Updated Privacy Policy to cover Global concerns.

This policy has been developed to define the Perceptyx Global Security Policy requirements and mechanisms to be implemented across the Perceptyx Insights Platform. Additionally, this policy has been developed in accordance with compliance requirements. Purpose The purpose of this policy is to comply with all National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53, Rev 4, International Organization for Standardization (ISO) 27001, 27701, and any additionally prescribed requirements mentioned in the below key control areas. This document also establishes and will facilitate the necessity for associated procedures to be implementation by Perceptyx.

Perceptyx, Inc. has established a comprehensive privacy program, designed to help us respect and protect your data privacy rights. 1 U.S. Privacy Shield For personal information of employees that Perceptyx, Inc. receives from the European Economic Area and Switzerland, Perceptyx, Inc. has committed to handling such personal information in accordance with the Privacy Shield Principles. Perceptyx, Inc.’s Privacy Shield certification can be found at http://www.privacyshield.gov/list. For more information about the Privacy Shield Principles, please visit the U.S. Department of Commerce’s Website at http://www.privacyshield.gov. Perceptyx receives or processes human resources data from Switzerland for use in the context of the employment relationship under the Privacy Shield and agrees to cooperate with the Swiss Federal Data Protection and Information Commissioner and comply with the advice given by such authorities with respect to this data. Perceptyx, Inc. commits to cooperate with EU data protection authorities (DPAs) with regard to human resources data transferred from the EU in the context of the employment relationship and outside of this relationship. For any complaints that cannot be resolved with Perceptyx directly, Perceptyx will comply with the information and advice provided to it by an informal panel of DPAs in relation to such unresolved complaints (as further described in the Privacy Shield Principles). Please contact us to be directed to the relevant DPA contacts. As further explained in the Privacy Shield Principles, a binding arbitration option will also be made available to you in order to address residual complaints not resolved by any other means. In certain circumstances human resources data may be transferred onward to third parties at the explicit request of your employer. Such recipients must agree to abide by confidentiality obligations. Such Third Parties must agree to use such Personal Data only for the purposes for which they have been engaged by your employer and they must either: (1) comply with the Privacy Shield principles or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Data; or (2) agree to provide adequate protections for the Personal Data that are no less protective than those set out in this Policy. Perceptyx also may disclose Personal Data for other purposes or to other Third Parties when a Data Subject has consented to or requested such disclosure. Perceptyx is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC). 1.1 RIGHT TO ACCESS, CHANGE OR DELETE PERSONAL DATA 2 1. Right to Access. Data subjects have the right to know what Personal Data about them is included in the databases and to ensure that such Personal Data is accurate and relevant for the purposes for which Perceptyx collected the Personal Data. Data Subjects may review their own Personal Data stored in the databases and correct, erase, or block any data that is incorrect, as permitted by applicable law. Upon reasonable request and as required by the Privacy Shield principles, Perceptyx allows Customers access to their Personal Data, in order to correct or amend such data where inaccurate. In general, this data is provided to Perceptyx by your employer and the best first step is to verify this information with your employer. Customers may edit their Personal Data by logging into their account profile or by contacting Perceptyx by written request. In making modifications to their Personal Data, Data Subjects must provide only truthful, complete, and accurate information. To request erasure of Personal Data, Customers should submit a written request to the Perceptyx office. 2. Requests for Personal Data. Perceptyx will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Data by a law enforcement authority unless prohibited by law or regulation; or (b) requests received from the Data Subject. If Perceptyx receives a request for access to his/her Personal Data from a Customer’s customer, then, unless otherwise required under law or by contract with such Customer, Perceptyx will refer such Data Subject to Customer. 3. Satisfying Requests for Access, Modifications, and Corrections. Perceptyx will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Data. Internal Employees of Perceptyx Perceptyx, Inc. takes your privacy very seriously. Employees of Perceptyx are both instructed in how to handle private information correctly as well as attend annual privacy training. Should an employee at Perceptyx be found at fault with the handling of your confidential private information, or to be non-compliant with this policy, internal disciplinary actions will occur including remedial training and up to and including termination. 3 Perceptyx, Inc. Website Privacy Statement Perceptyx, Inc. respects the privacy of visitors to its websites, as a result, we have developed this website privacy policy. The most current version of this privacy statement is available on the Perceptyx website at http://www.perceptyx.com/home/privacy_policy/. Perceptyx maintains two unique data sets. The first are data that are collected from public visitors to our website that may be collected from website logs (IP addresses and time of visits) along with any voluntarily submitted information from a Contact Us form, which may contain your name, and email address as well as other similar information (“Your Information”). We will use Your Information to respond to requests you may make of us, and from time to time, we may refer to Your Information to better understand your needs and how we can improve our websites, products and services. We will never contact you using this information unless you specifically request to be contacted. The second data set is employee information that is provided to us by your employer for use by our survey reporting tool to “prefill” demographic information. These data are treated in a confidential manner by Perceptyx and its agents. These data are used to perform aggregate reports about various reporting units within your employer. Safeguards are in place in the reporting tool that prevent the selection of any individual data as reports cannot be displayed below a “minimum threshold” of survey recipients. Web log information is gathered when you visit one of our websites by the computer that hosts our website (called a “webserver”). The webserver automatically recognizes some non-personal information, such as the date and time you visited our site, the pages you visited, the website you came from, the type of browser you are using (e.g., FireFox), the type of operating system you are using (e.g., Mac OS X Lion), and the domain name and address of your Internet service provider (e.g., Verizon FIOS). If you are utilizing the survey reporting tool, this website may use a technology called a “cookie”. A cookie is a piece of information that our webserver sends to your computer (actually to your browser file) when you access a website. Then when you come back our site will detect whether you have one of our cookies on your computer. Our cookies help provide additional functionality to the site and help us analyze site usage more accurately as well as determining with which levels of reporting access you should be presented. For instance, our site may set a cookie on your browser that keeps you from needing to remember and then enter a password more than once during a visit to the site. This website uses Internet Protocol (IP) Addresses. An IP Address is a number assigned to your computer by your Internet service provider so you can access the Internet. Generally, an IP address changes each time you connect to the Internet (if it is a “dynamic” address). Note, however, that if you have a broadband connection, depending on your individual circumstance, it is possible that your IP Address that we collect, or even perhaps a cookie we use, may contain information that could be deemed identifiable. This is because with some broadband connections your IP Address doesn’t change (it is “static”) and could be associated with your personal computer. We use your IP address to report aggregate information on use and to help improve the website. You should be aware that this site is not intended for, or designed to attract, individuals under the age of 18. We do not collect personally identifiable information from any person we actually know is an individual under the age of 18. Areas of this website that collect Your Information are also configured to use industry standard secure socket layer encryption (SSL); however, to take advantage of this your browser must support encryption protection. We may share Your Information with agents, contractors or partners of Perceptyx, Inc. in connection with services that these individuals or entities perform for, or with, Perceptyx, Inc.. These agents, contractors or partners are restricted from using this data in any way other than to provide services for Perceptyx, Inc., or services for the collaboration in which they and Perceptyx, Inc. are engaged. Perceptyx, Inc. reserves the right to share Your Information to respond to duly authorized information requests of governmental authorities or where required by law. In exceptionally rare circumstances where national, state or company security is at issue (such as with the World Trade Center terrorist act in September, 2001), Perceptyx, Inc. reserves the right to share our entire database of visitors and customers with appropriate governmental authorities. We may also provide Your Information to a third party in connection with the sale, assignment, or other transfer of the business of this website to which the information relates, in which case we will require any such buyer to agree to treat Your Information in accordance with this Privacy Policy. As a convenience to our visitors, this Website currently contains links to a number of sites that we believe may offer useful information. The policies and procedures we described here do not apply to those sites. We suggest contacting those sites directly for information on their privacy, security, data collection, and distribution policies. To be removed from our contact lists, please write to Perceptyx, Inc. at the following address: Perceptyx, Inc. 28765 Single Oak Dr #250 Temecula, CA 92590 Please note that you may continue to receive materials while we are updating our lists. We may update this Web site Privacy Policy from time to time. When we do update it, for your convenience, we will make the updated policy available on this page.