Policy Statement

Protecting your privacy is important to DISA Global Solutions, Inc. (“DISA”). The following policy conveys how DISA uses and safeguards the personal information you provide on the DISA corporate web site and related DISA services.

Information Collection

When you browse to the DISA corporate web site, you do so anonymously. Personal information — including your email address — is not collected.

There are times that we may request that you voluntarily supply us with “Personal Information”, which may include your name, email address, telephone number, and postal address, for purposes such as correspondence, registration, or participation in an online survey. We will not share any of this information with any third party without your express written consent and will take reasonable steps to protect the information you share with us from unauthorized access or disclosure.

We may collect “Navigational Information” via your interaction with the web site that can relate to you and may or may not rise to the level of “Personal Information” However, where Navigational Information cannot relate to you, it is considered “Other Information”. The types of Navigational Information we collect includes data about your devices and their location, your use of our services, your IP address; websites you have navigated from to visit the web site; websites you are navigating to after visiting the site; and geolocation data. Other Information can become Personal Information if the Other Information is stored or used in conjunction with any information which allows us to relate the Other Information to you.

Some of our corporate web pages utilize "cookies." Cookies are identifiers which a web site can send to your browser and are kept on your computer to facilitate your next visit to our site. You can set your browser to notify you when you are sent a cookie, giving you the chance to decide whether to accept it. The information we collect and analyze is used to improve our service to you.

Information Use

We may use Personal Information about you:

• To respond to your inquiries and fulfill your requests, including to contact you if necessary;
• To send to you important information regarding the web site, changes to our terms, conditions and policies and other administrative information;
• To send to you information by email, postal mail, telephone and other means about our products, services, contests, sweepstakes and other promotions;
• To help us improve the customer experience, including by learning more about your preferences to help personalize your experience with us, ;
• To analyze trends and statistics in connection with our businesses and Internet properties, including to measure the success of marketing campaigns and to compile statistics about usage and response rates;
• To protect the security or integrity of our businesses and Internet properties;
• As part of a business transaction where most or all of our assets are acquired by a third party; or
• As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our Affiliates; (f) to protect our rights, privacy, safety or property, or that of you, our Affiliates or others; and (g) to allow us to pursue available remedies or to limit the damages that we may sustain.

Any and all information collected at this site will be kept confidential and will not be sold, reused, rented, loaned, or otherwise disclosed without your express written consent.

If you provide us with your email address, or have done so in the past, we may upon occasion send you email offers, or advise you of updates to the system. We may use information you have given us, for example, to provide a service, measure consumer interest in our various services, or inform you about new products and services.

Personal Information Disclosure: United States or Overseas

Generally speaking, we may disclose Personal Information to service providers, and sometimes third parties, for various purposes. To this end, we may disclose your Personal Information to the following entities for the purposes associated with each entity as noted below:

• To our third-party service providers, who provide services such as website hosting, data storage, data analysis, payment processing, order fulfillment, IT services and infrastructure, customer service, email delivery and administration, credit card processing, auditing and other similar services to enable them to provide services;
• To our subsidiaries and affiliated entities (collectively, our “Affiliates”) for marketing and other purposes;
• To identify you to anyone to whom you send messages through the web site;
• By you, on chat, profile pages, and other services to which you are able to post information and materials (please note that any information and materials that you post or disclose through such services will become public information, and may be available to visitors to the web site and to the general public; we urge you to be very careful when deciding to disclose your Personal Information, or any other information, on or through the web site;
• To a third party in the event of any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceeding); and
• As we believe to be necessary or appropriate: (a) under applicable law, including laws outside your country of residence; (b) to comply with legal process; (c) to respond to requests from public and government authorities, including public and government authorities outside your country of residence; (d) to enforce our terms and conditions; (e) to protect our operations or those of any of our Affiliates; (f) to protect our rights, privacy, safety or property, or that of you, our Affiliates or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

Personal information submitted to DISA for a background screening investigation may at times be transferred outside of the United States. All personal information will be transmitted and stored in a secure manner in accordance with the terms of this policy as DISA has taken measures to protect personal and confidential data:

• Documentation or information such as passport numbers, or unique identification numbers and date of birth, are not sent to anyone overseas other than the actual verification provider (e.g. employer or school registrar) whenever possible.
• Where it is necessary to utilize a local firm, the local firm will first be asked to provide local contact information so that the CRA can contact the foreign verifying party directly.
• If, due to infrastructure or other issues in a foreign country, a foreign research firm must perform the verification, then DISA or our agent has properly vetted the local firm and will redact any unnecessary information.

Privacy and Choice

DISA respects the privacy of the individuals and clients who are the subjects of DISA Services, including but not limited to background checks. DISA will collect, store, and use confidential information following best practices and also in compliance with applicable law, including the FCRA.

Links to Other Sites

DISA is not responsible for the privacy policies, activities or web sites of third parties, such as advertisers, content providers and Alliance Partners. This policy does not cover the information practices of those third parties. We suggest that you contact the relevant parties or access their online policies directly for information about their data collection.

Do Not Track Signals

Major browsers have attempted to implement the draft “Do Not Track” (“DNT”) standard of the World Wide Web Consortium (“W3C”) in their latest releases. As this standard has not been finalized, this website is not compatible with DNT.

Security

We seek to use reasonable organizational, technical, and administrative measures to protect Personal Information under our control. Unfortunately, no data storage system or data transmission over the Internet can be guaranteed to be 100% secure. Please also be aware that we may use third-party cloud service providers that provide hosting,

data storage and other services pursuant to standard terms and conditions that may be non-negotiable; these service providers have informed us or the general public that they apply security measures they consider adequate for the protection of information within their system, or they have a general reputation for applying such measures.

Please exercise caution in submitting Personal Information via the web site, especially if you are accessing the web site using a WiFi hotspot or public network. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account that you might have with us has been compromised, or if you are unable to utilize our SSL technology in connection with the web site, please immediately notify us of the problem and place any orders with us over the telephone or in person, instead of using the web site. You may contact us in such circumstances in accordance with the “Contact” section below.

Event Registration

DISA event registration forms require users to give DISA contact information (such as a name and email address), and other information (for instance, a job title or role). We may use customer contact information from the registration form to send the user information about the event. The customer’s contact information may also be used to contact the visitor when necessary about the event. In some cases, the contact information may be shared with event sponsors and other attendees to foster collaboration.

Privacy of Children

The DISA corporate web site and the related DISA services are designed to be used solely by companies and individuals for business purposes. Therefore, DISA does not anticipate that anyone under the age of 13 will access or use our corporate web site or services. DISA will not knowingly collect or use personal information from anyone under the age of 13.

Your Privacy Rights in California

This California Privacy Notice (“California Notice”) applies to California residents whose Personal Information is processed by DISA pursuant to the California Consumer Privacy Act (“CCPA”) or other California privacy laws described below. The California Notice describes how we protect the Personal Information we process and control relating to California residents, and rights California residents may have in relation to this Personal Information. For purposes of this California Notice, “Personal Information” has the meaning provided by the CCPA and does not include information that is deidentified or aggregated such that it is not capable of being associated with you, or that is excluded from the CCPA’s scope.

Your California Rights and Choices:

As a California resident, you may be able to request to exercise the following rights:

• The Right to Know any or all of the following information relating to your Personal Information we have collected and disclosed in the last 12 months, upon verification of your identity:
  1. The specific pieces of Personal Information we have collected about you;
  2. The categories of Personal Information we have collected about you;
  3. The categories of sources of the Personal Information;
  4. The categories of Personal Information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
  5. The categories of Personal Information we have sold and the categories of third parties to whom the information was sold; and
  6. The business or commercial purposes for collecting or selling the Personal Information.
• The Right to Request Deletion of Personal Information we have collected from you.
  1. However, this right is limited by a number of exceptions. Fundamentally, if DISA has a permissible need to retain Personal Information, we are not under an obligation to delete such information, even when requested. Generally, we retain Personal Information so we may complete the transaction for which the Personal Information was collected, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between us and you; detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; debug to identify and repair errors that impair existing intended functionality of our website(s); enable solely internal uses that are reasonably aligned with your expectations based on your relationship with DISA; comply with a legal obligation; or otherwise use your Personal Information, internally, in a lawful manner that is compatible with the context in which you provided the information. As such, we generally do not accept requests to delete Personal Information.

We collect, process, and share your information for purposes described in this policy, which include “business purposes” under the CCPA.

You have the right to be free of discrimination for exercising these rights. However, please note that if the exercise of these rights limits our ability to process Personal Information, for example, if you submit a deletion request, we may no longer be able to provide you our products and services or engage with you in the same manner.

To submit your California Consumer Rights Requests: You may submit a request to exercise your California Consumer Rights through one of the mechanisms described below. We will need to verify your identity before processing your request, which may require us to request additional Personal Information from you or require you to log into your account, if you have one. In certain circumstances, we may decline or limit your request, particularly where we are unable to verify your identity or locate your information in our systems, or as permitted by law.

To exercise your California Consumer Rights to Know, Delete, or for additional information, please submit a request to 1-800-752-4632; https://disaworks.disa.com/#/background-request/request-copy.

Finally, you may also submit a verifiable consumer request through an authorized agent. To do so please be prepared for your agent to provide a signed permission, to verify their own identity with us, and to directly confirm with us that you provided the agent permission to submit the request.

California’s “Shine the Light” Law . California’s “Shine the Light” law (Civil Code Section §1798.83) provides certain rights to California residents that have an established business relationship with us with regard to the disclosure of certain types of Personal Information to third parties for their direct marketing purposes. To opt-out of having your Personal Information disclosed to third parties for their direct marketing purposes, please submit a request using one of the California consumer rights request methods designated above.

If you have any questions regarding this policy, please contact:

DISA Global Solutions, Inc.
Attn: Privacy Officer
10900 Corporate Centre Drive, Ste. 250
Houston, TX 77041
281-673-2400
Toll Free: 1-800-752-6435

Email: InfoSec@disa.com

In accordance with California Civil Code 1786.20, in order to obtain additional information about DISA's policies and practices in connection with background screening investigations, please contact DISA's Director of Background Compliance, Morgan Reynolds by any of the following means:

Email: morgan.reynolds@disa.com
Address: 17592 E. 17th Street, Suite 300, Tustin, CA 92780
Phone: 714-669-4835
Last Updated: November 10, 2020