SPECTRAFORCE PRIVACY POLICY FOR CALIFORNIA

(Version 1.0 | Rev 12/20/2019 |Effective 1/1/2020)

1. PURPOSE AND INTENT

Spectraforce Technologies, Inc.’s Privacy Policy sets out how Spectraforce Technologies, Inc., together with its subsidiaries and affiliates (collectively, “Spectraforce”, “we” or “us”), process and protects the personal information of its employees (“employees,” “you” or “your”). We are committed to protecting the privacy and security of your personal information. This privacy policy describes how we collect and use personal information about you during and after your working relationship with us. It applies to all California employees of any Spectraforce company. We are responsible for deciding how we hold and use personal information about you. We are required under the California Consumer Privacy Act (“CCPA”), as amended, effective January 1, 2020, to provide California employees with notice at the time of collection.

This policy applies to applicants, current and former employees and does not form part of any contract of employment or other contract to provide services. We may update this policy at any time.

It is important that you understand this policy, together with any other privacy notices we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information. If you have any questions about this privacy policy or how we handle your personal information, please contact us by email to NAhr@spectraforce.com or by mail to Spectraforce, 500 West Peace Street Raleigh, NC 27603.

2. DATA PROTECTION PRINCIPLES

We will comply with applicable data protection law. This says that the personal information we hold about you must be: (i) used lawfully, fairly and in a transparent way; (ii) collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes; (iii) relevant to the purposes we have told you about and limited only to those purposes; (iv) accurate and kept up to date; (v) kept only as long as necessary for the purposes we have told you about; and (vi) kept securely.

3. WHAT PERSONAL INFORMATION IS COLLECTED AND HOW IT IS USED

For California job applicants, please refer to SPECTRAFORCE’S PRIVACY NOTICE TO CALIFORNIA JOB APPLICANTS REGARDING THE COLLECTION OF PERSONAL INFORMATION for what information we collect about job applicants and how we use and disclose it. Please see our website for a link to this notice.

4. FAILURE TO PROVIDE PERSONAL INFORMATION

If you fail to provide certain information when requested, we may not be able to address Spectraforce’s employment obligations (such as paying you or providing a benefit), or we may be prevented from complying with our legal obligations (such as to ensure the health and safety of our workers).

5. CHANGE OF PURPOSE

We will only use your personal information for the purposes we have disclosed in the notices described in paragraph 3. If we need to use your personal information for an unrelated purpose, we will notify you. Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

6. DATA SECURITY

While no data security system can fully protect personal information from unauthorized data breaches, Spectraforce has implemented reasonable safeguards and controls, consistent with its legal obligations under local, state, and federal laws. Spectraforce is committed to: (i) seeking to safeguard all personal information that you provide to us; (ii) seeking to ensure that it remains confidential and secure; and (iii) taking all reasonable steps to ensure that personal privacy is respected. All our data is stored in written or electronic form on our servers and computers and in various physical locations. We maintain physical, electronic and procedural safeguards to protect your personal information from misuse, unauthorised access or disclosure and loss or corruption by computer viruses and other sources of harm. We restrict access to personal information to those staff members, Spectraforce and third parties who need to know that information for the purposes identified in our notice(s).

We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

7. DATA RETENTION

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorised use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances we may anonymise your personal information so that it can no longer be associated with you, in which case we may use such information without further notice to you.

Once you are no longer an employee of Spectraforce, we will retain and securely destroy your personal information in accordance with Spectraforce record retention policies.

8. CHANGES TO THIS PRIVACY POLICY

As we strive to improve our practices, we may review Spectraforce’s Privacy Policy from time to time. This Privacy Policy is not a contract and we reserve the right to change this policy at any time and to notify you of those changes by posting an updated version of this policy. It is your responsibility to check this policy from time to time for any changes.