Newton Consulting, LLC and its affiliates (collectively, “Newton”) respect the importance of protecting the privacy of personal data (“Personal Data”) collected by us. Newton collects and uses Personal Data to provide world-class services for our employees, clients and partners. This Policy is designed to set forth how Newton will handle Personal Data that it collects in the normal course of business. Newton strives to be global and consistent in how it handles personal data.

Newton Consulting, LLC and its affiliates (collectively, “Newton”) respect the importance of protecting the privacy of personal data (“Personal Data”) collected by us. Newton collects and uses Personal Data to provide world-class services for our employees, clients and partners. This Policy is designed to set forth how Newton will handle Personal Data that it collects in the normal course of business. Newton strives to be global and consistent in how it handles personal data.

Our privacy policy applies to:

All individuals who provide personal information, such as consumers, customers, research subjects, business partners, members, job applicants, employees, retirees and others; All locations where we operate, even where local regulations do not exist; and All methods of contact, including in person, written, via the Internet, direct mail, telephone, or facsimile.

This Policy describes Newton’s standard global procedure governing access to and use of Newton Personal Data across borders. Newton complies with the EU-U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States, respectively. Newton has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/.

This Policy does not necessarily describe how local management may handle personal data in order to comply with local privacy laws. Local management in conjunction with the responsible human resources manager(s) will be responsible for accessing and complying with local/unique laws and/or rules regarding the processing of personal information in that particular locale.

This Policy is also designed to inform all employees about their obligation to protect the privacy of all individuals (whether co-employees, independent contractors, or sub-contractors) and the security of their personal information. The violation of this Policy, whether negligent or intentional, may be subject to disciplinary action by Newton.

SCOPE

This is a Global Policy. Newton will extend the protection of the Privacy Shield Principles to all personal data originating outside of the United States, which is transferred to Newton facilities in the United States. Outside of the United States, Newton facilities are required to comply with this Policy as well as the privacy laws in force in their local jurisdictions.

AFFILIATES

Our affiliates who may receive Personal Data as described within this Policy are: Newton Talent; Newton Institute, LLC; Aspirant; Aspirant, Ltd.

Each of those affiliates is committed to complying with the EU-U.S. Privacy Shield and Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles.

DEFINITIONS

Personal Data: Information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to a specific individual; and (4) can be linked to that individual.

Sensitive Data: Information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that information that concerns an individual’s health. For purposes of the Swiss-U.S. Privacy Shield Framework this definition shall also include ideological views or activities, information on social security measures, or administrative or criminal proceedings and sanctions, which are treated outside pending proceedings.

Privacy Shield Principles (the “Principles”): The seven principles (notice; choice; accountability for onward transfer; data security; data integrity and purpose limitation; access; and recourse, enforcement, and liability) issued by the Department of Commerce to diminish data privacy uncertainty and provide a more predictable framework for data transfers.

POLICY

This privacy policy outlines Newton’s general policy and practices for implementing the Principles, including the types of information Newton gathers, how Newton uses it and the notice and choice affected individuals have regarding Newton’s use of and their ability to correct that information. The following are the details of the coverage of Newton’s privacy program.

• Any information Newton obtains is used only for specified and lawful purposes in the performance of the services for which Newton has been engaged.

• Newton only asks for information that is reasonably adequate, relevant, and not excessive to allow Newton to perform the services for which Newton has been engaged.

• Newton maintains information accurately and where necessary takes steps to maintain and/or ensure its accuracy.

• Newton processes information in accordance with individual rights (which are detailed below) and by the explicit permissions given to Newton to use individual data on their behalf.

• Newton keeps data in secure locations.

To ensure the privacy of Personal Data, Newton has implemented measures to address the Principles.

SEVEN PRINCIPLES

1. NOTICE

Excluding our Employee Information, which is detailed below, Newton processes and uses your Personal Data only as part of our business relationship with you and/or your company; including contract and billing administration; fulfilling business obligations to you and/or your company; marketing communications; and other business-related activities of which you are informed of at the time your Personal Data is collected or as soon thereafter as is practical. We may be required to disclose Personal Data to our agents, contractors, vendors, and business partners or to protect and defend the rights or property of Newton. Newton must reply to lawful requests from public authorities, including national security or law enforcement, for disclosure of Personal Data.

Newton does not sell, lease or rent Personal Data to third parties.

Online Information.

In general, you may visit the Newton Site without providing any Personal Data. However, you may choose to provide us with Personal Data by completing online forms. At the point of collection, we will inform you of how your Personal Data will be used; apart from these uses, Newton will only use Personal Data in accordance with the terms of this Policy. We use a third-party vendor, HubSpot, Inc. (“HubSpot”) to collect email and other address information. HubSpot’s privacy policy is located at: https://legal.hubspot.com/privacy-policy and HubSpot participates in and has certified its compliance with the EU-U.S. Privacy Shield to facilitate the transfer of personal information from European Union member countries to the United States. We collect Personal Data about from those who provide their information through the HubSpot information form (the “Form”). In certain areas of the Form, we require that you provide us with Personal Data, in order to be able to use that portion or those portions of the site.

Employment Applications.

Internal:

We use a third-party vendor, WorkforceNow, an ADP, LLC company (“WFN”) to track applications for Newton roles. Their privacy statement is located https://privacy.adp.com/privacy.html?locale=en_US. We collect personally identifiable information about applicants who provide their information through the WorkforceNow employment application portal (the “WFN Portal”). In certain areas of the WFN Portal, we require that you provide us with personally identifiable information, in order to be able to use that portion or those portions of the site.

Historically, we have also used a third-party vendor, MyStaffingPro, a Paychex, Inc. company (“MSP”) to track applications for U.S.-based Newton roles. Their privacy policy is located http://www.paychex.com/corporate/privacy.aspx. We collect personally identifiable information about applicants who provide their information through the employment application portal (the “MSP Portal”). In certain areas of the Portal, we require that you provide us with personally identifiable information, in order to be able to use that portion or those portions of the site.

External:

We use a third-party vendor, CATS Software, Inc. (“CATS”) to track employee applications for our U.S. clients. Their privacy policy is located at: http://www.catsone.com/privacy-policy. We collect personally identifiable information about applicants who provide their information through the employment application portal (the “CATS Portal”). In certain areas of the Portal, we require that you provide us with personally identifiable information, in order to be able to use that portion or those portions of the site.

Employee Information.

Newton collects Employee Data from prospective and present employees only for legitimate business purposes, including the administration of insurance benefits. Our European Union employees, at the time of their employment, are notified in detail how their Personal Data will be used. Employee Data on health, performance evaluations, and disciplinary actions, as well as other sensitive employee matters, is accessible by other Newton employees or third party agents only if necessary with respect to legitimate human resource functions or issues.

An employee may choose to provide a picture and other Personal Data to be placed on the Newton intranet. New employees may decline to provide this consent, and all employees may withdraw their consent to such publications at any time.

For legitimate human resource purposes, employees may choose to voluntarily disclose Personal Data about family members. If an employee chooses to do so, their family member’s Personal Data shall be treated, for the purposes of this Policy, the same as an employee’s Personal Data. Unless otherwise noted or excluded by context, “Employee Data” is included within the definition of “Personal Data” for the purposes of this Policy. Employee Data is never sold, leased, or rented to a third party. Employee Data will never be disclosed to third parties, except as follows: (1) to those retained by Newton for processing only for the purposes set forth above; (2) where required pursuant to an applicable law, governmental, or judicial order, law or regulation, or to protect the rights or property of Newton; (3) where authorized in writing by the Employee; (4) where the Employee voluntarily provides Personal Data and the context makes it clear that Employee Data will be provided to a third party; and/or (5) Employee resumes/bios may be provided to Clients or prospective Clients.

Newton may require certain Employees and applicants to maintain a resume or bio, including name, title, education, and areas of expertise. These resumes or bios may be provided to Clients or prospective Clients of Newton in support of Newton’s efforts to secure new and/or continuing business. Where Personal Data is transferred from the EU to the US in the context of the employment relationship, we will cooperate in investigations by and to comply with the advice of the competent EU Authorities.

2. CHOICE

Newton will offer individuals the opportunity to choose (opt out) whether their Personal Data is (1) disclosed to a third party (other than a Newton agent) or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Although, we do not anticipate disclosing Sensitive Data to a non-agent third party, Newton will give individuals the opportunity to affirmatively or explicitly (opt out) consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. The only exception to this choice for both sensitive and non-sensitive Personal Data would be a situation where we are required to disclose Personal Data pursuant to governmental or judicial order, law, or regulation.

At a minimum, you will be able to opt-out from receiving marketing materials. If we determine that applicable national law requires more stringent requirements (opt-in), those will be applied.

3. ACCOUNTABILITY FOR ONWARD TRANSFER

Newton will not transfer Personal Data originating in the EU or Switzerland to a third-party agent, unless the agent has entered into an agreement with Newton requiring that Personal Data be protected in accordance with the Principles. Personal Data will only be transferred for limited and specific purposes. We acknowledge our liability for such data transfers to third parties.

Transfer of Personal Data originating in countries outside the EU or Switzerland will be conducted according to the laws of the countries from which the Personal Data is being transferred.

4. DATA SECURITY

Newton shall take reasonable steps to protect information from loss, misuse and unauthorized access, disclosure, alteration and destruction. Newton has put in place appropriate physical, electronic and managerial procedures to safeguard and secure information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Newton cannot guarantee the security of information on or transmitted via the internet.

5. DATA INTEGRITY AND PURPOSE LIMITATION

Newton shall only process Personal Data in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for those purposes, Newton shall take reasonable steps to ensure that Personal Data is accurate, complete, current and reliable for its intended use.

6. ACCESS

If you wish to access, amend, or confirm that Newton has Personal Data relating to you, or if you wish to correct or delete your Personal Data if it is inaccurate, please contact us either via legal@newtonconsulting.com or by utilizing our data subject access request contact portal: https://requests.juksta.eu/aspirant. We will respond to your request within a reasonable time.

Employees may review their personnel files and any Personal Data concerning them upon request.

7. RECOURSE, ENFORCEMENT, AND LIABILITY

Newton is subject to the investigatory and enforcement powers of the Federal Trade Commission.

Newton uses a self-assessment approach to assure compliance with this privacy policy and annually verifies that the policy is accurate, comprehensive for the information intended to be covered, prominently displayed, completely implemented and accessible and in conformity with the principles. Any Newton employee who violates this Policy will be subject to disciplinary action up to and including termination of employment.

In compliance with the Privacy Shield Principles, we encourage EU and Swiss individuals to raise any concerns and we will investigate and attempt to resolve any complaints and disputes regarding use and disclosure of Personal Data in accordance with the Principles. Please contact us at legal@newtonconsulting.com - we will investigate your complaint, take appropriate action and report back to you within forty-five (45) business days.

For the EU-U.S. Privacy Shield - If a complaint or dispute cannot be resolved through our internal process, Newton has designed JAMS as our Dispute Resolution provider, pursuant to the Principles for non-human resources data. JAMS can be contacted: https://www.jamsadr.com/eu-us-privacy-shield.

If a complaint or dispute cannot be resolved through our internal process, Newton has further committed to participate in the dispute resolution procedures of the panel established by the EU data protection authorities (“DPA’s”) to resolve disputes for complaints concerning human resources data transferred from the EU in the context of the employment relationship, pursuant to the Principles. The EU DPA’s may be contacted directly via the information provided at https://ec.europa.eu/justice/data-protection/bodies/authorities/eu/index_en.htm. Newton will cooperate with the appropriate EU Data Protection Authorities during investigation and resolution of complaints brought under the EU-U.S. Privacy Shield.

For the Swiss-U.S. Privacy Shield - If a complaint or dispute cannot be resolved through our internal process, Newton has designed JAMS as our Dispute Resolution provider, pursuant to the Principles. JAMS can be contacted directly: https://www.jamsadr.com/eu-us-privacy-shield.

If you do not receive timely acknowledgement of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact the EU DPAs or Swiss Federal Data Protection and Information Commissioner, as applicable, for more information or to file a complaint. These recourse mechanisms are available at no cost to you. Damages may be awarded in accordance with applicable law. Under certain conditions, if you are not satisfied with the above recourse mechanism, you may be able to invoke binding arbitration.

WILL THERE BE AMENDMENTS TO THIS POLICY?

We may amend this Policy at any time by posting the amended terms on the Newton Site. All amended terms shall be effective immediately upon posting. We encourage you to periodically review this page for the latest information on our privacy practices. In case of the sale of the company, acquisition or merger, bankruptcy, or other change in corporate status, this Policy could change. In addition, other company policies and statements may supplement this Policy.

HOW TO CONTACT US?

If you have any questions or suggestions regarding our privacy policy, you may contact us at legal@newtonconsulting.com or via postal mail at 4632 State Route 40, Suite 200, Claysville, PA 15323, Attn: Legal.