01 OVERVIEW AND SCOPE

01.01 Overview

This policy and applicable supporting procedures are designed to provide Koan Analytics with a documented and formalized process for protecting individuals' privacy. Respect for the privacy of personal and other information is fundamental to us. This privacy policy describes our collection of personally identifiable information from users of our Web site ("Website" or "Site"), our Platform, as well as all related applications, widgets, software, tools, and other services provided by us and on which a link to this Policy is displayed (collectively, together with the Website, our "Service"). This Policy also describes our use and disclosure of such information. By using our Service, you consent to the collection and use of personally identifiable information in accordance with this policy.

In accordance with mandated organizational security requirements set forth and approved by management, Koan Analytics has established a formal privacy policy and procedures. This comprehensive Policy document is implemented immediately, along with all relevant and applicable procedures.

The Policy Owner owns this Policy and is responsible for reviewing the Policy on an annual basis and following any major changes to Koan Analytics's sensitive data environment, to ensure that it continues to meet its organizational goals. The Policy Owner is also responsible for ensuring that the Privacy Procedure is reviewed and updated on an annual basis and following any major changes.

01.02 Purpose

This Policy along with supporting procedures are designed to provide Koan Analytics with a formalized information security policy to comply with various regulatory and business requirements. Compliance with the stated policy along with supporting procedures help ensure the safety and security of all Koan Analytics's system components within the sensitive data environment as well as any other environments deemed applicable.

01.03 Scope

This policy and supporting procedures cover the privacy of all data collected by Koan Analytics in its interaction with individuals in its business operations.

This Policy along with supporting procedures cover all system components within the sensitive data environment owned, operated, maintained, and controlled by Koan Analytics.

This Policy along with supporting procedures cover all employees, interns, volunteers, and contractors. All of these individuals will be referred to as 'employees' throughout these policies/procedures.

01.04 Monitoring and Enforcement

Koan Analytics periodically monitors adherence to this Policy to help ensure compliance with applicable laws, requirements, and contractual agreements applying to Client and Consumer Data.

Penalties for failing to comply with Koan Analytics's Policies and Procedures could lead to disciplinary and/or enforcement actions against individuals and lead to sanctions brought against Koan Analytics.

02 ROLES AND RESPONSIBILITIES

The following roles and responsibilities are to be developed and subsequently assigned to authorized personnel within Koan Analytics regarding privacy practices:

● Chief Privacy Officer: Provides overall direction, guidance, leadership, and support on methods and tools for the implementation of a security and privacy-related program.

● Privacy Committee: Approves and monitors adherence to this policy, analyzes the organization's environment, and the legal requirements with which it must comply.

03 Authority to Process Personally Identifiable Information

The organization will determine and document the authority permitting the organization to process personally identifiable information. The organization will restrict processing of personally identifiable information not authorized.

04 Personally Identifiable Information Processing Purposes

The organization will identify and document the purposes for processing personally identifiable information. The purpose of processing will be described in the public privacy notices and related privacy procedures.

04.01 Collection

The organization will limit the collection of personally identifiable information to what is necessary to meet the organization's objectives.

04.02 Use and Retention

The organization uses personally identifiable information only as is authorized and only at the minimum necessary level required by the organization.

04.03 Access

The organization permits data subjects to determine whether the organization maintains personally identifiable information about them and upon request, the data subject may obtain access to their personally identifiable information.

04.04 Disclosure

The organization will disclose personally identifiable information to third parties only for the purposes for which it was collected or created and only when implicit or explicit consent has been obtained from the data subject.

04.05 Correction and Update

The organization will permit data subjects to update or correct personally identifiable information held by the organization.

04.06 Deletion

The organization will capture requests for deletion of personally identifiable information and information related to requests will be identified/flagged for destruction.

05 Choice and Consent

The organization informs data subjects about the choices available to them with respect to the collection, use, and disclosure of their personally identifiable information. The organization must require implicit or explicit consent to collect, use, and disclose personally identifiable information.

06 Privacy Notice

The organization must make the organization's latest privacy policy publicly available on the organization's website and provide notice to individuals about the processing of personally identifiable information.

07 System of Records Notice

For systems that process information that will be maintained in a Privacy Act system of records, the organization will draft, publish, and keep system of records notices accurate and up-to-date.

08 Specific Categories of Personally Identifiable Information

The organization will apply special conditions for specific categories of personally identifiable information as required by law, including Social Security numbers.

09 Quality and Computer Matching Requirements

When a system or organization processes information for the purpose of conducting a matching program, the organization will obtain appropriate approvals and publish required notices.

10 Cookies and Website Interaction

Koan Analytics websites use cookies to store and retrieve information about a user's interaction with the site and its content. Koan does not use cookies to personalize content, track usage, or share data with third parties. Cookies are not required to interact with the site and can be deleted or disabled using your browser's privacy settings without consequence.