INTRODUCTION

Global Compliance, Inc. ("we," "us" or "Company") is strongly committed to respecting and protecting your privacy. Please carefully read the following Privacy Policy ("Policy"). In order to ensure your privacy, information the Company collects from its clients and visitors to its Website located at www.globalcompliance.com and Websites hosted by the Company for our clients ("Site") is used only in the manner and for the purposes described in this Policy.

The purpose of this Policy is to explain the type of information that the Company collects, what we do with that information, and with whom the Company shares this information. Anyone who provides personally identifiable information ("Personal Information") or any other information to the Company consents to the collection, use, and disclosure of such information under the terms of this Policy.

This Policy applies to both our clients to whom we provide services ("Clients") and to those individuals who browse and use our Site ("Visitors").

The following articles make up our Privacy Policy. We hope that reading them gives you a clear idea of how we manage information we receive. For immediate access to a particular topic, click on the title of that topic.

The Services We Provide
The Information Collected by Us
Cookies
How We Use Information
Sharing Personal Information with Others
Your Choices with Respect to Personal Information
Linked Internet Websites
Children
Security and Protection of Data Collected by Us
International Transfers of Personal Information
Access to Your Personal Information
Enforcement of This Privacy Policy
Amendment to This Privacy Policy

THE SERVICES WE PROVIDE

Global Compliance is committed to assisting Clients maintain effective corporate ethics and compliance programs. The Company collects information from our Clients' employees, vendors, agents, and stakeholders (collectively, our "Clients' Employees") which assists our Clients in investigating compliance with laws, regulations, policies, and procedures. Clients' Employees may voluntarily report corporate compliance matters, through our Clients' telephone reporting hotlines, Web-based reporting services, and other services maintained by the Company (collectively, the "Services"). The Company is committed to protecting the privacy and confidentiality of our Clients and Clients' Employees.

Clients enter into written contacts with the Company whereby, among other services, the Company collects information from our Clients' Employees. Our Clients' Employees may choose to remain anonymous or they may choose to provide Personal Information when using our Services. The collection of this information results in a report prepared by the Company. These reports are sent to our Clients via e-mail and are also available to our Clients through a password protected secure portal on the Company's Site. The Company's Clients are located and do business throughout the world, including some European Union (EU) countries

The information that is provided to the Company on behalf of its Clients only is used by the Company to prepare reports for its Clients and for no other purpose. Unless mandated by law or valid court order or as otherwise discussed in "Sharing Personal Information with Others", this information is only shared with our Clients. If you are one of our Clients' Employees, our Clients may collect and use Personal Information about you, such as human resources information, as a result of the employer-employee relationship. Please note that we do not control how our Clients handle your information, including human resources data. We recommend that you review your employer's privacy policy or discuss with your employer how your Personal Information is handled, including the choices you have concerning the sharing of your information with others.

THE INFORMATION COLLECTED BY US

The Company may collect any Personal Information that is provided to us by our Clients, our Clients' Employees or Visitors. This includes, without limitation, name, phone number, mailing address, e-mail address, or any other Personal Information that is provided to us in connection with the Site or the use of our Services, including our hotline reporting services.

Our Clients' Employees who use our various reporting services always have the option to remain anonymous and to not provide any Personal Information when raising corporate compliance issues. [See below: Your Choices With Respect to Personal Information.] In addition, Visitors can browse the Site anonymously without revealing Personal Information.

COOKIES

When our Clients use our Web-based services which include access to a Client's secure portal on the Company's Site, our servers use session cookies to help identify each Client and make using the service more efficient. Our session cookies do not collect any Personal Information and are removed when the session is concluded. We do not use any cookies when Visitors browse the Site.

HOW WE USE INFORMATION

Services Provided to Clients

Global Compliance only uses Personal Information obtained from our Clients' Employees via the Services, such as our Clients' telephone reporting hotlines, Web-based reporting services, and other services. The Services are maintained by the Company to allow our Clients to investigate allegations of wrongdoing in the workplace or allegations that require investigations required by applicable laws, rules, and regulations, such as the Sarbanes-Oxley Act.

Visitors' Use of Global Compliance's Site

Global Compliance's Site registration form requires Visitors who request contact to provide specific contact information such as name and e-mail address. The Company uses the contact information from the registration form to send the individual information about us. The Company also uses Personal Information obtained from Visitors to our Site to respond to questions, comments, and other requests from these individuals, including responding to inquiries about employment opportunities.

SHARING PERSONAL INFORMATION WITH OTHERS

Global Compliance does not disclose, sell, share, trade, or give away an individual's Personal Information to third parties, except under one or more of the following circumstances:

• Consent: If the individual has consented to the disclosure of his or her Personal Information, the Company may share such Personal Information with others, including without limitation, a Company Client. For example, if one of our Clients' Employees agrees to provide us with Personal Information when using the Company's reporting services, that individual consents to the sharing of such Personal Information with his employer so that his employer can investigate claims as required by applicable laws.
• Protection of Global Compliance and Others: Global Compliance may disclose Personal Information about you to others: (i) if we have a good faith belief that we are required or permitted to do so by law or legal process; (ii) in connection with legal or administrative proceedings; (iii) to protect the rights, reputation, property or safety of the Company or others; (iv) to defend or enforce the Company's rights or our Clients' obligations; or (v) if the disclosure is required by mandatory professional standards.
• Business Transfers: In the event that the Company decides to sell all or part of its stock or assets or merge its Company, it reserves the right to include Personal Information among the assets transferred to the acquiring or surviving company. It is the Company's practice to seek appropriate protection for Personal Information in these types of transactions.
• Public Information: If the information in question is publicly available, we may share it with others.
• Aggregate Anonymous Information: The Company may provide to others anonymous information in the aggregate for purposes of marketing, promotion, or similar activities. None of this aggregated information will identify anyone personally.

YOUR CHOICES WITH RESPECT TO PERSONAL INFORMATION

Clients' Employees

The Company always provides notice and choice as to the collection and use of Personal Information from those individuals, such as Clients' Employees, who use the Company's reporting services. Before any individual gives Personal Information to the Company in connection with providing a compliance report, that individual is notified of their choice to remain anonymous or may consent to providing their Personal Information to the Company. The Company does not collect and use any Personal Information from these individuals, including Client's Employees, unless those individuals agree to provide their Personal Information to the Company.

Visitors

The Site gives Visitors the opportunity to stop receiving communications from the Company if previously requested. The Site also gives Visitors options for changing and modifying information previously provided. To remove or change information in our database, or to not receive future communications from the Company, e-mail webmaster@globalcompliance.com with your request.

LINKED INTERNET Websites

The Site may provide hyperlinks, which are highlighted words or pictures within a hypertext document that may, when clicked, take you to another place within the document, to another document altogether, or to a third party Website not controlled by the Company. Such hyperlinked third party Websites may collect and disclose information in a manner that is different from this Site. The Company is not responsible for the collection, use, or disclosure of information collected through these third party Websites, and the Company expressly disclaims any and all liability related to such collection, use, or disclosure.

CHILDREN

Global Compliance does not sell products or services for purchase by children under the age of eighteen ("Minors"). The Company does not knowingly solicit or collect Personal Information from Minors, and we will not knowingly link to any third party Website that solicits or collects Personal Information from Minors. If you believe that a Minor has disclosed Personal Information to us or that we have linked to such a third party Website, please contact us at privacy@globalcompliance.com so that the information and/or link can be removed.

SECURITY AND PROTECTION OF DATA COLLECTED BY US

The Company's Site and the Websites maintained for our Clients have security measures in place to protect the loss, misuse, and alteration of the information under our control. The Company has implemented various physical, electronic, and managerial measures, including education and training of our personnel, to provide Personal Information with reasonable protection from accidental loss or destruction, improper use, alteration, or disclosure. The Company has invested and deployed a wide variety of technology and security features to ensure the privacy of Personal Information that is collected by the Company through its services and via the Site. In addition, the Company has implemented strict operational guidelines to safeguard privacy of data we collect at every level of our organization. The Company requires that all employees sign confidentiality agreements and we conduct background checks on new employees.

The Company will continue to revise policies and implement additional security features as new technologies become available. Unfortunately, no system is perfect; therefore, the Company makes no representations or warranties with regard to the sufficiency of these security measures. The Company shall not be responsible for any actual or consequential damages (or any other damages or liability of any kind whatsoever) that result from a lapse in compliance with this Policy because of a security breach or technical malfunction.

INTERNATIONAL TRANSFERS OF PERSONAL INFORMATION

Permitted transfers of information, including Personal Information, either to third parties or within the Company, include the transfer of data from one jurisdiction to another, such as transfers to and from the United States of America. Because privacy laws vary from one jurisdiction to another, personal information may be transferred to a jurisdiction where the laws provide less or different protection than the jurisdiction in which the information originated. We will always handle your Personal Information as described in this Policy. The Company abides by the safe harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of data from the European Union.

ACCESS TO YOUR PERSONAL INFORMATION

If you wish to obtain a copy of particular information you provided to the Company, or if you become aware the information is incorrect and you would like us to correct or delete it, contact us at privacy@globalcompliance.com. Before the Company is able to provide you with any information or correct any inaccuracies, however, we may ask you to verify your identity and to provide other details to help us to respond to your request. The Company affirms that it will correct, amend, or delete any erroneous data if instructed to do so by you, subject to the EU Safe Harbor principles of proportionality and reasonableness. We always will endeavor to respond within an appropriate timeframe to any request under this section.

ENFORCEMENT OF THIS PRIVACY POLICY

The Company will cooperate with the EU Data Protection Authorities and the Department of Commerce to resolve any complaints and disputes arising in connection with this Policy. All Company employees will be required to be familiar with and adhere to this Policy. The Company will investigate any reported complaints of violations of this Policy and will take prompt remedial action where violations are found. In order to inquire or complain about the Company's privacy policies or anything related to the privacy of Personal Information handled by us, contact us at the following e-mail address: privacy@globalcompliance.com.

AMENDMENT TO THIS PRIVACY POLICY

From time to time, the Company may update, modify, or change its privacy policy. When this occurs, its new privacy policy will be posted on the Site. You should check the Site periodically to review the most recent Privacy Policy.

Amended and Effective: This Policy took effect on December 16, 2003 and was amended on May 25, 2005.