Spectra Logic Corporation and its subsidiaries ("Spectra" or "us", "we" and "our") respects and values your privacy. Please read this privacy notice (the "Privacy Notice") to learn how we collect, use, share and protect your personal information.

This Privacy Notice describes how we handle the personal information we receive from:

• Visitors to our website, all subdomains and all portals, products, services and interactive features that post a link to this Privacy Notice, including the SpectraGuard Support Portal (our "Sites")
• APIs, web applications and platforms made available by us for use on or through computers and mobile devices (our "Applications")
• Contacts at our customers and channel partners and/or prospective customers and channel partners, including in the course of providing support and maintenance services and professional services
• Contacts for suppliers of products and services to Spectra

The Sites, Applications, support and maintenance services and professional services are collectively called "Services".

If you voluntarily provide your information in the course of interacting with our Sites or otherwise using our Services, we will take that as your agreement to our collection, use and disclosure of your information as set forth in this Privacy Notice.

PLEASE READ THIS PRIVACY NOTICE CAREFULLY PRIOR TO CONTINUING TO VIEW OUR SITE OR USING OUR SERVICES. BY ACCESSING OUR SITE AND/OR USING OUR SERVICES, YOU AFFIRM THAT YOU HAVE READ, UNDERSTOOD AND AGREE TO ABIDE TO THIS PRIVACY NOTICE. YOUR ACCESS TO AND USE OF THE SITES IS ALSO SUBJECT TO OUR WEBSITE TERMS OF USE (the "TERMS OF USE"), AND YOUR USE OF OUR SERVICES IS ALSO SUBJECT TO THE SERVICES AGREEMENT THAT YOU ENTER INTO WITH US. IF YOU DO NOT AGREE TO ABIDE BY THIS PRIVACY NOTICE, YOU MAY NOT ENTER THIS SITE OR ACCESS OR OTHERWISE USE OUR SERVICES. IF YOU USE OUR SERVICES ON BEHALF OF SOMEONE ELSE, YOU REPRESENT TO US THAT YOU ARE AUTHORIZED BY THAT INDIVIDUAL OR ENTITY TO ACCEPT THIS PRIVACY NOTICE AND YOU DO ACCEPT THIS PRIVACY NOTICE ON BEHALF OF THAT INDIVIDUAL OR ENTITY.

Employees

This Privacy Notice does not apply to personal information we receive from employees. To learn how we collect, use, share and protect the personal information we receive from employees, please see our Privacy Notice for Employees.

Job Applicants

This Privacy Notice does not apply to personal information we receive from job applicants. To learn how we collect, use, share and protect the personal information we receive from job applicants, please see our Privacy Notice for Job Applicants.

For the purposes of this Privacy Notice, "Personal Information" is information that relates to an identified or identifiable person, whether alone or in combination with other information. We collect the following types of Personal Information:

• Contact and Basic Information including name, job title, honorifics, phone numbers, organization, job responsibilities, mailing address and email address
• Registration Information such as information necessary to process or respond to information requests, event/seminar registration, requests to download information and usernames/passwords
• Marketing Data such as information about individual participation in conferences and in-person seminars, credentials, associations, product interests and preferences
• Customer Service Information such as Personal Information received from customers regarding their employees or other individuals known to customers and customer feedback
• Device Data including IP addresses, unique device identifiers, cookies and other data linked to a device and data about the usage of our Sites

Our Sites use cookies and similar technologies to enhance your experience when viewing the Sites and to compile statistical information regarding their use. A cookie is a file that is transmitted by a website to a user’s browser. The browser then saves that file in a designated file for cookies on your computer or device. For more information about how we use cookies and similar technologies, please see our Cookie Policy.

You may voluntarily provide Personal Information to us through our provision of Services or when you:

• sign-up for a newsletter
• request information from us
• request Services, including support and maintenance, from us
• enter into a contractual relationship for Services
• interact with us at an event
• visit our Sites
• use our web applications
• apply for a job
• send us communications
• call or visit one of our offices.

We may also collect Personal Information automatically when you:

• browse our Sites
• access our Services from a mobile device

We may also collect Personal Information from other sources including:

• publicly available and subscription-based sources
• event sponsors
• our customers
• counterparties in transactions or disputes
• social media
• our service providers and other vendors

Spectra needs to collect Personal Information to provide the requested Services to you or to provide Services to our customers. If you do not provide the information requested, we may not be able to provide the Services. Where Spectra receives Personal Information from its customers about employees or other individuals, the customer is responsible for ensuring that any such Personal Information is transferred to us in compliance with applicable data protection laws and regulations.

Please note that Spectra is not in the business of processing Personal Information or providing data recovery services. On those occasions when performing support and maintenance services or professional services where Spectra may have physical access to a customer’s tape media, Spectra may be required to access meta data on or relating to the tape media, but Spectra does not access the customer’s data on the tape media.

We use Personal Information for the following purposes:

• Responding to requests for information
• Providing, developing, customizing and improving our Services
• Fulfilling your requests for Services
• Verifying your identity and for fraud prevention
• Creating and managing accounts
• Responding to and providing support and maintenance services
• Providing professional services
• Providing you with updates and information about Services we provide
• Creating user preferences regarding emails and other correspondence
• Sending you marketing information about us and our affiliated entities
• Sending you email and text communications such as electronic newsletters about our Services which may be of interest to you
• Improving the effectiveness of our Sites, our marketing endeavors and our Services
• Helping us address problems with and improve our Sites and our products and services, including testing and creating new products, features and services
• Protecting the security and integrity of the Sites, including understanding and resolving any technical and security issues reported on our Sites
• Resolving disputes
• Engaging in analysis, research and reports regarding the use of our Sites and Services
• For internal business purposes and our legitimate interests
• Complying with the law and protecting the safety, rights, property or security of Spectra, our Services and the general public
• For purposes disclosed at the time you provide your information or as otherwise set forth in this Privacy Notice

We engage in these activities:

• To fulfil our ethical, legal and contractual obligations with our customers and suppliers
• Because we have a legitimate interest in monitoring how our Services are used to help us provide better Services to our users
• Because we have a legitimate interest in detecting and preventing fraud, crimes and other misuses of our Sites and web applications
• To manage our relationships with customers, to comply with legal obligations and/or because we have other legitimate interests.

You consent to us using your Personal Information for our advertising and direct marketing purposes so that we can inform you of our Products and other matters we believe would be of interest to you. If you do not wish to receive this information, you may unsubscribe by following the instructions included in the communications you receive from us or by emailing us, as described in Section 11, CHOICES AND ACCESS, below.

We may aggregate and/or anonymize Personal Information so it is no longer considered Personal Information. We do this to generate other data for our use, which we may use and disclose for any purpose.

We may disclose your Personal Information to:

• Our affiliates
• Contractors, vendors and services providers
• Counterparties to transactions or disputes and their counsel

We may also disclose Personal Information as necessary to:

• Comply with applicable laws and regulations
• To cooperate with public and government authorities
• To cooperate with law enforcement
• To enforce our terms and conditions
• To protect our rights, privacy, safety or property and/or that of our subsidiaries or others
• Effectuate any reorganization, merger, sale, joint venture, assignment, transfer or other disposition of all or any portion of our business, assets or stock (including in connection with any bankruptcy or similar proceedings) with a third party

We DO NOT sell your Personal Information.

We have implemented reasonable measures to secure Personal Information from accidental loss or destruction and from unauthorized access, use, alteration and disclosure. Unfortunately, no transmission or storage system can be guaranteed 100% secure.

The nature of our services is not intended for individuals under the age of 16.

We may transfer Personal Information to jurisdictions as necessary for the purposes described above, including to jurisdictions that may not provide the same level of protection as your country of residence. This may include transfers to third parties, such as developers, service providers or affiliated entities, that are location outside the United States. We will take reasonable steps to ensure that the overseas entity protects your Personal Information as described in this Privacy Notice.

If you are visiting our Sites from a location outside of the U.S., your connection may be through and to servers located in the U.S. The information you receive from our Sites may be created on servers located in the U.S. and all information you provide may be maintained on web servers and systems located within the U.S. The data protection laws in the United States may differ from those of the country in which you are located and your information may be subject to access requests from governments, courts or law enforcement in the U.S. according to laws of the United States. By using our Sites or providing us with any information, you consent to the transfer to and processing, usage, sharing and storage of your information in the United States as set forth in this Privacy Notice.

You have choices regarding marketing-related communications. If you no longer want to receive marketing-related emails from Spectra, you may opt-out by following the unsubscribe instructions in our marketing emails or by sending an email to [email protected].

If you would like to request to review, correct, update, suppress/delete or object to or restrict processing of your Personal Information, please contact us in accordance with the Contact Us section below. We will respond to your request in a manner consistent with applicable law. Please note that verification of your identity will be required.

If you are a resident of Australia, please refer to the "Additional Information Regarding Australia" section at the end of this Privacy Notice for more information about the requests you may make under Australian law.

If you are a resident of California, please refer to the "Additional Information Regarding California" section at the end of this Privacy Notice for more information about the requests you may make under the CCPA.

If you are a resident of EU, Switzerland or UK, please refer to the "Additional Information Regarding EU, Switzerland and UK" section at the end of this Privacy Notice for more information about the requests you may make under GDPR.

In your request, please make clear what you are seeking in your request, including what Personal Information is subject to your request. Verification of your identity is required with a request to access or update your Personal Information so that we can ensure your Personal Information is disclosed only to you. Inaccurate information will be corrected upon receiving advice from you. If we are unable to provide you with access to or correct your Personal Information, we will provide reasons for our refusal. We will respond to your requests within a reasonable period of time.

We will retain Your Personal Information only for as long as is necessary for the purposes set out in this Privacy Notice. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations, resolve disputes and enforce our legal agreements and policies. We may also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our Services or we are legally obligated to retain this data for longer time periods.

The Sites and Applications may contain links to unaffiliated third parties. This Privacy Notice does not apply to such third-party sites. When you click a link to visit a third-party website, you will be subject to their website’s privacy practices. We encourage you to review the privacy and security practices of any linked third-party website before providing any Personal Information on that website.

We may update this Privacy Notice from time to time. When we do, we will post the current version on our Sites and we will revise the version date located at the top of this page. Any changes become effective when we post the revised Privacy Notice. Your continued use of our Services following these changes means that you accept the revised Privacy Notice.

If you have questions or concerns regarding our Privacy Notice or practices or you want to exercise your rights, you may contact us at:

• Email Address: [email protected]
• Postal Address:
  Spectra Logic Corporation
  6285 Lookout Road
  Boulder, CO 80301

Australia Privacy Act

Pursuant to the Australia Privacy Act, we are providing the following additional details about our practices when collecting and handling the Personal Information of residents of Australia.

1. ANONYMOUS OR PSEUDOANONYMOUS OPTION

   Where possible, we provide you with the option to use our Services anonymously or pseudo-anonymously.

2. KEEPING YOUR PERSONAL INFORMATION ACCURATE

   We take reasonable steps to ensure that the Personal Information we collect and use is accurate. We rely on you to advise us of any changes in your Personal Information to help us to do so. Please see Sections 11 and 15 to request access to or correction of your Personal Information.

California Consumer Privacy Act of 2018 (CCPA)

1. NO SALE OF PERSONAL INFORMATION

   We do not sell Personal Information of adults or minors under the age of 16, as defined or as contemplated by the CCPA.

2. CALIFORNIA CONSUMER PRIVACY RIGHTS

   As a "California Consumer" under the CCPA, you have the following rights:

   • Right to Disclosure: California Consumers have a right to request information from Spectra regarding the Personal Information Spectra collects and discloses for business purposes about the consumer.
   • Deletion: In certain circumstances, you have the right to request we delete Personal Information we collected from you. Please note that the right to request deletion is subject to certain exceptions under the CCPA.
   • Non-Discrimination: Spectra will not discriminate against California Consumers for exercising their rights under the CCPA.

   Spectra does not offer financial incentives or price or service differences in exchange for the retention of a California Consumer’s Personal Information.

3. HOW TO SUBMIT A VERIFIABLE REQUEST

   Spectra will respond to requests in accordance with the CCPA if it can verify the identity of the individual submitting the request. California Consumers can exercise these rights by email at [email protected].  We may not be able to comply with your request if we are unable to confirm your identity or connect the information you submit in your request with Personal Information in our possession.

4. AUTHORIZED AGENT

   A California Consumer may designate an "Authorized Agent" registered with the California Secretary of State to submit a disclosure or deletion request on behalf of the Consumer. For us to respond to a request from an Authorized Agent, we may:

   • Request a copy of the written permission granting the Authorized Agent to make such a request on the consumer’s behalf; and
   • Verify the identity of the consumer.

   We may deny a request from an Authorized Agent that does not submit proof that they have been authorized by a consumer to act on their behalf.

General Data Protection Regulations (Regulation (EEA) 2016/679)
Federal Act on Data Protection (FADP)
UK GDPR and Data Protection Act 2018

1. LEGAL BASIS

   The following table describes the purposes for which we use Personal Information and the corresponding legal basis:

   Purpose	Legal Basis
   Website operation and functionality – to operate, maintain, and improve our website, including troubleshooting, support, and user interface personalization.	Legitimate interests – to ensure the website functions properly and provides a positive user experience.
   Analytics and performance – to analyze website traffic and usage patterns to improve our services.	Consent – obtained via cookie banner or settings.
   Communication with users – to respond to inquiries, provide requested information, or manage user accounts.	Legitimate interests – to respond to user-initiated communication. Contract performance – when communication is related to a contract or service request.
   Marketing (where applicable) – to send promotional content by email or online ads, where legally permitted.	Consent – users must opt in. Legitimate interests – for existing customers where soft opt-in applies.
   Security and fraud prevention – to protect our website, users, and systems from unauthorized access or malicious activity.	Legitimate interests – to ensure network and information security.
   Legal compliance – to comply with applicable laws and respond to lawful requests.	Legal obligation

2. YOUR RIGHTS

   Under GDPR in EU and UK and FADP in Switzerland, you have the following rights:

   • Access: to request a copy of your personal data.
   • Rectification: to correct inaccurate or incomplete data.
   • Erasure: to request deletion of your data (subject to certain exceptions).
   • Restriction: to limit how we process your data in certain circumstances.
   • Objection: to processing based on our legitimate interests.
   • Portability: to receive your data in a portable format.
   • Withdraw consent: where you have given consent, you may withdraw it at any time.

   You also have the right to lodge a complaint with your local data protection authority, such as the Information Commissioner’s Office (ICO) in the UK or your national supervisory authority in the EU.

3. INTERNATIONAL DATA TRANSFERS

   We are headquartered in the United States, and your Personal Information may be transferred to, stored in, or accessed from countries outside of your country of residence, including the United States. These countries may not have data protection laws that are equivalent to those in your jurisdiction. When we transfer personal information from the EEA, UK or Switzerland to countries that are not deemed to provide an adequate level of data protection, we rely on appropriate safeguards in accordance with applicable data protection laws. These include:

   • The Standard Contractual Clauses approved by the European Commission under Article 46 of the EU General Data Protection Regulation (GDPR), and
   • The UK International Data Transfer Agreement (IDTA) or UK Addendum to the EU SCCs, as approved by the UK Information Commissioner’s Office.

   These safeguards are incorporated by reference and apply to all cross-border transfers of Personal Information subject to the GDPR and UK GDPR. Copies of these transfer mechanisms are available upon request by contacting us at [email protected].