from loss, misuse, and unauthorized access, disclosure, alteration, or destruction. However, no Internet or email transmission is ever fully secure or error free. Please keep this in mind when disclosing any information to us online.

REGION-SPECIFIC DISCLOSURES

We may choose or be required by law to provide different or additional disclosures relating to the processing of personal data about residents of certain countries, regions or states. Please refer below for disclosures that may be applicable to you.

Your information is maintained and processed by us and our third-party service providers in the United States, and may also be maintained, processed, and stored in other jurisdictions that may have different data protection laws than those in your country of residence. In the event that your information is transferred in these ways, please note that we comply with applicable legal requirements governing the transfer of information across borders.

1. ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE

Legal Bases for Use of Your Information

The legal bases for using your information as set out in this Privacy Policy are as follows:

• Where we need to perform the contract we are about to enter into or have entered into with you for the Offerings

• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests

• Where we need to comply with a legal or regulatory obligation in the EU

• Where we have your consent to process your information in a certain way

Crossbeam EU-U.S. Data Privacy Framework Statement For EU, the UK Extension to the EU-U.S. DPF, and Swiss Personal Data

Crossbeam, Inc. complies with the EU-U.S. Data Privacy Framework (“EU-U.S. DPF”), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (“Swiss-U.S. DPF”) (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. Crossbeam, Inc. has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (“EU-U.S. DPF Principles”) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Crossbeam, Inc. has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (“Swiss-U.S. DPF Principles”) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF (collectively, with the EU-U.S. DPF Principles, the “Principles”). If there is any conflict between the terms in this Privacy Policy and the Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

In compliance with the Principles, Crossbeam, Inc. commits to resolve complaints about your privacy and our collection or use of your personal data transferred to the United States pursuant to the Principles.  European Union, United Kingdom, and Swiss individuals with DPF inquiries or complaints should first contact Crossbeam by sending us a letter to Privacy Department, Crossbeam, Inc., 30 S 15th St Ste.1550 PMB 15987, Philadelphia PA 19102-4826 or by email at privacy@crossbeam.com.

Independent Recourse Mechanism. Crossbeam, Inc. has further committed to refer unresolved privacy complaints under the Principles to an independent dispute resolution mechanism, Data Privacy Framework Services, operated by BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://bbbprograms.org/programs/all-programs/dpf-consumers/ProcessForConsumers for more information and to file a complaint. This service is provided free of charge to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms.  See Data Privacy Framework Annex 1 at https://www.dataprivacyframework.gov/s/article/G-Arbitration-Procedures-dpf?tabset-35584=2

Crossbeam, Inc. is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

Onward Transfer. In the event that we disclose your personal data to third parties to perform certain business-related services on our behalf as our “agents” (as such term is utilized under the Data Privacy Framework), we will do so only for limited and specified purposes consistent with any notice provided to you or your choices regarding processing and disclosure. These companies perform services at our instruction and pursuant to contracts which require they provide at least the same level of privacy protection as is required under the DPF and notify us if they are no longer able to provide such protections, at which point we will take reasonable remedial steps. We may also disclose personal data to our affiliates in order to support marketing, sale, and delivery of any services, or other business operations as disclosed in this Privacy Policy.

Crossbeam’s accountability for personal data that it receives under the DPF and subsequently transfers to a third party is described in the DPF Principles. In particular, Crossbeam remains liable for damages caused by third-party agents that it engages to process the personal data on its behalf do so in a manner inconsistent with the Principles, unless the Company proves that it is not responsible for the event giving rise to the damage.

Note that, in certain situations, we may be required to disclose personal data of EU, UK, and/or Swiss individuals in response to lawful requests from public authorities, including to meet national security and law enforcement requirements.

DPF Rights. In addition to the rights described in the “Your Rights and Your Choices” section above, you may also have the opportunity to opt-out of sharing of your personal data with third parties other than our agents or before we use it for a purpose other than which it was originally collected or subsequently authorized. Please allow us a reasonable time to respond to your inquiries and requests.

2. NOTICE TO CALIFORNIA RESIDENTS

If you are a California resident, California law requires us to provide you with some additional information regarding how we collect, use, and share your “personal information” (as defined in the California Consumer Privacy Act (“CCPA”)).

Categories of Personal Information We Collect and How We Use Them.  Throughout this Privacy Policy, we discuss in detail the specific pieces of personal information we collect from and about our users. Under the CCPA, we are also required to provide you with the “categories” of personal information we collect and how we use each category of personal information. The categories we collect are:

Do Not Sell Rights.  Please note that the CCPA sets forth certain obligations for businesses that “sell” personal information to third parties.  As discussed above, we may share your information with our partners that offer products and services either in connection with our Offerings or separately that we think would be of interest to you.  To opt out of our sharing of your information in this way, please click here.

Your California Privacy Rights. The CCPA allows you to make certain requests about your personal information. Specifically, the CCPA allows you to request us to:

• Inform you about the categories of personal information we collect or disclose about you; the categories of sources of such information; the business or commercial purpose for collecting your personal information; and the categories of third parties with whom we share/disclose personal information.

• Provide access to and/or a copy of certain personal information we hold about you.

• Delete certain personal information we have about you.

• Provide you with information about the financial incentives that we offer to you, if any.

The CCPA further provides you with the right not to be discriminated against (as provided for in applicable law) for exercising your rights. Please note that certain information may be exempt from such requests under California law. For example, we need certain information in order to provide the Service to you. We also will take reasonable steps to verify your identity before responding to a request. In doing so, we may ask you for verification information so that we can match at least two verification points with information we maintain in our files about you. If we are unable to verify you through this method, we shall have the right, but not the obligation, to request additional information from you. If you would like further information regarding your legal rights under California law or would like to exercise any of them, or if you are an authorized agent making a request on a California consumer’s behalf, please contact us as follows:

Information Access and Data Deletion: https://preferences.crossbeam.com/privacy/

By Email: privacy@crossbeam.com

Shine the Light Disclosure:  The California “Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. Requests may be made once a year and are free of charge. If you are a California resident and would like to make such a request, please email us at privacy@crossbeam.com or write to: Privacy Department, Crossbeam, Inc., 30 S 15th St Ste.1550 PMB 15987, Philadelphia PA 19102-4826.

3. NOTICE TO NEVADA RESIDENTS

Certain Nevada consumers may opt out of the sale of “personally identifiable information” for monetary consideration (as such terms are defined under Nevada law) to a person for that person to license or sell such information to additional persons.  We do not engage in such activity; however, if you are a Nevada resident who has purchased goods or services from us, you may submit a request to opt out of any potential future sales under Nevada law by contacting us using the methods outlined in the “Contact Information” section.  Please note we may take reasonable steps to verify your identity and the authenticity of the request.  Once verified, we will maintain your request in the event our practices change.

CHANGES TO OUR PRIVACY POLICY

We reserve the right to amend this Privacy Policy at any time to reflect changes in the law, our data collection and use practices, or advances in technology. We will make the revised Privacy Policy accessible on the Offerings, so you should review the Privacy Policy periodically. You can know if the Privacy Policy has changed since the last time you reviewed it by checking the “Effective Date” included at the beginning of the document. If we make a material change to the Privacy Policy, you will be provided with appropriate notice in accordance with legal requirements. By continuing to use the Offerings, you are confirming that you have read and understood the latest version of this Privacy Policy.

CONTROLLER DETAILS AND CONTACT INFORMATION

Where you are interacting with Crossbeam’s Offerings, Crossbeam, Inc., a company duly incorporated and organized under the laws of Delaware, having its registered address at 30 S 15th St Ste.1550 PMB 15987, Philadelphia PA 19102-4826, United States, is the “controller” responsible for the processing of personal data in connection with our EEA, UK, and Swiss services and operations.

Where you are interacting with Reveal’s Offerings, Reveal SAS, a company duly incorporated and organized under the laws of France, having its registered office at 14 avenue de l’Opéra, 75001, Paris, is the “controller” responsible for the processing of personal data in connection with our EEA, UK, and Swiss services and operations.

Crossbeam welcomes your comments and questions regarding this Privacy Policy and the collection and use of your information. If you have questions or concerns, please email us at privacy@crossbeam.com, or write to: Privacy Department, Crossbeam, Inc., 30 S 15th St Ste.1550 PMB 15987, Philadelphia PA 19102-4826.

Reveal has appointed Mr. Alexandre Sadones as the Data Protection Officer (DPO). He can be contacted for any question:

• By email, at the following address: team@reveal.co

• By post, at the following address: Reveal SAS – 14 avenue de l’Opéra, 75015 Paris, FRANCE