PRIVACY Policy

Website Cookies Policy

Last updated on May 31, 2022

1. Introduction

This Cookie Policy describes how Strategic Risk Associates and its subsidiaries (collectively, “SRA”, “us”, “we”,

“our”) use cookies, beacons, pixels and other similar means. By using our website (www.SRARISK.com), and any

webpages included thereto (collectively: the “Website”) and related Services, you agree to our use of the means

described below.

While you may visit our website or otherwise use the Services without telling us who you are or revealing any

Personal Data [Client to confirm], please note that our server logs capture information regarding your operating

system, browser type, IP (Internet Protocol), URL clickstream through, and from our website, including date and

time.

We apply the following means to automatically collect data (including Personal Data) from you:

Personal Analytics information.

We may directly collect analytics data, or use third-party analytics tools, to help us measure your usage trends for

the Services. These tools collect information sent by your browser or mobile device, including data on your traffic

on our Services. If we do engage in such collection or use, we will collect and use this analytics information to

provide you a more customized experience on our Services, such as serving you curated newsletters, recommended

content, or marketing material.

Tracking Information

We use or may use cookies, log file, location data and clear gifs information to: (a) remember information so that

you will not have to re-enter it during your visit or the next time you visit the site; (b) provide custom, personalized

content and information; (c) provide and monitor the effectiveness of our Services; (d) monitor aggregate metrics

such as total number of visitors, traffic, and demographic patterns; (e) diagnose or fix technology problems; (f) help

you efficiently access your information after you sign in; (g) automatically update the App (when and if available);

and (h) use aggregate metrics to help market our Services or products.

Anonymized Analytics Information

We may directly collect analytics data, or use third-party analytics tools, to help us measure traffic and usage trends

for the Services. These tools collect information sent by your browser or mobile device, including the pages you

visit and other information that assists us in improving the Services.

Third Party Data

We also may use the technologies listed herein to collect information about your activities over time and across

third-party websites, apps or other online services (behavioral tracking).

Log file Information

Log file information is automatically reported by your browser or mobile device each time you access the Services.

When you use our Services, our servers automatically record certain log file information. These server logs may

include anonymous information such as your web request, Internet Protocol (“IP”) address, browser type, referring

/ exit pages and URLs, number of clicks and how you interact with links on the Service, domain names, landing

pages, pages viewed, and other such information.

Location Data

If you choose to provide us with such information by allowing us access to your location data through the Service's

functionality, when you access the Service, we may access, collect, monitor and/or remotely store “location data,”

which may include GPS coordinates (e.g., latitude and/or longitude) or similar information regarding the location of

your device. Location data may convey to us information about how you browse and use the Services. Some

features of the Services, particularly location-based services, may not function properly if use or availability of

location data is impaired or disabled.

2. Cookies Pixels and Beacons

What are Cookies?

Cookies are small data files downloaded and stored on your device while browsing a website, often used to keep

record of actions taken on such website or track related browsing activity. For additional information regarding

Cookies and the way to control them, please check out the Help file of your browser or visit

http://www.aboutcookies.org.

Cookies Information

When you visit the Service, we or our analytics providers may send one or more cookies (a small text file containing a string of alphanumeric characters) to your computer that uniquely identifies your browser and lets SRA help you log in faster and enhance your navigation through the Services. A cookie may also convey information to us about how you use the Services (e.g., the pages you view, the links you click and other actions you take on the Services) and allow us to track your usage of the Services over time. A persistent cookie remains on your hard drive after you close your browser. Persistent cookies may be used by your browser on subsequent visits to the site. Persistent cookies can be removed by following your web browser's directions. A session cookie is temporary and disappears after you close your browser.

Cookie opt-out

We do not respond to “Do Not Track” (DNT) signals. However, some third-party sites do keep track of your

browsing activities when they serve you content, which enables them to tailor what they present to you. If you are

visiting such sites, your browser may allow you to set the DNT signal on your browser so that third parties

(particularly advertisers) know you do not want to be tracked. You may elect to opt-out from enabling Cookies: (a)

in the browser’s settings tools, usually by choosing between several options offered by the browser (some browsers

(for example, Google Chrome®) allow blocking Cookies from a specific website, and respectively you may choose

to block applicable Cookies); or (b) by rejecting the popup message requesting your consent of SRA use of such

Cookies at your new browsing session of the domain. Please refer to your mobile device or browser's technical

information for instructions on how to delete and disable cookies, and other tracking/recording tools. Please note

that it may not be possible to delete or disable tracking mechanisms, depending on your type of mobile device. Note

that disabling cookies and/or other tracking tools prevents SRA or its analytics providers from tracking your

browser's activities in relation to the Services. However, doing so may disable many of the features available

through the Services.

What are pixels and beacons?

Pixels, beacons and clear codes are codes that trigger the use of Cookies by us or third parties on our website.

Clear Gifs/Web Beacons Information

When you use the Service, we or our analytics providers may employ clear gifs (also known as web beacons) which

are used to anonymously track the online usage patterns of our users. In addition, we may also use clear gifs in

HTML-based emails sent to our users to track which emails are opened and which links are clicked by recipients.

The information allows for more accurate reporting and improvement of the Service.

3. Details

We use pixels from LinkedIn and Facebook to track visitors to our site and serve them ads using customary

retargeting methods.

We also use standard browser Cookies, which are stored on your browser application, computer or other

device. These Cookies do not store any Personal Data and are used only to verify that the user is logged in. They

are deleted when you close your browser.

4. Consent

By using the Website and/or otherwise engaging any of the Services, you understand that we may place Cookies on

your computer, including analytical cookies, in accordance with the terms of this Cookies Policy, for such purposes

described under our Privacy Notice.

5. Changes and Updates

We may change this Cookie Policy from time to time. Please look at the “Last Updated” legend at the top of this

page to see when this Cookie Policy was last revised.

Any changes to this Cookie Policy will become effective when we post the revised Cookie Policy on the Website.

Your use of the Website following these changes means that you accept the revised Cookie Policy. If you have any questions about opting out of the collection of cookies and other tracking/recording tools, you can

contact us directly at privacy@SRArisk.com.

III.PRIVACY NOTICE

Last revised on May 31, 2022

Welcome to SRA, the online and mobile service of Strategic Risk Associates (“SRA,” “we,” or “us”). Our Privacy

Notice explains how we collect, retain, process, and use, disclose, and protect your data that applies to our Service

(as defined under our Terms of Use [add link], and your choices about the collection and use of your Personal Data.

Capitalized terms that are not defined in this Privacy Notice have the meaning given them in our Terms of Use.

Please read this Privacy Notice carefully to understand our policies and practices regarding your data (including

Personal Data, as prescribed below) and how we will treat it.

We will collect and process your Personal Data as described in this Privacy Notice. Where applicable, we will

obtain your opt-in consent for such purpose.

However, with respect to Personal Data which we collect for certain purposes reflecting our legitimate interests

and/or non-Personal Data, your browsing of the Website and/or use of the Services, will be deemed as your

consent, which you may opt-out from by deleting your Account. Thus, if you do not agree with our policies and

practices, do not access, register with or use any of the Services (and if applicable, delete your Account).

This Privacy Notice may change from time to time (see Changes to Our Privacy Notice). Your continued use of the

Services after we make changes to this Privacy Notice is deemed to be acceptance of those changes, so please

check this Privacy Notice periodically for updates. However, where such changes require your opt-in consent in our

opinion, we will act to obtain such consent.

If you make available any personal data other than your own within the course of the Services (including by any

communication means) to us and/or any other entity, then you will be solely responsible for obtaining all consents

and approvals from the respective data subjects, and further for having them acknowledge this Privacy Notice.

What Data we Collect and How we Use It

Upon registration with the Services, a User profile is developed to further customize your experience. We collect

personally identifiable information (the "Personal Data") you actively enter onto our online forms during

registration or while using the Services as well as certain non-personal or de-identified data, as described below.

We collect the following types of data about you:

Data you provide us directly:

When you register on, or otherwise use the Services, we may collect the following Personal Data you provide via

forms, surveys, applications or other online fields:

• Email

• Password

• First and Last Name

• Date of Birth

• Gender

• Phone Number

• Address and Zip Code

• Telephone, fax and mobile numbers

• User account photo

• Billing information and other financial information

• Communications or correspondence related to our Services, which might contain Personal Data

We may use this data (including Personal Data) to operate, maintain, and provide to you the features and

functionality of the Services, and for compliance with applicable law (including any potential legal dispute) .

We will also use this data to send you a text message or an email to confirm your registration with us.

Data we may receive from third parties:

In some cases, we may receive data about you from third party(ies) such as social media channels or third party(ies)

who used our Services to invite you. For example, if you access our Site or Services through a third-party

connection or log-in like Facebook Connect, by “following,” “liking,” adding the SRA application, linking your

account to the Service, etc., that third party may pass certain data about your use of its service to SRA. This data

could include, but is not limited to, the user ID associated with your account (for example, your Facebook UID), an

access token necessary to access that service, any data that you have permitted the third party to share with us, and

any data you have made public in connection with that service. In addition, we may collect and use certain kinds of

publicly available data about you from social media sites, including number of followers, number of likes or

number of posts. If you allow us access to your friends list, your friends' user IDs, and your connection to those

friends, we may use and store this data to make your experience more social, and to allow you to invite your friends

to use our Services as well as provide you with updates if and when your friends join SRA. You should always

review, and if necessary, adjust your privacy settings on third-party websites and services before linking or

connecting them to our Services. You may also unlink your third-party account from the Services by adjusting your

settings on the third-party service. If you unlink your third-party account, we will remove the data collected about

you in connection with that service.

Inviting a friend to use SRA through use of the Service:

If you choose to allow SRA to access your contacts, and you message those contacts through use of our Services,

SRA may invite such third-party contact to the Services by email or text message — but we do not require that you

import your contacts list to the Service, and we do not retain the data contained in your contacts list. You

understand that by inviting a friend to SRA, you are directly sending a text or email from your account and that we

are not storing your contact list. In addition, you understand and agree that normal carrier charges may apply to

communications sent from your phone. Since this invitation is coming directly from you, we do not have access to

or control this communication.

Data automatically collected or generated: When you visit, interact with or use our website and/or otherwise use

our Services, including any e-mail sent to you by us, we may collect or generate technical data about you. We

collect or generate such data either independently or with the help of third-party services, including through the use

of cookies, beacons, pixels and other tracking technologies (as further detailed in our "cookies policy" [add link]).

Such data consists of connectivity, technical or aggregated usage data, such as IP address, non-identifying data

regarding the device, operating system, browser version locale and language settings used, the cookies, beacons,

and pixels installed on such device, and the activity (clicks and other interactions) of users of our website and/or

other Services.

We do not use such data to learn a person's true identity or contact details, but mostly to have a better

understanding on how our users typically use browse our website. The use of such technical and device data also

helps us and our partners to deliver contextual or otherwise more effective advertisements and content; to optimize

our ad management and our users' viewing experience, and to improve the overall user experience and functionality

of our website.

Please refer to our Cookies Policy to better learn what type of data (including Personal Data) we collect via these

means, and the manner in which we use such data.

Marketing and service communications:

We use the data we collect or receive to communicate directly with you. We may send you emails containing

newsletters, promotions and special offers, without sharing your Personal Data with third parties. If you do not

want to receive such email messages, you will be given the option to opt out or change your preferences. We also

use your data to send you Service-related emails (e.g., account verification, purchase and billing confirmations and

reminders, changes/updates to features of the Service, technical and security notices). You may not opt out of

Service-related e-mails.

Sharing of Your Data

We will not rent or sell your data to third parties outside SRA and its group companies (including any parent,

subsidiaries and affiliates) without your consent, except as noted below:

Who we may share your data with:

We may share your data with third-party service providers for the purpose of providing the Services to you. This

sharing is necessary to provide you access and use of the Services and such service providers will be given limited

access to your data as is reasonably necessary to deliver the Services and will not sell or otherwise impermissibly

disclose your data. In some cases, we may collect or share your data with third-party business partners for the

purpose of providing you a more customized experience on our Services or to serve marketing material of such

business partner. If we engage in such collection or use, we will provide you the opportunity to opt-out of such

sharing with business partners at the time of collection or use.

The current third-party service providers that have access to your Personal Data are as follows:

Facebook and LinkedIn for pixel and retargeting purposes/Google for website performance tracking. Campaign

Monitor for list building.

What happens in the event of a change of control:

We may buy or sell/divest/transfer the company (including any equity interests in the company), or any

combination of its products, services, assets and/or businesses. The data you provide to us, or we collect from you

may be among the items sold or otherwise transferred in these types of transactions. We may also sell, assign or

otherwise transfer such data in the course of corporate divestitures, mergers, acquisitions, bankruptcies,

dissolutions, reorganizations, liquidations, similar transactions or proceedings involving all or a portion of the

company.

Instances where we are required to share your data: SRA will disclose your data where required to do so by law or

subpoena or if we reasonably believe that such action is necessary to (a) comply with the law and the reasonable

requests of law enforcement; (b) to enforce our Terms of Use or to protect the security or integrity of our Services;

and/or (c) to exercise or protect the rights, property, or personal safety of SRA, our Users or others.

Sharing certain non-personal data, we collect about you: We may also aggregate or otherwise strip data of all

personally identifying characteristics and may share that aggregated, anonymized data with third parties.

Storage and Processing: Your data collected through the Services may be stored and processed in the United States

or any other country in which SRA or its subsidiaries, affiliates or service providers maintain facilities. While

privacy laws may vary between jurisdictions, SRA has taken reasonable steps to ensure that your Personal Data is

treated in a secure and lawful manner and in accordance with common industry practices, regardless of any lesser

legal requirements that may apply in other applicable jurisdictions. Thus, while SRA may transfer information that

we collect about you, including Personal Data, to affiliated entities, or to other third-parties throughout the United

States, therefore, if you reside outside of the United States please note that SRA will not be responsible for the

transmission of your personal data into the United States; as SRA’s customers are domestically located within the

United States.

Keeping your data safe: SRA cares about the security of your data and uses commercially reasonable safeguards to

preserve the integrity and security of all data collected through the Service. To protect your privacy and security,

we take reasonable steps (such as two-step authentication) to verify your identity before granting you initial access

to your account. You are responsible for any use of the Services on your account, whether by you or a third party,

as well as for controlling access to your email communications from SRA, at all times. However, SRA cannot

ensure or warrant the security of any data you transmit to SRA or guarantee that data on the Services may not be

accessed, disclosed, altered, or destroyed. Your privacy settings may also be affected by changes to the

functionality of third-party sites and services that you add to the SRA Service, such as social networks. SRA is not

responsible for the functionality or security measures of any third party.

Compromise of data:

In the event that any data under our control is compromised as a result of a breach of security, SRA will take

reasonable steps to investigate the situation and where appropriate, notify those individuals whose data may have

been compromised and take other steps, in accordance with any applicable laws and regulations.

How long we keep your personal data:

Generally, we retain your Personal Data for a period of 36 months from date of the date in which the respective

Personal Data was collected. However, (i) we retain your Personal Data pertaining to your name, Account, contact

information (including email), so long as your account is not deactivated; (ii) we may retain your Personal Data

(including such Personal Data specified un subsection (i) above), for a longer period for accounting, archival, audit and legal purposes (i.e., as required by laws applicable to our record and bookkeeping, and in order to have proof

and evidence concerning our relationship or any claims related thereto, should any legal issues arise).

Your Choices about Your Data

You control your account information and settings: You may update your account data and email-communication

preferences at any time by accessing your account and changing your profile settings. You can also stop receiving

promotional email communications from us, if any, by clicking on the “unsubscribe link” provided in such

communications. We make every effort to promptly process all unsubscribe requests. As noted above, you may not

opt out of Service-related communications (e.g., account verification, changes/updates to features of the Service,

technical and security notices). If you have any questions about reviewing or modifying your account data, you can

contact us directly at privacy@SRArisk.com

Your Rights Regarding Your Personal Data Under Applicable Law

You may have certain rights regarding the manner of collection, processing, and usage of your Personal Data

pursuant to applicable privacy laws. You may be eligible for the following rights:

The right to have your Personal Data deleted:

However, please note that we may limit this right in the event we are required to retain such Personal Data in order

for us to comply with any legal obligation, or in the event that we believe that we require, or may require in the

future, to use such Personal Date is required, for the purpose of exercising of a legal defense.

The right to access the Personal Data that we collect and process.

The right to rectify untrue or incorrect Personal Data.

The right to object to us processing your Personal Data:

However, in case you object to our processing of any Personal Data which we require to reasonably provide you

with any services and/or otherwise make the Services available to you, you will not be able to use such Services; or,

your use of the Services might be limited. The right to have your Personal Data exported at your request: which we

will make efforts to comply with within a reasonable time and provide you with such compiled data through an

electronic medium of our choice.

Children's Privacy

SRA does not knowingly collect or solicit any information from anyone under the age of 16 or knowingly allow

such persons to register as Users. The Services and its content are not directed at children under the age of 16. In

the event that we learn that we have collected personal information from a child under age 16 without verification

of parental consent, we will delete that information as quickly as possible. If you believe that we might have any

information from or about a child under 16, please contact us at privacy@SRArisk.com

Links to Other Web Sites and Services

We are not responsible for the practices employed by websites or services linked to or from the Services, including

the data or content contained therein or sent to you in a message from any third party that contacts you through use

of the Services. Please remember that when you use a link to go from the Services to another website, our Privacy

Policy does not apply to third-party websites or services. Your browsing and interaction on any third-party website

or service, including those that have a link on our website or through our Services, are subject to that third party's

own rules and policies.

This Privacy Policy does not apply to data we collect by other means (including offline) or from other sources other

than through the Services.

How to Contact Us

If you have any questions about this Privacy Notice or the Service, or if you wish to exercise your rights with

respect to your Personal Data, please contact us at privacy@SRArisk.com