IDI, LLC Privacy Policy

Privacy Policy

IDI, LLC and its affiliate, ICS Inventory, LLC (collectively, “We,” “Our,” or “Us”), respects the
privacy and security of your personal information. The following describes how we collect, use
and disclose information and what rights you have to it. This Privacy Policy describes our practices
in connection with information that we collect from you through our software applications,
services, websites and mobile applications from our services and products (“Services”) and from
sources other than our Services including, but not limited to, the telephone, mail and trade shows.

This Privacy Policy also applies to any information that you may provide to us via an IDI Qualified Administrator’s (“IDIQA”) credential, website and/or other access method that enables you to use our Services. By providing information to us and/or using our Services, you acknowledge and agree to the terms and conditions of this Privacy Policy. If you do not agree to these terms and conditions, please do not use our Services.

Information Collection

We gather various types of information from you including personal information and personal data.Personal information or personal data refers to any data or information which relates to anidentified or identifiable natural person, and are the subject to applicable data protection laws,including, but not limited to, the EU General Data Protection Regulation 2016/679 (“GDPR”),and/or the California Consumer Privacy Act (Assembly Bill 375) (“CCPA”) including, but notlimited to, your name, postal addresses (including billing and shipping addresses), telephonenumbers, and email addresses, and Sensitive Information (as defined below). We collect data andany other information that you transmit to us through IDI® Assessment Website in response tothe IDI® (“IDI® Submission”). We also collect anonymous information about you which is anyinformation that does not reveal your specific identity or does not directly relate to an identifiableindividual, including, but not limited to, browser and device information, application and/orServices usage data; information collected through cookies, pixel tags and other similartechnologies; demographic information; internet protocol (IP) addresses; and information that hasbeen aggregated in a manner that it no longer reveals your specific identity.

In general, you can access and/or useIn general, you can access and/or use many features of our Services without telling us who you areor revealing any personal information about yourself. You also may choose not to provide us withany personal information. In such event, you can still access and use many features of our Services;however, you will not be able to access and use those portions of our Services that require yourpersonal information. many features of our Services without telling us who you are or revealing any personal information about yourself. You also may choose not to provide us with any personal information. In such event, you can still access and use many features of our Services; however, you will not be able to access and use those portions of our Services that require your personal information.

Active Submission

Some of our Services may ask you to submit your personal information in order for you to benefitfrom the specified features. We collect personal information from you only when you voluntarilysubmit it to us, such as when you:

• Attend any of our trainings;
• Take any of our assessments;
• Complete a service request or registration, survey, application or other form;
• Purchase a product or service from us or from one of our vendors, suppliers or other agents;
• Sign-up to receive email newsletters or other correspondence;
• Submit materials through our Services;
• Participate in a promotion, or marketing activity;
• Request materials from us; and/or
• Request e-mail, mail or telephone support or services.

You will be informed on what information is required and what information is optional at the time of your submission including, but not limited to, your registration and/or contact us submissions to us.

We do not combine the information you submit with other information we have collected from you, whether online or offline or from other sources, such as IDIQAs, suppliers, vendors, publicly available sources and other third parties for the purposes of creating aggregated data from multiple sources.

‍Passive Collection

‍As you use our Services, we may passively collect (that is, gathered without you actively providing the information) non-personal identifiable information and/or use the following technologies which collect such information on our behalf:

Browser and/or Device Information. Certain information is collected from most browsers, such as your IP address, your media access control (MAC) address, computer type (Windows orMacintosh), screen resolution, operating system version, internet browser type and version. We also may collect information about any mobile device used to access our Services, such as a unique device identifier and type if you access our Services through a mobile device. Your IP address is an umber that is automatically assigned to your computer or device by your Internet ServiceProvider. An IP address is identified and logged automatically in our server log files whenever auser accesses our Services, along with the time and date of the visit and/or use and the page(s)and/or features that are visited and/or used. Collecting IP addresses is standard practice on theInternet and is done automatically by many websites and/or services.

Services Usage Data. When you access our Services, we and our service providers may track and collect application and/or Services usage data, such as date and time that your devices access our servers and what information and files have been downloaded and/or uploaded to our Services on your device number.

The Services Use Cookies (Including, Flash Cookies). A cookie is a small, removable data file that is stored by your web browser or application on your computer and/or device. Cookies allow us to collect various information including, but not limited to, browser type, time spent on our 3\24489\Privacy Policy.v4 2024 Services, features and pages visited, and language preferences. We and our service providers use this information for security purposes, to facilitate navigation, display information more effectively, serve you with more tailored information, facilitate your ongoing access to and use of our Services and to personalize your experience while using our Services. We also use cookies to recognize your computer and/or device, which makes your use of our Services easier, such as to help you log into our Services.
‍
You can choose to have your computer and/or device warn you each time a cookie is being sent to your computer and/or device or you can choose to turn off all cookies. You do this through your computer and/or device settings. If you turn cookies off, you will not have access to many features that make your use of our Services more efficient and enjoyable, and in some cases, some of our Services will not function or will function with limited capability. To learn more about cookies, please visit http://www.allaboutcookies.org

Pixel Tags, web beacons, clear GIFs and other similar technologies. We and our service providers use pixel tags, web beacons, clear GIFs and other similar technologies in connection with some of our Services (including email messages) to, among other things, analyze our users’ behavior and information about them, track the actions of the users of our Services and/or recipients of our emails, measure the success of our marketing campaigns and compile statistics about our Services usage and response rates.

Analytics. We use Google Analytics, which uses cookies and similar technologies to collect and analyze information about the use of our Services and report on activities and trends. This service may also collect information regarding the use of other services, websites, applications and online services. You can learn about Google’s practices by going to www.google.com/policies/privacy/partners/, and opt out of them by downloading the Google Analytics opt-out browser add-on, available at https://tools.google.com/dlpage/gaoptout.

Using Information

We may use your personal information that we collect from you to:

• To comply with our legal and regulatory obligations;
• Provide our Services to you;
• Customize and/or personalize your communications, surfing, viewing, and/or
  experience with our Services;
• Better respond to your inquiries and fulfill your requests, such as to send documents or email alerts;
• Communicate with you about your account information, or customer service needs and other important information regarding our relationship with you or regarding our Services, changes to our Terms of Service, Privacy Policies, and other policies and/or administrative information;
• Communicate with you about our products, services and events, and for other promotional purposes;
• Improve our business, protect our operations, and/or allow us to pursue available remedies or limit damages that we may sustain;
• Calculate usage levels, help diagnose server problems, and administer our Services;
• Provide technical support to you and for other business purposes, such as data analysis, audits, developing new products, enhancing our Services, improving our products and/or Services, identifying Service trends, and determining the effectiveness of any promotional campaigns; and/or
• Perform any other lawful acts except for those acts expressly prohibited by the terms and conditions set forth herein.

We may use anonymous information that we collect from you for any legal purpose whatsoever, except where we are required to do otherwise under applicable law (for example, if we are required to treat such information as your personal information). If we combine your information that is not in a personally identifiable form with information that is (such as combining your name with your geographical location), we will treat the combined information as your personal information as long as it is combined. We reserve the right to aggregate and use information collected that has been rendered anonymous for further research purposes.

IDI® Submissions

We shall use the IDI® Submissions:

• To process your IDI® Submissions and generate the related reports.
• Anonymously for benchmarking and other research purposes in accordance with this policy.
• As required by applicable law.

Sensitive Information

The IDI® Submission does not require you to disclose any Sensitive Information (e.g., information related to racial or ethnic origin, age, political opinions, religion or other beliefs, health, and/or criminal background), but it includes optional demographic questions asking for Sensitive Information. Unless requested or invited by your IDIQA, we ask that you not send us and you not disclose any Sensitive Information on or through our Services or otherwise to us. In those cases where the IDIQA may request or invite you to provide Sensitive Information, they must do so with your express consent. Any uses or disclosures of your Sensitive Information will be made subject to your express authorization, or as permitted or required by applicable law.

Sharing Information and Disclosure

We disclose your personal information collected from you though our Services to third parties in the following manner and for the following reasons:

• If you have consented to such disclosures;
• If there are special circumstances, including, but not limited to, any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with a bankruptcy, liquidation or similar proceeding) and the due diligence related to such circumstances;
• If the third party is an IDIQA, which entities and/or individuals, in some cases, provide you with access to our Services or may use your personal information and IDI® Submission for training, assessment, educational, research and other similar purposes, in each case, the IDIQA has executed an agreement with us that requires them to maintain the confidentiality of your personal information and IDI® Submission.
  
• If the third party is our service provider who provides services to us in connection with our Services including, but not limited to, website and/or mobile application hosting, data analysis, payment processing, order fulfillment, infrastructure provision, IT services, customer services, email and direct mail delivery services, credit card processing, auditing services and other services; and/or
• If the party is our affiliate, in which case we are the party responsible (or data controller) for the management of the jointly-used personal information.

We also may disclose personal information about you upon request by the government (including, but not limited to, the investigatory and enforcement powers of the Federal Trade Commission, Department of Transportation and other statutory bodies); as permitted by applicable law (including laws outside your country of residence); in response to a court order or other legal process; when required by law or when we believe in good faith is required by law; to respond to requests from public and government authorities; to enforce our Privacy Policy, Terms of Service or other agreements and polices applicable to our Services; to protect our operations, rights, privacy, safety and/or property; upon your request; or to contact, identify or bring legal action against someone who may be causing injury to or interference with our or others’ rights or property including, but not limited to, claims for infringement of intellectual property, invasions of privacy or situations involving threats or alleged threats to the physical safety of a person’s property. We may also share information with companies assisting in fraud protection or investigation.

We also may provide aggregated, non-personally identifiable information to third parties for any
legal purposes whatsoever.

Protecting Your Information

We use commercially reasonable efforts to safeguard and secure your personal information while
stored on our computer systems and/or transmitted to or from our computer systems. Regardless
of these efforts by us, no data transmission over the internet or data storage system can be
guaranteed to be 100% secure. If you have reason to believe that your interaction, stored data
and/or transmissions to and with us are no longer secure (for example, if you feel that the security
of any account that you have with us has been comprised), please immediately notify us of the
problem by contacting us immediately at support@idiinventory.com.

Some features of our Services may require you to set up a user ID and password. We recommend that you do not divulge your password to anyone. We will never ask you for your password in an unsolicited telephone call or email. If you suspect you have received a fraudulent communication from us or any of our affiliates, please contact us immediately at support@idiinventory.com or via our contact us form located at https://idiinventory.com/contact-us/.

Do not provide your personal or financial information in response to an email request or after clicking on a link from an email. We do not ask for this type of information through an email or any communication.

To help protect your computer and personal information, make sure you have current anti-virus and firewall software installed on your computer and update such software on a regular basis. Also, please review your credit card statements carefully and verify that all transactions are authorized and report any discrepancies immediately to your credit card company.

Children's Online Privacy

We do not knowingly collect personal information from children under the age of 13. The Services are not intended to solicit information of any kind from children under the age of 13, and we have made commercially reasonable efforts to design the Services to prevent our knowing acceptance of any such information.

It is possible that by fraud, deception or error, we may receive information pertaining to children under the age of 13. If we are notified of this, as soon as we verify the information, we will immediately obtain parental consent or otherwise delete the information from our servers. If you want to notify us of our receipt of personal information belonging to a child under the age of 13, please do so at support@idiinventory.com or via our contact us form located at https://idiinventory.com/contact-us/.

Cross-Border Transfer

The Services are controlled and operated by us from the United States and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the United States. Your personal information may be stored and processed in any country where we have facilities or service providers, and by using the Services or by providing consent to us (where required by law), you agree to the transfer of information to countries outside of your country of residence, including the United States, which may provide for different data protection rules than in your country. Additionally, when using or disclosing personal information transferred from the European Union, we use standard contractual clauses approved by the European Commission, adopt other means under European Union law for ensuring adequate safeguards or obtain your consent. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access your personal information.

Public Rooms and Forums

Our Services may now or in the future include web logs (i.e., blogs), chat rooms, forums, message boards, news groups or other public communications. Any information that is disclosed in these areas becomes public information. You should exercise caution before disclosing your personal information via these public venues, which you do at your own risk. If you do so, you may receive, among other things, unsolicited emails or “spam” from others. We cannot safeguard the privacy of personal information that is disclosed online in this manner.

Data Privacy Framework (DPF) Principles

IDI, LLC complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. IDI, LLC has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. IDI, LLC has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern

To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/.

European Union, United Kingdom, and or Swiss individuals with inquiries or complaints regarding our Privacy Policy should first contact us at: support@idiinventory.com or via our contact us form located at http://idiinventory.com/contact-us/.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, IDI, LLC commits to refer unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the SwissU.S. DPF to JAMS, an alternative dispute resolution provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://www.jamsadr.com/dpf-dispute-resolution for more information or to file a complaint. The services of JAMS are provided at no cost to you.

We commit to cooperate with European Union, United Kingdom, and Swiss data protection authorities (DPAs) and comply with the advice of such authorities with regard to human resources data transferred from those jurisdictions in the context of the employment relationship.

In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, IDI, LLC commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (“DPAs”), the UK Information Commissioner’s Office (“ICO”) and the Gibraltar Regulatory Authority (“GRA”), and the Swiss Federal Data Protection and Information Commissioner (“FDPIC”) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

IDI, LLC serves as data processor (under GDPR) or service provider (under CCPA) and its customers are the data controllers (under GDPR) or business (under CCPA) with respect to personal data or personal information where IDI, LLC has a customer agreement in effect (“Customer Agreement”) and you are accessing the IDI Services pursuant thereto. If there is any conflict between the Customer Agreement and this Privacy Policy, the Customer Agreement shall control to the extent permitted under applicable law.

Other Websites

While accessing our Services, you may be directed to other websites and services that are beyond
our control including, but not limited to, our payment processor. These other websites and services
may also use and collect data, solicit personal information and deploy tracking technology
including, but not limited to, cookies and pixel tags. Even though we may have a contract with
these entities, we have no control over them or how they collect, distribute or otherwise use your
personal information or how they safeguard and secure your personal information. We are not
responsible or liable for the conduct, policies or actions of the owners of such websites and/or
services including, but not limited to, the content displayed on those websites and/or services.
Those websites and/or services are linked to our Services only for your convenience and you access
them at your own risk.

Requesting, Unsubscribing, Removing, Restricting or Modifying Your Information

You have a right to access your personal information and data that we have collected. If you are an IDIQA, please login to access any or all of the personal information that you have provided to us. If you are not an IDIQA, you may request access to any or all of your personal information and data that we have collected from you by contacting us via our contact us form located at https://idiinventory.com/contact-us/. In your response to us, please state that you wish to access any and all of the personal information and data that we have collected from you.

We do not share your personal information with third parties for those parties’ direct marketing use unless you authorize us to do so. If we ever obtain your authorization, and if you subsequently decide that we not share your personal information on a going-forward basis with our affiliates and/or third-party partners for marketing purposes, you may opt out of this sharing by contacting us via our contact us form located at https://idiinventory.com/contact-us/. In your response to us, please state that we should no longer share your personal information with our affiliates and/or third-party partners for marketing purposes, and include your name and e-mail address.

If you are an IDIQA, to modify or delete any or all of the personal information you have provided to us, please login and update your profile. If we in the future maintain user accounts that contain user related information, then we will provide similar access to users.

We retain your personal information for the period necessary to fulfill the purposes set forth herein, unless a longer retention period is required or allowed by law, our document retention policies or to otherwise fulfill a legal obligation, or if it is advisable in light or our legal position (such as in regard to applicable statute of limitations, litigation or regulatory investigation). Therefore, you should not expect that all of your personal information will be completely removed from our databases in response to your requests. The same may be true with respect to modifications to your personal information requested or made by you.

We will seek to comply with your request(s) as soon as reasonably practicable. Please note that if you opt-out as described herein, we will not be able to remove your personal information from the databases of our affiliates and third parties with which we have already shared your personal information (i.e., as of the date that we implement your opt-out request).

We reserve the right to send you certain communications related to our Services that are considered part of your account, such as technical, transactional and/or administrative alerts and/or messages, without offering you the opportunity to opt out of receiving them. Excluding our emails that we send to our IDIQAs and emails for the foregoing purposes, if we at any time in the future use email to communicate with you, we will provide you with an opt-out option within our email communications, or you can choose to contact us using our contact us form located at https://idiinventory.com/contact-us/ to let us know that you want to be removed from future email communications.

Terms and Conditions

We have Terms and Conditions that set forth the terms and conditions under which we provide our
Services to you. Please review the terms and conditions governing your use of, and access to, our
Services. It is your responsibility to read, understand and comply with the terms and conditions set
forth therein.

California & Other States (including Virginia, Connecticut, Colorado, Nevada, Utah and
Rhode Island) Privacy Rights

If you are a resident of a state that has a right to be forgotten law (including, but not limited to, the States of California, Virginia, Connecticut, Colorado, Nevada, Utah, and Rhode Island), you may exercise the rights described below. By choosing to exercise your rights as described below, you are declaring that you are a resident as defined in such state (including, but not limited to, the California Consumer Privacy Act of 2018, Civil Code Section 1798.140, the Virginia Consumer Data Protection Act, Civil Code Section 59.1-575, the Connecticut Data Privacy Act, Public Act No. 22-15, the Colorado Privacy Act, 4 CCR 904-3, the Nevada Privacy of Information Collected on the Internet from Consumers Act, NRS 603A, the Utah Consumer Privacy Act, Section 13-61-101, and the Rhode Island Data Transparency and Privacy Protection Act, 2024-H-7787A, along with any other similar statute (collectively “CPA”)).

• Right to Know. You have the right to ask us for a copy of your personal information collected over the past twelve (12) months and for information about how we collect, use, disclose, and sell it. We do not share personal information with third parties for their own direct marketing without your permission. Please refer to the above sections of our privacy policy for specific information on how we collect, use, disclose, and sell personal information over the past twelve (12) months.
• Right to Deletion. You have the right to request for us to delete any of your personal information. If you delete your personal information, you will permanently lose access to your personal information and/or your customer account with us. We may deny your deletion request when permitted by applicable law or for business purposes including, without limitation, when personal information is needed to comply with our legal obligations, meet regulatory requirements, support our business operations, resolve disputes, maintain security, prevent fraud and abuse, enforce our Terms and Conditions, fulfill your request to “unsubscribe” from further messages from us, or confirm that we have deleted your personal information. We may retain anonymized information after your account has been closed. We cannot disclose or delete specific pieces of personal information if the disclosure would create a substantial, articulable, and unreasonable risk to the security of personal information, your account with us or the security of our systems.
• Right to Correct. You have the right to update or modify certain of your personal information. If you are an IDIQA, you may update or modify your personal information by accessing and making the changes in your account settings. If you are not an IDIQA, then you may request that your personal information be updated by emailing us at: support@idiinventory.com.
• Right to Opt-Out of the Sale or Sharing of Your Personal Information. You have the right to ask that we not sell or share your personal information. We do not sell, in the traditional sense of the word, or rent personal information to third parties for money. We do, however, share your personal information as we have described in this Privacy Policy to make the Services available to you. To the extent permitted under applicable law, by using the Services, you have opted into or otherwise consented to sharing your personal information with third parties for direct marketing purposes until you opt-out.
• Right to Non-Discrimination. We will not discriminate against customers or users who exercise their rights under the CPA.
• Exercising your Rights. If you wish to exercise one of these rights, please contact us as described herein or email us at support@idiinventory.com. Please include your name and email address with your request. Before we can process any such request, we will need to verify your identity through the email address or telephone number associated with your use of our Services or your account with us, and confirm your request prior to fulfilling any such request and reserve the right to deny a request where we are unable to satisfactorily complete this process. If you authorize someone to make a request on your behalf, we may also deny your request if we are unable to verify that the individual making the request is authorized to act on your behalf.
• To the extent permitted under applicable law, you can also submit a complaint regarding this Privacy Policy or any related issues to the appropriate state attorney general’s office, including, but not limited to, the California Office of the Attorney General. For more information on the California Consumer Privacy Act please visit https://www.oag.ca.gov/privacy/ccpa.
• Non-residents. If you are not a resident of a state with a CPA, you may still have similar rights to the above. If you would like to exercise one of these rights, please contact us using the contact instructions at the end of this Privacy Policy. We will comply with any request to the extent required under applicable law

GDPR Privacy Rights

If you are a resident of the European Union, you may exercise the rights described below.

• Right to Access. The right to be provided with a copy of your personal information (the right of access).
• Right to Rectification. The right to require us to correct any mistakes in your personal information.
• Right to be Forgotten. The right to require us to delete your personal information—in certain situations.
• Right to Restriction of Processing. The right to require us to restrict processing of your personal information—in certain circumstances, e.g. if you contest the accuracy of the data.
• Right to Data Portability. The right to receive the personal information you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations.
• Right to Object. At any time to your personal information being processed for direct marketing (including profiling); in certain other situations to our continued processing of your personal information, e.g. processing carried out for the purpose of our legitimate interests.
• Right Not to be Subject to Automated Individual Decision-Making. The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you.

Amendments

We may change or modify our Privacy Policy from time to time simply by posting a revised Privacy Policy within our Services. Please take a look at the “LAST UPDATED” legend on thebottom of this page to see when this Privacy Policy was last revised. Any such change shall be effective immediately upon posting of the revised Privacy Policy within our Service. We reserve the right to make the revised or changed Privacy Policy effective for information we already haveabout you, as well as any information we receive in the future. We encourage you to refer to thisPrivacy Policy on an ongoing basis so that you understand our current privacy practices

Contact Us with Questions and Feedback

We welcome your questions, comments, and concerns about this Privacy Policy and our privacy practices. Please send us with your feedback by using our contact us form located at https://idiinventory.com/contact-us/, or please write to us by using the following address:

IDI, LLC
‍2915 Olney Sandy Spring Road Unit D
Olney, MD 20832

Last Updated: : October 21, 2024