PRIVACY NOTICE

At iPipeline, protecting your privacy is important. We are required and committed to comply with all applicable privacy legislation in the jurisdictions in which we conduct our business such as GDPR in Europe and HIPAA and state privacy laws, such as CCPA, in the United States.

This Privacy Notice aims to inform you about how we collect, use, disclose and store information about you when

• you interact or use our websites, including downloading materials from our resources page ormake inquiries;
• you register and/or attend any of our events, webinars, or conferences
• we contact you regarding one of our products or services; and
• you apply for a position at iPipeline. Country specific applicant privacy notices may apply and are available when applying on our careers site.

This Privacy Notice describes the type of information we collect, how we use and disclose it and how we protect that information.

Other Information that iPipeline Processes

As a software solution provider, we offer a range of applications and services that our customers who are insurance companies and financial institutions use to in turn deliver their services. These applications collect personal information and personal health information on behalf of our customers. We are a processor of this information, but we are not the data controller. Therefore, the privacy policies of our customers apply to that data.

We will only process your personal information where we have a lawful basis for doing so.In general, the basis is that we are fulfilling a contract with our customers, who provide services to you with your consent, or we have a legitimate interest to process your personal information that does not prejudice your own rights, freedoms and interests.

We may collect information when you visit our web site (http://www.ipipeline.ca) or our subsidiary sites that we have provided links to.

For iPipeline and subsidiary sites we are the controller for such information. This includes:

Information You Provide

While using our website, we may ask you to supply us with personal information. Generally, this information is collected when you request a service or information from us, such as when you request a fact sheet or information about our products and services or apply for a position.Thisinformation will be used to allow us to contact or identify you. The information may include but is not limited to:

• Email Address
• First name and last name
• Phone number
• Address
• Your job title and company details
• Your education and work experience in applications we receive from you
• Your date of birth

Although we generally only collect information that has been provided directly by you, there are times that we may collect information from third parties (e.g., a company that provides services to us or an information service provider).When we do so we will provide a separate privacy notice if required.

Information We Collect

We may also collect certain information about your internet-enabled device and browsing patterns such as your IP address, operating system and browser type when you visit our web site,through our use of cookies for the following purposes:

• to analyze your use of our site so that we can improve it and understand our users better;
• to provide you custom functionality in use of our site; and
• to provide you information about our products and services.

More information on the use of cookies is provided below.

Third Parties

We may also obtain your contact information from third parties to whom you have given consent to share your details with iPipeline or category within which our business activities fall.Where we do obtain your information from a third party, we will inform you of their details when we first contact you.

We use the information that we collect:

• to answer questions and respond to comments, requests or queries you send us, including any application for employment (legitimate interests);
• to help us improve and develop our website, online products and services(consent);
• to understand our user demographics and use of our website(consent);
• for administration and client relationship management (necessary for the performance of a contract);
• to allow you to participate in interactive features of our Website (consent);
• to detect, prevent and address technical issues(legitimate interests); and
• to contact you about products and services we feel you will be interested in (legitimate interests).

Our corporate website may contain links to other websites, including social media sites and widgets. We are not responsible for the content or privacy practices (including the delivery of any cookies) of these websites. We strongly encourage you to read the privacy notices and policies of those websites before providing those third parties with your information.

We take appropriate steps and maintain electronic, physical, procedural and organizational safeguards using industry standard techniques and controls to protect the information we hold (including your personal information) from misuse, loss, unauthorized access, modification or disclosure.

Unless you have previously opted-out we may periodically send you information relating to products/services from iPipeline. We may contact you by mail, telephone, email or other electronic messaging service. If you do not wish to receive marketing information from any companies within our group please indicate this on the relevant form where we collect your information or contact us using the details below.

We will retain your personal information for the period necessary to provide you with the services that you have requested, to fulfil our contractual and regulatory obligations or otherwise deliver or enhance our services.Some of the services that we offer our customers require us to retain information indefinitely.

Our corporate web site and our services are not directed to children. We do not knowingly solicit or collect personal information from children.

We recognize your rights regarding your personal information as stipulated under privacy laws that apply to you, based on your place of residence including GDPR in Europe and CCPA in California.

For information that iPipeline directly collects and for which we are a data controller,

GDPR gives EU citizens the following rights:

• a right to access your personal information held by us;
• a right to receive certain personal information in machine-readable format;
• where we have specifically requested your consent to process your personal information and have no other lawful conditions to rely on you have the right to withdraw this consent;
• a right to have certain personal information erased where it is no longer necessary for us to process it, where you have withdrawn your consent pursuant to the paragraph above, where you have objected pursuant to paragraph below, where your personal information has been unlawfully processed, or where erasing your personal information is required in accordance with a legal obligation;
• a right to object to processing where lawful basis is that it is in our legitimate interests, but please note that we may still process your personal information where there are other relevant lawful bases or where we have compelling grounds to continue processing your personal information in our interests which are not overridden by your rights, interests or freedoms;
• a right to have inaccurate personal information rectified;
• a right to request an explanation of the logic involved where we make decisions about you solely through automated means; and
• a right to complain to the Information Commissioner's Office in the UK.https://ico.org.uk/

Under CCPA in California you may have the following rights:

• the right to request the categories and specific pieces of information that iPipeline has collected, the sources from which the information was obtained, and the reasons for collecting that information;
• request that the personal data collected for you be destroyed;
• the right to opt out of the sale of your personal information; and
• the right to be informed of your rights under CCPA.

If you would like to exercise any of your rights, then you can do so by contacting dpo@ipipeline.com. iPipeline will not discriminate against you based on your decision to exercise any of your rights under applicable privacy laws.

Please be aware that while we will try to accommodate your request regarding your rights under privacy laws, these are not absolute rights. This means that we may have to refuse your request or may only be able to comply with it in part. We will require proof of identification, when you make a request in respect of your rights. We may also ask that you clarify your request. If we receive repeated requests or have reason to believe requests are being made unreasonably, we may not be required to respond.

Below provides information on cookies, their use and how you can control them. Please read our cookie notice for all cookies used and how iPipeline have made it easier for you to control them when visiting our websites.

About cookies

Cookies are small text files that are stored by the browser on your computer or mobile phone. Websites can use the files to track personalization details or user preferences. You can think of cookies as providing a ‘memory’ for the website, enabling it to recognize a user and respond appropriately.

If you would like to find out more about cookies and their use on the Internet. You may find the following link useful: All About Cookies.

Other Technology

Unless you have previously opted out of marketing communications from iPipeline, tracking technology may be used in any of the emails sent to you.

Some of our third-party suppliers may send you emails, which may include a web beacon to allow us to determine the number of people who open these emails.These web beacons are electronic images provided by authorized third parties known as single-pixel GIFs, which are invisible graphical images.

When you click on a link in an email, we may record this individual response to allow us to customize our offerings to you. Web beacons collect only limited information, such as the time and date of an email being opened and a URL where the web beacon resides, which will identify the email that was opened.

Web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.

iPipeline will conduct regular reviews of this privacy noticeand update it as necessary. This privacy notice became effective from: October 9, 2019.