This Privacy Policy applies to your use of Exec.com, and any other websites, applications, or services provided, owned or operated by Exec Holdings, Inc. (with its affiliates, “Company”) that link to this Privacy Policy and include the website, talent development platform, and services (collectively, the “Services”). Company values the privacy of its users that visit and use the Services (collectively or individually, “you” or “users”) and wants you to be familiar with how we collect, use, and disclose personal information from and about you. This notice describes our Privacy Policy. By visiting Company or using the Services, you are accepting the practices described in this Privacy Policy, to the extent permitted by law.

For purposes of data protection laws, Company, located at 440 N. Barranca #1890 Covina, CA 91723, is the data controller of your information collected in connection with the Services.

You may share personal or financial information when using the Services, including submitting your personal contact and employer information, and other information necessary to obtain the Services.

Personal Information Company Collects About You

We obtain certain information about you when we provide the Services. Please note that we need certain types of information so that we can provide the Services to you. If you do not provide us with such information, or ask us to delete it, you may no longer be able to access or use the Services.

Information You Provide To Us. You may provide information to us when using the Services, including personal contact information, employment details, and other information.

Automatically Collected Information. When you access the Services or open one of our emails, we automatically record and store certain information about your device by using cookies (small text files sent to your browser), and other types of technology. Examples of information that we might collect are Internet Protocol addresses, device and browser types and identifiers, referring and exit page addresses, hashed identifiers derived from email addresses for the purposes of cross-device tracking for targeted advertising, and software and system types.

Information From Other Sources. By signing up for the Services, we may obtain information about you from other sources when we have your permission.

Our Role as Data Controller and Processor

Data Controller

We act as a data controller for personal information collected from:

• Website visitors
• Customers (organizations)
• Experts/coaches

As a controller, we determine the purposes and means of processing this data.

Data Processor

For participant data, we typically act as a data processor on behalf of our customers (organizations). In this case:

• The customer is the data controller
• The customer determines how participant data should be processed

If you are a participant with questions about your data, please contact your organization's administrator.

Information We Collect and Process for Different User Types

The following information provides an overview of the main types of data we collect and process for different user categories. This list is intended to be illustrative rather than exhaustive. The specific data we collect may vary depending on the particular services used, your interaction with our platform, and the choices you make. For a more comprehensive understanding of our data practices or for information about data not listed here, please contact us at privacy@exec.com.

Website Visitors

Data Collected:

• IP address
• Browser type and version
• Pages visited and time spent on each page

How We Use This Data:

• To improve website performance and user experience
• To analyze traffic patterns and user behavior

Customers (Organizations)

Data Collected:

• Company name and address
• Contact person's name, email, and phone number
• Billing information

How We Use This Data:

• To provide and manage our Services
• For billing and account management
• To communicate about service updates and offers

Participants

Data Collected:

• Name and email address
• Job title and department
• Performance metrics and development goals

How We Use This Data:

• To deliver personalized development programs
• To track progress and provide reports to the organization

Experts/Coaches

Data Collected:

• Professional qualifications and experience
• Availability and scheduling information
• Performance ratings and feedback

How We Use This Data:

• To match experts with appropriate participants
• For quality assurance and performance evaluation

How Company Uses Personal Information

Company may use personal contact information to communicate with you to provide the Services and process payments.

Company may also send you promotional materials or notifications related to the Services and place cookies on your browser for targeted advertising purposes.

Cookies and Similar Technologies

We use cookies and similar technologies to enhance your experience and analyze Service usage.

What Are Cookies

Small text files stored on your browser or device to remember preferences and settings.

Types of Cookies We Use

1. Essential Cookies
   • Purpose: Necessary for website functionality
   • Can't be disabled
2. Preference Cookies
   • Purpose: Remember your settings and preferences
   • Can be disabled, may affect user experience
3. Statistics Cookies
   • Purpose: Analyze how visitors interact with our website
   • Can be disabled
4. Marketing Cookies
   • Purpose: Track visitors for targeted advertising
   • Can be disabled

Your Cookie Choices

You control through browser settings. Please note that limiting cookies may impact your experience.

Other Technologies

• Web beacons
• Pixels
• Similar tracking technologies

Data Retention

We retain your personal data for as long as necessary to provide our services and for legitimate and essential business purposes, such as:

• Maintaining the performance of our services
• Making data-driven business decisions about new features and offerings
• Complying with our legal obligations
• Resolving disputes

When we no longer need personal data, we securely delete or destroy it.

Retention periods can vary significantly based on the type of information and how it is used. Our retention periods are based on criteria that include legally mandated retention periods, pending or potential litigation, intellectual property or ownership rights, contract requirements, operational directives or needs, and historical archiving.

Data Security Measures

At Exec, we implement stringent security measures to protect your data:

• Encryption: We use industry-standard encryption for data in transit and at rest.
• Access Controls: We enforce strict access controls and authentication measures.
• Regular Audits: We conduct regular security audits and vulnerability assessments.
• Incident Response: We have a comprehensive incident response plan in place.
• Employee Training: Our staff undergoes regular security awareness training.

For more details, please refer to our Security Whitepaper, available upon request.

Third-Party Data Sharing

We may share your data with third parties in the following circumstances:

• Service Providers: We engage trusted third parties to perform services on our behalf. These providers have limited access to your information to perform these tasks and are contractually obligated to use it only as directed by us.
• Business Transfers: If we're involved in a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction.
• Legal Requirements: We may disclose your information when required by law, subpoena, or other legal process.

Subprocessors

Exec uses certain subprocessors to assist in providing our Services. A subprocessor is a third-party data processor engaged by Exec who has or potentially will have access to or process Service Data (which may contain Personal Data). Exec engages different types of subprocessors to perform various functions as explained below.

Due to confidentiality restrictions, we cannot disclose the names of subprocessors we use. However, upon entering into a non-disclosure agreement, we can provide our enterprise customers with a detailed list of our subprocessors, including:

• Their name and location
• The activities they perform
• The types of data they process

We maintain a robust vendor management program to ensure our subprocessors maintain appropriate privacy and security measures.

If you'd like more information about our subprocessors, please contact us at privacy@exec.com.

We do not sell your personal information to third parties.

For a list of our key third-party service providers and their privacy policies, please contact us.

Use of Artificial Intelligence and Machine Learning

Company may use artificial intelligence (AI) and machine learning (ML) technologies to improve our Services and user experience. Here's how we approach the use of AI/ML with respect to your data:

• Purpose: We may use AI/ML for purposes such as personalizing user experiences, improving our Services, and detecting security threats.
• Data Used: The AI/ML systems may process various types of data, including usage data and content data. We design our AI systems to use the minimum amount of personal data necessary to achieve the intended purpose.
• Data Protection: All data used in our AI/ML systems is subject to the same rigorous security and privacy controls outlined in this policy.
• Data Segregation and Confidentiality: We maintain strict data segregation practices. Your personal identifiable information (PII), privileged business information, and intellectual property are never used to train models that could be accessed by or benefit other customers. Any AI/ML enhancements derived from your data are used exclusively to improve services for you and your employees.
• Automated Decision-Making: In some cases, our AI systems may make automated decisions that affect you. You have the right to request human intervention, express your point of view, and contest any decision made solely by automated means.
• Transparency: We strive to be transparent about where and how we use AI in our Services. If you have questions about how AI might be used in relation to your data, please contact us.

We regularly review and update our AI/ML practices to ensure they align with evolving ethical standards and regulatory requirements. Our commitment to data confidentiality and segregation is paramount in all our AI/ML initiatives.

International Data Transfers

As a global company, we may transfer your data across international borders:

• Data Transfer Mechanisms: We use EU-approved Standard Contractual Clauses for data transfers out of the EEA.
• Storage Locations: Your data may be stored and processed in the United States or any other country where we or our service providers maintain facilities.
• Safeguards: We implement appropriate safeguards to ensure your data receives an adequate level of protection in the countries where we process it.

Legal Bases For Company Collecting Personal Information

Company collects and processes your Personal Information on the basis of different legal grounds, depending on the nature of the data provided, including:

• Performance of a Contract – In order to provide the Services, collection and processing Personal Information is necessary for the performance of our agreement with you.
• Legitimate Interest – We have other needs to collect or process Personal Information where we have a legitimate interest in providing marketing materials, where you have a reasonable expectation to perform a process or service on your behalf, or to prevent fraud and identity theft.
• Legal Obligation – Where we need to retain or provide information based on legal obligations, court orders, tax authority requests, and other obligations.
• Consent – Company relies upon your consent to collect and process Personal Information, especially where you rely upon Company to provide the Services.

Your Data Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data.
• Rectification: Correct inaccurate or incomplete data.
• Erasure: Request deletion of your data under certain circumstances.
• Restriction: Limit the processing of your data.
• Data Portability: Receive your data in a structured, commonly used format.
• Objection: Object to the processing of your data for certain purposes.
• Withdraw Consent: Revoke previously given consent for data processing.

To exercise these rights, please contact us at privacy@exec.com. We will respond to your request within the timeframe required by applicable law.

Note: Specific rights may vary based on your jurisdiction and the legal basis for processing your data.

Children’s Privacy

Protecting the privacy of children is especially important. Company does not knowingly collect or maintain personal information of minors (as defined by the U.S. Children’s Online Privacy Protection Act). If Company learns that personal information of minors has been collected on or through the Services, it will take reasonable measures to delete that information from its records. Company may not be used by children under the age of 13.

California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

Your Rights

1. Right to Know: Request details about personal information we collect, use, and disclose
2. Right to Delete: Request deletion of your personal information
3. Right to Correct: Request correction of inaccurate personal information
4. Right to Opt-Out: Opt-out of the sale or sharing of your personal information
5. Right to Limit: Limit use and disclosure of sensitive personal information

Contact us at privacy@exec.com and we will respond within the timeframe required by applicable law

Our Data Practices

• We do not sell personal information as defined by the CCPA/CPRA
• No personal information sold to third parties in the preceding 12 months
• We do not discriminate against users who exercise their CCPA/CPRA rights

For detailed information on data collection and use, please refer to earlier sections of this policy.

Changes and Updates to This Privacy Policy

Company reserves the right to change, modify, add or delete portions of this Privacy Policy at any time. Your use of the Services constitutes your binding acceptance of such changes.

Company Contact Information

Please contact Company with any questions or comments about this Privacy Policy at hello@exec.com. If you are a California resident, you may have this same information emailed to you by sending a letter to the foregoing address with your email address and a request for information.