Introduction Privacy Compliance Data Protection Officer How we collect and use (process) your personal information Use of Crown websites When and how we share information with others Transferring personal data outside of the EEA Security of your information Data storage and retention Data subject rights Independent recourse mechanism for Privacy Shield complaints Changes and updates to the Privacy Policy Questions, concerns or complaints By using this web site, you consent to the terms of our Privacy Policy and to Crown’s processing of your information for the purposes on this page. If you do not agree to Crown’s Privacy Policy, please do not navigate past this page. Introduction Crown Worldwide Group (“Crown”) has developed this Privacy Policy out of respect for the privacy preferences and choices of our customers and prospects. We have established procedures to ensure that every reasonable effort is made to address your concerns. Crown and its subsidiaries provide services to corporations as well as individuals and their family members. In order to provide the contracted personal services, Crown needs to collect and process personal data. This Privacy Policy describes Crown’s policies and practices regarding the manner in which we collect and process your personal data, and sets forth your privacy rights. We may from time to time update this Privacy Notice as we adopt new privacy policies. Privacy Compliance Crown and all its subsidiaries comply with both the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the EU to the U.S.. Crown has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this Privacy Policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/. In order to demonstrate that our Privacy Policy accords with the above privacy instrument, we are voluntarily committed to a self-assessment procedure. For any violation of the Privacy Shield framework, Crown is subject to the investigatory and enforcement powers of the FTC, or any U.S. authorized body. Data Protection Officer Crown has appointed an internal data protection officer for you to contact if you have any questions or concerns about Crown’s personal data policies or practices. Crown’s data protection officer’s name and contact information are as follows: Gary Maguire Chief Risk Officer Crown Group 8111 LBJ Freeway, Ste 555 Dallas, TX 75251 United States Phone: +1 714 890 7482 Email: gmaguire@crownww.com How we collect and use (process) your personal information We collect personal information on our customers in order to provide relocation and relocation-related services to them. In many cases, Crown acts as a data processor as directed by our corporate clients. Crown only collects personally identifiable information about individuals when such individuals specifically provide such information to Crown on a voluntary basis or while requesting information on Crown’s services. For example, an online service request requires the collection of personal data in order for us to be able to respond promptly and correctly to the service request. Crown collects personal information about its customers and prospective customers. The personal information collected is limited to what is necessary to provide the services requested by the customer: first name, last name, employer name, home address, email address, phone number, biographical information, and in some cases passport details and financial information. We use this information specifically to provide the services requested by our customers. We do not sell personal information to anyone and only share the personal information with third parties who are directly assisting in delivering the requested services from Crown. Use of Crown websites The following discloses our information-gathering and dissemination practices for the following websites: www.crownworldwide.com www.workingwithcrown.com www.crownrelo.com www.crownrelocations.com.au www.crownrelo.co.nz www.crownworldmobility.com www.crownrms.com www.crownfineart.com www.crown-logistics.com www.crownwinecellars.com www.crownworkspace.com These sites may contain links to other sites. Crown is not responsible for the privacy practices or the content of such linked websites. Users should check the applicable Privacy Policy of such websites when providing personally identifiable information on those linked websites. Crown does not track users when they cross to third-party websites. As is true of most websites, Crown’s websites collect certain information automatically in order to maintain optimum performance. The information may include internet protocol (IP) addresses, the region or general location where your computer or device is accessing the internet, browser type, operating system and other information about the use of Crown’s website, including a history of the pages you view. We use this information to help us design our site to better suit our users’ needs. We may also use your IP address to help diagnose problems with our server and to administer our website, analyze trends, track visitor movements, and gather broad demographic information that assists us in identifying visitor preferences. Crown’s website also uses cookies and web beacons. For more information about cookies, please visit allaboutcookies.org. Crown uses third-party providers to help manage and maintain the security and performance of our websites, therefore some information is collected and processed on all visitors to our website by our third-party providers. The third parties also help Crown in generating reports about trends of visitors to our websites. When individuals voluntarily submit their personal details to Crown via our website or other means in order to receive quotes for our services or subscribe to marketing information from Crown, those personal details submitted to Crown are processed by third parties on behalf of Crown in order to respond to the inquiries or requests. Crown may sometimes engage third parties to mail responsive information to customers who request Crown’s services, newsletters, white papers, and other information about Crown and its services. Any third party providing such services for Crown has contractually committed to use the data only for the intended purpose and has also agreed to securely process the data at all times. When and how we share information with others The personal information Crown collects from you is stored in one or more databases hosted by Crown in the UK, Hong Kong, and in the U.S., depending on the terms of the contracted service. For email and other related services, Crown uses established third-party cloud service providers who do not use or have access to your personal information for any purpose other than cloud storage and retrieval. Due to the nature of Crown’s business, we use qualified service partners to provide some of the services requested by our customers. Therefore, in order for those third parties to be able to provide the services, Crown must transfer your personal data to the service partner who has a need to know the details. We will not share more information with the third party than they need to know. Those third parties are contractually obliged to protect your data in a secure manner at all times. We remain responsible for the handling of your personal information by those affiliates and third parties as provided in the EU-U.S. and Swiss-U.S. Privacy Shield Framework Principles, including the Supplemental Principles. If you request Crown to provide immigration or cross-border services on your behalf, Crown may need to provide your personal information to those necessary and responsible government agencies in order to approve the paperwork. Transferring personal data outside of the European Economic Area Information we collect from you will usually be processed in the country in which the service you requested originates but access may be granted in the country in which the destination service is provided. At other times, we may need to transfer the data to Crown affiliates in countries outside of the European Economic Area to generate some reports. Crown transfers personal data only with your consent; in order to perform the contract with you; or to fulfill a compelling legitimate interest of Crown in a manner that does not outweigh your rights and freedoms. Crown endeavors to apply suitable safeguards to protect the privacy and security of your personal data and to use it only consistent with your relationship with Crown and the practices described in this Privacy Policy. Crown also minimizes the risk to your rights and freedoms by not collecting, storing or transferring more information than needed to provide your requested service. Security of your information To help protect the privacy of data and personally identifiable information you transmit through use of this site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data only to those employees who need to know that information to provide services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We will also take appropriate disciplinary measures to ensure that Crown staff protect personal data at all times. Data storage and retention Your personal data is stored by Crown on its servers, and on the servers of the cloud-based database management services Crown engages. Unless your contract or the law provides otherwise, Crown will not retain your data for longer than seven years. Data subject rights This Privacy Policy is intended to provide you with information about what personal data Crown collects about you and how it is used. If you have any questions, please contact our Data Protection Officer. If you wish to confirm that Crown is processing your personal data, or to have access to the personal data Crown may have about you, please contact our Data Protection Officer. Crown’s customers always have a choice to consent or not consent to the sharing of their information with third parties. Crown only processes the information for the specific purpose and according to the consent given by the individual. You will always have the right to access, review, and correct any personal information that we may have collected on you. An individual who seeks access to, or who seeks to correct, amend, or delete inaccurate information in Crown’s possession should contact Crown, and Crown will review and make corrections accordingly. For more information on where and for how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Crown’s Data Protection Officer. Independent recourse mechanism for Privacy Shield complaints In compliance with the Privacy Shield Principles, Crown commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact Crown at: Gary Maguire Chief Risk Officer Crown Group 8111 LBJ Freeway, Ste 555 Dallas, TX 75251 United States Phone: +1 714 890 7482 Email: gmaguire@crownww.com CROWN WORLWIDE GROUP has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association (AAA)’s Independent Conflict Dispute Resolution ICDR/AAA Program, an alternative dispute resolution provider located in the U.S.. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit http://info.adr.org/safeharbor for more information or to file a complaint. The services of ICDR/AAA Program are provided at no cost to you. Under certain limited conditions, individuals may invoke binding arbitration as a last resort before the Privacy Shield Panel. Crown (including its subsidiaries) also agree to cooperate with the EU Data Protection Authorities (DPAs) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for complaints involving the collection of human resource data. Changes and updates to the Privacy Policy The foregoing policies are revised and effective as of May 25, 2018. Crown reserves the right to change this policy at any time by notifying users of the existence of a new Privacy Statement. This statement and the policies outlined herein are not intended to and do not create any contractual or other legal rights in or on behalf of any party. As our organization practices may change from time to time, this Privacy Policy is expected to change as well. We reserve the right to amend the Privacy Policy at any time, for any reason, without notice to you, other than the posting of the amended Privacy Policy at this site. Questions, concerns or complaints Please contact Crown’s Data Protection Officer: Gary Maguire Chief Risk Officer Crown Group 8111 LBJ Freeway, Ste 555 Dallas, TX 75251 United States Phone: +1 714 890 7482 Email: gmaguire@crownww.com