What Personal Data Do We Receive?

Personal data is any information from or about an identified or identifiable person, including information that Oplign can associate with an individual person. We may collect, or process on behalf of our customers, the following categories of personal data when you use or interact with Oplign products and services:

• Account Information: Information associated with an account that licenses Oplign products and services, which may include administrator name, contact information, account ID, billing and transaction information, and account plan information.
• Profile and Participant Information: Information associated with the Oplign profile of a user who uses Oplign products and services under a licensed account, which may include name, display name, picture, email address, phone number, job information, stated locale, user ID, or other information provided by the user and/or their account owner.
• Contact Information: Contact information added by accounts and/or their users to create contact lists on Oplign products and services.
• Communications with Oplign: Information about, and contents of, your communications with Oplign, including relating to support questions, website virtual chats, your account, and other inquiries.

How Do We Use Personal Data?

Oplign employees do not access or use Customer data aside from daily quality control checks, and other support as required. Under no circumstance is Customer jobs data considered sensitive information.

As discussed below, Oplign uses personal data to conduct the following activities:

• Provide Oplign Products and Services: To provide and develop products and services to account owners, their licensed end users, and those they invite to join meetings and webinars hosted on their accounts, including to customize Oplign products and services and recommendations for accounts or their users. Oplign also uses personal data to determine what products and services may be available in your location, and uses personal data, including contact information, to route invitations, messages, or Oplign Emails to recipients when users send or receive invitations, messages, or Oplign Emails using Oplign products and services. This may also include using personal data for customer support at the direction of the account owner or their users. We also use personal data to manage our relationships and contracts with account owners and others, including billing, compliance with contractual obligations, and related administration.
• Product Research and Development: If authorized by any applicable customer settings, to develop, test, and improve Oplign products and services, and to troubleshoot products and services. Oplign does not use any of your communications to train Oplign.
• Marketing and Promotions: Oplign hates the internet marketing model, and will not sell your information to third-parties for any reason.
• Authentication, Integrity, Security, and Safety: To authenticate accounts and activity, detect, investigate, and prevent malicious conduct, fraudulent activity or unsafe experiences, address security threats, protect public safety, and secure Oplign products and services.
• Communicate with You: We use personal data (including contact information) to communicate with you about Oplign products and services, including product updates, your account, and changes to our policies and terms. We also use your information to respond to you when you contact us.
• Legal Reasons: To comply with applicable law or respond to valid legal process, including from law enforcement or government agencies, to investigate or participate in civil discovery, litigation, or other adversarial legal proceedings, protect you, us, and others from fraudulent, malicious, deceptive, abusive, or unlawful activities, and to enforce or investigate potential violations of our Terms of Service or policies.

How Do We Share Personal Data?

Oplign provides personal data to third parties only with consent or in one of the following circumstances (subject to your prior consent where required under applicable law):

• Resellers: If an enterprise licensed or purchased Oplign products and services from a third-party reseller of Oplign products and services, the reseller may be able to access user profile data.
• Vendors: Oplign works with third-party service providers to provide, support, and improve Oplign products and services and technical infrastructure, and for business services.
• Marketing, Advertising, and Analytics Partners: Oplign uses third-party marketing, advertising, and analytics providers: to provide statistics and analysis about how people are using Oplign products and services, including our website; and to provide advertising and marketing for Oplign products and services, including targeted advertising based on your use of our website. These third-party partners may receive information about your activities on Oplign's website through third-party cookies placed on Oplign's website.
• Change of Control: We may share personal data with actual or prospective acquirers, their representatives and other relevant participants in, or during negotiations of, any sale, merger, acquisition, restructuring, or change in control involving all or a portion of Oplign's business or assets, including in connection with bankruptcy or similar proceedings.

Privacy Rights and Choices

Marketing Communications
If you don't want to learn about products and services we or our partners offer, you can opt-out of marketing communications in the communication sent to you (for example, via email or SMS), or by emailing privacy@oplign.com. Not all of our communications are for marketing, and you'll continue to receive messages related to your products and services or customer service.

Data Rights
If you are in the European Economic Area (EEA), Switzerland, or the UK, or a resident of California or another U.S. state with an applicable privacy law, please refer to the respective dedicated sections below. Otherwise, at your request, and as required by applicable law, we will:

• Inform you of what personal data we have about you that is under our control;
• Amend or correct such personal data or any previous privacy preferences you selected, or direct you to applicable tools; and/or
• Delete such personal data or direct you to applicable tools.

Where legally permitted, we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, or jeopardize the privacy of others. As an account owner or a user under a licensed account, you may also take steps to affect your personal data by visiting your account and modifying your personal data directly.

Children

Oplign does not allow children under the age of 16 to sign up for a Oplign account.

How to Contact Us

If you have any privacy-related questions or comments related to this Privacy Statement, please send an email to info@oplign.com.

You can also contact us by writing to the following address:

Oplign, LLC
Attention: Data Privacy
500 E. Main St., Suite 1600
Norfolk, VA 23510

You can contact our Data Protection Officer by sending an email to info@oplign.com.

Retention

We retain personal data for as long as required to engage in the uses described in this Privacy Statement, unless a longer retention period is required by applicable law.

The criteria used to determine our retention periods include the following:

• The length of time we have an ongoing relationship with you and provide Oplign products and services to you (for example, for as long as you have an account with us or keep using our products);
• Whether account owners modify or their users delete information through their accounts;
• Whether we have a legal obligation to keep the data (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); or
• Whether retention is advisable in light of our legal position (such as in regard to the enforcement of our agreements, the resolution of disputes, and applicable statutes of limitations, litigation, or regulatory investigation).

European Data Protection Specific Information

If you are in the EEA, Switzerland, or the UK, your rights in relation to your personal data processed by us as a controller specifically include:

• Right of access and/or portability: You have the right to access any personal data that we hold about you and, in some circumstances, have that data provided to you so that you can provide or 'port' that data to another provider;
• Right of erasure: In certain circumstances, you have the right to the erasure of personal data that we hold about you (for example, if it is no longer necessary for the purposes for which it was originally collected);
• Right to object to processing: In certain circumstances, you have the right to request that we stop processing your personal data and/or stop sending you marketing communications;
• Right to rectification: You have the right to require us to correct any inaccurate or incomplete personal data;
• Right to restrict processing: You have the right to request that we restrict processing of your personal data in certain circumstances (for example, where you believe that the personal data we hold about you is not accurate or lawfully held).

If you have any other questions about our use of your personal data, please send a request at the contact details specified in the How to Contact Us section of this Privacy Statement. Please note that we may request you to provide us with additional information in order to confirm your identity and ensure that you are entitled to access the relevant personal data.

You also have the right to lodge a complaint to a data protection authority. For more information, please contact your local data protection authority.

Legal Basis for Processing Personal Data

We only use your information in a lawful, transparent, and fair manner. Depending on the specific personal data concerned and the factual context, when Oplign processes personal data as a controller for individuals in regions such as the EEA, Switzerland, and the UK, we rely on the following legal bases as applicable in your jurisdiction:

• As necessary for our contract: When we enter into a contract directly with you, we process your personal data on the basis of our contract in order to prepare and enter into the contract, as well as to perform and manage our contract (i.e., providing Oplign products and services, features and services to account owners, their users, and those they invite to join meetings and webinars hosted on their accounts, and manage our relationship and contract, including billing, compliance with contractual obligations, and related administration). If we do not process your personal data for these purposes, we may not be able to provide you with all products and services;
• Consistent with specific revocable consents: We rely on your prior consent in order to utilize cookies to engage advertising and analytics partners to deliver tailored advertising and analysis of our website usage.
• As necessary to comply with our legal obligations: We process your personal data to comply with the legal obligations to which we are subject for the purposes of compliance with EEA laws, regulations, codes of practice, guidelines, or rules applicable to us, and for responses to requests from, and other communications with, competent EEA public, governmental, judicial, or other regulatory authorities. This includes detecting, investigating, preventing, and stopping fraudulent, harmful, unauthorized, or illegal activity ('fraud and abuse detection') and compliance with privacy laws;
• To protect your vital interests or those of others: We process certain personal data in order to protect vital interests for the purpose of detecting and preventing illicit activities that impact vital interests and public safety, including child sexual abuse material; and
• As necessary for our (or others') legitimate interests, unless those interests are overridden by your interests or fundamental rights and freedoms, which require protection of personal data: We process your personal data based on such legitimate interests to (i) enter and perform the contract with the account owner and/or reseller providing you with the products and services (which includes billing, compliance with contractual obligations, and related administration and support); (ii) develop, test, and improve our products and services and troubleshoot products and services; (iii) ensure authentication, integrity, security, and safety of accounts, activity, and products and services, including detect and prevent malicious conduct and violations of our terms and policies, prevent or investigate bad or unsafe experiences, and address security threats; (iv) send marketing communications, advertising, and promotions related to the products and services; and (v) comply with non-EEA laws, regulations, codes of practice, guidelines, or rules applicable to us and respond to requests from, and other communications with, competent non-EEA public, governmental, judicial, or other regulatory authorities, as well as meet our corporate and social responsibility commitments, protect our rights and property and the ones of our customers, resolve disputes, and enforce agreements.

International Data Transfers

Oplign operates globally, which means personal data may be transferred, stored (for example, in a data center), and processed outside of the country or region where it was initially collected where Oplign or its service providers have customers or facilities – including in countries where meeting participants or account owners hosting meetings or webinars that you participate in or receiving messages that you send are based.

Therefore, by using Oplign products and services or providing personal data for any of the purposes stated above, you acknowledge that your personal data may be transferred to or stored in the United States where we are established, as well as in other countries outside of the EEA, Switzerland, and the UK. Such countries may have data protection rules that are different and less protective than those of your country.

We protect your personal data in accordance with this Privacy Statement wherever it is processed and take appropriate contractual or other steps to protect it under applicable laws. Where personal data of users in the EEA, Switzerland, or the UK is being transferred to a recipient located in a country outside the EEA, Switzerland, or the UK which has not been recognized as having an adequate level of data protection, we ensure that the transfer is governed by the European Commission's standard contractual clauses. Please contact us if you would like further information in that respect.

California & Other U.S. States Notice at Collection

Categories of Personal Information Oplign Receives: Oplign may collect, or process on behalf of our customers, the following categories of personal data, as described above, in the 'What Personal Data Do We Receive?' section: identifiers (such as in Account Information, Profile and Participant Information, Contact Information, and Registration Information), commercial information (such as in Account Information); internet or other electronic network activity information (such as Device Information, Usage Information, and Limited Information from Oplign Email Services); education information such as from university customers; inferences we derive from the preceding or other information we collect; and sensitive personal information (such as certain categories in Account Information), Content and Context from Messaging and Other Collaborative Features.

Sources: We receive information from sources as described in the 'What Personal Data Do We Receive?' section, including: from you (including through your use of our products and services); from partners; from customers; and from publicly available sources. We collect education information from schools that use our services.

Oplign's business and commercial purposes for use: Oplign uses personal data for the following business and commercial purposes: to provide Oplign Products and Services; for Product Research and Development; for Marketing and Promotions; Authentication, Integrity, Security, and Safety; to Communicate with You; and for Legal Reasons. For more information, please see 'How We Share Personal Data?' Categories of third parties to whom we disclose Personal Information for business purposes are described in 'How We Share Personal Data?'

Retention: Oplign retains personal data for as long as required to engage in the uses described in this Privacy Statement, unless a longer retention period is required by applicable law. Additional detail on retention criteria can be found under Retention, above.

California & Other U.S. State Privacy Rights

Under some U.S. state laws, including the California Consumer Privacy Act of 2018 (as amended by the California Consumer Privacy Rights Act) (CCPA), residents may have a right to:

• Access the categories and specific pieces of personal data Oplign has collected, the categories of sources from which the personal data is collected, the business purpose(s) for collecting the personal data, and the categories of third parties with whom Oplign has shared personal data, and obtain the personal data in a portable and, to the extent technically feasible, readily usable format;
• Delete personal data under certain circumstances;
• Correct personal data under certain circumstances; and
• Opt out of the 'sale' of personal data or 'sharing' of personal data for targeted advertising purposes. We do not sell your personal data in the conventional sense. However, like many companies, we may use advertising and analytics services that are intended to analyze your interactions with our website or app, based on information obtained from cookies or other trackers, including for delivering advertising to you (such as interest-based, targeted, or cross-context behavioral advertising). You can get more information and opt out of the use of cookies and other trackers on our website and app by clicking the Cookies Settings/Your Privacy Choices link, also on our homepage, and setting your preferences. You will need to set your preferences from each device and each web browser from which you wish to opt out. This feature uses a cookie to remember your preference, so if you clear all cookies from your browser, you will need to re-select your preferred settings. California and Connecticut residents may also set the Global Privacy Control (GPC) to opt out of the 'sale' or 'sharing' of your personal information for targeted advertising for each participating browser system that you use. Oplign does not have actual knowledge that it 'sells' or 'shares' the personal information of consumers under 16 years of age.
• Appeal a denial of your request. Some states provide additional rights to their residents. If we decline to process your request, you may have the right to appeal our decision. You can do so by replying directly to our denial or emailing privacy@oplign.com.

Oplign will not discriminate against you for exercising any of these rights, which is further in line with your rights under state law.

Sensitive Information. Oplign receives information that may be considered sensitive under some state laws, such as certain Account Information (e.g., financial information, log-in information), certain Content and Context from Meetings, Webinars, Messaging, and Other Collaborative Features and certain Limited Information from Oplign Email and Calendar Services (e.g., messaging content in cases described herein). Oplign processes sensitive personal information to provide Oplign products and services, for product research and development, for authentication, integrity, security, and safety reasons, to communicate with you, for legal reasons, and with your consent. Oplign does not use or disclose sensitive personal information (as defined under CCPA) for purposes of inferring characteristics about a consumer, or in any way that would require Oplign to provide a right to limit under the CCPA. Under certain laws, residents may also be permitted to opt out of certain profiling relating to automated processing analyzing certain categories of an individual's information that would produce a legal or similarly significant effect. Oplign does not engage in this type of profiling of individuals.

These rights are not absolute, are subject to exceptions and limitations, and may not be afforded to residents of all states. In certain cases, we may decline requests to exercise these rights where permitted by law. We will need to verify your identity to process your access, deletion, and correction requests and reserve the right to confirm your state residency. To verify your identity, we may require you to log into your existing Oplign account (if applicable), give a declaration as to your identity under penalty of perjury, and/or provide additional information, such as providing at least two pieces of personal information relating to your account (which will be compared to information we have, such as profile information) or as we otherwise may already have in our possession, such as your email address and phone number. We will verify your consumer request by comparing the information you provide to information already in our possession, and take additional steps to minimize the risk of fraud. You may designate an authorized agent to submit your verified consumer request by providing written permission and verifying your identity, or through proof of power of attorney.

California's Shine the Light Law

California Civil Code Section 1798.83, also known as 'Shine The Light' law, permits California residents to annually request information regarding the disclosure of your Personal Information (if any) to third parties for the third parties' direct marketing purposes in the preceding calendar year. We do not share Personal Information with third parties for the third parties' direct marketing purposes.

Policy Changes

We may update this Privacy Statement periodically to account for changes in our collection and/or processing of personal data, and will post the updated Privacy Statement on our website, with a 'Last Updated' date at the top. If we make material changes to this Privacy Statement, we will notify you and provide you an opportunity to review before you choose to continue using our products and services.