PYMETRICS PRIVACY POLICY!

Last updated: December 18, 2019

1. INTRODUCTION

Pymetrics, Inc. (“Pymetrics”, “we”, “our”, or “us”) values the trust our users (“you”) place in us

when they give us access to their personally-identifiable information (“Personal Information”).

This Privacy Policy (“Policy”) describes how we work to maintain that trust.

Pymetrics has created this Policy in order to outline our collection, use, and sharing of

information you provide to us when you access or use Pymetrics’ online and/or mobile services

and websites (collectively, the “Site”), including, without limitation, pymetrics.com, any

Pymetrics mobile application, and any software provided by Pymetrics in connection with such

services or websites.

Please note that we reserve the right to review and update this Privacy Policy from time to time.

Accordingly, each time you access or use the Site, you should check the Last Updated legend at

the top of this Policy and review any changes since you last accessed or used the Site. If you

access or use the Site after an updated Privacy Policy is published, you will be deemed to have

agreed to the amended Policy.

TO THE EXTENT PERMITTED BY APPLICABLE LAWS, BY ACCESSING AND USING

THIS SITE, YOU REPRESENT AND WARRANT THAT YOU HAVE READ AND

UNDERSTOOD, AND AGREE TO THE TERMS OF, THIS PRIVACY POLICY. IF YOU DO

NOT AGREE TO THIS PRIVACY POLICY, PLEASE DO NOT ACCESS OR USE THIS SITE.

2. INFORMATION THAT WE COLLECT ABOUT YOU

Information Provided by You Upon Creating an Account

When you create and register a user account (“Account”) on the Site, you may be asked to

provide or confirm certain pieces of Personal Information, which may include one or more of the

following:

1. First and last name

2. E-mail address

3. Educational history

4. Current occupation and title

5. Employment history

6. Accessibility Accommodations

You may also be asked to provide your demographic information. However, providing such

information will always be voluntary.

We may supplement the Personal Information you provide with additional Personal Information

we gather from public sources or from third-parties (e.g., consumer reporting agencies) that may

lawfully provide such information to us.

You are under no obligation to provide your Personal Information, with the caveat that your

refusal to do so may prevent you from using certain of the Site’s features and services for which

your information is required.

Data submitted by Your use of Our Site

When you play our online games (the “Games”) on the Site, we also collect and retain your

“Gameplay Data,” which is defined as information and data collected from your behavior and

actions in the course of playing our Games, including metadata about your real-time user

interaction with the Games. After your completion of the Games, the Site will review your

Gameplay Data and generate your specific “Trait Profile,” which contains the Site’s assessment

and description of your cognitive, social, and personality traits.

When you record and submit videos (“Videos”) on the Site, we may also collect and retain

images, video, voice and audio information and a transcript of your audio information in the

Video.

Information Provided When You Contact Us

We may collect Personal Information that you voluntarily provide to us when you contact us with

a question, comment, business inquiry, or other request for information. We collect one or more

of the following types of Personal Information when you contact us with a question or comment,

or request information from us about our products and services:

1. Name

2. E-mail address

3. Phone Number

Passively Collected Information

When you access and use our Site, we may automatically collect and retain certain types of

information, including your computer or device’s internet protocol (IP) address and other

technical information about your computer or device and website usage, such as your browser

type and version, time zone setting, and operating system and platform.

We may collect application log information like the companies you submit a job application for

through the Site, the specific role(s) you apply for, and the time and date of such applications.

We also use cookies on our Sites; for more information, please see the Cookies and Other

Tracking Technologies section below.

We may collect certain additional information when you access our Site with a mobile device or

with Pymetrics IOS and Android mobile apps. This information may include location, device

type, unique device identifier, operation system, and other app-specific user data. This data is

analyzed to help us create a more user-friendly mobile experience. You may restrict collection of

certain data, like location by changing the setting preferences on your mobile device.

3. COOKIES AND OTHER TRACKING TECHNOLOGIES THAT WE USE

We and our service providers use cookies, beacons, embedded scripts, and local shared objects in

connection with the Site.

Cookies are small text files that are stored on your computer or device when you visit our

Site. Cookies allow a website to recognize a particular device or browser. The use of

cookies is a standard practice among websites to collect information about visitors’

activities while using the website.

Beacons are small graphical images (also known as “pixel tags” or “clear GIFs”) that

may be included on our Site and typically work in conjunction with cookies to assist our

site with the automated collection data on user behavior. Pymetrics will not be able to

personally identify you in connection with these practices.

An embedded script is programming code that is designed to collect information about

your interactions with the Site, such as the links you click on. The code is temporarily

downloaded onto your computer or device from our web server or a third-party service

provider, is active only while you are connected to the Site and is deactivated or deleted

thereafter.

Local Shared Objects. Local shared objects (or Flash cookies) are pieces of data that

websites which use Adobe Flash may store on a user’s computer or device. Third parties

with whom we partner to provide certain features on our Sites or to display advertising

based upon your web browsing activity use local shared objects. Various browsers may

offer their own management tools for removing local shared objects. In addition, you

may manage Flash cookies by clicking here: http://www.macromedia.com/support/

documentation/en/flashplayer/help/settings_manager07.html

The above technologies are used in analyzing trends; administering the Site and its features and

services; tracking users’ movements around the Site; and to gather demographic information

about our userbase as a whole. We may receive reports based on the use of these technologies on

an individual as well as aggregated basis.

We use cookies to remember users’ settings, market products and services to users, and for

authentication purposes. To manage the cookies that are placed on your computer, you may

configure your internet browser to refuse, accept, or delete cookies from our Site at any time.

The “Help” portion of the toolbar on most browsers will tell you how to prevent your browser

from accepting new cookies; how to have the browser notify you when you receive a new

cookie; or how to disable cookies altogether. Please note that if cookies are disabled or removed,

not all features of our Site will operate as intended.

Third-Party Analytics. We may also use service providers, such as Google Analytics, that may

use cookies or other technologies to collect information about your online activities across this

and other sites over time for non-advertising purposes such as those described above. To learn

more about how Google Analytics collects and processes data and the choices Google may offer

to control these activities, you may visit http://www.google.com/intl/en/policies/privacy/

partners/.

4. WHAT WE DO WITH THE INFORMATION WE COLLECT

General Uses. We use the information we collect to manage, analyze, develop,

customize, and improve our Site as well as our products and services (including our

Games). We sometimes use automated decision making in processing your information,

such as to create your “Trait Profile.” Your "Trait Profile" is used to help inform

employer decisions by determining your "fit" by comparing your individual results

against the results of other employees performing that job.

Information Provided When You Register for an Account and Use Our Site and

Other Products and Services. We may use this information to authorize and administer

your access to the Site, verify your identity, authenticate your visits, and provide our

products and services to you. We may also use your information to improve and

personalize your experience with us (including showing you relevant information such as

your job matches), and, with your consent where necessary, notify you when you match a

new open role on the Site, notify you when a recruiter or another user contacts you,

remind you to finish any incomplete Games or Video submissions, send you information

about us, and keep you informed of our products and services that may be of interest to

you. We may combine your Personal Information with other Personal Information

lawfully collected from third parties in order to improve products and services.

Information Provided When You Contact Us (Including Signing Up for Sales and

Marketing Communications). We may use this information to understand and respond

to your question or comment, and/or reach out to you regarding your inquiry or request

regarding our products and services.

Passively Collected Information. We use passively collected information to monitor

and maintain the performance of our Sites; analyze trends, usage, and activities in

connection with our services; validate users and ensure their technological compatibility

with users; optimize our marketing efforts; and to provide our products and services to

you, including analyzing your Gameplay Data and Video submissions, and developing

your Trait Profile.

Aggregated or De-identified Data. We may use your Personal Information and

passively-collected information to create aggregate or de-identified data, such as data that

describes the general demographics, usage, Gameplay Data, or other characteristics of a

Site’s users. We reserve the right to use, and/or transfer aggregated or de-identified data

about the Site’s users for any lawful purposes. We also reserve the right to use such

information in collaboration with outside researchers to measure, quantify and audit the

validity and fairness of our products and services.

Public Profile. If you select Public in your Privacy Settings tab on your Account Profile,

we may use your information to match you with potential employers or job openings.

Incumbent Employees. If you were directed to visit the Site, create an Account (or to

sign into your existing Account), and play the Games or submit Videos by your current

employer, then we may use your information to create a talent assessment model for a

specific role. In such a scenario, you would be deemed an “Incumbent Employee.”

Job Candidates. If you were directed to visit the Site, create an Account (or to sign into

your existing Account), and play the Games or submit Videos as part of the job

application process for a specific employer or your current employer, then we may use

your information to assess your fit to the specific role(s) or to assess your fit for another

role. In such a scenario, you would be deemed a “Job Candidate.”

Other Purpose. We may use your information for any additional purpose which you

specifically consent to in the course of accessing and using our Site.

Lawful Basis for Processing Your Information. If we act as a controller, our lawful basis for

collecting and using the information described in this Privacy Policy will depend on the

information concerned and the specific context in which we collect or use it. We normally

collect or use information from you or others only where we have your consent to do so, where

we need the information to perform a contract with you, or where the processing is in our

legitimate interests and not overridden by your data protection interests or fundamental rights

and freedoms. In some cases, we may have a legal obligation to collect or retain personal

information or may need the personal information to protect your vital interests or those of

another person. If you have questions about or need further information concerning the lawful

basis on which we collect and use your personal information, please contact us using the contact

details provided in Section 8 of this Privacy Policy.

5. WITH WHOM WE SHARE THE INFORMATION WE COLLECT

Personal Information of our users is an integral part of our business. We reserve the right to

share your Personal Information with third parties as described below. We also reserve the right

to use and/or transfer aggregated de-identified data derived from Personal Information, for

lawful purposes in our discretion. Note that we do not share Personal Information with third

parties for their direct marketing or revenue generating purposes.

Service Providers. We, like many businesses, sometimes hire other companies (“Service

Providers”) to perform certain business-related functions. Examples include customer

service, maintaining databases, data storage, cloud services, and hosting services. When

we employ a Service Provider to perform a function of this nature, we provide it with the

information that it needs to perform its specific function, which may include Personal

Information and other information that you provide to us. These Service Providers are

authorized to use your information only as necessary to provide these services to us.

Legal Requirements. We may disclose Personal Information if required to do so by law

or in the good faith belief that such action is necessary to (a) comply with a subpoena or

similar legal obligation; (b) protect and defend our rights or property; (c) act in urgent

circumstances to protect the personal safety of users of the Site or the public; (d) protect

against legal liability; or (e) as otherwise required or permitted by law.

Job Candidates. If you are a job candidate playing the Games as part of the job

application process, then we share your Personal Information and Trait Profile with the

employer and any third party that is pertinent to the employment application process for

the specific role(s) you are applying to through our Site.

Business Transfers. As we develop our business, we might sell or buy businesses or

assets. In the event of a corporate sale, merger, reorganization, dissolution, total or partial

sale of assets in bankruptcy or similar event, your Personal Information and other

information may be part of the transferred assets.

Other Third Parties. We may disclose your information to other third parties with your

prior express consent.

You hereby consent to our sharing of your Personal Information and other information for the

above purposes.

Non-US Residents – International Transfers of Personal Information. If you are located

outside of the United States, the Personal Information that we collect from you may be

transferred to, and stored at, a destination internationally (for example, outside the European

Economic Area (“EEA”) in reliance on a variety of compliance mechanisms, including data

processing agreements based on the EU Standard Contractual Clauses). It may also be processed

by staff operating internationally (for example, outside the EEA who work for us or for one of

our suppliers). The country in which your Personal Information may be transferred to and

processed in may have data protection laws that are different to the laws of your country (and in

some cases, may not be as protective). By submitting your Personal Information on the Site, you

agree to this transfer, storing, or processing. We will take all steps reasonably necessary to

ensure that your data is treated securely and in accordance with this Privacy Policy. For more

information on where we store Personal Information and on our security, please see the

“Security” section in Section 8 of this Policy below.

6. EU-U.S. AND SWISS-U.S. PRIVACY SHIELD NOTICE

Effective: October 19, 2018

Pymetrics participates in and has certified our compliance with the EU-US Privacy Shield and

the Swiss-US Privacy Shield frameworks regarding the collection, use, and onward transfer of

Personal Information that we collect and process from the EEA, United Kingdom, and

Switzerland. We have certified to the Department of Commerce that we adhere to the Privacy

Shield Principles of notice, choice, onward transfer, security, data integrity, access, and

enforcement for Personal Information that we receive from companies or individuals in the EEA,

United Kingdom, and Switzerland. Our Privacy Shield certification will be available here. We

also receive some data in reliance on other compliance mechanisms, including data processing

agreements based on the EU Standard Contractual Clauses. If there is any conflict between the

terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall

govern. To learn more about the Privacy Shield Framework, visit the US Department of

Commerce’s website (www.privacyshield.gov).

● Information Processed. See Sections 2 and 3 of this Policy.

● Purposes of Information Processing. See Section 4 of this Policy.

● Third Parties with Whom We May Share Information. See Section 5 of this Policy.

● Questions or Complaints. If you are a resident of a European country participating in

the Privacy Shield and you believe we maintain your Personal Information within the

scope of this Privacy Shield certification, then you may direct any questions or

complaints concerning our Privacy Shield compliance via the contact information in

Section 8 of this Policy below. We will work with you to resolve your issue.

● Dispute Resolution. If you are a resident of a European country participating in the

Privacy Shield and you have not received timely response to your concern, or we have

not addressed your concern to your satisfaction, you may seek further assistance, at no

cost to you, from JAMS (www.jamsadr.com), which is an independent dispute resolution

body in the United States.

● Arbitration. You may also be able to invoke binding arbitration for unresolved

complaints but prior to initiating such arbitration, a resident of a European country

participating in the Privacy Shield must first: (1) contact us and afford us the opportunity

to resolve the issue; (2) seek assistance from JAMS; and (3) contact the U.S. Department

of Commerce (either directly or through a European Data Protection Authority) and

afford the Department of Commerce time to attempt to resolve the issue. If such a

resident invokes binding arbitration, each party shall be responsible for its own attorney’s

fees. Please be advised that, pursuant to the Privacy Shield, the arbitrator(s) may only

impose individual-specific, non-monetary, equitable relief necessary to remedy any

violation of the Privacy Shield Principles with respect to the resident.

● U.S. Federal Trade Commission Enforcement. Our Privacy Shield compliance is

subject to the investigatory and enforcement powers of the U.S. Federal Trade

Commission (FTC).

● Right of Access. See Section 7 of this Policy.

● Requirement to Disclose. We may disclose Personal Information when we have a good

faith belief that such action is necessary to: conform to legal requirements or to respond

to lawful requests by public authorities, including to meet national security or law

enforcement requirements, or to enforce our contractual obligations.

● Liability. If a third-party service provider providing services on Pymetrics’ behalf

processes Personal Information from the EEA or Switzerland in a manner inconsistent

with the applicable Privacy Shield Principles, Pymetrics will be liable unless we can

prove that we are not responsible for the event giving rise to the damages.

● Human Resources Data. Pymetrics commits to cooperating with EU Data Protection

Authorities (DPAs) and the Swiss Federal Data Protection and Information

Commissioner (FDPIC) and will comply with the advice provided by such authorities

with regard to human resources data transferred from the EU and Switzerland in the

context of Pymetrics’ employment relationship with our employees.

7. YOUR CHOICES REGARDING YOUR INFORMATION

Choice

You are not required to create an Account to gain access to many services and features of the

Site. If you use the Site’s personalized services and features (e.g., the Games and Trait Profile),

you will need to create an Account and enter Personal Information, which we will treat as

described in this Privacy Policy.

Our Opt-out Policy

We may send you notifications and communications using the email address you provided to us

when you registered your Account. To stop receiving some or all email communications from

us, you can use the “Email Settings” tab of your Account profile to edit your email preferences.

Alternatively, you can use the “unsubscribe” mechanism provided in the email communication.

We will also send you service-related email announcements on rare occasions when it is

necessary to do so. For instance, if our service is temporarily suspended for maintenance, we

might send you an email. You do not have an option to opt out of these emails, which are not

promotional in nature. If you do not wish to receive these announcements, you have the option

to deactivate your account.

We may also send you information for marketing purposes if you have signed up for such

communications or otherwise indicated an interest in receiving such communications. If you no

longer wish to receive these communications, you may opt-out by contacting us directly or by

clicking the opt-out link in our email marketing communications.

Accessing, Correcting, and Updating Your Information

You may access, correct, and update most of your Personal Information under the Account

Settings tab of your Account profile. You may also email us at privacy@pymetrics.com with

information necessary for us to process your request. We will respond to your request within a

reasonable timeframe. We may need to verify your identity before granting access to Personal

Information in our custody or control.

A note about our Games specifically: Because some of our Games are designed to test memory

and instinctive behavior (which can be skewed through subsequent gameplay), once you start or

complete the Games, your Gameplay Data and Trait Profile cannot be reset, amended, deleted, or

overridden for a period of three hundred and thirty (330) days after you have completed the

Games.

Deactivating Your Account

You may deactivate your Account using the Deactivate Account button under the Account

Settings tab on your Account profile. When you deactivate your Account, you will no longer be

able to log into the Account. You will also no longer be able to create any new Accounts with the

email address associated with the deactivated Account. If you wish to reactivate your

deactivated Account, please email us at privacy@pymetrics.com with the email address.

A deactivated Account does not mean that all of the information associated with your Account is

expunged from our systems, although such information will now no longer be readily available

to you.

Deleting Your Information

Yo u m a y r e q u e s t t o d e l e t e y o u r P e r s o n a l I n f o r m a t i o n b y e m a i l i n g u s

at privacy@pymetrics.com with information necessary for us to process your request. Note that

any deletion request will be subject to our Retention Policy below.

A note about our Games specifically: Because some of our Games are designed to test memory

and instinctive behavior (which can be skewed through subsequent gameplay), once you start or

complete the Games, your Gameplay Data and Trait Profile cannot be reset, amended, deleted, or

overridden for a period of three hundred and thirty (330) days after you have completed the

Games.

GDPR Rights. The underlying rationale of the GDPR is to empower you (Data Subjects) to

control how your personal data is processed. We have a responsibility to protect your individual

privacy and autonomy, and to comply with the requirements of the GDPR. More importantly, we

genuinely believe the world will be a better place if you are empowered to control the use of

your own data. We at Pymetrics have invested heavily in enabling you to exercise your rights

under the GDPR to the maximum extent possible.

Contact Details for Redress:

Pymetrics, Inc

102 Madison Ave 5th Floor

New York, NY 10016

privacy@pymetrics.com

You have the following rights under GDPR:

i. Right to be Informed. You have the right to be informed about the collection and use of

your personal data. This is a key transparency requirement under the GDPR. How we

help: The privacy policy is designed to inform you about how your information is

processed, as well as what your rights are.

ii. Right of Access. You have the right to access your personal data and supplementary

information to be aware of and verify the lawfulness of processing. How we help: After

signing in, we allow you to access your personal data in JSON format, along with

supplementary information in your privacy settings.

iii. Right to Rectification. You have the right to have personal data rectified if it is

inaccurate or incomplete. How we help: After signing in, we allow you to edit your

personal data via your profile page.

iv. Right to Erasure. You have the right to request the deletion or removal of your personal

data where there is no compelling reason for its continued processing. How we help:

After signing in, we allow you to request that your account be restricted. Your data will

be removed from pymetrics and placed in restricted archival storage for 2 years before

being deleted to comply with relevant laws governing employment records retention.

v. Right to Restrict Processing. You have the right to 'block' or suppress processing of

your personal data. How we help: After signing in, we allow you to request that your

account be restricted. Your data will be removed from pymetrics and placed in restricted

archival storage for 2 years before being deleted to comply with relevant laws governing

employment records retention.

vi. Right to Data Portability. You have the right to obtain and reuse your personal data for

your own purposes across different services. How we help: After signing in, we allow

you to export your personal data in JSON format in your privacy settings.

vii. Right to Object. You have the right to object to processing based on legitimate interests

or the performance of a task in the public interest/exercise of official authority (including

profiling), direct marketing (including profiling), and processing for purposes of

scientific/historical research and statistics. How we help: We allow you to object to

processing by changing your email settings, by exercising your right to restrict

processing, or by contacting privacy@pymetrics.com.

viii. Automated individual decision-making, including profiling. You have the right not to

be subject to a decision based solely on automated processing, including profiling, which

produces legal or similarly significant effects. How we help: The data we collect is not

necessarily used in automatic decision making. In case our client uses automated decision

making, you may require human intervention. Please contact the Controller who invited

you to complete an Assessment.

Our Retention Policy

We retain Personal Information from you with your consent, or where we have an ongoing

legitimate business need (for example, to provide you with a service or other information you

have requested or to comply with applicable legal requirements). When we have no on-going

legitimate business need to process your Personal Information, we will either delete, de-identify

or anonymize it, or, if this is not possible (for example, because your Personal Information has

been stored in backup archives), then we will securely store your Personal Information and

isolate it from any further processing until deletion is possible. The following are examples of

how long we typically retain your Personal Information for legitimate business needs:

When You Interact with Sales, Marketing, and Customer Support: We may retain

your Personal Information as long as necessary to provide you with your request for

information or other responses.

When You Sign Up for an Account: We may retain your information for as long as your

Account is active or as long as necessary to provide you with our services, comply with

our legal obligations, preserve and protect our rights as allowed by law, resolve disputes,

maintain security, prevent fraud and abuse, and enforce our agreements (including our

In accordance with our obligations and requirements under local law, we must retain your

information for a period of two (2) years following the date of your last recorded

assessment for a particular role (“Assessment”). As a result, if you request deletion of any

information prior to this 2-year anniversary, we must wait until the 2-year period has

passed, after which we will process your deletion request. If you do not have any

recorded assessments for a role during the last two (2) years, then we will process your

request within ten (10) business days of receipt.!

Even if we are obligated to retain certain information, once you delete your Account or

request deletion of your Personal Information, your Personal Information will cease being

visible to third parties through our Site, regardless of whether you selected Public or

Limited (if available to you) through the Privacy Settings tab of your Account profile.

As discussed above, we may aggregate or de-identify our user’s Personal Information and

other information; such data cannot be used to identify you. We will retain such data

even after any Personal Information deletion requests have been processed.

When We Process Your Personal Information on Behalf of Our Customers: We

retain your Personal Information in accordance with the timeframes set out in the relevant

customer agreements between us and the applicable customer(s).

8. MISCELLANEOUS

Other Websites. Our Site may contain links to third-party owned and/or operated websites or

mobile applications. We do not own nor control these third-party websites or mobile

applications, and accordingly assume no responsibility for the information practices of those

sites or apps. We suggest that you review their privacy, security, and data collection and

distribution policies, if any, prior to providing such websites or apps with any information.

Blogs and Public Features of the Sites. Our Site may contain features, e.g. job boards, forums,

sharing functions, etc., that permit you to upload, post, transmit, display, perform, or distribute

content and information, including your Personal Information. Any information that you choose

to disclose by means of such features becomes public information over which we are unable to

exercise control. You should exercise caution when deciding to disclose information by means

of such features, and you agree to assume all responsibility for doing so.

Single Sign-On. You can create an Account using third-party sign-in services such as Facebook

or LinkedIn. This service will authenticate your identity and provide you the option to share

certain Personal Information with us such as your name and email address to pre-populate our

sign-up form. Please note that your relationship with Facebook, LinkedIn, or any other third-

party website is governed solely by your agreement with such third-party website.

Security. The security of your Personal Information is important to us. We take commercially

reasonable steps to help protect your Personal Information from loss, misuse, unauthorized

access, disclosure, alteration, and destruction. For example, we use one or more of secure socket

layer (SSL) encryption, firewalls, and self-updating anti-virus software. Your Personal

Information will be stored in the United States and will be subject to laws applicable in that

country. While we take all steps we consider appropriate to protect your data, including technical

and organization measures to ensure that your Personal Information is handled securely in

accordance with this Privacy Policy; unfortunately, no company can fully eliminate security

risks, so we cannot make guarantees about any part of our services. Please create a unique

password for your Account and do not share your password with anyone else.

Minors. Visitors under eighteen (18) years of age are not permitted to use and/or submit their

Personal Information at the Site. We do not knowingly solicit or collect information from

visitors under eighteen (18) years of age. We encourage parents and guardians to spend time

online with their children and to participate and monitor the interactive activities of their

children.

Contacting Us. The Contact Us link on the Site contains an e-mail link that allow you to

questions about this Privacy Policy or our privacy practices, please feel free to contact us

at privacy@pymetrics.com or at:

ATTN: Data Protection Officer

Pymetrics, Inc.!

102 Madison Avenue, 5

Floor!

New York, NY 10016!

United States of America

ANNEX - INFORMATION FOR CITIZENS OF THE US-STATE OF CALIFORNIA

U N D E R T H E C A L I F O R N I A C O N S U M E R P R I VA C Y A C T ( “ C C PA ” )

Consumers residing in California have some additional rights with respect to their personal

information under the California Consumer Privacy Act or (“CCPA”). If you are a California

resident, this section applies to you and supplements the main privacy policy above.

1. Categories of Personal Information Collected. In the preceding 12 months, we have collected

the categories of personal information listed under Section 2. “INFORMATION THAT WE

COLLECT ABOUT YOU” above.

2. Your Rights. Under the California Consumer Privacy Act of 2018 ("the CCPA"), if you are a

California consumer, you have the right to know and see what personal information we have

collected about you over the past 12 months, including: the categories of personal

information we have collected about you; the categories of sources from which the personal

information is collected; the business or commercial purpose for collecting your personal

information; the categories of third parties with whom we have shared your personal

information; and the specific pieces of personal information we have collected about you.

You also have the right to request deletion of your personal information (subject to certain

exceptions), to opt out of sales of personal information and to receive equal service and price

and not be discriminated against even if you exercise any of their other CCPA rights. !

California consumers may make a rights request by sending a request via email to

privacy@pymetrics.com. Your request must include sufficient information that allows us to

reasonably verify you are the person about whom we collected personal information, which

may include your email address and name. We will not discriminate against you if you

choose to exercise your rights under the CCPA. We aim to respond to a consumer request for

access or deletion within 45 days of receiving that request. If we require more time, we will

inform you of the reason and extension period in writing.

3. Sale of Personal Information. We do not sell your personal data to third parties.

4. Further disclosures. For further disclosures regarding your personal information, as required

by the CCPA, please refer to the main privacy policy above. You can find information about

the business and commercial purposes for which we collect your personal information in

Section 4. “WHAT WE DO WITH THE INFORMATION WE COLLECT”. Section 5

“WITH WHOM WE SHARE THE INFORMATION WE COLLECT” provides information

about the categories of third parties to whom we disclose your personal information to, as

well as information regarding which categories of personal information are being disclosed.