GENERAL PRIVACY POLICY

Last Updated: October 15, 2021

Introduction


This Privacy Notice applies to all Appgate websites, applications, promotions, products and services (collectively, the “Appgate Services” or the “Services”), including those that link to this Privacy Notice, and describes how Appgate collects, uses, shares, transfers, stores, retains, or otherwise processes your personal information. This Privacy Notice also applies to any promotions, referrals, or other marketing activities conducted by Appgate or in connection with the Appgate Services (collectively, “Appgate Marketing”). This Privacy Notice does not apply to any third party website or service that Appgate does not own or control. For purposes of this Privacy Notice, Appgate means “Appgate, Inc., including its subsidiaries and Affiliates”.

Appgate will share your information only as described in this Privacy Notice, or as permitted by law. Appgate will not sell, lease, rent, or trade your personal information to any third party for that party’s marketing or promotional purposes.

By continuing to use the Services or participating in Appgate Marketing after being provided with this Privacy Notice, you consent to Appgate’s policies and practices as described herein.

Scope


Appgate is an industry leader in security and fraud protection products and services and cybersecurity professional services, acting as a service provider for other entities to assist them in meeting their business needs.
This Privacy Notice applies to individuals who:

  • visit or use our websites;
  • interact with us on behalf of a customer in connection with the provision of our Services;
  • interact with us on behalf of a service provider in connection with the products and services our service provider provides to us;
  • interact with us on behalf of a business partner in connection with our relationship with the business partner;
  • receive marketing communications from us; and/or
  • interact with us by registering for, attending and/or otherwise taking part in our trade events, webinars, or conferences or who communicate with us via email, phone, or in-person.

This Privacy Notice explains:

Information we collect and the sources from which we collect it
How we use the information we collect
How we share the information we collect
How we secure your information
How long we retain your information
Cookies and other technologies
Your privacy rights
International transfers
Information for children under the age of 18
California Supplement
EEA/UK Supplement
Updates to this Privacy Notice
How to Contact Us
Governing Law

Information we collect and the sources from which we collect it


Information that We Collect from You

Appgate collects and processes the following categories of personal information from customer, service provider, and business partner representatives (“Representatives”); website visitors; individuals that receive marketing communications from Appgate; and individuals that interact with Appgate by registering for, attending and/or otherwise taking part in Appgate’s trade events, webinars or conferences or who communicate with Appgate via email, phone or in person:

  • Personal Details include data such as names, titles, company names, departments, email addresses, physical street addresses, telephone numbers, and social media usernames of individuals.
  • Login Credentials include data such as usernames and passwords of individuals needed to access various customer portals or applications used to place Service orders and receive customer support or otherwise access Appgate systems.
  • Payment Information includes data such as bank name, account numbers, routing numbers, check numbers, and wire transfer IDs. Typically, this information relates to the organization purchasing our products and services, but there may be instances where personal payment information is provided on behalf of an organization.
  • Customer Support Records include data such as call details and other similar data regarding customer support communications and chat sessions with Representatives.
  • Marketing and Event Records include the personal details of the Representative signing up to receive marketing materials as well as information collected from Representatives who complete a survey or form. Marketing records also include the business contact details of Representatives who register for, attend and/or otherwise take part in our trade events, webinars, or conferences as well as information about these events.

Information We Collect from Your Use of Appgate Services or Visits to our Websites

Appgate collects and processes the following categories of personal information from individuals that use an Appgate Service, including customer Representatives, and those who visit our websites:

  • Device Information and website Records, which include data related to your interactions with our websites and other online content such as log data (i.e., preferences and settings, IP addresses, technical information about the device used to visit the websites, and geolocation information) and traffic data (i.e., pages viewed, date stamps, time spent on a page, click through and clickstream data, queries made, search history, search results selected; comments made, type of service requested, and purchases made).
  • Unique IDs include data such as IP addresses and geolocation data that we obtain from (a) Representatives, (b) website visitors who access our customer portals or website or (c) other individuals that interact with us.
  • Geolocation information about the location of the device you are using to access our website or Services.

Information We Collect about You from Third Parties
Appgate collects and processes the following categories of personal information about customer and business partner Representatives:

  • Marketing Data including business contact information about current and prospective users of our Services from third party services, including, but not limited to, lead generation services and providers of customer and lead data.

How we use the information we collect


We use the personal information we collect for the following legitimate interests and to manage our relationship with you:

  • To administer and process transactions related to the Services we provide;
  • To provide, assess, and improve our customer support and customer service;
  • To personalize your experience using our Services or website;
  • To communicate with you during contract negotiations or post-contract support;
  • To advise you of additional or new Services that may be of interest to your company;
  • To administer and manage service providers;
  • To work with business partners;
  • To improve and protect the integrity and security of our Services and our websites;
  • To administer a contest, promotion, survey, event, conference, webinar, or other website feature;
  • To send periodic communications (the contact information that you provide may be used to send you information, including marketing, respond to inquiries, and/or other requests or questions);
  • In the event of a corporate reorganization, including, but not limited to, merger, acquisition, or sale.

We also use personal information to comply with legal requirements or in the following circumstances:

  • To fulfill a legal obligation or to protect our rights;
  • To comply with applicable laws and regulations;
  • To enforce any applicable contracts;
  • In an emergency, where the health or security of an individual may be endangered;
  • For any other purpose for which you have been notified, and if legally required where appropriate consent has been obtained.

How we share the information we collect


We share personal information with the following:

Service Providers. We share personal information with service providers that we have retained to perform certain services and functions on our behalf, such as auditing, information technology and infrastructure, hosting, data analytics, contract management, order management and fulfillment, billing, email delivery, advertising, events, and other related activities. We have written contracts in place with our service providers that limit them from using personal information except as necessary to perform the services and functions on our behalf and prohibit them from sharing such personal information with any third parties without our authorization.

Business Partners. We may also share your personal information with trusted business partners pursuant to our contractual arrangements, which will include appropriate safeguards to protect any personal information that we share with these partners. These may include, but are not limited to, third parties that organize tradeshows, third party consultants and experts, and auditors.

Affiliated Entities. We share personal information with entities that are under our common ownership or control (our “Affiliates”). Subject to local requirements, this personal information may be used to provide Services offered by our Affiliates, for Affiliates to provide support to the Affiliated entity that is sharing the personal information, or for any other purposes described herein. For example, our Affiliates may share personal information with one another about our customers, service providers, business partners, Representatives, prospective employees, and website visitors for direct marketing purposes.

Payment Processing. We work with a payment processing partner to process credit card payments. If you make any credit card payment to us on behalf of your organization, our payment processing provider will store your full name and credit card details.

Fraud Prevention and Protection of Legal Rights. We may use and disclose personal information to the appropriate legal, judicial or law enforcement authorities and our advisors and investigators: (i) when we believe, in our sole discretion, that such disclosure is necessary to investigate, prevent, or respond to suspected illegal or fraudulent activity or to protect the safety, rights, or property of Appgate and of our customers, service providers, business partners, Representatives, website visitors, or others; (ii) when we suspect abuse of the website or Services or unauthorized access to any system, spamming, denial of service attacks, or similar attacks; (iii) to exercise or protect legal rights or defend against legal claims; or (iv) to allow us to pursue available remedies or limit the damages that we may sustain.

Law Enforcement. We may have to disclose the personal information of our customers, service providers, business partners, Representatives, website visitors or others if a court, law enforcement or other public or government authority with appropriate competency requests that we provide that personal information and we believe, in our reasonable discretion, that such request was made in compliance with applicable law.

Corporate Reorganization. We may share your personal information with a third party in the case of the reorganization, sale, merger, joint venture, assignment, transfer or other disposition of all or any portion of our business, asset or stocks, including in the event of bankruptcy or corporate restructuring. Any personal information that an individual submits or that is collected after the reorganization may be subject to a new privacy notice adopted by the successor entity, of which we will inform, where required.

How we secure your information


We implement a variety of security measures designed to maintain the safety of your personal information when you enter, submit, or access your personal information, or when it is otherwise collected or processed by us. We take reasonable and appropriate measures to secure your personal information.

How long we retain your information


We will retain your information in accordance with our internal records retention and management policies and procedures, including as necessary for purposes of managing the applicable relationship (e.g., customer, vendor, business partner), or as long as necessary to comply with our legal obligations.

Cookies and other technologies


When you visit our websites, open an email that we send you, or interact with the communication features on our websites, we may collect information about your usage or device by automated means or by using technologies such as cookies, web server logs, and web beacons. Please view Appgate’s Cookie Policy for information on our practices in relation to the use of these technologies.
At this time, we are not in a position to honor “do not track” signals from website browsers. However, you may refuse or delete cookies. If you do so, some of the functionality of our website may be impaired. Additionally, you may still be identifiable and your usage may still be trackable by other means. Please refer to your browser’s “Help” instructions to learn more about how to manage cookies and the use of similar technologies.

Your privacy rights


If you receive marketing communications from us by email, we seek your opt-in consent to send you such communications by email in jurisdictions where that is required. If we track whether or not you open any such email, we seek your opt-in consent to do so in jurisdictions where that is required. You may, in any event, unsubscribe from the receipt of future electronic communications from us by clicking on the “unsubscribe” link provided in such communications or by emailing unsubscribe@Appgate.com. Please note you may still receive some communications such as those related to the Services you are receiving or in response to inquiries you have made to us.
Certain jurisdictions may provide you with privacy rights under applicable data protection or privacy law regarding your personal information. In particular, you may have the right to:

  • be informed about your personal information;
  • access your personal information;
  • correct any personal information that is inaccurate;
  • have your personal information erased;
  • restrict or suppress the processing of your personal information;
  • obtain and reuse your personal information;
  • object to the processing of your personal information;
  • object to how your personal information is used in automated decision making, if applicable; and
  • lodge a complaint with a supervisory authority.

These rights may be limited, for example, if fulfilling your request would reveal personal information about another individual, or if you ask us to delete personal information which we are required by law to keep or which we need to defend claims against us.

If you are a California resident, please see our California Supplement for additional information. If you are a resident of the EEA/UK, please see our European Economic Area/United Kingdom Supplement for additional information.
To exercise any of these rights, please contact us by using the contact details under the “How to contact us” section below.

We will respond to such requests in accordance with the requirements of applicable data protection laws. Please note that in order to fulfil your request, we may need you to provide certain personal information to verify your identity. Depending upon applicable data protection and privacy law, individuals may also designate an authorized agent to exercise these rights on their behalf.

International transfers


Appgate or its appointed service providers may collect, use, process, store, and disclose your personal information outside of your home jurisdiction, including in the U.S., and in some cases, other countries, for the purposes described in this Privacy Notice. These countries may have data protection and privacy laws that are different than the laws of your home country. Appgate only transfers personal information to another country in accordance with applicable data protection and privacy laws, provided there are legally adequate protections in place for the personal information.

If your personal information is processed within the EEA or UK, and for onward transfers of personal information to Appgate’s appointed service providers, Appgate and its appointed service providers will protect your personal information by processing it in a territory which the European Commission (or other relvant governmental authority) has determined provides an adequate level of protection for personal information or otherwise implementing appropriate safeguards to protect your personal information, including through the use of Standard Contractual Clauses or another lawful transfer mechanism approved by the European Commission (or other relevant governmental authority).

Although Appgate no longer relies on the Privacy Shield Framework as a lawful transfer mechanism but instead relies on Standard Contractual Clauses, Appgate and its Affiliates in the U.S. continue to apply the Privacy Shield Principles to the data previously transferred to them pursuant to the Privacy Shield Framework. Please see our Privacy Shield Policy below, which covers personal information transferred from the EEA/UK/Switzerland to the United States pursuant to the Privacy Shield Framework.

If you require further information about our international transfers of personal information, please contact us by using the contact details under the “How to contact us” section below.

Information for children under the age of 18


Our Services and this website are not directed to or intended for use by children under the age of 18. If we learn that an under-18 user has volunteered personal information on the site, we will delete such information from our active databases.

California Supplement

If you are a resident of California, you have the following rights:

Right to Know. You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • The categories of sources for the personal information we collected about you.
  • Our business and commercial purpose for collecting or selling that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you.
  • If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: (i) sales, identifying the personal information categories that each category of recipient purchased; and (ii) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Right to Delete. You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies. If so, we will notify you in our response that an exception applies and identify that exception.

To exercise your rights, please submit a verifiable consumer request to us by emailing privacy@appgate.com. To verify your identity we may ask you for additional information, which may include asking you to confirm other personal information you have provided to us. We reserve the right to deny any requests for which identity cannot be verified. If you have authorized another person to make a request on your behalf, that person must provide to us your written authorization allowing them to make such a request on your behalf. We reserve the right to deny any request by an authorized agent if we are not reasonably able to confirm proper authorization.

We will not discriminate against you for exercising any of your rights under California law. Unless permitted by California law, we will not:

  • Deny you goods or services;
  • Charge you a different price or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
  • Provide you a different level or quality of goods or services;
  • Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.

The CCPA provides a right to opt-out of the sale of personal information as that sale is defined in the statute. However, we do not sell California consumer personal information for monetary or other valuable consideration.

EEA/UK Supplement


To comply with the requirements of the European General Data Protection Regulation (GDPR) for our European users and the UK GDPR, as tailored by the UK Data Protection Act 2018 for our UK users, this EEA/UK Supplement outlines the legal basis on which we process your personal information and provides other information required by the GDPR and UK GDPR. Terms used in this section such as “Controller,” “Processor,” “Process,” and “Processing” have the same meaning as in the GDPR and UK GDPR.
Appgate’s entities located in the EEA/UK that act as Controllers include the following:

  • Cryptzone Group AB
  • Cryptzone UK Ltd.

For our customers, service providers, business partners, and Representatives associated with us, the relevant Controller is the EEA/UK entity with which you have contracted; or, if you did not contract with an EEA/UK entity, the EEA/UK entity as determined by us.

Legal Basis for Processing Your Information

Appgate will only Process your information where we have a legal basis to do so. The lawful basis will vary with the type of Processing involved and will typically include Processing (i) necessary for Appgate to pursue its legitimate business interests, (ii) based on your consent, where this is required by data protection laws, and (iii) necessary for Appgate to comply with its legal obligations.

This Privacy Notice does not apply to any personal information processed, stored, or hosted by customers using any of our Services or to the extent that we Process personal information in the role of a Processor on behalf of our customers. Where we act as a Processor on behalf of our customers, that Processing is subject to the protections contained in our data processing agreements with customers. We have no control over, and are not responsible for, any personal information that our customers may store or host on their equipment or otherwise Process while using our Services. We are not responsible for the privacy or data security practices of our customers, which may differ from those set forth in this Privacy Notice. For information related to how our customers Process personal information, please contact the respective customer directly.

Your rights

You have the right under certain circumstances:

  • To be provided with a copy of your personal information held by us;
  • To request the rectification or erasure of your personal information held by us;
  • To request that we restrict the processing of your personal information (while we verify or investigate your concerns with this information, for example);
  • To object to the further processing of your personal information, including the right to object to marketing;
  • To request that your provided personal information be moved to a third party.

Where the Processing of your personal information by us is based on consent, you have the right to withdraw that consent without detriment at any time by contacting us as set forth in the “How to contact us” section below. Such withdrawal will not affect the Processing of your personal information prior to the withdrawal.

You can exercise the rights listed above at any time by contacting us at privacy@appgate.com. The exercise of the above rights might be subject to certain conditions and we might require further information from you before we can respond to your request.

If your request or concern is not satisfactorily resolved by us, you may approach your local data protection authority.

Updates to this Privacy Notice


This Privacy Notice may be updated periodically and will be posted on the website, indicating when it was last updated. If there are material changes to our Privacy Notice, we will post a notice on our website and/or provide other notice as required by law.

How to Contact Us


If you have any questions or concerns about this Privacy Notice or about how Appgate collects, uses, or otherwise processes your information, you can reach us at privacy@appgate.com or by mail at:

Attn: Privacy Team
Appgate Legal Department
2333 Ponce De Leon Blvd., Suite 900
Coral Gables, Florida 33134

Governing Law


Unless applicable data protection / privacy laws provide otherwise, (a) the Privacy Notice is governed by the laws of the State of Florida, U.S.A, (b) you hereby agree that any dispute or claim raised or made by you against us relating to the Privacy Notice shall be subject to arbitration before a single arbitrator in Miami-Dade County, Florida in accordance with the Commercial Arbitration Rules of the American Arbitration Association and (c) you hereby waive all rights to bring or maintain any court action, jury trial or any class claim, class action, class arbitration, or other representative action, claim or proceeding against us in a court of law.

EU-U.S. AND SWISS-U.S. PRIVACY SHIELD POLICY
Last Updated: August 20, 2021

I. Scope & Application


This EU-U.S. and Swiss-U.S. Privacy Shield Policy (the “Privacy Shield Policy”) covers personal information transferred from the EEA/UK/Switzerland to the United States pursuant to the Privacy Shield Framework, before it was invalidated by the Court of Justice of the European Union in July 2020. Although Appgate no longer relies on the Privacy Shield Framework as a lawful transfer mechanism but instead relies on Standard Contractual Clauses, Appgate and its Affiliates in the U.S. continue to apply the Privacy Shield Principles to the data previously transferred to them pursuant to the Privacy Shield Framework.

Terms used in this section such as “Controller,” “Processor,” and “Personal Data” have the same meaning as in applicable EEA, UK, and Swiss data protection law.

If there is any conflict between the terms of this Privacy Shield Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. If this Privacy Shield Policy is inconsistent with the Appgate Website Privacy Notice with regard to the Processing of EEA/UK or Swiss Personal Data, this Privacy Shield Policy shall prevail.

For more information about the Privacy Shield program, or to view our certification, please visit https://www.privacyshield.gov/.

II. Compliance with EU-U.S. and Swiss-U.S. Privacy Shield


Appgate’s agreements with its Customers determine whether Personal Data that is or was transferred to points outside the European Economic Area (“EEA”), the United Kingdom or Switzerland is covered by the effective EU-U.S. Privacy Shield Principles or Swiss-U.S. Privacy Shield Principles or by another approved adequacy mechanism, including the EU or Swiss Standard Contractual Clauses. In the event that the relevant agreement is silent on this point, the EU (or Swiss Standard Contractual Clauses) shall apply to Personal Data covered by such agreement.

With regard to Personal Data received pursuant to the effective Privacy Shield Framework, Appgate complies with the EU-U.S. and Swiss-U.S. Privacy Shield Framework Principles and the Supplemental Principles (collectively, the “Principles”), as confirmed in further detail below.

A. Notice

Appgate adheres to the Notice Principle. Appgate has certified its adherence to the Principles insofar as they apply to Appgate in its role as Controller or Processor as the case may be in the given context, in regard to Personal Data that is covered by this Privacy Shield Policy.

  1. Appgate’s Collection, Use, and Disclosure of EEA/UK/Swiss Personal Data
    Appgate collects, uses, and discloses EEA/UK/Swiss Personal Data relating to Website Visitors, Representatives, and other individuals with whom it interacts when performing, advertising, and demonstrating its Services or in connection with other interactions. Appgate may also Process EEA/UK/Swiss Personal Data of applicants to work at Appgate. Appgate also may Process EEA/UK/Swiss Personal Data as a Processor pursuant to the Customer’s or other person’s or entity’s instruction.
  2. Means for Individuals to Limit Use and Disclosure of EEA/UK/Swiss Personal Data
    In our role as Controller, we adhere to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles. We offer individuals whose Personal Data is subject to this Privacy Shield Policy choice regarding the processing of their EEA/UK/Swiss Personal Data, including where relevant Sensitive Data, as described in Section II.B of this Privacy Shield Policy.
  3. Inquiries and Complaints, and Right of Recourse
    Individuals whose Personal Data is covered by this Privacy Shield Policy may contact us to submit inquiries or complaints regarding adherence to the Principles and to request access to their EEA/UK/Swiss Personal Data by contacting us via email at privacy@Appgate.com or writing to us at 2333 Ponce de Leon Blvd., Suite 900, Coral Gables, Florida 33134, Attention: Appgate Legal Department. Please see Section II.F of this Privacy Shield Policy for more information regarding the right to request access to EEA/UK/Swiss Personal Data.
    For information about how to pursue unresolved complaints relating to this Privacy Shield Policy, please see Section II.G below.
  4. Appgate Is Subject to the Investigatory and Enforcement Powers of the Federal Trade Commission and Complies With Lawful Data Requests
    Appgate is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) in regard to Personal Data received and Processed pursuant to the Privacy Shield Framework. Appgate may be required to disclose EEA/UK/Swiss Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  5. Liability in the Case of Onward Transfers
    In the context of an onward transfer, we are responsible for the Processing of EEA, UK and Swiss Personal Data received pursuant to the Privacy Shield Framework and subsequently transferred to a Service Provider acting on our behalf. We remain liable under the Principles if our Service Provider Processes such EEA/UK/Swiss Personal Data in a manner inconsistent with the Principles, unless we prove that we are not responsible for the event giving rise to the damage.

B. Choice

We may obtain consent directly from individuals to Process their EEA/UK/Swiss Personal Data in connection with the use of our Websites or through other interactions between Appgate and Representatives associated with Customers or other persons or entities and applicants for employment.

We offer individuals who are covered by this Privacy Shield Policy the opportunity to choose whether his or her EEA/UK/Swiss Personal Data is to be disclosed to a third party (“opt out”) other than Service Providers acting on our behalf, which are contractually obligated to adhere to the onward transfer provisions (see Section II.C below).

When acting as a Controller, we also offer individuals who are covered by this Privacy Shield Policy the opportunity to opt out if we provide notice that we intend to use his or her EEA/UK/Swiss Personal Data for a purpose that is materially different from the purpose(s) for which it was originally collected or authorized by the individual in question. Individuals may opt out by sending an email to: unsubscribe@Appgate.com. If opting out, please provide, at a minimum, your name and identify your employer in order to assist us in verifying your identity, and please identify the uses or disclosures of EEA/UK/Swiss Personal Data for which you are choosing to opt out. Note that opting out may affect our ability to provide our Services and impact our interactions with individuals.

With regard to Sensitive Data, when we act as a Controller, we will obtain affirmative express consent (opt-in) if Sensitive Data is to be disclosed to a third party or is to be used for a purpose other than that for which it was originally collected or subsequently authorized by the individuals through the exercise of opt in choice, unless the EEA/UK/Swiss Personal Data in question is subject to an exception contained in the Sensitive Data Supplemental Principle.
In cases where we are acting as a Processor, we will assist the other party in complying with the Choice Principle.

Please see Section II.A.2 of this Privacy Shield Policy for more information regarding our adherence to the Choice Principle and the Sensitive Data and Choice – Timing of Opt Out Supplemental Principles.

C. Accountability for Onward Transfer

For Personal Data covered by the Privacy Shield Policy, we adhere to the Accountability for Onward Transfer Principle and the Obligatory Contracts for Onward Transfer Supplemental Principle.

D. Security

For Personal Data covered by this Privacy Shield Policy, we adhere to the Security Principle. We take reasonable and appropriate measures designed to protect EEA/UK/Swiss Personal Data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the Processing and the nature of the EEA/UK/Swiss Personal Data. In cases where we are acting as a Processor, we secure EEA/UK/Swiss Personal Data in accordance with our contractual obligations to the other party.

E. Data Integrity and Purpose Limitation

In our role as Controller, Appgate adheres to the Data Integrity and Purpose Limitation Principle for Personal Data covered by this Privacy Shield Policy. Our collection and use of EEA/UK/Swiss Personal Data is limited to the EEA, UK and Swiss Personal Data that is relevant for the purposes of Processing, including, for example, those that, depending on the circumstances, reasonably serve Customer relations, the application process, compliance and legal considerations, auditing and due diligence, security and fraud prevention, preserving or defending Appgate’s legal rights, or other purposes consistent with the expectations of a reasonable person given the context of the collection. This may include Processing in the manner described in the Performing Due Diligence and Conducting Audits Supplemental Principle.

We will keep the EEA/UK/Swiss Personal Data covered by this Privacy Shield Policy in accordance with the terms and conditions of the relevant agreement in cases where Appgate is acting as a Processor or agent. In cases where we are acting as a Controller, we may retain the EEA/UK/Swiss Personal Data for the longer of any of the following: (i) the period during which an individual is actively using the Websites, serving as a Customer Representative, acting as a Representative of a Service Provider of Appgate or otherwise interacting with Appgate; (ii) the period specified in the unambiguous consent to the Processing of its data by us for specified purposes; or (iii) as long as necessary for us to meet any applicable legal requirements or to protect our legitimate interests, including with respect to actual or potential legal claims.

F. Access

In our role as a Controller, we adhere to the Access Principle and Access Supplemental Principle for Personal Data covered by this Privacy Shield Policy. Individuals may obtain access to EEA, UK and Swiss Personal Data about them that we hold. For this purpose, “access” means that individuals have the right to: (i) obtain from Appgate confirmation of whether or not we are Processing EEA, UK and Swiss Personal Data relating to them; (ii) have communicated to them EEA, UK and Swiss Personal Data relating to them so that they can verify its accuracy and the lawfulness of the Processing; and (iii) have the EEA, UK and Swiss Personal Data corrected, amended, or deleted where it is inaccurate or Processed in violation of the Principles. Individuals may request to access their EEA, UK and Swiss Personal Data using the contact information listed in Section II.A.3 above.

We may limit or deny access as provided in the Principles, including where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated. If we determine that access should be restricted in any particular instance, we will provide as appropriate to the individual requesting access an explanation of why Appgate has made a determination to restrict access and a contact point for any further inquiries. We are not required to provide access unless it is supplied with sufficient information to allow it to confirm the identity of the person making the request. We will respond to all access requests within a reasonable time period, in a reasonable manner, and in a form that is readily intelligible to the individual.

In cases where Appgate is acting as a Processor, we will assist the other party in meeting its obligation to provide access, or we will obtain authorization from the other party prior to providing access or refer the requesting individual to the appropriate contact at the other party.

We may charge a fee for providing access where necessary or appropriate.

Please see Section II.A.3 of this Privacy Shield Policy for more information regarding our adherence to the Access Principle and Access Supplemental Principle.

G. Recourse, Enforcement, and Liability

For Personal Data covered by this Privacy Shield Policy, Appgate adheres to the Recourse, Enforcement, and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles. We have established in-house procedures for receiving and addressing complaints. Individuals may contact us to submit inquiries or complaints regarding our adherence to the Principles using the contact information listed in Section II.A.3 above. We will respond to individuals within 45 days of receiving a complaint.

Appgate utilizes the American Arbitration Association, an alternative dispute resolution provider based in the United States, to investigate and expeditiously resolve complaints and disputes that cannot be resolved internally, at no cost to the individual, by reference to the Principles. Unresolved complaints may be directed to the American Arbitration Association using the complaint submission form found here. Individuals are encouraged to raise any complaints they have with us before proceeding to the American Arbitration Association. The American Arbitration Association complaint recourse mechanism described here is available to individuals whose EEA, UK and Swiss Personal Data has been collected or Processed by Appgate under the Principles. The American Arbitration Association complaint recourse mechanism is not available to individuals whose EEA, UK and Swiss Personal Data has been collected or Processed by Appgate under any other EEA, UK or Swiss data transfer adequacy mechanism. Under certain conditions, specified on the Privacy Shield website, you may invoke binding arbitration when other dispute resolution procedures have been exhausted.
Appgate has implemented a self-assessment procedure to verify that the attestations and assertions that we have made about our Privacy Shield privacy practices are true and that they have been implemented as presented and in accordance with the Principles. We are obligated to remedy problems arising out of any failure to comply with the Principles.

Please see Section II.A.3 of this Privacy Shield Policy for more information regarding our adherence to the Recourse, Enforcement, and Liability Principle and the Verification and Dispute Resolution and Enforcement Supplemental Principles.

H. Adherence to the Principles

Where applicable, Appgate adheres to, or its data practices with respect to EEA, UK and Swiss Personal Data received pursuant to this Privacy Shield Policy are consistent with, the Principles, including those not specifically listed above, such as the Supplemental Principles of: Self-Certification; Public Record and Publicly Available Information; and Access Requests by Public Authorities.