Privacy Policy

Effective Date: January 1, 2021

Introduction

Welcome and thank you for visiting this website (the “Site”) operated by Compliance Armor, Inc. (“Compliance Armor,” “we,” and “us”). We at Compliance Armor take the privacy of all visitors to our websites very seriously. This Privacy Notice (“Notice”) informs you how we handle privacy matters and process your Personal Information (as defined below).

Scope

This Privacy Notice covers all of Compliance Armor’s websites, products and services and the Personal Information that is shared by a visitor with us whether directly via compliancearmor.com or via email. By using the Site, you agree to the terms and conditions of this Privacy Notice. This Notice applies to Personal Information and other information collected by us from: (i) visitors to our Site and users of our Services, and (ii) job applicants.

For the purpose of this Privacy Notice, “Personal Information” means any Personal Information relating to an identified or identifiable individual. We obtain Personal Information relating to you from various sources described below. “Services” means cybersecurity compliance documents and templates services..

Information Collected

Through our Site and our Services we may receive information that, alone or in combination with other information, could be used to identify an individual. We may receive information (including Personal Information) in the following ways:

Personal Information that you provide to us

We may ask you to provide Personal Information for various reasons.

· When you request information about Compliance Armor or otherwise interact with our Services (including when subscribing to newsletters, submitting postings, applying for employment or purchasing our services), we may receive the following Personal Information:

  • First and last name
  • Billing and shipping address
  • Telephone number
  • Email address
  • Account number (if applicable)
  • Location data
  • Mobile phone or unique device identifier
  • Credit and debit card number or other payment data
  • Transaction and purchase history
  • Employment history
  • Other information you provide in online chats, emails or other communications
  • Social media account ID, profile photo and other data publicly available, or data made available by linking your social media and loyalty accounts

We may ask you for similar information at other times, such as when you apply for a job through our Site or contact our office.

Communications

When you send email or other communications to Compliance Armor, we may keep those communications in order to process your questions, respond to your requests and improve our Site. We may use your email address to communicate with you about our Services.

Information Collected Through Cookies, Server Logs, Beacons and other Ad Technologies

When you visit the Site or access Compliance Armor Services, we may automatically collect information about you through server logs, cookies, beacons and other ad technologies. This information includes your Internet Protocol address, your web browser type, your activity on the Site, and the domain name of your Internet service provider. If you can be identified from this information – for example by combination with other pieces of information – then we will treat this information as Personal Information.

Use of Cookies

We may use “cookies” (a small text file sent by your computer each time you visit our site) or similar technologies to record log data. Many browsers default to accepting cookies. You may be able to change this setting in your browser and you can also clear your cookies. If you do, you may lose some functionality of our site. Check your browser’s help function to learn more about your cookie setting options.

We use the following cookies to optimize your experience on our Site and to provide our services.

Cookies Necessary for the Functioning of the Store

Name Function

_ab Used in connection with access to admin.

_secure_session_id Used in connection with navigation through a storefront.

cart Used in connection with shopping cart.

Name Function

cart_sig Used in connection with checkout.

cart_ts Used in connection with checkout.

checkout_token Used in connection with checkout.

secret Used in connection with checkout.

secure_customer_sig Used in connection with customer login.

storefront_digest Used in connection with customer login.

_shopify_u Used to facilitate updating customer account information.

Reporting and Analytics

Name Function

_tracking_consent Tracking preferences.

_landing_page Track landing pages

_orig_referrer Track landing pages

_s Shopify analytics.

_shopify_fs Shopify analytics.

_shopify_s Shopify analytics.

_shopify_sa_p Shopify analytics relating to marketing & referrals.

_shopify_sa_t Shopify analytics relating to marketing & referrals.

_shopify_y Shopify analytics.

_y Shopify analytics.

The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

Please see below for your choices on cookies in the use of advertising.

To help us make e-mails more useful and interesting, we often receive a confirmation when you open e-mail from us if your computer supports such capabilities. You can opt out of receiving emails from us at any time. Please see the Your Choices section below.

We might also use a pixel tag, which is a small graphic file that allows us and third parties to monitor the use of the site and provide us with information based on your interaction with the site. These tags may collect the IP address from the device from which you loaded the page, as well as the browser type. Pixel tags are also used by our third parties to collect information when you visit our Site, the links and other actions you take on our Site, and we may use this information in combination with cookies to display targeted advertisements.

We may use other data technologies that collect comparable information for security and fraud detection purposes.

Your Choices

On most web browsers, you will find a “help” section on the toolbar. Please refer to this section for information on how to receive a notification when you are receiving a new cookie and how to turn cookies off. Please see the links below for guidance on how to modify your web browser’s settings on the most popular browsers: · Internet Explorer · Mozilla Firefox · Google Chrome · Apple Safari

Note, however, that if you reject our request to use cookies or turn cookies off, you may be unable to access certain parts of the Site and you may not be able to benefit from the full functionality of the Site. To find out more about cookies and similar technologies, including how to see what cookies and similar technologies have been set and how to manage and delete them, visit www.allaboutcookies.org, and/or www.youronlinechoices.com.

Do Not Track Signals

Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

How We Use Information Collected

1. To operate, maintain, enhance and provide features of the Services, to provide Services and information that you request, to respond to comments and questions, and otherwise to provide support to users.

2. To personalize your experience on the Services by presenting content, chat, products and offers tailored to you. For example, we may analyze your activity to personalize your experience and provide content that may be of interest to you.

3. To fulfill your purchase or complete your transaction.

4. To understand and analyze the usage trends and preferences of our users, to improve the Services, and to develop new products, services, features, and functionality.

5. To contact you for administrative and informational purposes. This may include providing customer service or sending communications, including changes to our terms, conditions, and policies.

6. For marketing purposes, such as developing and providing promotional and advertising materials that may be useful, relevant, valuable or otherwise of interest.

7. For our business purposes, such as audits, security, compliance with our internal policies, license agreements with content providers, applicable laws and regulations, fraud and financial crime monitoring and prevention. 8. To enforce our Terms of Service or other legal rights.

How We Share Your Personal Information

1. To our affiliates and subsidiaries for the purposes described in this Privacy Notice.

2. To our third-party service providers who provide services such as website hosting, payment processing, online chat functionality, data analysis, information technology and related infrastructure provision, customer service, email delivery, online advertising, auditing, and other Services. We use Shopify to power our online store. You can read more about how Shopify uses your Personal Information here: https://www.shopify.com/legal/privacy.

3. With third parties to provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

· We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: https://policies.google.com/privacy?hl=en.You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout.

· We share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to, depending on your location).

For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at https://www.networkadvertising.org/understanding-online-advertising/how-does-it-work.

You can opt out of targeted advertising by: · Facebook – https://www.facebook.com/settings/?tab=ads · Google – https://www.google.com/settings/ads/anonymous · Bing – https://advertise.bingads.microsoft.com/en-us/resources/policies/personalized-ads]

Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at: https://optout.aboutads.info/.

4. To a potential or actual acquirer, successor, or assignee as part of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in bankruptcy or similar proceedings).

5. If required to do so by law or in the good faith belief that such action is appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our affiliates; (f) to protect our rights, privacy, safety or property, and/or that of our affiliates, you or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

6. We may also share Personal Information about you with other third parties with your permission. We may use and disclose aggregate information that does not identify or otherwise relate to an individual for any purpose, unless we are prohibited from doing so under applicable law.

Security

Compliance Armor has developed or engaged technical and organization measures designed to protect Personal Information against unauthorized access or misuse. However, the Internet cannot be guaranteed to be fully secure, and we cannot ensure or warrant the security of any information you provide to us. We do not accept liability for unintentional disclosure.

Retention

Compliance Armor will retain Personal Information for the period necessary to provide our Services, as otherwise required by our contracts or by law.

Children Under 13

Our Services and the Site are not directed at children under 13 years of age, and we do not knowingly collect or receive Personal Information from them. If we learn that we have received Personal Information from a child who is under 13, we will delete the data. If you believe that we have received Personal Information from a child under the age of 13, you may contact us at privacy@compliancearmor.com.

EU Data Subject Notice

This section applies if you are an EU data subject (for these purposes, reference to the EU also includes the European Economic Area (“EEA”) countries of Iceland, Liechtenstein and Norway and, where applicable, Switzerland). Compliance Armor is the data controller for processing Personal Data provided to Compliance Armor through the Site. We act strictly as a data

processor for Personal Data that we process through the Services, as described under the “Information Collected” section above. We rely on the following legal bases for processing your Personal Data:

· Processing of your Personal Data that you provide to us when you send inquiries about our Services is necessary to respond to or implement your request prior to entering into a contract with us.

· When you apply for employment through our Site, processing of your contact details and data about your employment history and education (as needed to evaluate your job application, to conduct job interviews, and as is otherwise needed for recruitment) is necessary to respond to your request to process your application for employment. If you do not provide this data, we will not be able to process the application that you send through our Site.

· We use account-related data to set up accounts for users in our platform and to administer and support those accounts (such as usernames, email address and billing information), provide you with access to the Services, contact you regarding your use of the Services or to notify you of important changes to the Services. Such use is necessary for the performance of the contract between you and us.

· We will send you information by email on our new services or other promotions only with your consent. If you do not provide us with your consent to the processing of your Personal Data for this purpose, we will not send you this information. You have the right to withdraw your consent at any time as described below.

· Our use of data relating to your use of the Site and/or the Services, described above, is necessary for our legitimate interests in understanding how the Site and the Services are being used by you, to improve your experience on it and our service offerings. We also have a legitimate interest in aggregating and/or anonymizing the information that we collect through our Site and/or the Services and using this information for our business purposes, as described above. When we process your Personal Data for our legitimate interests, we make sure to consider and balance any potential impact on you, and your rights under data protection laws. Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you, unless we have your consent or those activities are otherwise required or permitted to by law. You have the right to object to processing that is based on our legitimate interests, as further described below.

We hope to ensure that the personal data we possess are always accurate and therefore we encourage you to update your information in your own account in case any changes have occurred. We have listed below the rights that you may be able to exercise in respect of the processing of your personal data, subject to applicable law. We take every reasonable step to ensure that the personal data that we process are limited to the personal data that are reasonably required in connection with the purposes set out in this Privacy Notice.

Please note that upon exercising any of the rights listed below, you may be requested to provide additional information for identification purposes. Such additional information shall not be used for any other purpose and will be removed after successful identification.

· Providing your data: You may choose not to provide your personal data to us. It should be noted that some features of our websites, applications and other services may not be fully available to you if you choose not to provide us with your personal data (e.g., we may not be able to process your orders without the necessary details).

· Right of access: You may have the right to request access to, or copies of, your personal data, together with information regarding the nature, processing and disclosure of those data.

· Unsubscribing: We include an unsubscribe link in all electronic marketing messages we send to you. You may withdraw your consent to direct marketing at any time. If you do so, we will promptly update our databases, and will not send you further direct marketing, but we may continue to contact you to the extent necessary for the purposes of any products or services you have requested.

· Checking and editing your personal data: Should you have an online user account, you may edit and complete your personal data directly yourself. If you do not have an online user account, you may contact us, who will upon your request as soon as possible rectify, remove or complete the information which is incorrect, unnecessary, lacking or outdated.

· Blocking and deleting cookies: You may block the cookies using your browser settings. Please note that blocking the cookies may affect the usability of our websites. You may also delete the cookies from your browser via its settings, in which case the information collected by the previous cookie will not affect the account created based on the information collected after such deletion.

· Advertising. You can opt out of online targeted advertising by opting out within the advertisement itself or by visiting Digital Advertising Alliance, https://www.aboutads.info, the Digital Advertising Alliance of Canada in Canada https://youradchoices.ca or the European Interactive Digital Advertising Alliance in Europe https://www.youronlinechoices.eu. You can also opt out of the Digital Advertising Alliance using your mobile device settings.

· Allowing use of location data: You may give your consent to the use of location data in the options of the device or the application. You may also withdraw such consent at any time from the options menu in your account, or by contacting us.

· Erasure, or restriction of our processing, of your data: Should you believe that we process your data which is not accurate; the processing is illegal; we are not processing your data in accordance with the processing purpose or you want to oppose the processing, you may contact us to request the erasure, or restrictions on the processing,

of your data. Please note that we will investigate your request reasonably promptly, before deciding what action to take.

· Right to object: You may have the right to object, on legitimate grounds, to the processing of your personal data.

· Withdrawing your consent. You may at any time decide to withdraw your consent to the processing of your personal data. If your consent is withdrawn, it does not prevent us from processing your personal data based on other legal bases, such as fulfilling your orders and storing your order data as required by applicable law. However, it should be noted that your account(s) on our web store(s) will be removed, and advantages granted to you via your account will be reset. Please note that withdrawal of consent does not affect the lawfulness of any processing performed prior to the date on which we receive notice of such withdrawal.

· Right to data portability: You may have the right to have your personal data transferred to another controller, in a structured, commonly used and machine-readable format, to the extent applicable.

· Right to Lodge a Complaint: For European Union residents, if you feel that our processing of your personal data infringes on data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state where you habitually reside, your place of work or the location of the alleged infringement. If you are located outside of the European Union, you may have rights under privacy laws in the jurisdiction where you live.

We (and many of our external third parties) are based outside the EEA; therefore, their processing of your personal information will involve a transfer of data outside of the EEA.

Whenever we transfer your personal information outside of the EEA, we ensure it is protected by making sure at least one of the following safeguards is in place:

· by transferring your personal information to a country that has been deemed to provide an adequate level of protection by the European Commission;

· by using specific contracts approved by the European Commission which give your personal information the same protection it has within the EEA; and

· where we use providers based in the US, we may transfer data to them if they provide similar protection to personal data shared between Europe and the US as if it never left Europe.

To keep this privacy policy as short and easy to understand as possible, we have not set out the specific circumstances when each of these protection measures are used. You can contact us at privacy@compliancearmor.com for the details as to how we protect specific transfers of your data.

All information you provide to us is stored on our secure servers or those of our third-party data storage providers.

California Privacy Rights

California Civil Code § 1798.83 permits California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes in the preceding year, including what information we disclosed, and the names and addresses of those third parties. As noted above, Compliance Armor shares your Personal Information with third parties for certain direct marketing purposes that may be of interest to you. Please contact us at privacy@compliancearmor.com to learn more.

Changes to this Privacy Notice

We may change this Privacy Notice at any time. We will post all changes to this Privacy Notice on this page and will indicate at the top of the page the modified notice’s effective date. We therefore encourage you to refer to this page on an ongoing basis so that you are aware of our current privacy notice. If required by the applicable law, we will notify you if the changes. By continuing to use the Site and/or the Services or providing us with information following such a replacement Notice being uploaded, you agree that you will be deemed to have agreed to be bound by the Privacy Notice as changed.

Contact Us

If you have any questions or suggestions regarding this Privacy Notice, please contact us at:

Compliance Armor A Property of Petronella Technology Group, Inc. compliancearmor.com 5540 Centerview Dr., Suite 200 Raleigh, NC 27606 Email: privacy@compliancearmor.com

Phone: 919-646-3780