Ventuno GDPR Readiness Statement

The General Data Protection Regulation (GDPR) will take effect across the EU on May 25, 2018. Ventuno complies with all applicable data privacy laws and is fully committed to protecting personal data.

To meet the new privacy standard set by GDPR, Ventuno has an internal team dedicated to implementing required processes and protocols. Some of our ongoing GDPR initiatives include:

• Evaluating how all data we collect is used, stored and accessed.

• Reviewing our internal policies (including our privacy policy) and updating them as needed.

• Encouraging a culture of privacy protection through employee trainings.

• Working with our partners, supplier and customer in reviewing our contractual commitments and updating as needed to directly address GDPR requirements.

• Planning to certify under the EU-US Privacy Shield Framework.

• Conducting regular vulnerability tests and annual penetration test to make sure data is secure.

• Performing regular encrypted data backups to make sure there is no data loss.

• When transferring data outside of the EU, making sure appropriate data transfer mechanisms as required by GDPR are in place.

Highlights of our updated privacy policy:

• We will give users detailed information about what personal data we collect from them, how we collect it, what we do with it, and who we share their data with, including advertisers and other third parties (such as vendors we work with to support the services we provide)

• Our privacy policy provides information on how data is shared, and the ability to control how we use the data.

• We have included information about how to ask us to stop or limit using the data we have.

Last Updated: 24-May-2018