Daylight Forensic & Advisory LLC (“Daylight”) and its subsidiaries are committed to protecting your privacy. As part of this commitment Daylight has adopted the following privacy policy adhering to the highest standards of protection. In addition, Daylight has voluntarily agreed to comply with the Safe Harbor provisions of the European Community's directive on data protection available to US entities.

WEBSITE USERS' PRIVACY

Collection of Non-Personally Identifiable Information

Every computer connected to the Internet has a set of numbers that serve as that computer's "Internet Protocol" IP address. When a visitor requests a webpage from our website, our Web servers automatically recognize that visitor's IP address. The IP address reveals nothing personal about you other than the IP address from which you have accessed our site. We use this information for various purposes including to examine all visitors’ use of our website or to cooperate with law enforcement. Our Web servers do not automatically record e-mail addresses of the visitors nor do we collect or evaluate this information except as specified below.

Cookies

This website utilizes cookies for the purpose of generating usage statistics. This cookie is used to enhance your experience in utilizing our website and is not used to obtain any personally identifiable information about you. The cookie expires when you leave this site or switch off your computer. Most web browsers automatically accept cookies. By changing certain options on your web browser, you can control how and whether cookies will be accepted by your browser. Please note that most web browsers permit you to selectively block cookies from certain websites and accept cookies from other websites that you trust.

Collection of Personally Identifiable Information

You do not have to provide personally identifying information to visit our site. If you choose not to provide personal information when prompted, you can still visit all the pages of our website. We collect personally identifiable information (such as your name, e-mail address, physical address and other unique identifiers) only when you provide this information to us. Personally identifying information we collect will be used only in connection with our website, or for such other purposes that we tell you about (for example: employment applications, requests for printed materials, newsletter signup or requests for download permission of selected online content). We will not share your personally identifiable information with any third party other than as permitted in accordance with this privacy policy. In certain circumstances, we may share information about you with third party service providers so that we may provide you with the services you have requested. Any third party service provider with which we share information about you as described above has agreed in writing to maintain the information that we provide to them as confidential in accordance with this privacy policy or has its own privacy policy which is at least as restrictive as ours, and has agreed to use the information only to carry out the functions they perform for us. In all cases, we may disclose any and all of the information we have received in any matter as permitted or required by law.

Compliance with Office of Federal Contract Compliance Programs

Since we are a United States government contractor, in compliance with requirements of the Office of Federal Contract Compliance Programs, a division of the United States Department of Labor’s Employment Standards Administration, we keep data including, but not necessarily limited to, job descriptions, job postings and advertisements, records of job offers, applications and resumes, interview notes, tests and test results, written employment policies and procedures, and personnel files, for not less than two years from the later of the date of the making of a personnel record or taking a personnel action.

Opt-In E-Mail Policy

We follow a strict opt-in e-mail policy. In order to receive newsletter e-mail communications and other informational e-mails from us, you must affirmatively choose to receive e-mail communications from us; at any time, you may choose to discontinue receiving further e-mail communications from us by clicking on the "unsubscribe" link at the bottom of any e-mail message you received have received from us.

Security

This website has security measures in place to protect the loss, misuse and alteration of the information under our control. Please be aware that transmissions through the Internet to and from this website, including e-mail messages, are not confidential, and your communications may be read or intercepted by others.

Policy Revisions

We reserve the right to amend this privacy policy from time to time. If we make any substantial changes in the way we use your personally identifiable information, we will notify you by posting an announcement on our website.

Access to and Correction of Your Information

Upon request we will provide access to the information that we maintain about you. You can request this information by e-mailing us at privacy@daylightforensic.com. You may request corrections to or deletion of your information by sending a detailed e-mail containing your request to privacy@daylightforensic.com.

Other Concerns

If you have any questions about this privacy statement, the practices of this website, or your dealings with this website, please contact webinfo@daylightforensic.com.

PRIVACY OF DATA NOT COLLECTED VIA THE WEBSITE

Purpose

Daylight and its subsidiaries deal with confidential data, including that of clients. The highest priority is placed on the security and privacy of this data, and these policies are designed to safeguard such data while allowing employees the proper access to complete their job roles. Any violations of this policy are grounds for disciplinary action against any employee or contractor.

Scope

This policy applies to all users of personally identifiable information in Daylight’s possession which was not acquired or obtained through Daylight’s website.

Physical Security

Access to personally identifiable data is limited to only those Daylight personnel who are required to access personally identifiable data to perform their job function and third parties that are engaged to perform services for Daylight relating to analysis of data, which may include personally identifiable data in Daylight’s possession. Any third party working for Daylight and having access to this information through Daylight is (1) contractually required to comply with Daylight's privacy policy, (2) is subject to the European directive or other adequacy finding, or (3) independently ascribes to the safe harbor provisions itself. Daylight has policies and procedures in place relating to the physical security of hardware and documents that contain personally identifiable data, which includes encryption of all data residing on specific hardware. Restrictions will be put in place to prevent users from making unauthorized changes or removing confidential information.

Classification of Data

All data Daylight receives or obtains will be classified based upon its content in accordance with one of the categories specified immediately below and maintained in accordance with the applicable classification by Daylight personnel. All data obtained by Daylight through a client engagement shall have an “owner” who will be responsible for maintaining the confidentiality of the data as provided herein in accordance with its classification.

• Public - Data which is classified as “Public” has been specifically approved for public release by Daylight. All disclosure of this material is authorized as needed. Examples are marketing brochures and material posted to Daylight’s website.

• Internal Use Only – Data which is classified as “Internal Use Only” is intended for use solely within Daylight’s premises by Daylight employees and approved third-party service providers physically present within Daylight’s premises.

• Confidential – Data which is classified as “Confidential” is private or otherwise sensitive in nature and access to this information is restricted to those employees and approved third-party service providers with a legitimate business need for access.

• Default Categories - All information created by Daylight personnel shall be Internal Use Only if not otherwise marked. All client data or other data received from a third party will be Confidential. Users must save their files on shared servers in directories reflecting the nature of the information contained. These groupings imply both access control and data retention requirements.

User Access

Only current employees and contractors with a specific “need to know” will have access to specific data. All employees and third-party independent contractors will have passed a background check and screening process prior to having any access to data in Daylight’s possession. Each user (including employees and third-party independent contractors) will have unique credentials that will enable him or her to access systems and data in possession of Daylight based upon their job or consulting function.

Network security

Daylight’s computer network is protected from unauthorized intrusion via the use of a firewall; even with such precaution, it is impossible to guarantee that an intrusion into Daylight’s computer network will not occur. Remote access to Daylight’s computer network shall be permitted only through an encrypted link and only when deemed necessary by an appropriately authorized Daylight employee. Daylight monitors Daylight’s computer network traffic for malicious behavior.

Data protection

All data in Daylight’s possession is backed-up on a regular basis and back-ups are stored in a secure off-site location. Computer systems containing critical data employ redundancy to protect against loss of data from hardware failure.

Data Transfer

No data containing personally identifiable information received from any member state within the European Union in possession of Daylight shall be copied or removed from Daylight’s computer systems and network without written approval from both Daylight’s Chief Security Officer and the “owner” of the applicable data. This includes transmission of data via email, ftp, or copying data onto removable media (such as a hard drive or flash media) and removing from Daylight’s office.

Data retention

Daylight’s own data shall be retained for as long as it is actively used, or as required by applicable law, regulation or Daylight policy. Client data will be kept for the duration of the work with the client, or longer if required pursuant to the contract with the client, or as required by applicable law or regulation. Once data in possession of Daylight is no longer required to be maintained, it shall be properly disposed of--which shall include taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal.

Incident Reporting and Investigation

Any suspected or confirmed breaches of security or disclosure of personally identifiable data will be investigated according to our internal procedures.

Training

All individuals who may have access to data in possession of Daylight, including third-party independent contractors and vendors, will be informed of and trained on Daylight’s security and privacy policies, (including periodic retraining as policies evolve) and shall contractually agree not to violate this policy. Daylight shall maintain copies of written agreement signed by those individuals who may have access to data in possession of Daylight and records of training received by such individuals.

With respect to data received by Daylight as an agent for the collection of client data, transfers of such data occurs only upon direction of the owner of the data and Daylight’s client.

Safe Harbor Certification and Specifics

If you are located in the European Economic Area and your information is provided or collected in the United Kingdom or other part of the European Economic Area, Daylight may transfer your data to countries outside the European Economic Area, which may not guarantee the same level of protection for your data as required in the European Economic Area. We take appropriate technical measures to protect your personal information including making a regular backup of our system and data and have security measures in place designed to make sure any personal information we collect is secure. We keep personal data for as long as is necessary to fulfil the purposes we collected it for, as required by law, or to enforce or defend legal claims. Our subsidiary, Daylight Forensic & Advisory Ltd., is a registered data controller with the Information Commissioner’s Office in the United Kingdom.

Daylight adheres to the Safe Harbor Agreement between the U.S. Department of Commerce and the European Commission with respect to personally identifiable information that is transferred from the European Economic Area to the United States within the scope of Daylight Safe Harbor certification. Daylight deals with the seven safe harbor principles as follows:

1. Choice

Acting only as an agent for its clients, Daylight is not required to provide persons whose personally identifiable information is provided to Daylight by a client an opportunity to choose or opt-out whether the personal information will be disclosed.

2. Onward Transfer

Daylight will not transfer clients' data except with the written authorization of the client.

3. Security

Daylight maintains reasonable precautions to protect personally identifiable information from loss, misuse and unauthorized disclosure, alteration or destruction.

4. Data Integrity

Employee data maintained by the company will be used for the sole purpose of supporting company operations and providing employee benefits. Company HR and Payroll processes include tasks and procedures to keep personal data accurate, complete, and current. Daylight collects only that data authorized by the client.

Where Daylight is directed by its clients to transfer data to a third party, Daylight follows procedures agreed to by the client and third party.

5. Access

Employees have the option to review personal data by contacting their local HR representative. As part of the review process, employees can correct, amend, or delete that information where it is inaccurate.

Daylight will use commercially reasonable effort to correct, amend or delete any erroneous data if instructed to do so by its applicable client.

6. Notice

Daylight does not use customer data for any purpose incompatible with those purposes authorized in its client agreements. Sensitive Information, including credit card numbers, is not stored except as directed by Daylight's clients who own the data, and is not transferred to third parties except as authorized by client. An individual may refer a concern regarding privacy or security to Daylight’s Chief Security Officer, at Daylight Forensic and Advisory LLC, 1 Rockefeller Plaza, New York, NY, USA 10020. The phone number is (212) 554-2600 and the e-mail address for this purpose is privacy@daylightforensic.com.

7. Enforcement

Daylight will cooperate with the EU Data Protection Authorities and the Department of Commerce to resolve any complaints and disputes arising in connection with its privacy policy. An individual may refer a concern regarding privacy or security to Daylight’s Chief Security Officer, at Daylight Forensic and Advisory LLC, 1 Rockefeller Plaza, New York, NY, USA 10020. The phone number is (212) 554-2600 and the e-mail address for this purpose is privacy@daylightforensic.com. All Daylight employees will be required to be familiar with and adhere to this policy. Daylight will investigate any reported complaints of violations of its privacy policy and will take prompt remedial action where violations are found. If an individual is unsatisfied with Daylight’s resolution of the complaint, then Daylight or the individual may file a request for mediation of a privacy issue with the American Arbitration Association at 1633 Broadway, 10th Floor, New York, NY 10019, USA; telephone: (212) 484-3266; fax: (212) 307-4387 and e-mail: Websitemail@adr.org.

Exceptions

The above prohibitions against disclosure of personally identifiable information received from Daylight clients are subject only to the following exceptions:

1. Daylight may disclose your personally identifiable information to third parties as required by court order or rule or other similar order or rule of any nation or state. Even in this circumstance, Daylight will do everything in its power to disclose only the data required by applicable law or the authorities, and

2. Daylight may disclose your personally identifiable information to third parties who deliver information from us to you for the purpose of performing such delivery.