Burson-Marsteller Safe Harbor Privacy Practices Statement Effective Date: April 8, 2014 Introduction Burson-Marsteller, LLC. (the “Company”) is a leading a public relations and communications firm. Protecting personal information over which we are the direct controller or we process on behalf of our clients is very important to the Company. The company and its affiliated United States subsidiaries (hereinafter collectedly referred to as the “Company”, “we”, “us” or “our”) adhere to the Safe Harbor Agreement concerning the transfer of personal data from the European Union (“EU”) to the United States of America. Accordingly, we follow the Safe Harbor Principles published by the U.S. Department of Commerce (the “Principles”) with respect to all such data. If there is any conflict between the polices in this statement of privacy practices and the Principles, the Principles shall govern. This statement of privacy practices outlines our general policy and practices for implementing the Principles with respect to data over which we are the controller or where we act as a processor on behalf of our clients, including the types of information we gather, how we use it and the notice and choice affected individuals have regarding the use and their ability to correct information. This statement of privacy practices applies to all personal information received by the Company whether in electronic, paper or verbal form. Definitions “Personal Information” means information that (1) is transferred from the EU to the United States; (2) is recorded in any form; (3) is about, or pertains to specific individual and (4) can be linked to that individual. “Sensitive Personal Information” means personal information that reveals race, ethnic origin, sexual orientation, political opinions, religious or philosophical beliefs, trade union membership or that concerns the individual’s health. Principles Notice Company shall inform an individual of the purpose for which it collects and uses the Personal Information and the types of non-agent 3rd parties to which the Company discloses or may disclose the information. Company shall provide the individual with the choice and means for limiting the use and disclosure of their Personal Information. Notice will be provided in clear and conspicuous language when the individuals are fires asked to provide Personal Information to the Company, or as soon as practicable thereafter, and in any even before the Company uses or discloses the information for a purpose other than that for which it was originally collected. Choice The Company will offer individuals the opportunity to choose (opt out) whether their Personal Information is (1) to be disclosed to a 3rd party or (2) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. For Sensitive Personal Information, the Company will give individuals the opportunity to affirmatively or explicitly consent to the disclosure of the information for a purpose other than the purpose for which it was originally collected or subsequently authorized by the individual. Onward Transfers Prior to disclosing Personal Information to an unaffiliated 3rd party, Company shall notify the individual of such disclosure and allow the individual the choice (opt out) of such disclosure. Company shall ensure that any 3rd party to which Personal Information may be disclosed subscribes to the Principles or are subject to law providing the same level of privacy protection as is required by the Principles and agree in writing to provide an adequate level of privacy protection. Data Security Company shall take reasonable steps to protect the Personal Information from loss, misuse and unauthorized access, disclosure, alteration or destruction. Company has put in place appropriate physical, electronic and managerial procedures to safeguard and secure the information from loss, misuse, unauthorized access or disclosure, alteration or destruction. Data Integrity Company shall only process Personal Information in a way that is compatible with and relevant for the purpose for which it was collected or authorized by the individual. To the extent necessary for the purposes, Company shall take reasonable steps to ensure that Personal Information is accurate, complete and reliable for its intended use. Access Where Company is controller of Personal Information, it shall allow an individual to access their Personal Information and allow the individual to correct, amend or delete inaccurate information, except where the burden or expense of providing access would be disproportionate to the risks to the privacy of the individual in question or where the rights of the persons other than the individual would be violated. Enforcement Company uses a self-assessment approach to assure compliance with this statement of privacy practice and periodically verifies that this statement of privacy practice is accurate, comprehensive for the information intended to be covered, accessible, completely implemented and in conformity with the Principles. We encourage interested persons to raise any concerns using the contact information provided and we will investigate and attempt to resolve any complaints disputes regarding uses and disclosure of Personal Information considered by these Principles. If you have any complaints regarding our compliance with the Safe Harbor program, you should first contact us [firstname.lastname@example.org]. We will investigate and attempt to resolve any complaints and disputes regarding the use and disclosure of personal information in accordance with the Safe Harbor Principles. If contacting Company does not resolve your complaint, you may raise your complaint with TRUSTe by Internet [https://feedback-form.truste.com/watchdog/request], fax to 415-520-3420, or mail to TRUSTe Safe Harbor Compliance Dept, 835 Market Street, Suite 800, Box 137, San Francisco, CA 94103-1905. If you are faxing or mailing TRUSTe to lodge a complaint, you must include the following information: the name of company, the alleged privacy violation, your contact information, and whether you would like the particulars of your complaint shared with the company. For information about TRUSTe or the operation of TRUSTe’s dispute resolution process, visit the TRUSTe feedback page [https://feedback-form.truste.com/watchdog/request] or request information from TRUSTe by fax or mail as indicated above. Amendments This statement of privacy practice may be amended from time to time consistent with the requirements of Safe Harbor. Contact Information Questions, comments or concerns regarding the Company’s statement of privacy practice or data collection practices can be addressed to email@example.com.