EU-US/Swiss-US Privacy Shield Policy TechTarget recognizes that privacy is very important to our Members and we pledge to protect the security and privacy of any Personal Information that Members provide to us. This includes names, addresses, telephone numbers, email addresses, and any information that can be linked to an individual. Not only does TechTarget strive to collect, use, and disclose Personal Information in a manner consistent with the laws of the countries in which it does business, but it also has a tradition of upholding the highest ethical standards in its business practices. This EU-US/Swiss-US Privacy Shield Policy (the “Policy”) sets forth the privacy principles that TechTarget follows with respect to transfers of Personal Information from the European Union (“EU”), the United Kingdom, and Switzerland to the United States (“US”). The United States Department of Commerce, the European Commission, and the Swiss government have agreed certain data protection principles (the EU-US Privacy Shield and the Swiss-US Privacy Shield, hereafter collectively referred to as the “Privacy Shield”) which are designed to replace the previously invalidated EU-US and Swiss-US Safe Harbor Frameworks. The Privacy Shield principles are guidelines that establish an adequacy standard which governs transfers of Personal Information between the EU and the US and Switzerland and the US in a manner that has been deemed adequate to protect such Personal Information under each country’s applicable laws. Consistent with its pledge to protect personal privacy, TechTarget has self-certified and adheres to the Privacy Shield. To learn more about the Privacy Shield program, and to view our certification, please visit www.privacyshield.gov. Scope This Policy applies to all Personal information transferred to TechTarget in the US from the EU and Switzerland, in any manner or format including electronic, paper or verbal. Definitions The following definitions shall apply throughout this Policy: “Agent” means any third party that uses Personal Information provided to TechTarget to perform tasks on the behalf of and under the instructions of TechTarget. “Member” means an individual user of TechTarget’s websites and content that: (i) registers on one of the web sites to become a member of that site, (ii) subscribes to a newsletter on one of the sites, or (iii) accesses demos, brochures or other product information on or from a site. “Personal Information” as defined under the European Union Directive 95/46/EC and the Federal Act on Data Protection means data that personally identifies or may be used to personally identify a person, including an individual’s name in combination with country of birth, marital status, emergency contact, salary information, terms of employment, job qualifications (such as educational degrees earned), address, phone number, e-mail address, user ID, password, and identification numbers. Personal Data does not include data that is de-identified, anonymous, or publicly available. Personal information does not include information that is encoded, anonymized, aggregated or publicly available information that has not been combined with non-public personal information. TechTarget does not collect “sensitive personal information,” e.g., information that reveals race, ethnic origin, political opinions, religious or philosophical beliefs, ideological views or activities, trade union membership, social security measures, administrative or criminal proceedings or sanctions, or that concerns health or sex life. “TechTarget” means TechTarget, Inc. its successors, subsidiaries, divisions, and groups in the US. Privacy Principles The privacy principles in this Policy are based on the principles set forth in the Privacy Shield. Notice When TechTarget collects Personal Information directly from individual Members in the EU and Switzerland, it informs them about the purposes for which it collects and uses their Personal Information, the types of non-Agent third parties, if any, to which TechTarget discloses that information, and the choices and means, if any, that TechTarget offers Members for limiting the use and disclosure of their Personal Information. Notice is provided in clear and conspicuous language when Members are first asked to provide their Personal Information to TechTarget. If TechTarget receives Personal Information from its subsidiaries, affiliates, or other entities in the EU, it uses such information in accordance with the notices such entities provided and the choices made by the Members to whom such Personal Information relates, and in accordance with any contractual obligations between the parties. Choice TechTarget offers Members the opportunity to choose (“opt-out”) whether their Personal Information is: (a) to be disclosed to a non-Agent third party, or (b) to be used for a purpose other than the purpose for which it was originally collected or subsequently authorized by the Member. TechTarget provides Members with reasonable methods to exercise their choices. Accountability for Onward Transfer TechTarget may provide Personal Information to Agents to perform tasks on behalf of and under TechTarget’s instructions. TechTarget obtains assurances from its Agents that they will safeguard Personal Information consistently with this Policy. For example, TechTarget may store such Personal Information in the facilities operated by Agents. Such Agents must agree to use such Personal Information only for the purposes for which they have been engaged by TechTarget and they must either: (1) comply with the Privacy Shield principles or another mechanism permitted by the applicable European data protection law(s) for transfers and processing of Personal Information, or (2) agree to provide adequate protections for the Personal Information that are no less protective than those set out in this Policy. TechTarget also may disclose Personal Information for other purposes or to other Agents when an individual has consented to or requested such disclosure. TechTarget is liable for appropriate onward transfers of personal data to third parties who do not comply with the Privacy Shield principles. If TechTarget has knowledge that an Agent is using or disclosing Personal Information in a manner contrary to this Policy, it will take reasonable steps to prevent or stop the use or disclosure. Security TechTarget will take reasonable precautions to: (i) protect Personal Information in its possession from loss, misuse and unauthorized access, disclosure, alteration, and destruction, and (ii) to maintain the accuracy and integrity of Personal Information and to update it as directed or as appropriate. TechTarget has implemented reasonable and appropriate physical and technical safeguards to protect Personal Information from loss, misuse and unauthorized access, disclosure, alternation, or destruction. For example, electronically stored Personal Information will only be stored on a secure network with firewall protection and access to TechTarget’s electronic information systems requires user authentication via password or similar means. TechTarget also employs access restrictions, limiting the scope of who may access users Personal Information. Data Integrity and Purpose Limitation TechTarget uses Personal Information only in ways that are compatible with the purposes for which it was collected or subsequently authorized by the individual. TechTarget takes reasonable steps to ensure that Personal Information is relevant to its intended use, accurate, complete, and current. Access Right to Access. TechTarget recognizes that Members have the right to know what Personal Information about them is included in TechTarget databases and to ensure that such Personal Information is accurate and relevant for the purposes for which it has been collected. Members may request confirmation of whether TechTarget is using their Personal Information and allow them to review their Personal Information to correct, erase, or block any Personal Information that is incorrect or is being used in violation of the Privacy Shield.Members may request to change their Personal Information by contacting TechTarget by phone or email. In making modifications to their Personal Information, Members must provide only truthful, complete, and accurate information. To request erasure of Personal Information, Members should submit a written request to TechTarget. Requests for Personal Data. TechTarget will track each of the following and will provide notice to the appropriate parties under law and contract when either of the following circumstances arise: (a) legally binding request for disclosure of the Personal Information by a law enforcement authority unless prohibited by law or regulation, or (b) requests received from the Member. Satisfying Requests for Access, Modifications, and Corrections. TechTarget will endeavor to respond in a timely manner to all reasonable written requests to view, modify, or inactivate Personal Information. Recourse, Enforcement, and Liability Enforcement TechTarget conducts regular compliance audits of its relevant privacy and data security practices to verify adherence to this Policy. Any employee that TechTarget determines is in violation of this Policy will be subject to disciplinary action up to and including termination of employment. Dispute Resolution In compliance with the Privacy Shield, TechTarget commits to resolve complaints about privacy and the collection or use of Members’ Personal Information. Members with inquiries or complaints regarding this Policy should first contact TechTarget by completing the online complaint form. TechTarget will investigate and attempt to resolve complaints and disputes regarding use and disclosure of Personal Information within 45 days in accordance with the principles contained in this Policy. TechTarget has further committed to refer unresolved privacy complaints under the Privacy Shield by engaging JAMS, an alternative dispute resolution provider located in the US with offices in Massachusetts (One Beacon Street, Suite 2210, Boston, MA 02108) to assist with the complaint resolution process. JAMS is TechTarget’s exclusive means of resolving Member complaints regarding the Company’s participation in the Privacy Shield; all complaints submitted to JAMS shall be resolved via arbitration at no cost to the Member. If a Member has not received timely acknowledgment of his/her complaint from TechTarget, or if a TechTarget representative has not addressed a Member’s complaint to his/her satisfaction, the Member should submit the complaint to JAMS by submitting the form found here. Judgment on the award rendered in any such arbitration may be entered in any court having jurisdiction. Under certain conditions, more fully described on the Privacy Shield website, a Member may invoke binding arbitration when other dispute resolution procedures have been exhausted. Notwithstanding the foregoing, TechTarget will cooperate with the panel established by the EU data protection authorities (DPAs) with regard to unresolved Privacy Shield complaints concerning data transferred from the United States in connection with this Policy. Contact Information Questions or comments regarding this Policy should be submitted to TechTarget’s General Counsel by mail or e-mail as follows: TechTarget, Inc. Attn: General Counsel 275 Grove Street Newton, MA 02466 Email: email@example.com U.S. Federal Trade Commission Enforcement TechTarget’s commitments under the Privacy Shield are subject to the investigatory and enforcement powers of the United States Federal Trade Commission Compelled Disclosure TechTarget may be required to disclose Personal Information in response to lawful requests to comply with national security or law enforcement requirements. Changes to this Policy This Policy may be amended from time to time, consistent with the requirements of the Privacy Shield and other applicable data protection and privacy laws and principles. TechTarget will make Members aware of changes to this Policy either by posting to our website, through email, or other means if we make changes that materially affect the way we handle Personal Information previously collected, and we will allow them to choose whether their Personal Information may be used in any materially different manner.